Extend ptr::null and null_mut to all thin (including extern) types

[SimonSapin]

Fixes #93959

This change was accepted in https://rust-lang.github.io/rfcs/2580-ptr-meta.html

Note that this changes the signature of stable functions. The change should be backward-compatible, but it is insta-stable since it cannot (easily, at all?) be made available only through a #![feature(…)] opt-in.

The RFC also proposed the same change for NonNull::dangling, which makes sense it terms of its signature but not in terms of its implementation. dangling uses align_of() as an address. But what align_of() should be for extern types or whether it should be allowed at all remains an open question.

This commit depends on #93977, which is not yet part of the bootstrap compiler. So #[cfg] is used to only apply the change in stage 1+. As far a I know bounds cannot be made conditional with #[cfg], so the entire functions are duplicated. This is unfortunate but temporary.

Since this duplication makes it less obvious in the diff, the new definitions differ in:

• More permissive bounds (Thin instead of implied Sized)
• Different implementation
• Having rustc_allow_const_fn_unstable(const_fn_trait_bound)
• Having rustc_allow_const_fn_unstable(ptr_metadata)

[rust-highfive]

r? @Mark-Simulacrum

(rust-highfive has picked a reviewer for you, use r? to override)

[SimonSapin]

I pushed changes to disable the new test in stage 0, but based on line numbers in the error message it looks like the second CI run did not account for these changes?

[SimonSapin]

This reverts part of #61864 (which unfortunately does not give its motivation) to restore the test as originally added in https://github.com/rust-lang/rust/pull/46973/files#diff-b3ce752f21a6d94f8e4c9b0c95d41eaf2976a0e5b100ed0f86422fb1b106266f, in order to avoid an additional error message https://github.com/rust-lang/rust/runs/5552124004?check_suite_focus=true#step:26:1607 that appears unrelated to the test and #46365.

[Ericson2314]

Curious: If you made a field with a known non-DST type after ipsum in Lorem, would it not get tripped up? It does seem like since ipsum is the final field, it can't derive the metadata one way or another, but otherwise it perhaps could.

[clarfonthey]

With strict provenance (which I believe was added after this comment) we definitely want to keep null_mut instead of zero casts.

[SimonSapin]

Would null_mut itself not be implemented with a cast under strict provenance?

[Gankra]

null_mut defers to invalid_mut which in turn is just a cast yeah. The ideal is for everything to funnel into methods with clearer intent/semantics so that automated tooling better understands what you're trying to do and can help catch bugs (i.e. maybe invalid_mut becomes an intrinsic so the compiler can mark some metadata for other tools?)

At very least there are a few lints in the pipeline for people to opt into flagging all the places that do these bare casts as "suspicious" and worth investigating.

Also more stuff using the "right" APIs for what they want to do makes it easier for cursed platforms to do hacks. Like if someone really wanted to force Rust onto a null!=0 platform, everything going through null/null_mut/is_null makes that a lot more plausible of an officially-unsupported-but-functional-hack.

[SimonSapin]

I’ve changed this file to use NonNull::dangling to preserve the spirit of the test while avoiding the unrelated error that this PR adds with null_mut at a line commented with // no error here

[RalfJung]

FWIW the original bug (#46365) was about as casts so I highly doubt that this is still testing what it was intended to test (which is a problem introduced by #61864 doing blind search-and-replace).

[RalfJung]

Opened #97765 to restore test.

[Mark-Simulacrum]

I'm going to r? @yaahc as a libs-api member to review and kick off FCP when ready, since this change is insta-stable.

[Gankra]

(this is going to merge-conflict with #95241 but the fixup will be trivial for whichever one lands second)

[yaahc]

@rfcbot fcp merge

This PR finishes work that began back in 2017¹ and resolves a significant ergonomic shortcoming² of extern types. This PR was opened in response to the lang team expressing interest in making progress on extern types.

Footnotes

1. https://github.com/rust-lang/rust/issues/43467#issuecomment-321678621 ↩

2. https://github.com/rust-lang/rust/issues/43467#issuecomment-408254613 ↩

[yaahc]

what the heck rfcbot, why hast thou forsaken me

[dtolnay]

@rust-lang/libs-api:
@rfcbot fcp merge

[rfcbot]

Team member @dtolnay has proposed to merge this. The next step is review by the rest of the tagged team members:

• @Amanieu
• @BurntSushi
• @dtolnay
• @joshtriplett
• @m-ou-se
• @yaahc

No concerns currently listed.

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

[SimonSapin]

My mistake, sorry!

[rfcbot]

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

This will be merged soon.

[yaahc]

@bors r+

[bors]

📌 Commit 7ccc09b has been approved by yaahc

[bors]

⌛ Testing commit 7ccc09b with merge 16a97d47bd8cd68c8ff28dce1fb54152f67e652b...

[bors]

💔 Test failed - checks-actions

[rust-log-analyzer]

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

[lcnr]

@bors retry

[bors]

⌛ Testing commit 7ccc09b with merge 9fed130...

[bors]

☀️ Test successful - checks-actions
Approved by: yaahc
Pushing 9fed130 to master...

[rust-timer]

Finished benchmarking commit (9fed130): comparison url.

Instruction count

• Primary benchmarks: no relevant changes found
• Secondary benchmarks: 😿 relevant regressions found

	mean1	max	count2
Regressions 😿 (primary)	N/A	N/A	0
Regressions 😿 (secondary)	1.1%	1.1%	3
Improvements 🎉 (primary)	N/A	N/A	0
Improvements 🎉 (secondary)	N/A	N/A	0
All 😿🎉 (primary)	N/A	N/A	0

Max RSS (memory usage)

Results

• Primary benchmarks: no relevant changes found
• Secondary benchmarks: mixed results

	mean1	max	count2
Regressions 😿 (primary)	N/A	N/A	0
Regressions 😿 (secondary)	4.0%	4.0%	1
Improvements 🎉 (primary)	N/A	N/A	0
Improvements 🎉 (secondary)	-4.1%	-6.9%	3
All 😿🎉 (primary)	N/A	N/A	0

Cycles

Results

• Primary benchmarks: no relevant changes found
• Secondary benchmarks: 🎉 relevant improvement found

	mean1	max	count2
Regressions 😿 (primary)	N/A	N/A	0
Regressions 😿 (secondary)	N/A	N/A	0
Improvements 🎉 (primary)	N/A	N/A	0
Improvements 🎉 (secondary)	-2.6%	-2.6%	1
All 😿🎉 (primary)	N/A	N/A	0

If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf.

@rustbot label: -perf-regression

Footnotes

1. the arithmetic mean of the percent change ↩ ↩² ↩³

2. number of relevant changes ↩ ↩² ↩³

[RalfJung]

This should have used invalid rather than a int2ptr cast.
(The strict provenance stuff landed in between this PR here being created and landing, which I guess is why this was missed.)

Fixed in #97764