Rollup merge of #78578 - oli-obk:const_mut_refs, r=RalfJung

Permit mutable references in all const contexts

fixes #71212

cc `@rust-lang/wg-const-eval` `@christianpoveda`

Author: jonas-schievink

Diff for: compiler/rustc_mir/src/transform/check_consts/ops.rs

@@ -268,16 +268,20 @@ impl NonConstOp for CellBorrow {
 }
 
 #[derive(Debug)]
+/// This op is for `&mut` borrows in the trailing expression of a constant
+/// which uses the "enclosing scopes rule" to leak its locals into anonymous
+/// static or const items.
 pub struct MutBorrow(pub hir::BorrowKind);
 
 impl NonConstOp for MutBorrow {
-    fn status_in_item(&self, ccx: &ConstCx<'_, '_>) -> Status {
-        // Forbid everywhere except in const fn with a feature gate
-        if ccx.const_kind() == hir::ConstContext::ConstFn {
-            Status::Unstable(sym::const_mut_refs)
-        } else {
-            Status::Forbidden
-        }
+    fn status_in_item(&self, _ccx: &ConstCx<'_, '_>) -> Status {
+        Status::Forbidden
+    }
+
+    fn importance(&self) -> DiagnosticImportance {
+        // If there were primary errors (like non-const function calls), do not emit further
+        // errors about mutable references.
+        DiagnosticImportance::Secondary
     }
 
     fn build_error(&self, ccx: &ConstCx<'_, 'tcx>, span: Span) -> DiagnosticBuilder<'tcx> {
@@ -286,25 +290,15 @@ impl NonConstOp for MutBorrow {
             hir::BorrowKind::Ref => "",
         };
 
-        let mut err = if ccx.const_kind() == hir::ConstContext::ConstFn {
-            feature_err(
-                &ccx.tcx.sess.parse_sess,
-                sym::const_mut_refs,
-                span,
-                &format!("{}mutable references are not allowed in {}s", raw, ccx.const_kind()),
-            )
-        } else {
-            let mut err = struct_span_err!(
-                ccx.tcx.sess,
-                span,
-                E0764,
-                "{}mutable references are not allowed in {}s",
-                raw,
-                ccx.const_kind(),
-            );
-            err.span_label(span, format!("`&{}mut` is only allowed in `const fn`", raw));
-            err
-        };
+        let mut err = struct_span_err!(
+            ccx.tcx.sess,
+            span,
+            E0764,
+            "{}mutable references are not allowed in the final value of {}s",
+            raw,
+            ccx.const_kind(),
+        );
+
         if ccx.tcx.sess.teach(&err.get_code().unwrap()) {
             err.note(
                 "References in statics and constants may only refer \
@@ -321,6 +315,29 @@ impl NonConstOp for MutBorrow {
     }
 }
 
+#[derive(Debug)]
+pub struct TransientMutBorrow(pub hir::BorrowKind);
+
+impl NonConstOp for TransientMutBorrow {
+    fn status_in_item(&self, _: &ConstCx<'_, '_>) -> Status {
+        Status::Unstable(sym::const_mut_refs)
+    }
+
+    fn build_error(&self, ccx: &ConstCx<'_, 'tcx>, span: Span) -> DiagnosticBuilder<'tcx> {
+        let raw = match self.0 {
+            hir::BorrowKind::Raw => "raw ",
+            hir::BorrowKind::Ref => "",
+        };
+
+        feature_err(
+            &ccx.tcx.sess.parse_sess,
+            sym::const_mut_refs,
+            span,
+            &format!("{}mutable references are not allowed in {}s", raw, ccx.const_kind()),
+        )
+    }
+}
+
 #[derive(Debug)]
 pub struct MutDeref;
 impl NonConstOp for MutDeref {
@@ -329,7 +346,7 @@ impl NonConstOp for MutDeref {
     }
 
     fn importance(&self) -> DiagnosticImportance {
-        // Usually a side-effect of a `MutBorrow` somewhere.
+        // Usually a side-effect of a `TransientMutBorrow` somewhere.
         DiagnosticImportance::Secondary
     }
 

Diff for: compiler/rustc_mir/src/transform/check_consts/validation.rs

@@ -466,6 +466,29 @@ impl Validator<'mir, 'tcx> {
             }
         }
     }
+
+    fn check_mut_borrow(&mut self, local: Local, kind: hir::BorrowKind) {
+        match self.const_kind() {
+            // In a const fn all borrows are transient or point to the places given via
+            // references in the arguments (so we already checked them with
+            // TransientMutBorrow/MutBorrow as appropriate).
+            // The borrow checker guarantees that no new non-transient borrows are created.
+            // NOTE: Once we have heap allocations during CTFE we need to figure out
+            // how to prevent `const fn` to create long-lived allocations that point
+            // to mutable memory.
+            hir::ConstContext::ConstFn => self.check_op(ops::TransientMutBorrow(kind)),
+            _ => {
+                // Locals with StorageDead do not live beyond the evaluation and can
+                // thus safely be borrowed without being able to be leaked to the final
+                // value of the constant.
+                if self.local_has_storage_dead(local) {
+                    self.check_op(ops::TransientMutBorrow(kind));
+                } else {
+                    self.check_op(ops::MutBorrow(kind));
+                }
+            }
+        }
+    }
 }
 
 impl Visitor<'tcx> for Validator<'mir, 'tcx> {
@@ -562,15 +585,15 @@ impl Visitor<'tcx> for Validator<'mir, 'tcx> {
 
                 if !is_allowed {
                     if let BorrowKind::Mut { .. } = kind {
-                        self.check_op(ops::MutBorrow(hir::BorrowKind::Ref));
+                        self.check_mut_borrow(place.local, hir::BorrowKind::Ref)
                     } else {
                         self.check_op(ops::CellBorrow);
                     }
                 }
             }
 
-            Rvalue::AddressOf(Mutability::Mut, _) => {
-                self.check_op(ops::MutBorrow(hir::BorrowKind::Raw))
+            Rvalue::AddressOf(Mutability::Mut, ref place) => {
+                self.check_mut_borrow(place.local, hir::BorrowKind::Raw)
             }
 
             Rvalue::Ref(_, BorrowKind::Shared | BorrowKind::Shallow, ref place)

Diff for: src/test/ui/check-static-immutable-mut-slices.rs

@@ -1,6 +1,6 @@
 // Checks that immutable static items can't have mutable slices
 
 static TEST: &'static mut [isize] = &mut [];
-//~^ ERROR mutable references are not allowed in statics
+//~^ ERROR mutable references are not allowed
 
 pub fn main() { }

Diff for: src/test/ui/check-static-immutable-mut-slices.stderr

@@ -1,8 +1,8 @@
-error[E0764]: mutable references are not allowed in statics
+error[E0764]: mutable references are not allowed in the final value of statics
   --> $DIR/check-static-immutable-mut-slices.rs:3:37
    |
 LL | static TEST: &'static mut [isize] = &mut [];
-   |                                     ^^^^^^^ `&mut` is only allowed in `const fn`
+   |                                     ^^^^^^^
 
 error: aborting due to previous error
 

Diff for: src/test/ui/consts/const-address-of-mut.stderr

@@ -1,20 +1,29 @@
-error[E0764]: raw mutable references are not allowed in constants
+error[E0658]: raw mutable references are not allowed in constants
   --> $DIR/const-address-of-mut.rs:3:32
    |
 LL | const A: () = { let mut x = 2; &raw mut x; };
-   |                                ^^^^^^^^^^ `&raw mut` is only allowed in `const fn`
+   |                                ^^^^^^^^^^
+   |
+   = note: see issue #57349 <https://github.com/rust-lang/rust/issues/57349> for more information
+   = help: add `#![feature(const_mut_refs)]` to the crate attributes to enable
 
-error[E0764]: raw mutable references are not allowed in statics
+error[E0658]: raw mutable references are not allowed in statics
   --> $DIR/const-address-of-mut.rs:5:33
    |
 LL | static B: () = { let mut x = 2; &raw mut x; };
-   |                                 ^^^^^^^^^^ `&raw mut` is only allowed in `const fn`
+   |                                 ^^^^^^^^^^
+   |
+   = note: see issue #57349 <https://github.com/rust-lang/rust/issues/57349> for more information
+   = help: add `#![feature(const_mut_refs)]` to the crate attributes to enable
 
-error[E0764]: raw mutable references are not allowed in statics
+error[E0658]: raw mutable references are not allowed in statics
   --> $DIR/const-address-of-mut.rs:7:37
    |
 LL | static mut C: () = { let mut x = 2; &raw mut x; };
-   |                                     ^^^^^^^^^^ `&raw mut` is only allowed in `const fn`
+   |                                     ^^^^^^^^^^
+   |
+   = note: see issue #57349 <https://github.com/rust-lang/rust/issues/57349> for more information
+   = help: add `#![feature(const_mut_refs)]` to the crate attributes to enable
 
 error[E0658]: raw mutable references are not allowed in constant functions
   --> $DIR/const-address-of-mut.rs:11:13
@@ -27,5 +36,4 @@ LL |     let y = &raw mut x;
 
 error: aborting due to 4 previous errors
 
-Some errors have detailed explanations: E0658, E0764.
-For more information about an error, try `rustc --explain E0658`.
+For more information about this error, try `rustc --explain E0658`.

Diff for: src/test/ui/consts/const-eval/issue-65394.stderr

@@ -1,8 +1,11 @@
-error[E0764]: mutable references are not allowed in constants
+error[E0658]: mutable references are not allowed in constants
   --> $DIR/issue-65394.rs:8:13
    |
 LL |     let r = &mut x;
-   |             ^^^^^^ `&mut` is only allowed in `const fn`
+   |             ^^^^^^
+   |
+   = note: see issue #57349 <https://github.com/rust-lang/rust/issues/57349> for more information
+   = help: add `#![feature(const_mut_refs)]` to the crate attributes to enable
 
 error[E0493]: destructors cannot be evaluated at compile-time
   --> $DIR/issue-65394.rs:7:9
@@ -15,5 +18,5 @@ LL | };
 
 error: aborting due to 2 previous errors
 
-Some errors have detailed explanations: E0493, E0764.
+Some errors have detailed explanations: E0493, E0658.
 For more information about an error, try `rustc --explain E0493`.

Diff for: src/test/ui/consts/const-multi-ref.stderr

@@ -1,8 +1,11 @@
-error[E0764]: mutable references are not allowed in constants
+error[E0658]: mutable references are not allowed in constants
   --> $DIR/const-multi-ref.rs:6:13
    |
 LL |     let p = &mut a;
-   |             ^^^^^^ `&mut` is only allowed in `const fn`
+   |             ^^^^^^
+   |
+   = note: see issue #57349 <https://github.com/rust-lang/rust/issues/57349> for more information
+   = help: add `#![feature(const_mut_refs)]` to the crate attributes to enable
 
 error[E0658]: cannot borrow here, since the borrowed element may contain interior mutability
   --> $DIR/const-multi-ref.rs:16:13
@@ -15,5 +18,4 @@ LL |     let p = &a;
 
 error: aborting due to 2 previous errors
 
-Some errors have detailed explanations: E0658, E0764.
-For more information about an error, try `rustc --explain E0658`.
+For more information about this error, try `rustc --explain E0658`.

Diff for: src/test/ui/consts/const-mut-refs/const_mut_address_of.rs

@@ -1,3 +1,4 @@
+// check-pass
 #![feature(const_mut_refs)]
 #![feature(const_fn)]
 #![feature(raw_ref_op)]
@@ -22,9 +23,7 @@ const fn baz(foo: &mut Foo)-> *mut usize {
 
 const _: () = {
     foo().bar();
-    //~^ ERROR mutable references are not allowed in constants
     baz(&mut foo());
-    //~^ ERROR mutable references are not allowed in constants
 };
 
 fn main() {}

Diff for: src/test/ui/consts/const-mut-refs/const_mut_address_of.stderr

@@ -1,3 +1,4 @@
+// check-pass
 #![feature(const_mut_refs)]
 
 struct Foo {
@@ -29,9 +30,6 @@ const fn bazz(foo: &mut Foo) -> usize {
 
 fn main() {
     let _: [(); foo().bar()] = [(); 1];
-    //~^ ERROR mutable references are not allowed in constants
     let _: [(); baz(&mut foo())] = [(); 2];
-    //~^ ERROR mutable references are not allowed in constants
     let _: [(); bazz(&mut foo())] = [(); 3];
-    //~^ ERROR mutable references are not allowed in constants
 }

Diff for: src/test/ui/consts/const-mut-refs/const_mut_refs.rs

@@ -0,0 +1,57 @@
+#![feature(const_mut_refs)]
+#![feature(const_fn)]
+#![feature(raw_ref_op)]
+#![feature(const_raw_ptr_deref)]
+
+const NULL: *mut i32 = std::ptr::null_mut();
+const A: *const i32 = &4;
+
+// It could be made sound to allow it to compile,
+// but we do not want to allow this to compile,
+// as that would be an enormous footgun in oli-obk's opinion.
+const B: *mut i32 = &mut 4; //~ ERROR mutable references are not allowed
+
+// Ok, no actual mutable allocation exists
+const B2: Option<&mut i32> = None;
+
+// Not ok, can't prove that no mutable allocation ends up in final value
+const B3: Option<&mut i32> = Some(&mut 42); //~ ERROR temporary value dropped while borrowed
+
+const fn helper(x: &mut i32) -> Option<&mut i32> { Some(x) }
+const B4: Option<&mut i32> = helper(&mut 42); //~ ERROR temporary value dropped while borrowed
+
+// Ok, because no references to mutable data exist here, since the `{}` moves
+// its value and then takes a reference to that.
+const C: *const i32 = &{
+    let mut x = 42;
+    x += 3;
+    x
+};
+
+use std::cell::UnsafeCell;
+struct NotAMutex<T>(UnsafeCell<T>);
+
+unsafe impl<T> Sync for NotAMutex<T> {}
+
+const FOO: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
+//~^ ERROR temporary value dropped while borrowed
+
+static FOO2: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
+//~^ ERROR temporary value dropped while borrowed
+
+static mut FOO3: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
+//~^ ERROR temporary value dropped while borrowed
+
+// `BAR` works, because `&42` promotes immediately instead of relying on
+// the enclosing scope rule.
+const BAR: NotAMutex<&i32> = NotAMutex(UnsafeCell::new(&42));
+
+fn main() {
+    println!("{}", unsafe { *A });
+    unsafe { *B = 4 } // Bad news
+
+    unsafe {
+        **FOO.0.get() = 99;
+        assert_eq!(**FOO.0.get(), 99);
+    }
+}