const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns

[RalfJung]

This fixes #140653 by accepting code such as this:

static FOO: AtomicU32 = AtomicU32::new(0);
const C: &'static AtomicU32 = &FOO;

This can be written entirely in safe code, so there can't really be anything wrong with it.

We also accept the much more questionable following code, since it looks very similar to the interpreter:

static mut FOO2: u32 = 0;
const C2: &'static u32 = unsafe { &mut FOO2 };

Using this without causing UB is at least very hard (the details are unclear since it is related to how the aliasing model deals with the staging of const-eval vs runtime code).

If a constant like C2 is used as a pattern, we emit an error:

error: constant BAD_PATTERN cannot be used as pattern
  --> $DIR/const_refs_to_static_fail.rs:30:9
   |
LL |         BAD_PATTERN => {},
   |         ^^^^^^^^^^^
   |
   = note: constants that reference mutable or external memory cannot be used as pattern

(If you somehow manage to build a pattern with constant C, you'd get the same error, but that should be impossible: we don't have a type that can be used in patterns and that has interior mutability.)

The same treatment is afforded for shared references to extern static, for the same reason: the const evaluation is entirely fine with it, we just can't build a pattern for it -- and when using interior mutability, this can be totally sound.

We do still not accept anything where there is an &mut in the final value of the const, as that should always require unsafe code and it's hard to imagine a sound use-case that would require this.

[rustbot]

r? @jieyouxu

rustbot has assigned @jieyouxu.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[rustbot]

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri, @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

[RalfJung]

@rust-lang/lang nominating for FCP following prior discussion in #140653.

[rustbot]

Some changes occurred in src/tools/clippy

cc @rust-lang/clippy

[jieyouxu]

r? @oli-obk (or someone way more familiar with const-eval)

[traviscross]

As discussed in #140653 (comment), this sounds right to me, and I propose that we do it.

@rfcbot fcp merge

[rfcbot]

Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members:

• @joshtriplett
• @nikomatsakis
• @scottmcm
• @tmandry
• @traviscross

Concerns:

• whole team signoff resolved by const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns #140942 (comment)

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns.
See this document for info about what commands tagged team members can give me.

[RalfJung]

Reference PR: rust-lang/reference#1859

[rfcbot]

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

This will be merged soon.

[RalfJung]

@bors r=oli-obk

[bors]

📌 Commit 6f196f8 has been approved by oli-obk

It is now in the queue for this repository.

[RalfJung]

@bors r-
I guess the reference PR has to land first?

[RalfJung]

@oli-obk based on @ehuss's questions in rust-lang/reference#1859, I made the "borrow of non-transient" error more uniform (use a shared error for raw and ref borrows, and use the same wording for mutable and interior mutable borrows), and made them explicitly talk about lifetime extension, since we have to wait for that reference PR anyway. If you prefer, I can also split this into a separate PR.

[rustbot]

Some changes occurred to constck

cc @fee1-dead

[RalfJung]

This is still somewhat abbreviated... lifetime extension "within" constants is fine, it's just lifetime extension at the top-level scope where we restrict borrows. I couldn't think of a good way to concisely state this.

[oli-obk]

we don't need to be concise if we add some more info at the label or in a note. That's probably worth it for this case that will otherwise send most ppl to having to ask for help in a forum

[rust-log-analyzer]

The job aarch64-gnu-llvm-19-1 failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

---- [ui] tests/ui/consts/const-mut-refs/mut_ref_in_final.rs stdout ----
Saved the actual stderr to `/checkout/obj/build/aarch64-unknown-linux-gnu/test/ui/consts/const-mut-refs/mut_ref_in_final/mut_ref_in_final.stderr`
diff of stderr:

4 LL | const B: *mut i32 = &mut 4;
5    |                     ^^^^^^
6 
- error[E0764]: mutable references are not allowed in the final value of constants
+ error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in constants
8   --> $DIR/mut_ref_in_final.rs:21:35
9    |
10 LL | const B3: Option<&mut i32> = Some(&mut 42);


The actual stderr differed from the expected stderr
To update references, rerun the tests and pass the `--bless` flag
To only update this specific test, also pass `--test-args consts/const-mut-refs/mut_ref_in_final.rs`

error: 1 errors occurred comparing output.
status: exit status: 1
command: env -u RUSTC_LOG_COLOR RUSTC_ICE="0" RUST_BACKTRACE="short" "/checkout/obj/build/aarch64-unknown-linux-gnu/stage2/bin/rustc" "/checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs" "-Zthreads=1" "-Zsimulate-remapped-rust-src-base=/rustc/FAKE_PREFIX" "-Ztranslate-remapped-path-to-local-path=no" "-Z" "ignore-directory-in-diagnostics-source-blocks=/cargo" "-Z" "ignore-directory-in-diagnostics-source-blocks=/checkout/vendor" "--sysroot" "/checkout/obj/build/aarch64-unknown-linux-gnu/stage2" "--target=aarch64-unknown-linux-gnu" "--check-cfg" "cfg(test,FALSE)" "--error-format" "json" "--json" "future-incompat" "-Ccodegen-units=1" "-Zui-testing" "-Zdeduplicate-diagnostics=no" "-Zwrite-long-types-to-disk=no" "-Cstrip=debuginfo" "--emit" "metadata" "-C" "prefer-dynamic" "--out-dir" "/checkout/obj/build/aarch64-unknown-linux-gnu/test/ui/consts/const-mut-refs/mut_ref_in_final" "-A" "unused" "-A" "internal_features" "-Crpath" "-Cdebuginfo=0" "-Lnative=/checkout/obj/build/aarch64-unknown-linux-gnu/native/rust-test-helpers"
stdout: none
--- stderr -------------------------------
error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in constants
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:15:21
   |
LL | const B: *mut i32 = &mut 4; //~ ERROR mutable borrows of lifetime-extended temporaries
   |                     ^^^^^^

error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in constants
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:21:35
   |
LL | const B3: Option<&mut i32> = Some(&mut 42); //~ ERROR mutable references are not allowed
   |                                   ^^^^^^^

error[E0716]: temporary value dropped while borrowed
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:24:42
   |
LL | const B4: Option<&mut i32> = helper(&mut 42); //~ ERROR temporary value dropped while borrowed
   |                              ------------^^-
   |                              |           | |
   |                              |           | temporary value is freed at the end of this statement
   |                              |           creates a temporary value which is freed while still in use
   |                              using this value as a constant requires that borrow lasts for `'static`

error[E0080]: constructing invalid value: encountered mutable reference or box pointing to read-only memory
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:27:1
   |
LL | const IMMUT_MUT_REF: &mut u16 = unsafe { mem::transmute(&13) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ it is undefined behavior to use this value
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
   = note: the raw bytes of the constant (size: 8, align: 8) {
               ╾────alloc10<imm>─────╼                         │ ╾──────╼
           }

error[E0080]: constructing invalid value: encountered mutable reference or box pointing to read-only memory
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:29:1
   |
LL | static IMMUT_MUT_REF_STATIC: &mut u16 = unsafe { mem::transmute(&13) };
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ it is undefined behavior to use this value
   |
   = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
   = note: the raw bytes of the constant (size: 8, align: 8) {
               ╾────alloc14<imm>─────╼                         │ ╾──────╼
           }

error[E0716]: temporary value dropped while borrowed
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:52:65
   |
LL | const FOO: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
   |                                  -------------------------------^^--
   |                                  |                              |  |
   |                                  |                              |  temporary value is freed at the end of this statement
   |                                  |                              creates a temporary value which is freed while still in use
   |                                  using this value as a constant requires that borrow lasts for `'static`

error[E0716]: temporary value dropped while borrowed
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:55:67
   |
LL | static FOO2: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
   |                                    -------------------------------^^--
   |                                    |                              |  |
   |                                    |                              |  temporary value is freed at the end of this statement
   |                                    |                              creates a temporary value which is freed while still in use
   |                                    using this value as a static requires that borrow lasts for `'static`

error[E0716]: temporary value dropped while borrowed
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:58:71
   |
LL | static mut FOO3: NotAMutex<&mut i32> = NotAMutex(UnsafeCell::new(&mut 42));
   |                                        -------------------------------^^--
   |                                        |                              |  |
   |                                        |                              |  temporary value is freed at the end of this statement
   |                                        |                              creates a temporary value which is freed while still in use
   |                                        using this value as a static requires that borrow lasts for `'static`

error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in statics
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:71:53
   |
LL | static RAW_MUT_CAST_S: SyncPtr<i32> = SyncPtr { x : &mut 42 as *mut _ as *const _ };
   |                                                     ^^^^^^^

error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in statics
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:73:54
   |
LL | static RAW_MUT_COERCE_S: SyncPtr<i32> = SyncPtr { x: &mut 0 };
   |                                                      ^^^^^^

error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in constants
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:75:52
   |
LL | const RAW_MUT_CAST_C: SyncPtr<i32> = SyncPtr { x : &mut 42 as *mut _ as *const _ };
   |                                                    ^^^^^^^

error[E0764]: mutable borrows of lifetime-extended temporaries are not allowed in constants
##[error]  --> /checkout/tests/ui/consts/const-mut-refs/mut_ref_in_final.rs:77:53
   |
LL | const RAW_MUT_COERCE_C: SyncPtr<i32> = SyncPtr { x: &mut 0 };
   |                                                     ^^^^^^

error: aborting due to 12 previous errors

Some errors have detailed explanations: E0080, E0716, E0764.