UB-check for alignment of ptr to Box::from_raw{,_in}

hkBst · hkBst · commit ff5f852b21e2 · 2025-02-23T15:35:31.000+01:00
diff --git a/library/alloc/src/boxed.rs b/library/alloc/src/boxed.rs
@@ -1017,7 +1017,7 @@ impl<T: ?Sized> Box<T> {
     /// resulting `Box`. Specifically, the `Box` destructor will call
     /// the destructor of `T` and free the allocated memory. For this
     /// to be safe, the memory must have been allocated in accordance
-    /// with the [memory layout] used by `Box` .
+    /// with the [memory layout] used by `Box`.
     ///
     /// # Safety
     ///
@@ -1056,8 +1056,18 @@ impl<T: ?Sized> Box<T> {
     #[stable(feature = "box_raw", since = "1.4.0")]
     #[inline]
     #[must_use = "call `drop(Box::from_raw(ptr))` if you intend to drop the `Box`"]
-    pub unsafe fn from_raw(raw: *mut T) -> Self {
-        unsafe { Self::from_raw_in(raw, Global) }
+    pub unsafe fn from_raw(ptr: *mut T) -> Self {
+        core::assert_unsafe_precondition!(
+            check_language_ub,
+            "Box::from_raw requires that its pointer argument is properly aligned and not null",
+            (
+                ptr: *const () = ptr as *const (),
+                align: usize = align_of::<T>(),
+            ) => ptr.is_aligned_to(align) && !ptr.is_null()
+        );
+
+        //assert_pointer_is_aligned_and_not_null!("Box::from_raw", ptr, align_of::<T>(), T::IS_ZST);
+        unsafe { Self::from_raw_in(ptr, Global) }
     }
 
     /// Constructs a box from a `NonNull` pointer.
@@ -1111,6 +1121,12 @@ impl<T: ?Sized> Box<T> {
     #[inline]
     #[must_use = "call `drop(Box::from_non_null(ptr))` if you intend to drop the `Box`"]
     pub unsafe fn from_non_null(ptr: NonNull<T>) -> Self {
+        /*assert_pointer_is_aligned_and_not_null!(
+            "Box::from_non_null",
+            ptr,
+            align_of::<T>(),
+            T::IS_ZST
+        );*/
         unsafe { Self::from_raw(ptr.as_ptr()) }
     }
 }
@@ -1166,8 +1182,14 @@ impl<T: ?Sized, A: Allocator> Box<T, A> {
     #[unstable(feature = "allocator_api", issue = "32838")]
     #[rustc_const_unstable(feature = "const_box", issue = "92521")]
     #[inline]
-    pub const unsafe fn from_raw_in(raw: *mut T, alloc: A) -> Self {
-        Box(unsafe { Unique::new_unchecked(raw) }, alloc)
+    pub const unsafe fn from_raw_in(ptr: *mut T, alloc: A) -> Self {
+        /*assert_pointer_is_aligned_and_not_null!(
+            "Box::from_raw_in",
+            ptr,
+            align_of::<T>(),
+            T::IS_ZST
+        );*/
+        Box(unsafe { Unique::new_unchecked(ptr) }, alloc)
     }
 
     /// Constructs a box from a `NonNull` pointer in the given allocator.
diff --git a/library/alloc/src/lib.rs b/library/alloc/src/lib.rs
@@ -154,6 +154,7 @@
 #![feature(try_trait_v2)]
 #![feature(try_with_capacity)]
 #![feature(tuple_trait)]
+#![feature(ub_checks)]
 #![feature(unicode_internals)]
 #![feature(unsize)]
 #![feature(unwrap_infallible)]
diff --git a/library/core/src/intrinsics/mod.rs b/library/core/src/intrinsics/mod.rs
@@ -4169,7 +4169,7 @@ pub const fn size_of<T>() -> usize {
 #[rustc_intrinsic_const_stable_indirect]
 #[rustc_intrinsic]
 #[rustc_intrinsic_must_be_overridden]
-pub const fn min_align_of<T>() -> usize {
+pub const fn min_align_of<T: ?Sized>() -> usize {
     unreachable!()
 }
 
diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs
@@ -463,7 +463,7 @@ pub fn min_align_of_val<T: ?Sized>(val: &T) -> usize {
 #[stable(feature = "rust1", since = "1.0.0")]
 #[rustc_promotable]
 #[rustc_const_stable(feature = "const_align_of", since = "1.24.0")]
-pub const fn align_of<T>() -> usize {
+pub const fn align_of<T: ?Sized>() -> usize {
     intrinsics::min_align_of::<T>()
 }
 
diff --git a/library/core/src/ub_checks.rs b/library/core/src/ub_checks.rs
@@ -90,7 +90,7 @@ pub use intrinsics::ub_checks as check_library_ub;
 /// language UB checks which generally produce better errors.
 #[inline]
 #[rustc_allow_const_fn_unstable(const_eval_select)]
-pub(crate) const fn check_language_ub() -> bool {
+pub const fn check_language_ub() -> bool {
     // Only used for UB checks so we may const_eval_select.
     intrinsics::ub_checks()
         && const_eval_select!(
@@ -129,6 +129,19 @@ pub(crate) const fn maybe_is_aligned_and_not_null(
     )
 }
 
+/// Specialized version of `assert_unsafe_precondition` for checking that a pointer is properly aligned and not null
+#[macro_export]
+#[unstable(feature = "ub_checks", issue = "none")]
+macro_rules! assert_pointer_is_aligned_and_not_null {
+    ($function_name: literal, $ptr: expr, $align: expr, $is_zst: expr) => {
+        ::core::assert_unsafe_precondition!(
+            check_language_ub,
+            concat!($function_name, " requires that its pointer argument is properly aligned and not null"),
+            () => ::core::ub_checks::maybe_is_aligned_and_not_null(ptr as *const (), $align, $is_zst)
+        );
+    }
+}
+
 #[inline]
 pub(crate) const fn is_valid_allocation_size(size: usize, len: usize) -> bool {
     let max_len = if size == 0 { usize::MAX } else { isize::MAX as usize / size };

Original file line number	Diff line number	Diff line change
`@@ -4169,7 +4169,7 @@ pub const fn size_of<T>() -> usize {`
`4169`	`4169`	`#[rustc_intrinsic_const_stable_indirect]`
`4170`	`4170`	`#[rustc_intrinsic]`
`4171`	`4171`	`#[rustc_intrinsic_must_be_overridden]`
`4172`		`-pub const fn min_align_of<T>() -> usize {`
	`4172`	`+pub const fn min_align_of<T: ?Sized>() -> usize {`
`4173`	`4173`	`unreachable!()`
`4174`	`4174`	`}`
`4175`	`4175`
Original file line number	Diff line number	Diff line change
`@@ -463,7 +463,7 @@ pub fn min_align_of_val<T: ?Sized>(val: &T) -> usize {`
`463`	`463`	`#[stable(feature = "rust1", since = "1.0.0")]`
`464`	`464`	`#[rustc_promotable]`
`465`	`465`	`#[rustc_const_stable(feature = "const_align_of", since = "1.24.0")]`
`466`		`-pub const fn align_of<T>() -> usize {`
	`466`	`+pub const fn align_of<T: ?Sized>() -> usize {`
`467`	`467`	`intrinsics::min_align_of::<T>()`
`468`	`468`	`}`
`469`	`469`