Add overflow_checks intrinsic

compiler/rustc_borrowck/src/type_check/mod.rs

@@ -1040,8 +1040,7 @@ impl<'a, 'tcx> Visitor<'tcx> for TypeChecker<'a, 'tcx> {
                     ConstraintCategory::SizedBound,
                 );
             }
-            &Rvalue::NullaryOp(NullOp::ContractChecks, _) => {}
-            &Rvalue::NullaryOp(NullOp::UbChecks, _) => {}
+            &Rvalue::NullaryOp(NullOp::RuntimeChecks(_), _) => {}
 
             Rvalue::ShallowInitBox(_operand, ty) => {
                 let trait_ref = ty::TraitRef::new(

compiler/rustc_codegen_cranelift/src/base.rs

@@ -836,17 +836,8 @@ fn codegen_stmt<'tcx>(
                                 fields.iter(),
                             )
                             .bytes(),
-                        NullOp::UbChecks => {
-                            let val = fx.tcx.sess.ub_checks();
-                            let val = CValue::by_val(
-                                fx.bcx.ins().iconst(types::I8, i64::from(val)),
-                                fx.layout_of(fx.tcx.types.bool),
-                            );
-                            lval.write_cvalue(fx, val);
-                            return;
-                        }
-                        NullOp::ContractChecks => {
-                            let val = fx.tcx.sess.contract_checks();
+                        NullOp::RuntimeChecks(kind) => {
+                            let val = kind.value(fx.tcx.sess);
                             let val = CValue::by_val(
                                 fx.bcx.ins().iconst(types::I8, i64::from(val)),
                                 fx.layout_of(fx.tcx.types.bool),

compiler/rustc_codegen_ssa/src/mir/rvalue.rs

@@ -752,12 +752,8 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
                             .bytes();
                         bx.cx().const_usize(val)
                     }
-                    mir::NullOp::UbChecks => {
-                        let val = bx.tcx().sess.ub_checks();
-                        bx.cx().const_bool(val)
-                    }
-                    mir::NullOp::ContractChecks => {
-                        let val = bx.tcx().sess.contract_checks();
+                    mir::NullOp::RuntimeChecks(kind) => {
+                        let val = kind.value(bx.tcx().sess);
                         bx.cx().const_bool(val)
                     }
                 };

compiler/rustc_const_eval/src/check_consts/check.rs

@@ -675,11 +675,7 @@ impl<'tcx> Visitor<'tcx> for Checker<'_, 'tcx> {
             Rvalue::Cast(_, _, _) => {}
 
             Rvalue::NullaryOp(
-                NullOp::SizeOf
-                | NullOp::AlignOf
-                | NullOp::OffsetOf(_)
-                | NullOp::UbChecks
-                | NullOp::ContractChecks,
+                NullOp::SizeOf | NullOp::AlignOf | NullOp::OffsetOf(_) | NullOp::RuntimeChecks(_),
                 _,
             ) => {}
             Rvalue::ShallowInitBox(_, _) => {}

compiler/rustc_const_eval/src/interpret/machine.rs

@@ -296,11 +296,11 @@ pub trait Machine<'tcx>: Sized {
         interp_ok(())
     }
 
-    /// Determines the result of a `NullaryOp::UbChecks` invocation.
-    fn ub_checks(_ecx: &InterpCx<'tcx, Self>) -> InterpResult<'tcx, bool>;
-
-    /// Determines the result of a `NullaryOp::ContractChecks` invocation.
-    fn contract_checks(_ecx: &InterpCx<'tcx, Self>) -> InterpResult<'tcx, bool>;
+    /// Determines the result of a `NullaryOp::RuntimeChecks` invocation.
+    fn runtime_checks(
+        _ecx: &InterpCx<'tcx, Self>,
+        r: mir::RuntimeChecks,
+    ) -> InterpResult<'tcx, bool>;
 
     /// Called when the interpreter encounters a `StatementKind::ConstEvalCounter` instruction.
     /// You can use this to detect long or endlessly running programs.
@@ -677,14 +677,10 @@ pub macro compile_time_machine(<$tcx: lifetime>) {
     }
 
     #[inline(always)]
-    fn ub_checks(_ecx: &InterpCx<$tcx, Self>) -> InterpResult<$tcx, bool> {
-        // We can't look at `tcx.sess` here as that can differ across crates, which can lead to
-        // unsound differences in evaluating the same constant at different instantiation sites.
-        interp_ok(true)
-    }
-
-    #[inline(always)]
-    fn contract_checks(_ecx: &InterpCx<$tcx, Self>) -> InterpResult<$tcx, bool> {
+    fn runtime_checks(
+        _ecx: &InterpCx<$tcx, Self>,
+        _r: mir::RuntimeChecks,
+    ) -> InterpResult<$tcx, bool> {
         // We can't look at `tcx.sess` here as that can differ across crates, which can lead to
         // unsound differences in evaluating the same constant at different instantiation sites.
         interp_ok(true)

compiler/rustc_const_eval/src/interpret/operator.rs

@@ -536,8 +536,7 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
                     self.tcx.offset_of_subfield(self.typing_env, layout, fields.iter()).bytes();
                 ImmTy::from_uint(val, usize_layout())
             }
-            UbChecks => ImmTy::from_bool(M::ub_checks(self)?, *self.tcx),
-            ContractChecks => ImmTy::from_bool(M::contract_checks(self)?, *self.tcx),
+            RuntimeChecks(r) => ImmTy::from_bool(M::runtime_checks(self, r)?, *self.tcx),
         })
     }
 }

compiler/rustc_hir_analysis/src/check/intrinsic.rs

@@ -120,6 +120,7 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::contract_checks
         | sym::contract_check_requires
         | sym::contract_check_ensures
+        | sym::overflow_checks
         | sym::fadd_algebraic
         | sym::fsub_algebraic
         | sym::fmul_algebraic
@@ -591,7 +592,7 @@ pub(crate) fn check_intrinsic_type(
             sym::aggregate_raw_ptr => (3, 0, vec![param(1), param(2)], param(0)),
             sym::ptr_metadata => (2, 0, vec![Ty::new_imm_ptr(tcx, param(0))], param(1)),
 
-            sym::ub_checks => (0, 0, Vec::new(), tcx.types.bool),
+            sym::ub_checks | sym::overflow_checks => (0, 0, Vec::new(), tcx.types.bool),
 
             sym::box_new => (1, 0, vec![param(0)], Ty::new_box(tcx, param(0))),
 

compiler/rustc_middle/src/mir/mod.rs

@@ -692,7 +692,9 @@ impl<'tcx> Body<'tcx> {
         }
 
         match rvalue {
-            Rvalue::NullaryOp(NullOp::UbChecks, _) => Some((tcx.sess.ub_checks() as u128, targets)),
+            Rvalue::NullaryOp(NullOp::RuntimeChecks(kind), _) => {
+                Some((kind.value(tcx.sess) as u128, targets))
+            }
             Rvalue::Use(Operand::Constant(constant)) => {
                 let bits = eval_mono_const(constant)?;
                 Some((bits, targets))

compiler/rustc_middle/src/mir/pretty.rs

@@ -1134,8 +1134,13 @@ impl<'tcx> Debug for Rvalue<'tcx> {
                     NullOp::SizeOf => write!(fmt, "SizeOf({t})"),
                     NullOp::AlignOf => write!(fmt, "AlignOf({t})"),
                     NullOp::OffsetOf(fields) => write!(fmt, "OffsetOf({t}, {fields:?})"),
-                    NullOp::UbChecks => write!(fmt, "UbChecks()"),
-                    NullOp::ContractChecks => write!(fmt, "ContractChecks()"),
+                    NullOp::RuntimeChecks(RuntimeChecks::UbChecks) => write!(fmt, "UbChecks()"),
+                    NullOp::RuntimeChecks(RuntimeChecks::ContractChecks) => {
+                        write!(fmt, "ContractChecks()")
+                    }
+                    NullOp::RuntimeChecks(RuntimeChecks::OverflowChecks) => {
+                        write!(fmt, "OverflowChecks()")
+                    }
                 }
             }
             ThreadLocalRef(did) => ty::tls::with(|tcx| {

compiler/rustc_middle/src/mir/statement.rs

@@ -709,8 +709,7 @@ impl<'tcx> Rvalue<'tcx> {
             Rvalue::NullaryOp(NullOp::SizeOf | NullOp::AlignOf | NullOp::OffsetOf(..), _) => {
                 tcx.types.usize
             }
-            Rvalue::NullaryOp(NullOp::ContractChecks, _)
-            | Rvalue::NullaryOp(NullOp::UbChecks, _) => tcx.types.bool,
+            Rvalue::NullaryOp(NullOp::RuntimeChecks(_), _) => tcx.types.bool,
             Rvalue::Aggregate(ref ak, ref ops) => match **ak {
                 AggregateKind::Array(ty) => Ty::new_array(tcx, ty, ops.len() as u64),
                 AggregateKind::Tuple => {
@@ -778,7 +777,7 @@ impl<'tcx> NullOp<'tcx> {
     pub fn ty(&self, tcx: TyCtxt<'tcx>) -> Ty<'tcx> {
         match self {
             NullOp::SizeOf | NullOp::AlignOf | NullOp::OffsetOf(_) => tcx.types.usize,
-            NullOp::UbChecks | NullOp::ContractChecks => tcx.types.bool,
+            NullOp::RuntimeChecks(_) => tcx.types.bool,
         }
     }
 }

compiler/rustc_middle/src/mir/syntax.rs

@@ -1588,12 +1588,31 @@ pub enum NullOp<'tcx> {
     AlignOf,
     /// Returns the offset of a field
     OffsetOf(&'tcx List<(VariantIdx, FieldIdx)>),
+    /// Returns whether we should perform some checking at runtime.
+    RuntimeChecks(RuntimeChecks),
+}
+
+#[derive(Copy, Clone, Debug, PartialEq, Eq, TyEncodable, TyDecodable, Hash, HashStable)]
+pub enum RuntimeChecks {
     /// Returns whether we should perform some UB-checking at runtime.
     /// See the `ub_checks` intrinsic docs for details.
     UbChecks,
     /// Returns whether we should perform contract-checking at runtime.
     /// See the `contract_checks` intrinsic docs for details.
     ContractChecks,
+    /// Returns whether we should perform some overflow-checking at runtime.
+    /// See the `overflow_checks` intrinsic docs for details.
+    OverflowChecks,
+}
+
+impl RuntimeChecks {
+    pub fn value(self, sess: &rustc_session::Session) -> bool {
+        match self {
+            Self::UbChecks => sess.ub_checks(),
+            Self::ContractChecks => sess.contract_checks(),
+            Self::OverflowChecks => sess.overflow_checks(),
+        }
+    }
 }
 
 #[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]

compiler/rustc_middle/src/mir/traversal.rs

@@ -293,9 +293,9 @@ pub fn reverse_postorder<'a, 'tcx>(
 /// reachable.
 ///
 /// Such a traversal is mostly useful because it lets us skip lowering the `false` side
-/// of `if <T as Trait>::CONST`, as well as [`NullOp::UbChecks`].
+/// of `if <T as Trait>::CONST`, as well as [`NullOp::RuntimeChecks`].
 ///
-/// [`NullOp::UbChecks`]: rustc_middle::mir::NullOp::UbChecks
+/// [`NullOp::RuntimeChecks`]: rustc_middle::mir::NullOp::RuntimeChecks
 pub fn mono_reachable<'a, 'tcx>(
     body: &'a Body<'tcx>,
     tcx: TyCtxt<'tcx>,

compiler/rustc_mir_dataflow/src/move_paths/builder.rs

@@ -416,11 +416,7 @@ impl<'a, 'tcx, F: Fn(Ty<'tcx>) -> bool> MoveDataBuilder<'a, 'tcx, F> {
             | Rvalue::Discriminant(..)
             | Rvalue::Len(..)
             | Rvalue::NullaryOp(
-                NullOp::SizeOf
-                | NullOp::AlignOf
-                | NullOp::OffsetOf(..)
-                | NullOp::UbChecks
-                | NullOp::ContractChecks,
+                NullOp::SizeOf | NullOp::AlignOf | NullOp::OffsetOf(..) | NullOp::RuntimeChecks(_),
                 _,
             ) => {}
         }

compiler/rustc_mir_transform/src/cost_checker.rs

@@ -75,7 +75,8 @@ impl<'tcx> Visitor<'tcx> for CostChecker<'_, 'tcx> {
 
     fn visit_rvalue(&mut self, rvalue: &Rvalue<'tcx>, _location: Location) {
         match rvalue {
-            Rvalue::NullaryOp(NullOp::UbChecks, ..)
+            // FIXME: Should we do the same for `OverflowChecks`?
+            Rvalue::NullaryOp(NullOp::RuntimeChecks(RuntimeChecks::UbChecks), ..)
                 if !self
                     .tcx
                     .sess

compiler/rustc_mir_transform/src/gvn.rs

@@ -538,8 +538,7 @@ impl<'body, 'tcx> VnState<'body, 'tcx> {
                         .tcx
                         .offset_of_subfield(self.typing_env(), layout, fields.iter())
                         .bytes(),
-                    NullOp::UbChecks => return None,
-                    NullOp::ContractChecks => return None,
+                    NullOp::RuntimeChecks(_) => return None,
                 };
                 let usize_layout = self.ecx.layout_of(self.tcx.types.usize).unwrap();
                 let imm = ImmTy::from_uint(val, usize_layout);

compiler/rustc_mir_transform/src/instsimplify.rs

@@ -168,7 +168,10 @@ impl<'tcx> InstSimplifyContext<'_, 'tcx> {
     }
 
     fn simplify_ub_check(&self, rvalue: &mut Rvalue<'tcx>) {
-        let Rvalue::NullaryOp(NullOp::UbChecks, _) = *rvalue else { return };
+        // FIXME: Should we do the same for overflow checks?
+        let Rvalue::NullaryOp(NullOp::RuntimeChecks(RuntimeChecks::UbChecks), _) = *rvalue else {
+            return;
+        };
 
         let const_ = Const::from_bool(self.tcx, self.tcx.sess.ub_checks());
         let constant = ConstOperand { span: DUMMY_SP, const_, user_ty: None };

compiler/rustc_mir_transform/src/known_panics_lint.rs

@@ -629,8 +629,7 @@ impl<'mir, 'tcx> ConstPropagator<'mir, 'tcx> {
                         .tcx
                         .offset_of_subfield(self.typing_env, op_layout, fields.iter())
                         .bytes(),
-                    NullOp::UbChecks => return None,
-                    NullOp::ContractChecks => return None,
+                    NullOp::RuntimeChecks(_) => return None,
                 };
                 ImmTy::from_scalar(Scalar::from_target_usize(val, self), layout).into()
             }

compiler/rustc_mir_transform/src/lower_intrinsics.rs

@@ -23,24 +23,19 @@ impl<'tcx> crate::MirPass<'tcx> for LowerIntrinsics {
                     sym::unreachable => {
                         terminator.kind = TerminatorKind::Unreachable;
                     }
-                    sym::ub_checks => {
-                        let target = target.unwrap();
-                        block.statements.push(Statement {
-                            source_info: terminator.source_info,
-                            kind: StatementKind::Assign(Box::new((
-                                *destination,
-                                Rvalue::NullaryOp(NullOp::UbChecks, tcx.types.bool),
-                            ))),
-                        });
-                        terminator.kind = TerminatorKind::Goto { target };
-                    }
-                    sym::contract_checks => {
+                    sym::ub_checks | sym::overflow_checks => {
+                        let op = match intrinsic.name {
+                            sym::ub_checks => RuntimeChecks::UbChecks,
+                            sym::contract_checks => RuntimeChecks::ContractChecks,
+                            sym::overflow_checks => RuntimeChecks::OverflowChecks,
+                            _ => unreachable!(),
+                        };
                         let target = target.unwrap();
                         block.statements.push(Statement {
                             source_info: terminator.source_info,
                             kind: StatementKind::Assign(Box::new((
                                 *destination,
-                                Rvalue::NullaryOp(NullOp::ContractChecks, tcx.types.bool),
+                                Rvalue::NullaryOp(NullOp::RuntimeChecks(op), tcx.types.bool),
                             ))),
                         });
                         terminator.kind = TerminatorKind::Goto { target };

compiler/rustc_mir_transform/src/promote_consts.rs

@@ -456,8 +456,7 @@ impl<'tcx> Validator<'_, 'tcx> {
                 NullOp::SizeOf => {}
                 NullOp::AlignOf => {}
                 NullOp::OffsetOf(_) => {}
-                NullOp::UbChecks => {}
-                NullOp::ContractChecks => {}
+                NullOp::RuntimeChecks(_) => {}
             },
 
             Rvalue::ShallowInitBox(_, _) => return Err(Unpromotable),

compiler/rustc_mir_transform/src/validate.rs

@@ -1390,10 +1390,7 @@ impl<'a, 'tcx> Visitor<'tcx> for TypeChecker<'a, 'tcx> {
             Rvalue::Repeat(_, _)
             | Rvalue::ThreadLocalRef(_)
             | Rvalue::RawPtr(_, _)
-            | Rvalue::NullaryOp(
-                NullOp::SizeOf | NullOp::AlignOf | NullOp::UbChecks | NullOp::ContractChecks,
-                _,
-            )
+            | Rvalue::NullaryOp(NullOp::SizeOf | NullOp::AlignOf | NullOp::RuntimeChecks(_), _)
             | Rvalue::Discriminant(_) => {}
 
             Rvalue::WrapUnsafeBinder(op, ty) => {

compiler/rustc_smir/src/rustc_smir/convert/mir.rs

@@ -285,14 +285,18 @@ impl<'tcx> Stable<'tcx> for mir::NullOp<'tcx> {
     type T = stable_mir::mir::NullOp;
     fn stable(&self, tables: &mut Tables<'_>) -> Self::T {
         use rustc_middle::mir::NullOp::*;
+        use rustc_middle::mir::RuntimeChecks::*;
         match self {
             SizeOf => stable_mir::mir::NullOp::SizeOf,
             AlignOf => stable_mir::mir::NullOp::AlignOf,
             OffsetOf(indices) => stable_mir::mir::NullOp::OffsetOf(
                 indices.iter().map(|idx| idx.stable(tables)).collect(),
             ),
-            UbChecks => stable_mir::mir::NullOp::UbChecks,
-            ContractChecks => stable_mir::mir::NullOp::ContractChecks,
+            RuntimeChecks(kind) => stable_mir::mir::NullOp::RuntimeChecks(match kind {
+                UbChecks => stable_mir::mir::RuntimeChecks::UbChecks,
+                ContractChecks => stable_mir::mir::RuntimeChecks::ContractChecks,
+                OverflowChecks => stable_mir::mir::RuntimeChecks::OverflowChecks,
+            }),
         }
     }
 }

compiler/rustc_smir/src/stable_mir/mir/body.rs

@@ -642,8 +642,7 @@ impl Rvalue {
             Rvalue::NullaryOp(NullOp::SizeOf | NullOp::AlignOf | NullOp::OffsetOf(..), _) => {
                 Ok(Ty::usize_ty())
             }
-            Rvalue::NullaryOp(NullOp::ContractChecks, _)
-            | Rvalue::NullaryOp(NullOp::UbChecks, _) => Ok(Ty::bool_ty()),
+            Rvalue::NullaryOp(NullOp::RuntimeChecks(_), _) => Ok(Ty::bool_ty()),
             Rvalue::Aggregate(ak, ops) => match *ak {
                 AggregateKind::Array(ty) => Ty::try_new_array(ty, ops.len() as u64),
                 AggregateKind::Tuple => Ok(Ty::new_tuple(
@@ -1040,10 +1039,18 @@ pub enum NullOp {
     AlignOf,
     /// Returns the offset of a field.
     OffsetOf(Vec<(VariantIdx, FieldIdx)>),
+    /// Codegen conditions for runtime checks.
+    RuntimeChecks(RuntimeChecks),
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, Serialize)]
+pub enum RuntimeChecks {
     /// cfg!(ub_checks), but at codegen time
     UbChecks,
     /// cfg!(contract_checks), but at codegen time
     ContractChecks,
+    /// cfg!(overflow_checks), but at codegen time
+    OverflowChecks,
 }
 
 impl Operand {

library/core/src/intrinsics/mod.rs

@@ -3346,6 +3346,26 @@ pub const unsafe fn typed_swap_nonoverlapping<T>(x: *mut T, y: *mut T) {
 pub const fn ub_checks() -> bool {
     cfg!(ub_checks)
 }
+/// Returns whether we should perform some overflow-checking at runtime. This eventually evaluates to
+/// `cfg!(overflow_checks)`, but behaves different from `cfg!` when mixing crates built with different
+/// flags: if the crate has UB checks enabled or carries the `#[rustc_preserve_overflow_checks]`
+/// attribute, evaluation is delayed until monomorphization (or until the call gets inlined into
+/// a crate that does not delay evaluation further); otherwise it can happen any time.
+///
+/// The common case here is a user program built with overflow_checks linked against the distributed
+/// sysroot which is built without overflow_checks but with `#[rustc_preserve_overflow_checks]`.
+/// For code that gets monomorphized in the user crate (i.e., generic functions and functions with
+/// `#[inline]`), gating assertions on `overflow_checks()` rather than `cfg!(overflow_checks)` means that
+/// assertions are enabled whenever the *user crate* has UB checks enabled. However if the
+/// user has overflow checks disabled, the checks will still get optimized out.
+#[cfg(not(bootstrap))]
+#[rustc_const_unstable(feature = "const_overflow_checks", issue = "none")]
+#[unstable(feature = "const_overflow_checks", issue = "none")]
+#[inline(always)]
+#[rustc_intrinsic]
+pub const fn overflow_checks() -> bool {
+    cfg!(debug_assertions)
+}
 
 /// Allocates a block of memory at compile time.
 /// At runtime, just returns a null pointer.