rename expose_addr to expose_provenance

rust-lang · Apr 3, 2024 · 989660c · 989660c
1 parent 99c42d2
commit 989660c
Show file tree

Hide file tree

Showing 49 changed files with 105 additions and 99 deletions.
diff --git a/compiler/rustc_borrowck/src/type_check/mod.rs b/compiler/rustc_borrowck/src/type_check/mod.rs
@@ -2261,7 +2261,7 @@ impl<'a, 'tcx> TypeChecker<'a, 'tcx> {
  }
  }
 
- CastKind::PointerExposeAddress => {
+ CastKind::PointerExposeProvenance => {
  let ty_from = op.ty(body, tcx);
  let cast_ty_from = CastTy::from_ty(ty_from);
  let cast_ty_to = CastTy::from_ty(*ty);
@@ -2271,7 +2271,7 @@ impl<'a, 'tcx> TypeChecker<'a, 'tcx> {
  span_mirbug!(
  self,
  rvalue,
- "Invalid PointerExposeAddress cast {:?} -> {:?}",
+ "Invalid PointerExposeProvenance cast {:?} -> {:?}",
  ty_from,
  ty
  )

diff --git a/compiler/rustc_codegen_cranelift/src/base.rs b/compiler/rustc_codegen_cranelift/src/base.rs
@@ -649,7 +649,7 @@ fn codegen_stmt<'tcx>(
  | CastKind::IntToFloat
  | CastKind::FnPtrToPtr
  | CastKind::PtrToPtr
- | CastKind::PointerExposeAddress
+ | CastKind::PointerExposeProvenance
  | CastKind::PointerWithExposedProvenance,
  ref operand,
  to_ty,

diff --git a/compiler/rustc_codegen_cranelift/src/intrinsics/simd.rs b/compiler/rustc_codegen_cranelift/src/intrinsics/simd.rs
@@ -965,7 +965,7 @@ pub(super) fn codegen_simd_intrinsic_call<'tcx>(
  });
  }
 
- sym::simd_expose_addr | sym::simd_with_exposed_provenance | sym::simd_cast_ptr => {
+ sym::simd_expose_provenance | sym::simd_with_exposed_provenance | sym::simd_cast_ptr => {
  intrinsic_args!(fx, args => (arg); intrinsic);
  ret.write_cvalue_transmute(fx, arg);
  }

diff --git a/compiler/rustc_codegen_llvm/src/intrinsic.rs b/compiler/rustc_codegen_llvm/src/intrinsic.rs
@@ -2111,7 +2111,7 @@ fn generic_simd_intrinsic<'ll, 'tcx>(
  return Ok(args[0].immediate());
  }
 
- if name == sym::simd_expose_addr {
+ if name == sym::simd_expose_provenance {
  let (out_len, out_elem) = require_simd!(ret_ty, SimdReturn);
  require!(
  in_len == out_len,

diff --git a/compiler/rustc_codegen_ssa/src/mir/rvalue.rs b/compiler/rustc_codegen_ssa/src/mir/rvalue.rs
@@ -405,7 +405,7 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
  let cast = bx.cx().layout_of(self.monomorphize(mir_cast_ty));
 
  let val = match *kind {
- mir::CastKind::PointerExposeAddress => {
+ mir::CastKind::PointerExposeProvenance => {
  assert!(bx.cx().is_backend_immediate(cast));
  let llptr = operand.immediate();
  let llcast_ty = bx.cx().immediate_backend_type(cast);

diff --git a/compiler/rustc_const_eval/src/interpret/cast.rs b/compiler/rustc_const_eval/src/interpret/cast.rs
@@ -34,9 +34,9 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
  self.unsize_into(src, cast_layout, dest)?;
  }
 
- CastKind::PointerExposeAddress => {
+ CastKind::PointerExposeProvenance => {
  let src = self.read_immediate(src)?;
- let res = self.pointer_expose_address_cast(&src, cast_layout)?;
+ let res = self.pointer_expose_provenance_cast(&src, cast_layout)?;
  self.write_immediate(*res, dest)?;
  }
 
@@ -225,7 +225,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
  }
  }
 
- pub fn pointer_expose_address_cast(
+ pub fn pointer_expose_provenance_cast(
  &mut self,
  src: &ImmTy<'tcx, M::Provenance>,
  cast_to: TyAndLayout<'tcx>,

diff --git a/compiler/rustc_const_eval/src/transform/check_consts/check.rs b/compiler/rustc_const_eval/src/transform/check_consts/check.rs
@@ -544,7 +544,7 @@ impl<'tcx> Visitor<'tcx> for Checker<'_, 'tcx> {
  // Unsizing is implemented for CTFE.
  }
 
- Rvalue::Cast(CastKind::PointerExposeAddress, _, _) => {
+ Rvalue::Cast(CastKind::PointerExposeProvenance, _, _) => {
  self.check_op(ops::RawPtrToIntCast);
  }
  Rvalue::Cast(CastKind::PointerWithExposedProvenance, _, _) => {

diff --git a/compiler/rustc_const_eval/src/transform/validate.rs b/compiler/rustc_const_eval/src/transform/validate.rs
@@ -1077,7 +1077,7 @@ impl<'a, 'tcx> Visitor<'tcx> for TypeChecker<'a, 'tcx> {
  }
  // FIXME: Add Checks for these
  CastKind::PointerWithExposedProvenance
- | CastKind::PointerExposeAddress
+ | CastKind::PointerExposeProvenance
  | CastKind::PointerCoercion(_) => {}
  CastKind::IntToInt | CastKind::IntToFloat => {
  let input_valid = op_ty.is_integral() || op_ty.is_char() || op_ty.is_bool();

diff --git a/compiler/rustc_hir_analysis/src/check/intrinsic.rs b/compiler/rustc_hir_analysis/src/check/intrinsic.rs
@@ -627,7 +627,7 @@ pub fn check_intrinsic_type(
  sym::simd_cast
  | sym::simd_as
  | sym::simd_cast_ptr
- | sym::simd_expose_addr
+ | sym::simd_expose_provenance
  | sym::simd_with_exposed_provenance => (2, 0, vec![param(0)], param(1)),
  sym::simd_bitmask => (2, 0, vec![param(0)], param(1)),
  sym::simd_select | sym::simd_select_bitmask => {

diff --git a/compiler/rustc_hir_typeck/messages.ftl b/compiler/rustc_hir_typeck/messages.ftl
@@ -91,7 +91,7 @@ hir_typeck_lossy_provenance_int2ptr =
 hir_typeck_lossy_provenance_ptr2int =
  under strict provenance it is considered bad style to cast pointer `{$expr_ty}` to integer `{$cast_ty}`
  .suggestion = use `.addr()` to obtain the address of a pointer
- .help = if you can't comply with strict provenance and need to expose the pointer provenance you can use `.expose_addr()` instead
+ .help = if you can't comply with strict provenance and need to expose the pointer provenance you can use `.expose_provenance()` instead
 
 hir_typeck_method_call_on_unknown_raw_pointee =
  cannot call a method on a raw pointer with an unknown pointee type

diff --git a/compiler/rustc_lint_defs/src/builtin.rs b/compiler/rustc_lint_defs/src/builtin.rs
@@ -2797,17 +2797,17 @@ declare_lint! {
  /// Since this cast is lossy, it is considered good style to use the
  /// [`ptr::addr`] method instead, which has a similar effect, but doesn't
  /// "expose" the pointer provenance. This improves optimisation potential.
- /// See the docs of [`ptr::addr`] and [`ptr::expose_addr`] for more information
+ /// See the docs of [`ptr::addr`] and [`ptr::expose_provenance`] for more information
  /// about exposing pointer provenance.
  ///
  /// If your code can't comply with strict provenance and needs to expose
- /// the provenance, then there is [`ptr::expose_addr`] as an escape hatch,
+ /// the provenance, then there is [`ptr::expose_provenance`] as an escape hatch,
  /// which preserves the behaviour of `as usize` casts while being explicit
  /// about the semantics.
  ///
  /// [issue #95228]: https://github.com/rust-lang/rust/issues/95228
  /// [`ptr::addr`]: https://doc.rust-lang.org/core/primitive.pointer.html#method.addr
- /// [`ptr::expose_addr`]: https://doc.rust-lang.org/core/primitive.pointer.html#method.expose_addr
+ /// [`ptr::expose_provenance`]: https://doc.rust-lang.org/core/primitive.pointer.html#method.expose_provenance
  pub LOSSY_PROVENANCE_CASTS,
  Allow,
  "a lossy pointer to integer cast is used",

diff --git a/compiler/rustc_middle/src/mir/statement.rs b/compiler/rustc_middle/src/mir/statement.rs
@@ -409,7 +409,7 @@ impl<'tcx> Rvalue<'tcx> {
  // Pointer to int casts may be side-effects due to exposing the provenance.
  // While the model is undecided, we should be conservative. See
  // <https://www.ralfj.de/blog/2022/04/11/provenance-exposed.html>
- Rvalue::Cast(CastKind::PointerExposeAddress, _, _) => false,
+ Rvalue::Cast(CastKind::PointerExposeProvenance, _, _) => false,
 
  Rvalue::Use(_)
  | Rvalue::CopyForDeref(_)

diff --git a/compiler/rustc_middle/src/mir/syntax.rs b/compiler/rustc_middle/src/mir/syntax.rs
@@ -1309,8 +1309,8 @@ pub enum Rvalue<'tcx> {
 pub enum CastKind {
  /// An exposing pointer to address cast. A cast between a pointer and an integer type, or
  /// between a function pointer and an integer type.
- /// See the docs on `expose_addr` for more details.
- PointerExposeAddress,
+ /// See the docs on `expose_provenance` for more details.
+ PointerExposeProvenance,
  /// An address-to-pointer cast that picks up an exposed provenance.
  /// See the docs on `with_exposed_provenance` for more details.
  PointerWithExposedProvenance,

diff --git a/compiler/rustc_middle/src/ty/cast.rs b/compiler/rustc_middle/src/ty/cast.rs
@@ -83,7 +83,7 @@ pub fn mir_cast_kind<'tcx>(from_ty: Ty<'tcx>, cast_ty: Ty<'tcx>) -> mir::CastKin
  let cast = CastTy::from_ty(cast_ty);
  let cast_kind = match (from, cast) {
  (Some(CastTy::Ptr(_) | CastTy::FnPtr), Some(CastTy::Int(_))) => {
- mir::CastKind::PointerExposeAddress
+ mir::CastKind::PointerExposeProvenance
  }
  (Some(CastTy::Int(_)), Some(CastTy::Ptr(_))) => mir::CastKind::PointerWithExposedProvenance,
  (_, Some(CastTy::DynStar)) => mir::CastKind::DynStar,

diff --git a/compiler/rustc_mir_transform/src/promote_consts.rs b/compiler/rustc_mir_transform/src/promote_consts.rs
@@ -434,7 +434,7 @@ impl<'tcx> Validator<'_, 'tcx> {
  Rvalue::ThreadLocalRef(_) => return Err(Unpromotable),
 
  // ptr-to-int casts are not possible in consts and thus not promotable
- Rvalue::Cast(CastKind::PointerExposeAddress, _, _) => return Err(Unpromotable),
+ Rvalue::Cast(CastKind::PointerExposeProvenance, _, _) => return Err(Unpromotable),
 
  // all other casts including int-to-ptr casts are fine, they just use the integer value
  // at pointer type.

diff --git a/compiler/rustc_mir_transform/src/shim.rs b/compiler/rustc_mir_transform/src/shim.rs
@@ -985,7 +985,7 @@ fn build_fn_ptr_addr_shim<'tcx>(tcx: TyCtxt<'tcx>, def_id: DefId, self_ty: Ty<'t
  let locals = local_decls_for_sig(&sig, span);
 
  let source_info = SourceInfo::outermost(span);
- // FIXME: use `expose_addr` once we figure out whether function pointers have meaningful provenance.
+ // FIXME: use `expose_provenance` once we figure out whether function pointers have meaningful provenance.
  let rvalue = Rvalue::Cast(
  CastKind::FnPtrToPtr,
  Operand::Move(Place::from(Local::new(1))),

diff --git a/compiler/rustc_smir/src/rustc_smir/convert/mir.rs b/compiler/rustc_smir/src/rustc_smir/convert/mir.rs
@@ -267,7 +267,7 @@ impl<'tcx> Stable<'tcx> for mir::CastKind {
  fn stable(&self, tables: &mut Tables<'_>) -> Self::T {
  use rustc_middle::mir::CastKind::*;
  match self {
- PointerExposeAddress => stable_mir::mir::CastKind::PointerExposeAddress,
+ PointerExposeProvenance => stable_mir::mir::CastKind::PointerExposeAddress,
  PointerWithExposedProvenance => stable_mir::mir::CastKind::PointerWithExposedProvenance,
  PointerCoercion(c) => stable_mir::mir::CastKind::PointerCoercion(c.stable(tables)),
  DynStar => stable_mir::mir::CastKind::DynStar,

diff --git a/compiler/rustc_span/src/symbol.rs b/compiler/rustc_span/src/symbol.rs
@@ -1659,7 +1659,7 @@ symbols! {
  simd_cttz,
  simd_div,
  simd_eq,
- simd_expose_addr,
+ simd_expose_provenance,
  simd_extract,
  simd_fabs,
  simd_fcos,

diff --git a/compiler/stable_mir/src/mir/body.rs b/compiler/stable_mir/src/mir/body.rs
@@ -971,6 +971,7 @@ pub enum PointerCoercion {
 
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
 pub enum CastKind {
+ // FIXME(smir-rename): rename this to PointerExposeProvenance
  PointerExposeAddress,
  PointerWithExposedProvenance,
  PointerCoercion(PointerCoercion),

diff --git a/library/core/src/fmt/mod.rs b/library/core/src/fmt/mod.rs
@@ -2438,8 +2438,8 @@ impl Display for char {
 #[stable(feature = "rust1", since = "1.0.0")]
 impl<T: ?Sized> Pointer for *const T {
  fn fmt(&self, f: &mut Formatter<'_>) -> Result {
- // Cast is needed here because `.expose_addr()` requires `T: Sized`.
- pointer_fmt_inner((*self as *const ()).expose_addr(), f)
+ // Cast is needed here because `.expose_provenance()` requires `T: Sized`.
+ pointer_fmt_inner((*self as *const ()).expose_provenance(), f)
  }
 }
 

diff --git a/library/core/src/intrinsics/simd.rs b/library/core/src/intrinsics/simd.rs
@@ -540,6 +540,10 @@ extern "rust-intrinsic" {
  /// `T` must be a vector of pointers.
  ///
  /// `U` must be a vector of `usize` with the same length as `T`.
+ #[cfg(not(bootstrap))]
+ #[rustc_nounwind]
+ pub fn simd_expose_provenance<T, U>(ptr: T) -> U;
+ #[cfg(bootstrap)]
  #[rustc_nounwind]
  pub fn simd_expose_addr<T, U>(ptr: T) -> U;
 
@@ -660,5 +664,7 @@ extern "rust-intrinsic" {
  pub fn simd_flog<T>(a: T) -> T;
 }
 
+#[cfg(bootstrap)]
+pub use simd_expose_addr as simd_expose_provenance;
 #[cfg(bootstrap)]
 pub use simd_from_exposed_addr as simd_with_exposed_provenance;
diff --git a/library/core/src/ptr/const_ptr.rs b/library/core/src/ptr/const_ptr.rs
@@ -136,7 +136,7 @@ impl<T: ?Sized> *const T {
  #[unstable(feature = "ptr_to_from_bits", issue = "91126")]
  #[deprecated(
  since = "1.67.0",
- note = "replaced by the `expose_addr` method, or update your code \
+ note = "replaced by the `expose_provenance` method, or update your code \
  to follow the strict provenance rules using its APIs"
  )]
  #[inline(always)]
@@ -187,7 +187,7 @@ impl<T: ?Sized> *const T {
  ///
  /// If using those APIs is not possible because there is no way to preserve a pointer with the
  /// required provenance, then Strict Provenance might not be for you. Use pointer-integer casts
- /// or [`expose_addr`][pointer::expose_addr] and [`with_exposed_provenance`][with_exposed_provenance]
+ /// or [`expose_provenance`][pointer::expose_provenance] and [`with_exposed_provenance`][with_exposed_provenance]
  /// instead. However, note that this makes your code less portable and less amenable to tools
  /// that check for compliance with the Rust memory model.
  ///
@@ -210,8 +210,8 @@ impl<T: ?Sized> *const T {
  unsafe { mem::transmute(self.cast::<()>()) }
  }
 
- /// Gets the "address" portion of the pointer, and 'exposes' the "provenance" part for future
- /// use in [`with_exposed_provenance`][].
+ /// Exposes the "provenance" part of the pointer for future use in
+ /// [`with_exposed_provenance`][] and returns the "address" portion.
  ///
  /// This is equivalent to `self as usize`, which semantically discards *provenance* and
  /// *address-space* information. Furthermore, this (like the `as` cast) has the implicit
@@ -238,7 +238,7 @@ impl<T: ?Sized> *const T {
  #[must_use]
  #[inline(always)]
  #[unstable(feature = "exposed_provenance", issue = "95228")]
- pub fn expose_addr(self) -> usize {
+ pub fn expose_provenance(self) -> usize {
  // FIXME(strict_provenance_magic): I am magic and should be a compiler intrinsic.
  self.cast::<()>() as usize
  }

diff --git a/library/core/src/ptr/mod.rs b/library/core/src/ptr/mod.rs
@@ -340,8 +340,8 @@
 //! clear where a satisfying unambiguous semantics can be defined for Exposed Provenance.
 //! Furthermore, Exposed Provenance will not work (well) with tools like [Miri] and [CHERI].
 //!
-//! Exposed Provenance is provided by the [`expose_addr`] and [`with_exposed_provenance`] methods, which
-//! are meant to replace `as` casts between pointers and integers. [`expose_addr`] is a lot like
+//! Exposed Provenance is provided by the [`expose_provenance`] and [`with_exposed_provenance`] methods,
+//! which are meant to replace `as` casts between pointers and integers. [`expose_provenance`] is a lot like
 //! [`addr`], but additionally adds the provenance of the pointer to a global list of 'exposed'
 //! provenances. (This list is purely conceptual, it exists for the purpose of specifying Rust but
 //! is not materialized in actual executions, except in tools like [Miri].) [`with_exposed_provenance`]
@@ -355,9 +355,9 @@
 //! there is *no* previously 'exposed' provenance that justifies the way the returned pointer will
 //! be used, the program has undefined behavior.
 //!
-//! Using [`expose_addr`] or [`with_exposed_provenance`] (or the `as` casts) means that code is
+//! Using [`expose_provenance`] or [`with_exposed_provenance`] (or the `as` casts) means that code is
 //! *not* following Strict Provenance rules. The goal of the Strict Provenance experiment is to
-//! determine how far one can get in Rust without the use of [`expose_addr`] and
+//! determine how far one can get in Rust without the use of [`expose_provenance`] and
 //! [`with_exposed_provenance`], and to encourage code to be written with Strict Provenance APIs only.
 //! Maximizing the amount of such code is a major win for avoiding specification complexity and to
 //! facilitate adoption of tools like [CHERI] and [Miri] that can be a big help in increasing the
@@ -374,7 +374,7 @@
 //! [`map_addr`]: pointer::map_addr
 //! [`addr`]: pointer::addr
 //! [`ptr::dangling`]: core::ptr::dangling
-//! [`expose_addr`]: pointer::expose_addr
+//! [`expose_provenance`]: pointer::expose_provenance
 //! [`with_exposed_provenance`]: with_exposed_provenance
 //! [Miri]: https://github.com/rust-lang/miri
 //! [CHERI]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
@@ -663,7 +663,7 @@ pub const fn dangling_mut<T>() -> *mut T {
 ///
 /// This is a more rigorously specified alternative to `addr as *const T`. The provenance of the
 /// returned pointer is that of *any* pointer that was previously exposed by passing it to
-/// [`expose_addr`][pointer::expose_addr], or a `ptr as usize` cast. In addition, memory which is
+/// [`expose_provenance`][pointer::expose_provenance], or a `ptr as usize` cast. In addition, memory which is
 /// outside the control of the Rust abstract machine (MMIO registers, for example) is always
 /// considered to be exposed, so long as this memory is disjoint from memory that will be used by
 /// the abstract machine such as the stack, heap, and statics.
@@ -711,7 +711,7 @@ where
 ///
 /// This is a more rigorously specified alternative to `addr as *mut T`. The provenance of the
 /// returned pointer is that of *any* pointer that was previously passed to
-/// [`expose_addr`][pointer::expose_addr] or a `ptr as usize` cast. If there is no previously
+/// [`expose_provenance`][pointer::expose_provenance] or a `ptr as usize` cast. If there is no previously
 /// 'exposed' provenance that justifies the way this pointer will be used, the program has undefined
 /// behavior. Note that there is no algorithm that decides which provenance will be used. You can
 /// think of this as "guessing" the right provenance, and the guess will be "maximally in your

diff --git a/library/core/src/ptr/mut_ptr.rs b/library/core/src/ptr/mut_ptr.rs
@@ -142,7 +142,7 @@ impl<T: ?Sized> *mut T {
  #[unstable(feature = "ptr_to_from_bits", issue = "91126")]
  #[deprecated(
  since = "1.67.0",
- note = "replaced by the `expose_addr` method, or update your code \
+ note = "replaced by the `expose_provenance` method, or update your code \
  to follow the strict provenance rules using its APIs"
  )]
  #[inline(always)]
@@ -194,7 +194,7 @@ impl<T: ?Sized> *mut T {
  ///
  /// If using those APIs is not possible because there is no way to preserve a pointer with the
  /// required provenance, then Strict Provenance might not be for you. Use pointer-integer casts
- /// or [`expose_addr`][pointer::expose_addr] and [`with_exposed_provenance`][with_exposed_provenance]
+ /// or [`expose_provenance`][pointer::expose_provenance] and [`with_exposed_provenance`][with_exposed_provenance]
  /// instead. However, note that this makes your code less portable and less amenable to tools
  /// that check for compliance with the Rust memory model.
  ///
@@ -217,8 +217,8 @@ impl<T: ?Sized> *mut T {
  unsafe { mem::transmute(self.cast::<()>()) }
  }
 
- /// Gets the "address" portion of the pointer, and 'exposes' the "provenance" part for future
- /// use in [`with_exposed_provenance`][].
+ /// Exposes the "provenance" part of the pointer for future use in
+ /// [`with_exposed_provenance`][] and returns the "address" portion.
  ///
  /// This is equivalent to `self as usize`, which semantically discards *provenance* and
  /// *address-space* information. Furthermore, this (like the `as` cast) has the implicit
@@ -242,10 +242,9 @@ impl<T: ?Sized> *mut T {
  /// API and its claimed semantics are part of [Exposed Provenance][super#exposed-provenance].
  ///
  /// [`with_exposed_provenance_mut`]: with_exposed_provenance_mut
- #[must_use]
  #[inline(always)]
  #[unstable(feature = "exposed_provenance", issue = "95228")]
- pub fn expose_addr(self) -> usize {
+ pub fn expose_provenance(self) -> usize {
  // FIXME(strict_provenance_magic): I am magic and should be a compiler intrinsic.
  self.cast::<()>() as usize
  }