const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns

[RalfJung]

This fixes #140653 by accepting code such as this:

static FOO: AtomicU32 = AtomicU32::new(0);
const C: &'static AtomicU32 = &FOO;

This can be written entirely in safe code, so there can't really be anything wrong with it.

We also accept the much more questionable following code, since it looks very similar to the interpreter:

static mut FOO2: u32 = 0;
const C2: &'static u32 = unsafe { &mut FOO2 };

Using this without causing UB is at least very hard (the details are unclear since it is related to how the aliasing model deals with the staging of const-eval vs runtime code).

If a constant like C2 is used as a pattern, we emit an error:

error: constant BAD_PATTERN cannot be used as pattern
  --> $DIR/const_refs_to_static_fail.rs:30:9
   |
LL |         BAD_PATTERN => {},
   |         ^^^^^^^^^^^
   |
   = note: constants that reference mutable or external memory cannot be used as pattern

(If you somehow manage to build a pattern with constant C, you'd get the same error, but that should be impossible: we don't have a type that can be used in patterns and that has interior mutability.)

The same treatment is afforded for shared references to extern static, for the same reason: the const evaluation is entirely fine with it, we just can't build a pattern for it -- and when using interior mutability, this can be totally sound.

We do still not accept anything where there is an &mut in the final value of the const, as that should always require unsafe code and it's hard to imagine a sound use-case that would require this.

[rustbot]

r? @jieyouxu

rustbot has assigned @jieyouxu.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[rustbot]

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri, @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

[RalfJung]

@rust-lang/lang nominating for FCP following prior discussion in #140653.

[rustbot]

Some changes occurred in src/tools/clippy

cc @rust-lang/clippy

[jieyouxu]

r? @oli-obk (or someone way more familiar with const-eval)

[traviscross]

As discussed in #140653 (comment), this sounds right to me, and I propose that we do it.

@rfcbot fcp merge

[rfcbot]

Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members:

• @joshtriplett
• @nikomatsakis
• @scottmcm
• @tmandry
• @traviscross

Concerns:

• whole team signoff resolved by const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns #140942 (comment)

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns.
See this document for info about what commands tagged team members can give me.

[RalfJung]

@oli-obk FCP should finish fairly soon here, so this is ready for review. :)

@traviscross I guess this will also need a reference PR? Not sure when I'll get around to that.
I couldn't even find where the limitation "the final value of a const cannot refer to mutable memory" is documented, if at all. I did however find this, which has a small mistake (orthogonal to this PR): borrows in consts are also allowed to refer to static items and promoteds. (EDIT: put up a PR for that: rust-lang/reference#1858)

[traviscross]

cc @ehuss

[oli-obk]

My preference would have been 3 commits

• error reporting pulled out of query
• stylistic refactoring of match with large arm
• actual changes

but since I already reviewed everything, let's land it as is

[RalfJung]

Thanks! I agree smaller commits are nicer in retrospect, but I discovered these things half-way through implementation so it'd have been a lot of work to disentangle them...

[ehuss]

the final value of a const cannot refer to mutable memory

Maybe you are referring to this? That was added as part of const_refs_to_statics (rust-lang/reference#1610)

[RalfJung]

Ah, yes, that's it. That should be just removed, and then instead we need something here about consts referencing mutable/extern statics.

[RalfJung]

Reference PR: rust-lang/reference#1859

[rfcbot]

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

This will be merged soon.

[RalfJung]

@bors r=oli-obk

[bors]

📌 Commit 6f196f8 has been approved by oli-obk

It is now in the queue for this repository.

[RalfJung]

@bors r-
I guess the reference PR has to land first?

[ehuss]

Why was this removed? It doesn't seem like its behavior was changed by this PR (it still generates the same E0080 error). Is it covered in some other test?

[RalfJung]

Uh, I don't remember...
The error message does change, so it is unclear whether this even still tests the right thing. 🤷 But I can add the test back with the new error, sure.