std::vec: Add UB check for set_len, from_raw_parts_in, and etc.

[xizheyin]

Closes #143813

I noticed that from_parts_in do the similar things like from_raw_parts_in, so I add the UB check in the last commit. If it is not appropriate, I will remove it.

And I fix a typo in the first commit.

r? @scottmcm

[scottmcm]

Let's make sure the compilation perf impact of this isn't atrocious:
@bors try @rust-timer queue

[bors]

⌛ Trying commit 48caa5f with merge 7219000...

[bors]

☀️ Try build successful - checks-actions
Build commit: 7219000 (72190006cbd406b19364b16a42c2aacee3a2f541)

[saethlin]

Can you add tests that cover all the public APIs that are supposed to now detect misuse? Existing tests are here: https://github.com/rust-lang/rust/tree/master/tests/ui/precondition-checks

I would expect tests to cover set_len, from_raw_parts, and from_raw_parts_in separately (so that we get a test failure if from_raw_parts gets implemented in a way that bypasses the check you're adding). If you know any other functions that trivially delegate to the checked code paths, those would be good to add too. I don't really care how you organize the new tests, anything that works and looks like the existing tests is good.

[rust-timer]

Finished benchmarking commit (7219000): comparison URL.

Overall result: ❌✅ regressions and improvements - please read the text below

Benchmarking this pull request means it may be perf-sensitive – we'll automatically label it not fit for rolling up. You can override this, but we strongly advise not to, due to possible changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please do so in sufficient writing along with @rustbot label: +perf-regression-triaged. If not, please fix the regressions and do another perf run. If its results are neutral or positive, the label will be automatically removed.

@bors rollup=never
@rustbot label: -S-waiting-on-perf +perf-regression

Instruction count

Our most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.

	mean	range	count
Regressions ❌ (primary)	0.8%	[0.7%, 0.9%]	3
Regressions ❌ (secondary)	0.4%	[0.2%, 0.6%]	3
Improvements ✅ (primary)	-1.0%	[-2.1%, -0.3%]	4
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-0.2%	[-2.1%, 0.9%]	7

Max RSS (memory usage)

Results (primary 0.3%, secondary -0.5%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	4.8%	[2.3%, 7.2%]	2
Regressions ❌ (secondary)	2.7%	[2.7%, 2.7%]	1
Improvements ✅ (primary)	-4.1%	[-5.2%, -3.0%]	2
Improvements ✅ (secondary)	-3.7%	[-3.7%, -3.7%]	1
All ❌✅ (primary)	0.3%	[-5.2%, 7.2%]	4

Cycles

Results (primary 2.0%, secondary 2.5%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	2.0%	[2.0%, 2.0%]	1
Regressions ❌ (secondary)	2.5%	[2.5%, 2.5%]	1
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	2.0%	[2.0%, 2.0%]	1

Binary size

Results (primary 0.2%, secondary 0.4%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	0.3%	[0.0%, 0.8%]	59
Regressions ❌ (secondary)	0.5%	[0.2%, 0.9%]	8
Improvements ✅ (primary)	-0.4%	[-1.0%, -0.0%]	10
Improvements ✅ (secondary)	-0.0%	[-0.0%, -0.0%]	1
All ❌✅ (primary)	0.2%	[-1.0%, 0.8%]	69

Bootstrap: 463.69s -> 466.219s (0.55%)
Artifact size: 374.63 MiB -> 374.59 MiB (-0.01%)

[saethlin]

Seems acceptable. (the improvements are chaotic effects from perturbing the MIR inliner)

[scottmcm]

Agreed. Results look neutral-ish and even if not obviously-green that's nowhere near the cataclysmic results we've seen from adding this in certain other cases, and the goal is just to avoid the "oh my" impacts for things like this.

@bors r=scottmcm,saethlin

[bors]

📌 Commit 48caa5f has been approved by scottmcm,saethlin

It is now in the queue for this repository.

[bors]

⌛ Testing commit 48caa5f with merge b57c5c2...

[xizheyin]

Oh, I haven't have time to add tests. Should I add it in a separate Pull Request?

[saethlin]

@bors r-

[saethlin]

I don't know why Scott put my approval on this without tests. I would prefer them here.

[bors]

☀️ Try build successful - checks-actions
Build commit: b57c5c2 (b57c5c2d01bef265fced5d473e6f9604bd91b072)

[scottmcm]

r? @saethlin

[xizheyin]

I added the tests in the new commit for set_len, from_raw_parts_in, from_parts_in.

@rustbot ready

[saethlin]

Tests are what I asked for, thanks.

@bors r=scottmcm,saethlin

[bors]

📌 Commit a74a284 has been approved by scottmcm,saethlin

It is now in the queue for this repository.

[bors]

⌛ Testing commit a74a284 with merge 3014e79...

[bors]

☀️ Test successful - checks-actions
Approved by: scottmcm,saethlin
Pushing 3014e79 to master...

[github-actions]

What is this?

This is an experimental post-merge analysis report that shows differences in test outcomes between the merged PR and its parent PR.

Comparing e27f16a (parent) -> 3014e79 (this PR)

Test differences

Show 166 test diffs

Stage 1

• [ui] tests/ui/precondition-checks/vec-from-parts.rs: [missing] -> pass (J1)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#string_from_raw_parts: [missing] -> pass (J1)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#vec_from_raw_parts: [missing] -> pass (J1)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#vec_from_raw_parts_in: [missing] -> pass (J1)
• [ui] tests/ui/precondition-checks/vec-set-len.rs: [missing] -> pass (J1)

Stage 2

• [ui] tests/ui/precondition-checks/vec-from-parts.rs: [missing] -> pass (J0)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#string_from_raw_parts: [missing] -> pass (J0)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#vec_from_raw_parts: [missing] -> pass (J0)
• [ui] tests/ui/precondition-checks/vec-from-raw-parts.rs#vec_from_raw_parts_in: [missing] -> pass (J0)
• [ui] tests/ui/precondition-checks/vec-set-len.rs: [missing] -> pass (J0)

Additionally, 156 doctest diffs were found. These are ignored, as they are noisy.

Job group index

• J0: aarch64-apple, aarch64-gnu, aarch64-msvc-1, arm-android, armhf-gnu, dist-i586-gnu-i586-i686-musl, i686-gnu-1, i686-gnu-nopt-1, i686-msvc-1, test-various, x86_64-apple-2, x86_64-gnu, x86_64-gnu-llvm-19-2, x86_64-gnu-llvm-20-2, x86_64-gnu-nopt, x86_64-gnu-stable, x86_64-mingw-1, x86_64-msvc-1
• J1: x86_64-gnu-llvm-19-3, x86_64-gnu-llvm-20-3

Test dashboard

Run

cargo run --manifest-path src/ci/citool/Cargo.toml -- \
    test-dashboard 3014e79f9c8d5510ea7b3a3b70d171d0948b1e96 --output-dir test-dashboard

And then open test-dashboard/index.html in your browser to see an overview of all executed tests.

Job duration changes

1. x86_64-apple-2: 4771.8s -> 3690.3s (-22.7%)
2. dist-apple-various: 7852.0s -> 6072.8s (-22.7%)
3. pr-check-2: 2692.9s -> 2193.7s (-18.5%)
4. x86_64-apple-1: 8657.9s -> 7317.1s (-15.5%)
5. dist-i686-msvc: 6755.7s -> 7745.6s (14.7%)
6. aarch64-gnu: 7259.8s -> 6282.7s (-13.5%)
7. x86_64-gnu-tools: 3836.4s -> 3370.3s (-12.2%)
8. x86_64-rust-for-linux: 2968.7s -> 2611.5s (-12.0%)
9. i686-gnu-1: 8072.3s -> 7210.8s (-10.7%)
10. x86_64-gnu-llvm-20-1: 3699.6s -> 3312.5s (-10.5%)

How to interpret the job duration changes?

Job durations can vary a lot, based on the actual runner instance
that executed the job, system noise, invalidated caches, etc. The table above is provided
mostly for t-infra members, for simpler debugging of potential CI slow-downs.

[rust-timer]

Finished benchmarking commit (3014e79): comparison URL.

Overall result: ❌✅ regressions and improvements - please read the text below

Our benchmarks found a performance regression caused by this PR.
This might be an actual regression, but it can also be just noise.

Next Steps:

• If the regression was expected or you think it can be justified,
  please write a comment with sufficient written justification, and add
  @rustbot label: +perf-regression-triaged to it, to mark the regression as triaged.
• If you think that you know of a way to resolve the regression, try to create
  a new PR with a fix for the regression.
• If you do not understand the regression or you think that it is just noise,
  you can ask the @rust-lang/wg-compiler-performance working group for help (members of this group
  were already notified of this PR).

@rustbot label: +perf-regression
cc @rust-lang/wg-compiler-performance

Instruction count

Our most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.

	mean	range	count
Regressions ❌ (primary)	0.7%	[0.3%, 0.9%]	4
Regressions ❌ (secondary)	0.4%	[0.3%, 0.6%]	2
Improvements ✅ (primary)	-1.1%	[-2.1%, -0.4%]	3
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-0.1%	[-2.1%, 0.9%]	7

Max RSS (memory usage)

Results (primary -0.6%, secondary -2.3%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	6.9%	[6.3%, 7.4%]	2
Regressions ❌ (secondary)	1.7%	[1.7%, 1.7%]	1
Improvements ✅ (primary)	-4.3%	[-6.2%, -3.3%]	4
Improvements ✅ (secondary)	-6.4%	[-6.4%, -6.4%]	1
All ❌✅ (primary)	-0.6%	[-6.2%, 7.4%]	6

Cycles

Results (primary 1.1%, secondary 3.8%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	4.3%	[4.3%, 4.3%]	1
Regressions ❌ (secondary)	3.8%	[2.2%, 6.8%]	5
Improvements ✅ (primary)	-2.0%	[-2.0%, -2.0%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	1.1%	[-2.0%, 4.3%]	2

Binary size

Results (primary 0.2%, secondary 0.4%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	0.3%	[0.0%, 0.8%]	60
Regressions ❌ (secondary)	0.5%	[0.2%, 0.9%]	8
Improvements ✅ (primary)	-0.4%	[-0.9%, -0.0%]	10
Improvements ✅ (secondary)	-0.0%	[-0.0%, -0.0%]	1
All ❌✅ (primary)	0.2%	[-0.9%, 0.8%]	70

Bootstrap: 463.302s -> 465.928s (0.57%)
Artifact size: 374.79 MiB -> 374.79 MiB (-0.00%)