Validate transmute in CTFE

[oli-obk]

fixes #142230

let's see what perf says, maybe we need to restrict it to literal transmutes, and not all the implicit ones happening in mir interpreter internal situations

r? @ghost

[rustbot]

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

[oli-obk]

@bors2 try @rust-timer queue

[rust-bors]

⌛ Trying commit d032919 with merge e6b0b5d…

To cancel the try build, run the command @bors2 try cancel.

[rust-bors]

☀️ Try build successful (CI)
Build commit: e6b0b5d (e6b0b5d69a1aea3e0e367e405c676642a0b35313, parent: 1c6de215099bbe33668de762f9591187f6c25eef)

[rust-timer]

Finished benchmarking commit (e6b0b5d): comparison URL.

Overall result: ❌ regressions - please read the text below

Benchmarking this pull request means it may be perf-sensitive – we'll automatically label it not fit for rolling up. You can override this, but we strongly advise not to, due to possible changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please do so in sufficient writing along with @rustbot label: +perf-regression-triaged. If not, please fix the regressions and do another perf run. If its results are neutral or positive, the label will be automatically removed.

@bors rollup=never
@rustbot label: -S-waiting-on-perf +perf-regression

Instruction count

Our most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.

	mean	range	count
Regressions ❌ (primary)	0.5%	[0.2%, 1.7%]	17
Regressions ❌ (secondary)	38.4%	[0.5%, 149.4%]	28
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.5%	[0.2%, 1.7%]	17

Max RSS (memory usage)

Results (primary -2.0%, secondary 0.7%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	12.3%	[12.3%, 12.3%]	1
Improvements ✅ (primary)	-2.0%	[-2.0%, -2.0%]	1
Improvements ✅ (secondary)	-2.2%	[-4.1%, -1.0%]	4
All ❌✅ (primary)	-2.0%	[-2.0%, -2.0%]	1

Cycles

Results (primary 2.5%, secondary 348.7%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	2.5%	[2.5%, 2.5%]	1
Regressions ❌ (secondary)	426.9%	[336.3%, 574.7%]	9
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-3.2%	[-3.5%, -2.8%]	2
All ❌✅ (primary)	2.5%	[2.5%, 2.5%]	1

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 464.891s -> 467.195s (0.50%)
Artifact size: 374.78 MiB -> 374.45 MiB (-0.09%)

[oli-obk]

Limited validation to explicit transmute calls

@bors2 try @rust-timer queue

[rust-bors]

⌛ Trying commit 1aa2951 with merge c41f0b4…

To cancel the try build, run the command @bors2 try cancel.

[rust-log-analyzer]

The job x86_64-gnu-miri failed! Check out the build log: (web) (plain enhanced) (plain)

Click to see the possible cause of the failure (guessed by this bot)

tests/pass/shims/x86/intrinsics-x86-avx2.rs ... ok
tests/pass/shims/x86/intrinsics-x86-gfni.rs ... ok

FAILED TEST: tests/pass/enum_discriminant_ptr_value.rs
command: MIRI_ENV_VAR_TEST="0" MIRI_TEMP="/tmp/miri-uitest-zF2vBy" RUST_BACKTRACE="1" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2/bin/miri" "--error-format=json" "--sysroot=/checkout/obj/build/x86_64-unknown-linux-gnu/miri-sysroot" "-Dwarnings" "-Dunused" "-Ainternal_features" "-Zui-testing" "--out-dir" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage1-tools/x86_64-unknown-linux-gnu/tmp/miri_ui/0/tests/pass" "tests/pass/enum_discriminant_ptr_value.rs" "-Zmiri-disable-stacked-borrows" "-Zmiri-disable-validation" "--edition" "2021"

error: test got exit status: 1, but expected 0
 = note: compilation failed, but was expected to succeed

error: no output was expected
Execute `./miri test --bless` to update `tests/pass/enum_discriminant_ptr_value.stderr` to the actual output
+++ <stderr output>
error: Undefined Behavior: constructing invalid value at .<enum-variant(Some)>.0: encountered a dangling reference (going beyond the bounds of its allocation)
##[error]  --> tests/pass/enum_discriminant_ptr_value.rs:7:38
   |
LL |     let val: Option<&i32> = unsafe { std::mem::transmute((&x as *const i32).wrapping_offset(2)) };
   |                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
   |
   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
   = note: BACKTRACE:
   = note: inside `main` at tests/pass/enum_discriminant_ptr_value.rs:7:38: 7:96
---
full stderr:
error: Undefined Behavior: constructing invalid value at .<enum-variant(Some)>.0: encountered a dangling reference (going beyond the bounds of its allocation)
##[error]  --> tests/pass/enum_discriminant_ptr_value.rs:7:38
   |
LL |     let val: Option<&i32> = unsafe { std::mem::transmute((&x as *const i32).wrapping_offset(2)) };
   |                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Undefined Behavior occurred here
   |
   = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
   = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information
   = note: BACKTRACE:
   = note: inside `main` at tests/pass/enum_discriminant_ptr_value.rs:7:38: 7:96
---

Location:
   /cargo/registry/src/index.crates.io-1949cf8c6b5b557f/ui_test-0.29.2/src/lib.rs:369

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.
error: test failed, to rerun pass `--test ui`

Caused by:
  process didn't exit successfully: `/checkout/obj/build/x86_64-unknown-linux-gnu/stage1-tools/x86_64-unknown-linux-gnu/release/deps/ui-0bacf351ef83efc6` (exit status: 1)
Command has failed. Rerun with -v to see more details.
Build completed unsuccessfully in 0:39:04
  local time: Thu Jul 17 09:51:20 UTC 2025
  network time: Thu, 17 Jul 2025 09:51:21 GMT
##[error]Process completed with exit code 1.
Post job cleanup.

[rust-bors]

☀️ Try build successful (CI)
Build commit: c41f0b4 (c41f0b44c8cb4579318560cb49853d48ee948f0e, parent: f8f6997469237299c1d60814c7b9828602a1f8e4)

[rust-timer]

Finished benchmarking commit (c41f0b4): comparison URL.

Overall result: ❌✅ regressions and improvements - please read the text below

Benchmarking this pull request means it may be perf-sensitive – we'll automatically label it not fit for rolling up. You can override this, but we strongly advise not to, due to possible changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please do so in sufficient writing along with @rustbot label: +perf-regression-triaged. If not, please fix the regressions and do another perf run. If its results are neutral or positive, the label will be automatically removed.

@bors rollup=never
@rustbot label: -S-waiting-on-perf +perf-regression

Instruction count

Our most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.

	mean	range	count
Regressions ❌ (primary)	0.3%	[0.2%, 0.5%]	2
Regressions ❌ (secondary)	0.3%	[0.2%, 0.5%]	2
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-1.1%	[-1.1%, -1.0%]	2
All ❌✅ (primary)	0.3%	[0.2%, 0.5%]	2

Max RSS (memory usage)

Results (secondary 2.4%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	2.4%	[2.4%, 2.4%]	1
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-	-	0

Cycles

Results (secondary -12.8%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-12.8%	[-12.8%, -12.8%]	1
All ❌✅ (primary)	-	-	0

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 463.571s -> 465.557s (0.43%)
Artifact size: 374.76 MiB -> 374.31 MiB (-0.12%)

[oli-obk]

yay. html5ever has a small regression in const eval, but everything else seems to be fine.

@rust-lang/wg-const-eval what do you think about doing validation only for the result of transmute (and possibly raw pointer derefs in the future?)? I think it produces better errors in many cases and still checks as little as possible and is therefore cheap to do.

[RalfJung]

This doesn't fix the underlying problem that our errors during evaluation vs during validation are worded very differently... but yeah adding extra checks here sounds good, if we can do it in a way that doesn't affect Miri.

[RalfJung]

Miri has a flag for disabling validity checking -- this code makes it not work properly any more.

So this still needs to be somehow controlled by the machine, with a way for the machine to entirely disable all validity checking. Maybe enforce_validity should return a 3-state enum?

[oli-obk]

Hmm... I was just gonna add a const book for extra validation checks, but that may work, too