refactor: improve get_element_alignment function for packed arrays

Author: hns1971

compiler/rustc_const_eval/src/util/alignment.rs

@@ -54,7 +54,7 @@ where
             // Therefore align([T]) == align(T). Length does not affect alignment.
 
             // Try to determine alignment from the type structure
-            if let Some(element_align) = get_element_alignment(tcx, ty) {
+            if let Some(element_align) = get_element_alignment(tcx, typing_env, ty) {
                 element_align > pack
             } else {
                 // If we still can't determine alignment, conservatively assume disaligned
@@ -64,22 +64,36 @@ where
     }
 }
 
-/// Try to determine the alignment of an array element type
-fn get_element_alignment<'tcx>(_tcx: TyCtxt<'tcx>, ty: Ty<'tcx>) -> Option<Align> {
+/// Returns the ABI alignment of the *element type* if `ty` is an array/slice,
+/// otherwise `None`.
+///
+/// Soundness note:
+/// For any `T`, the ABI alignment of `[T]` (and `[T; N]`) equals that of `T`
+/// and does not depend on the length `N`.
+/// Proof sketch:
+///   (1) From `&[T]` we can obtain `&T`  ⇒  align([T]) ≥ align(T).
+///   (2) From `&T` we can obtain `&[T; 1]` via `std::array::from_ref`
+///       (and thus `&[T]`)  ⇒  align(T) ≥ align([T]).
+/// Hence `align([T]) == align(T)`.
+///
+/// Therefore, when `layout_of([T; N])` is unavailable in generic contexts,
+/// it is sufficient (and safe) to use `layout_of(T)` for alignment checks.
+///
+/// Returns:
+/// - `Some(align)` if `ty` is `Array(elem, _)` or `Slice(elem)` and
+///    `layout_of(elem)` is available;
+/// - `None` otherwise (caller should stay conservative).
+fn get_element_alignment<'tcx>(
+    tcx: TyCtxt<'tcx>,
+    typing_env: ty::TypingEnv<'tcx>,
+    ty: Ty<'tcx>,
+) -> Option<Align> {
     match ty.kind() {
-        ty::Array(element_ty, _) | ty::Slice(element_ty) => {
-            // Only allow u8 and i8 arrays when layout computation fails
-            // Other types are conservatively assumed to be misaligned
-            match element_ty.kind() {
-                ty::Uint(ty::UintTy::U8) | ty::Int(ty::IntTy::I8) => {
-                    // For u8 and i8, we know their alignment is 1
-                    Some(Align::from_bytes(1).unwrap())
-                }
-                _ => {
-                    // For other types, we cannot safely determine alignment
-                    // Conservatively return None to indicate potential misalignment
-                    None
-                }
+        ty::Array(elem_ty, _) | ty::Slice(elem_ty) => {
+            // Try to obtain the element's layout; if we can, use its ABI align.
+            match tcx.layout_of(typing_env.as_query_input(*elem_ty)) {
+                Ok(layout) => Some(layout.align.abi),
+                Err(_) => None, // stay conservative when even the element's layout is unknown
             }
         }
         _ => None,

tests/ui/packed/packed-array-const-generic.rs

@@ -0,0 +1,137 @@
+//! Borrowing from packed arrays with generic length:
+//! - allowed if ABI align([T]) == align(T) <= packed alignment
+//! - hard error (E0793) otherwise
+#![allow(dead_code, unused_variables, unused_mut)]
+use std::mem::MaybeUninit;
+use std::num::{NonZeroU8, NonZeroU16};
+
+//
+// -------- PASS CASES --------
+//
+
+mod pass_u8 {
+    #[repr(C, packed)]
+    pub struct PascalString<const N: usize> {
+        len: u8,
+        buf: [u8; N],
+    }
+
+    pub fn bar<const N: usize>(s: &PascalString<N>) -> &str {
+        // should NOT trigger E0793
+        std::str::from_utf8(&s.buf[0..s.len as usize]).unwrap()
+    }
+
+    pub fn run() {
+        let p = PascalString::<10> { len: 3, buf: *b"abc\0\0\0\0\0\0\0" };
+        let s = bar(&p);
+        assert_eq!(s, "abc");
+    }
+}
+
+mod pass_i8 {
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [i8; N],
+    }
+    pub fn run() {
+        let s = S::<4> { buf: [1, 2, 3, 4] };
+        let _ok = &s.buf[..]; // no E0793
+    }
+}
+
+mod pass_nonzero_u8 {
+    use super::*;
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [NonZeroU8; N],
+    }
+    pub fn run() {
+        let s = S::<3> {
+            buf: [
+                NonZeroU8::new(1).unwrap(),
+                NonZeroU8::new(2).unwrap(),
+                NonZeroU8::new(3).unwrap(),
+            ],
+        };
+        let _ok = &s.buf[..]; // no E0793
+    }
+}
+
+mod pass_maybeuninit_u8 {
+    use super::*;
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [MaybeUninit<u8>; N],
+    }
+    pub fn run() {
+        let s = S::<2> { buf: [MaybeUninit::new(1), MaybeUninit::new(2)] };
+        let _ok = &s.buf[..]; // no E0793
+    }
+}
+
+mod pass_transparent_u8 {
+    #[repr(transparent)]
+    pub struct WrapU8(u8);
+
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [WrapU8; N],
+    }
+    pub fn run() {
+        let s = S::<2> { buf: [WrapU8(1), WrapU8(2)] };
+        let _ok = &s.buf[..]; // no E0793
+    }
+}
+
+//
+// -------- FAIL CASES (expect E0793) --------
+//
+
+mod fail_u16 {
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [u16; N],
+    }
+    pub fn run() {
+        let s = S::<2> { buf: [1, 2] };
+        let _err = &s.buf[..];
+        //~^ ERROR: reference to packed field is unaligned
+    }
+}
+
+mod fail_nonzero_u16 {
+    use super::*;
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [NonZeroU16; N],
+    }
+    pub fn run() {
+        let s = S::<1> { buf: [NonZeroU16::new(1).unwrap()] };
+        let _err = &s.buf[..];
+        //~^ ERROR: reference to packed field is unaligned
+    }
+}
+
+mod fail_transparent_u16 {
+    #[repr(transparent)]
+    pub struct WrapU16(u16);
+
+    #[repr(C, packed)]
+    pub struct S<const N: usize> {
+        buf: [WrapU16; N],
+    }
+    pub fn run() {
+        let s = S::<1> { buf: [WrapU16(42)] };
+        let _err = &s.buf[..];
+        //~^ ERROR: reference to packed field is unaligned
+    }
+}
+
+fn main() {
+    // Run pass cases (fail cases only check diagnostics)
+    pass_u8::run();
+    pass_i8::run();
+    pass_nonzero_u8::run();
+    pass_maybeuninit_u8::run();
+    pass_transparent_u8::run();
+}

tests/ui/packed/packed-array-generic-length.rs

@@ -0,0 +1,33 @@
+error[E0793]: reference to packed field is unaligned
+  --> $DIR/packed-array-generic-length.rs:97:21
+   |
+LL |         let _err = &s.buf[..];
+   |                     ^^^^^
+   |
+   = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
+   = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
+   = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)
+
+error[E0793]: reference to packed field is unaligned
+  --> $DIR/packed-array-generic-length.rs:110:21
+   |
+LL |         let _err = &s.buf[..];
+   |                     ^^^^^
+   |
+   = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
+   = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
+   = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)
+
+error[E0793]: reference to packed field is unaligned
+  --> $DIR/packed-array-generic-length.rs:125:21
+   |
+LL |         let _err = &s.buf[..];
+   |                     ^^^^^
+   |
+   = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
+   = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
+   = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)
+
+error: aborting due to 3 previous errors
+
+For more information about this error, try `rustc --explain E0793`.