Insert checks for enum discriminants when debug assertions are enabled

[1c3t3a]

Similar to the existing null-pointer and alignment checks, this checks for valid enum discriminants on creation of enums through unsafe transmutes. Essentially this sanitizes patterns like the following:

let val: MyEnum = unsafe { std::mem::transmute<u32, MyEnum>(42) };

An extension of this check will be done in a follow-up that explicitly sanitizes for extern enum values that come into Rust from e.g. C/C++.

This check is similar to Miri's capabilities of checking for valid construction of enum values.

This PR is inspired by saethlin@'s PR
#104862. Thank you so much for keeping this code up and the detailed comments!

I also pair-programmed large parts of this together with vabr-g@.

r? @saethlin

[rustbot]

Some changes occurred to MIR optimizations

cc @rust-lang/wg-mir-opt

This PR changes MIR

cc @oli-obk, @RalfJung, @JakobDegen, @davidtwco, @vakaras

Some changes occurred in compiler/rustc_codegen_ssa

cc @WaffleLapkin

Some changes occurred in compiler/rustc_codegen_cranelift

cc @bjorn3

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

rust-analyzer is developed in its own repository. If possible, consider making this change to rust-lang/rust-analyzer instead.

cc @rust-lang/rust-analyzer

[bors]

⌛ Testing commit 1087042 with merge eac4ca2...

[matthiaskrgr]

looks like its stuck
@bors retry r-

[matthiaskrgr]

@bors r=@saethlin

[bors]

📌 Commit 1087042 has been approved by saethlin

It is now in the queue for this repository.

[bors]

⌛ Testing commit 1087042 with merge 1f9b61c...

[bors]

⌛ Testing commit 1087042 with merge b63223c...

[bors]

☀️ Test successful - checks-actions
Approved by: saethlin
Pushing b63223c to master...

[github-actions]

What is this?

This is an experimental post-merge analysis report that shows differences in test outcomes between the merged PR and its parent PR.

Comparing d41e12f (parent) -> b63223c (this PR)

Test differences

Show 56 test diffs

Stage 1

• [ui] tests/ui/mir/enum/convert_non_enum_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/convert_non_enum_niche_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/convert_non_enum_niche_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/convert_non_enum_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/niche_option_tuple_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/niche_option_tuple_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/numbered_variants_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/numbered_variants_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/option_with_bigger_niche_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/option_with_bigger_niche_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/plain_no_data_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/plain_no_data_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/single_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/single_with_repr_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/single_with_repr_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/with_niche_int_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/with_niche_int_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/with_niche_ptr_ok.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/wrap_break.rs: [missing] -> pass (J0)
• [ui] tests/ui/mir/enum/wrap_ok.rs: [missing] -> pass (J0)

Stage 2

• [ui] tests/ui/mir/enum/convert_non_enum_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/convert_non_enum_niche_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/convert_non_enum_niche_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/convert_non_enum_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/niche_option_tuple_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/niche_option_tuple_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/numbered_variants_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/numbered_variants_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/option_with_bigger_niche_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/option_with_bigger_niche_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/plain_no_data_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/plain_no_data_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/single_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/single_with_repr_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/single_with_repr_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/with_niche_int_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/with_niche_int_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/with_niche_ptr_ok.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/wrap_break.rs: [missing] -> pass (J1)
• [ui] tests/ui/mir/enum/wrap_ok.rs: [missing] -> pass (J1)

Additionally, 16 doctest diffs were found. These are ignored, as they are noisy.

Job group index

• J0: x86_64-gnu-llvm-19-3, x86_64-gnu-llvm-20-3
• J1: aarch64-apple, aarch64-gnu, arm-android, armhf-gnu, dist-i586-gnu-i586-i686-musl, i686-gnu-1, i686-gnu-nopt-1, i686-msvc-1, test-various, x86_64-apple-2, x86_64-gnu, x86_64-gnu-llvm-19-2, x86_64-gnu-llvm-20-2, x86_64-gnu-nopt, x86_64-gnu-stable, x86_64-mingw-1, x86_64-msvc-1

Test dashboard

Run

cargo run --manifest-path src/ci/citool/Cargo.toml -- \
    test-dashboard b63223c152212832ce37a109e26cc5f84c577532 --output-dir test-dashboard

And then open test-dashboard/index.html in your browser to see an overview of all executed tests.

Job duration changes

1. x86_64-apple-2: 4991.5s -> 3249.6s (-34.9%)
2. x86_64-apple-1: 6732.2s -> 8791.0s (30.6%)
3. mingw-check-1: 1784.0s -> 1525.7s (-14.5%)
4. i686-gnu-2: 6282.9s -> 5375.5s (-14.4%)
5. dist-aarch64-apple: 6203.2s -> 5314.1s (-14.3%)
6. x86_64-rust-for-linux: 2876.5s -> 2529.2s (-12.1%)
7. aarch64-gnu-debug: 4037.6s -> 3563.2s (-11.7%)
8. i686-gnu-nopt-1: 8017.5s -> 7098.3s (-11.5%)
9. x86_64-gnu-llvm-20-1: 3628.4s -> 3222.4s (-11.2%)
10. x86_64-gnu-aux: 6464.3s -> 5776.4s (-10.6%)

How to interpret the job duration changes?

Job durations can vary a lot, based on the actual runner instance
that executed the job, system noise, invalidated caches, etc. The table above is provided
mostly for t-infra members, for simpler debugging of potential CI slow-downs.

[rust-timer]

Finished benchmarking commit (b63223c): comparison URL.

Overall result: ❌ regressions - no action needed

@rustbot label: -perf-regression

Instruction count

Our most reliable metric. Used to determine the overall result above. However, even this metric can be noisy.

	mean	range	count
Regressions ❌ (primary)	0.1%	[0.1%, 0.1%]	1
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.1%	[0.1%, 0.1%]	1

Max RSS (memory usage)

Results (secondary -0.9%)

A less reliable metric. May be of interest, but not used to determine the overall result above.

	mean	range	count
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	2.3%	[2.3%, 2.3%]	1
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-2.4%	[-2.7%, -2.2%]	2
All ❌✅ (primary)	-	-	0

Cycles

This benchmark run did not return any relevant results for this metric.

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 690.233s -> 690.587s (0.05%)
Artifact size: 372.05 MiB -> 372.13 MiB (0.02%)

[kaleidawave]

I think this has landed in 1.90.0. A library I use that does this in a proc-macro now panics. Can fix easily. Maybe needed to be included in breaking changes here: https://github.com/rust-lang/rust/releases/tag/1.90.0

[saethlin]

Turning UB into a deterministic crash is not a breaking change. If you think the check is wrong you should file an issue. If you think that this would be useful to include in the release notes to raise awareness, you should file an issue or create a PR.

(Though it's unclear to me how adding a bullet to the release notes would have changed things for you 🤷)