Program that uses the const VOID: ! =panic!() associated constant compiles and runs into illegal intruction.

[rodrimati1992]

This unsound code compiles in the playground (on Rust nightly 2019-12-01):

#![feature(const_panic)]

struct PrintName;

impl PrintName {
    const VOID: ! = panic!();
}

fn main() {
    let _ = PrintName::VOID;
}

And runs into an illegal instruction:

   Compiling playground v0.0.1 (/playground)
    Finished dev [unoptimized + debuginfo] target(s) in 0.65s
     Running `target/debug/playground`
timeout: the monitored command dumped core
/root/entrypoint.sh: line 8:     7 Illegal instruction     timeout --signal=KILL ${timeout} "$@"

I expected this to fail to compile because panicking in constants should cause compilation errors.

[Centril]

cc @rust-lang/wg-const-eval

[oli-obk]

Ok, there's three questionable things going on.

1. Why do we get an error if it's not an associated constant but just a normal constant
2. It also happens for normal constants with allow(const_err)

#![feature(const_panic)]
#![allow(const_err)]

const VOID: ! = panic!();

fn main() {
    let _ = VOID;
}

3. It does not happen for arithmetic panics

#![allow(const_err)]

const VOID: u32 = 0 - 1;

fn main() {
    let x = VOID; // still an error
}

[oli-obk]

Ok... so I did a full MIR dump of the example code and even the very first MIR directly after mir building does not contain the assignment (although it contains the variable of ! type). I'm not sure what we're doing here, but it seems mir building must already bail out of building this assignment, because it knows it's dead.

[matthewjasper]

We throw the constant on the floor:

rust/src/librustc_mir/build/expr/into.rs

Line 68 in e862c01

unpack!(block = this.as_local_rvalue(block, source));

This needs to be as_temp to ensure that anything ends up in the MIR.

[oli-obk]

Wouldn't as_temp change the behaviour of let _ = ...; to let _tmp = ...;, thus affecting the drop behaviour if the assign rhs is a temporary value?

[matthewjasper]

as_temp takes the scope of the temporary that it creates. We generate an Unreachable terminator right after this, so I don't think that it matters much either way.

[RalfJung]

FWIW I don't think this is unsound; this just runs into the safety net that we have when embedding consts/promoteds with errors into the code -- we emit a trap. So this is certainly wrong codegen but I don't think there is any UB.

[oli-obk]

It is unsound, because we don't run into the promoted safety net. The constant never even shows up in MIR, instead all it is is a basic block with an unreachable terminator.

@matthewjasper my worry was not about this specific code miscompiling, but other code miscompiling. But you're right, the call you found only is run for never types. Can you open a PR with the change and a mir opt test showing that it doesn't get optimized away? This may additionally require #67134

[RalfJung]

It is unsound, because we don't run into the promoted safety net. The constant never even shows up in MIR, instead all it is is a basic block with an unreachable terminator.

Oh. Yeah okay that's pretty bad indeed.

[jyn514]

Running this with miri gives error: entering unreachable code:

error: Miri evaluation error: entering unreachable code
  --> src/main.rs:10:13
   |
10 |     let _ = PrintName::VOID;
   |             ^^^^^^^^^^^^^^^ Miri evaluation error: entering unreachable code
   |
   = note: inside call to `main` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/rt.rs:67:34
   = note: inside call to closure at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/rt.rs:52:73
   = note: inside call to closure at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/sys_common/backtrace.rs:136:5
   = note: inside call to `std::sys_common::backtrace::__rust_begin_short_backtrace::<[closure@DefId(1:6014 ~ std[74ff]::rt[0]::lang_start_internal[0]::{{closure}}[0]::{{closure}}[0]) 0:&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe], i32>` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/rt.rs:52:13
   = note: inside call to closure at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/panicking.rs:292:40
   = note: inside call to `std::panicking::r#try::do_call::<[closure@DefId(1:6013 ~ std[74ff]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe], i32>` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/panicking.rs:270:13
   = note: inside call to `std::panicking::r#try::<i32, [closure@DefId(1:6013 ~ std[74ff]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe]>` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/panic.rs:394:14
   = note: inside call to `std::panic::catch_unwind::<[closure@DefId(1:6013 ~ std[74ff]::rt[0]::lang_start_internal[0]::{{closure}}[0]) 0:&&dyn std::ops::Fn() -> i32 + std::marker::Sync + std::panic::RefUnwindSafe], i32>` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/rt.rs:51:25
   = note: inside call to `std::rt::lang_start_internal` at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/src/libstd/rt.rs:67:5
   = note: inside call to `std::rt::lang_start::<()>`

error: aborting due to previous error

error: could not compile `playground`.

[jyn514]

Also if you remove the let binding it correctly gives an error:

#![feature(const_panic)]

struct PrintName;

impl PrintName {
    const VOID: ! = panic!();
}

fn main() {
    PrintName::VOID;
}

error: any use of this value will cause an error
 --> src/main.rs:6:21
  |
6 |     const VOID: ! = panic!();
  |     ----------------^^^^^^^^-
  |                     |
  |                     the evaluated program panicked at 'explicit panic', src/main.rs:6:21
  |
  = note: `#[deny(const_err)]` on by default
  = note: this error originates in a macro outside of the current crate (in Nightly builds, run with -Z external-macro-backtrace for more info)

error[E0080]: erroneous constant used
  --> src/main.rs:10:5
   |
10 |     PrintName::VOID;
   |     ^^^^^^^^^^^^^^^ referenced constant has errors