miri: support 'promising' alignment for symbolic alignment check

RalfJung · RalfJung · commit d3f06275540e · 2023-12-03T21:51:14.000+01:00
diff --git a/core/src/ptr/const_ptr.rs b/core/src/ptr/const_ptr.rs
@@ -1368,10 +1368,36 @@ impl<T: ?Sized> *const T {
             panic!("align_offset: align is not a power-of-two");
         }
 
-        {
-            // SAFETY: `align` has been checked to be a power of 2 above
-            unsafe { align_offset(self, align) }
+        // SAFETY: `align` has been checked to be a power of 2 above
+        let ret = unsafe { align_offset(self, align) };
+
+        // Inform Miri that we want to consider the resulting pointer to be suitably aligned.
+        #[cfg(miri)]
+        if ret != usize::MAX {
+            fn runtime(ptr: *const (), align: usize) {
+                extern "Rust" {
+                    pub fn miri_promise_symbolic_alignment(ptr: *const (), align: usize);
+                }
+
+                // SAFETY: this call is always safe.
+                unsafe {
+                    miri_promise_symbolic_alignment(ptr, align);
+                }
+            }
+
+            const fn compiletime(_ptr: *const (), _align: usize) {}
+
+            // SAFETY: the extra behavior at runtime is for UB checks only.
+            unsafe {
+                intrinsics::const_eval_select(
+                    (self.wrapping_add(ret).cast(), align),
+                    compiletime,
+                    runtime,
+                );
+            }
         }
+
+        ret
     }
 
     /// Returns whether the pointer is properly aligned for `T`.
diff --git a/core/src/ptr/mut_ptr.rs b/core/src/ptr/mut_ptr.rs
@@ -1635,10 +1635,36 @@ impl<T: ?Sized> *mut T {
             panic!("align_offset: align is not a power-of-two");
         }
 
-        {
-            // SAFETY: `align` has been checked to be a power of 2 above
-            unsafe { align_offset(self, align) }
+        // SAFETY: `align` has been checked to be a power of 2 above
+        let ret = unsafe { align_offset(self, align) };
+
+        // Inform Miri that we want to consider the resulting pointer to be suitably aligned.
+        #[cfg(miri)]
+        if ret != usize::MAX {
+            fn runtime(ptr: *const (), align: usize) {
+                extern "Rust" {
+                    pub fn miri_promise_symbolic_alignment(ptr: *const (), align: usize);
+                }
+
+                // SAFETY: this call is always safe.
+                unsafe {
+                    miri_promise_symbolic_alignment(ptr, align);
+                }
+            }
+
+            const fn compiletime(_ptr: *const (), _align: usize) {}
+
+            // SAFETY: the extra behavior at runtime is for UB checks only.
+            unsafe {
+                intrinsics::const_eval_select(
+                    (self.wrapping_add(ret).cast_const().cast(), align),
+                    compiletime,
+                    runtime,
+                );
+            }
         }
+
+        ret
     }
 
     /// Returns whether the pointer is properly aligned for `T`.
diff --git a/core/src/slice/mod.rs b/core/src/slice/mod.rs
@@ -3868,6 +3868,18 @@ impl<T> [T] {
         } else {
             let (left, rest) = self.split_at(offset);
             let (us_len, ts_len) = rest.align_to_offsets::<U>();
+            // Inform Miri that we want to consider the "middle" pointer to be suitably aligned.
+            #[cfg(miri)]
+            {
+                extern "Rust" {
+                    pub fn miri_promise_symbolic_alignment(ptr: *const (), align: usize);
+                }
+
+                // SAFETY: this call is always safe.
+                unsafe {
+                    miri_promise_symbolic_alignment(rest.as_ptr().cast(), mem::align_of::<U>());
+                }
+            }
             // SAFETY: now `rest` is definitely aligned, so `from_raw_parts` below is okay,
             // since the caller guarantees that we can transmute `T` to `U` safely.
             unsafe {
@@ -3938,6 +3950,21 @@ impl<T> [T] {
             let (us_len, ts_len) = rest.align_to_offsets::<U>();
             let rest_len = rest.len();
             let mut_ptr = rest.as_mut_ptr();
+            // Inform Miri that we want to consider the "middle" pointer to be suitably aligned.
+            #[cfg(miri)]
+            {
+                extern "Rust" {
+                    pub fn miri_promise_symbolic_alignment(ptr: *const (), align: usize);
+                }
+
+                // SAFETY: this call is always safe.
+                unsafe {
+                    miri_promise_symbolic_alignment(
+                        mut_ptr.cast() as *const (),
+                        mem::align_of::<U>(),
+                    );
+                }
+            }
             // We can't use `rest` again after this, that would invalidate its alias `mut_ptr`!
             // SAFETY: see comments for `align_to`.
             unsafe {
