Include arguments to the precondition check in failure messages

Author: saethlin

library/core/src/alloc/layout.rs

@@ -131,7 +131,7 @@ impl Layout {
         assert_unsafe_precondition!(
             check_library_ub,
             "Layout::from_size_align_unchecked requires that align is a power of 2 \
-            and the rounded-up allocation size does not exceed isize::MAX",
+            and the rounded-up allocation size does not exceed isize::MAX (size:{size}, align:{align})",
             (
                 size: usize = size,
                 align: usize = align,

library/core/src/ascii/ascii_char.rs

@@ -507,7 +507,7 @@ impl AsciiChar {
     pub const unsafe fn digit_unchecked(d: u8) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
-            "`ascii::Char::digit_unchecked` input cannot exceed 9.",
+            "`ascii::Char::digit_unchecked` input cannot exceed 9. (d:{d})",
             (d: u8 = d) => d < 10
         );
 

library/core/src/char/convert.rs

@@ -28,7 +28,7 @@ pub(super) const unsafe fn from_u32_unchecked(i: u32) -> char {
     unsafe {
         assert_unsafe_precondition!(
             check_language_ub,
-            "invalid value for `char`",
+            "invalid value for `char` ({i})",
             (i: u32 = i) => char_try_from_u32(i).is_ok()
         );
         transmute(i)

library/core/src/num/int_macros.rs

@@ -517,6 +517,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -659,6 +660,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -801,6 +803,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -1227,6 +1230,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_neg cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                 ) => !lhs.overflowing_neg().1,
@@ -1349,6 +1353,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,
@@ -1465,6 +1470,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,

library/core/src/num/nonzero.rs

@@ -399,6 +399,7 @@ where
                     ub_checks::assert_unsafe_precondition!(
                         check_language_ub,
                         "NonZero::new_unchecked requires the argument to be non-zero",
+                        // FIXME: Can't print n here because of how the check is written
                         () => false,
                     );
                     intrinsics::unreachable()
@@ -440,6 +441,7 @@ where
                     ub_checks::assert_unsafe_precondition!(
                         check_library_ub,
                         "NonZero::from_mut_unchecked requires the argument to dereference as non-zero",
+                        // FIXME: Can't print n here because of how the check is written
                         () => false,
                     );
                     intrinsics::unreachable()

library/core/src/num/uint_macros.rs

@@ -586,6 +586,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -768,6 +769,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -943,6 +945,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -1631,6 +1634,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,
@@ -1747,6 +1751,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,

library/core/src/ops/index_range.rs

@@ -23,7 +23,8 @@ impl IndexRange {
     pub(crate) const unsafe fn new_unchecked(start: usize, end: usize) -> Self {
         ub_checks::assert_unsafe_precondition!(
             check_library_ub,
-            "IndexRange::new_unchecked requires `start <= end`",
+            "IndexRange::new_unchecked requires `start <= end` \
+            (start:{start}, end:{end})",
             (start: usize = start, end: usize = end) => start <= end,
         );
         IndexRange { start, end }

library/core/src/ptr/alignment.rs

@@ -77,7 +77,8 @@ impl Alignment {
     pub const unsafe fn new_unchecked(align: usize) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
-            "Alignment::new_unchecked requires a power of two",
+            "Alignment::new_unchecked requires a power of two \
+            (align:{align})",
             (align: usize = align) => align.is_power_of_two()
         );
 

library/core/src/ptr/const_ptr.rs

@@ -424,7 +424,8 @@ impl<T: PointeeSized> *const T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::offset requires the address calculation to not overflow",
+            "ptr::offset requires the address calculation to not overflow \
+            (ptr:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: isize = count,
@@ -768,7 +769,8 @@ impl<T: PointeeSized> *const T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::offset_from_unsigned requires `self >= origin`",
+            "ptr::offset_from_unsigned requires `self >= origin` \
+            (self:{this:?}, origin:{origin:?})",
             (
                 this: *const () = self as *const (),
                 origin: *const () = origin as *const (),
@@ -903,7 +905,8 @@ impl<T: PointeeSized> *const T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::add requires that the address calculation does not overflow",
+            "ptr::add requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,
@@ -1008,7 +1011,8 @@ impl<T: PointeeSized> *const T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::sub requires that the address calculation does not overflow",
+            "ptr::sub requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,

library/core/src/ptr/mod.rs

@@ -522,7 +522,8 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
     ub_checks::assert_unsafe_precondition!(
         check_language_ub,
         "ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
-        and the specified memory ranges do not overlap",
+        and the specified memory ranges do not overlap \
+        (src{src:?}, dst:{dst:?}, size:{size:?}, align:{align:?}, count:{count:?})",
         (
             src: *const () = src as *const (),
             dst: *mut () = dst as *mut (),
@@ -620,7 +621,8 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::copy requires that both pointer arguments are aligned and non-null",
+            "ptr::copy requires that both pointer arguments are aligned and non-null \
+            (src{src:?}, dst:{dst:?}, align:{align:?})",
             (
                 src: *const () = src as *const (),
                 dst: *mut () = dst as *mut (),
@@ -694,7 +696,8 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write_bytes requires that the destination pointer is aligned and non-null",
+            "ptr::write_bytes requires that the destination pointer is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *const () = dst as *const (),
                 align: usize = align_of::<T>(),
@@ -1384,7 +1387,8 @@ pub const unsafe fn swap_nonoverlapping<T>(x: *mut T, y: *mut T, count: usize) {
     ub_checks::assert_unsafe_precondition!(
         check_library_ub,
         "ptr::swap_nonoverlapping requires that both pointer arguments are aligned and non-null \
-        and the specified memory ranges do not overlap",
+        and the specified memory ranges do not overlap \
+        (x:{x:?}, y:{y:?}, size:{size}, align:{align}, count:{count})",
         (
             x: *mut () = x as *mut (),
             y: *mut () = y as *mut (),
@@ -1569,7 +1573,8 @@ pub const unsafe fn replace<T>(dst: *mut T, src: T) -> T {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::replace requires that the pointer argument is aligned and non-null",
+            "ptr::replace requires that the pointer argument is aligned and non-null\
+            (dst:{addr:?}, (align:{align}))",
             (
                 addr: *const () = dst as *const (),
                 align: usize = align_of::<T>(),
@@ -1722,7 +1727,8 @@ pub const unsafe fn read<T>(src: *const T) -> T {
         #[cfg(debug_assertions)] // Too expensive to always enable (for now?)
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::read requires that the pointer argument is aligned and non-null",
+            "ptr::read requires that the pointer argument is aligned and non-null \
+            (src:{addr:?}, align:{align})",
             (
                 addr: *const () = src as *const (),
                 align: usize = align_of::<T>(),
@@ -1922,7 +1928,8 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
         #[cfg(debug_assertions)] // Too expensive to always enable (for now?)
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write requires that the pointer argument is aligned and non-null",
+            "ptr::write requires that the pointer argument is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *mut () = dst as *mut (),
                 align: usize = align_of::<T>(),
@@ -2090,7 +2097,8 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::read_volatile requires that the pointer argument is aligned and non-null",
+            "ptr::read_volatile requires that the pointer argument is aligned and non-null \
+            (src:{addr:?}, align:{align})",
             (
                 addr: *const () = src as *const (),
                 align: usize = align_of::<T>(),
@@ -2170,7 +2178,8 @@ pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write_volatile requires that the pointer argument is aligned and non-null",
+            "ptr::write_volatile requires that the pointer argument is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *mut () = dst as *mut (),
                 align: usize = align_of::<T>(),

library/core/src/ptr/mut_ptr.rs

@@ -422,7 +422,8 @@ impl<T: PointeeSized> *mut T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::offset requires the address calculation to not overflow",
+            "ptr::offset requires the address calculation to not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: isize = count,
@@ -996,7 +997,8 @@ impl<T: PointeeSized> *mut T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::add requires that the address calculation does not overflow",
+            "ptr::add requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,
@@ -1101,7 +1103,8 @@ impl<T: PointeeSized> *mut T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::sub requires that the address calculation does not overflow",
+            "ptr::sub requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,

library/core/src/ptr/non_null.rs

@@ -228,7 +228,7 @@ impl<T: PointeeSized> NonNull<T> {
         unsafe {
             assert_unsafe_precondition!(
                 check_language_ub,
-                "NonNull::new_unchecked requires that the pointer is non-null",
+                "NonNull::new_unchecked requires that the pointer is non-null (ptr:{ptr:?})",
                 (ptr: *mut () = ptr as *mut ()) => !ptr.is_null()
             );
             NonNull { pointer: ptr as _ }

library/core/src/slice/index.rs

@@ -236,8 +236,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
         assert_unsafe_precondition!(
             check_language_ub,
-            "slice::get_unchecked requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked requires that the index is within the slice \
+            (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
@@ -256,8 +257,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked_mut requires that the index is within the slice \
+            (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: see comments for `get_unchecked` above.
         unsafe { slice_get_unchecked(slice, self) }
@@ -306,7 +308,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked requires that the index is within the slice",
+            "slice::get_unchecked requires that the index is within the slice \
+            (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
@@ -321,7 +324,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
+            "slice::get_unchecked_mut requires that the index is within the slice \
+            (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
 
@@ -387,7 +391,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked requires that the range is within the slice",
+            "slice::get_unchecked requires that the range is within the slice \
+            (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,
@@ -412,7 +417,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the range is within the slice",
+            "slice::get_unchecked_mut requires that the range is within the slice \
+            (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,