strict provenance: rename addr → addr_without_provenance

Author: RalfJung

compiler/rustc_arena/src/lib.rs

@@ -172,7 +172,8 @@ impl<T> TypedArena<T> {
     fn can_allocate(&self, additional: usize) -> bool {
         // FIXME: this should *likely* use `offset_from`, but more
         // investigation is needed (including running tests in miri).
-        let available_bytes = self.end.get().addr() - self.ptr.get().addr();
+        let available_bytes =
+            self.end.get().addr_without_provenance() - self.ptr.get().addr_without_provenance();
         let additional_bytes = additional.checked_mul(mem::size_of::<T>()).unwrap();
         available_bytes >= additional_bytes
     }
@@ -245,7 +246,8 @@ impl<T> TypedArena<T> {
                 if mem::needs_drop::<T>() {
                     // FIXME: this should *likely* use `offset_from`, but more
                     // investigation is needed (including running tests in miri).
-                    let used_bytes = self.ptr.get().addr() - last_chunk.start().addr();
+                    let used_bytes = self.ptr.get().addr_without_provenance()
+                        - last_chunk.start().addr_without_provenance();
                     last_chunk.entries = used_bytes / mem::size_of::<T>();
                 }
 
@@ -271,9 +273,9 @@ impl<T> TypedArena<T> {
     // chunks.
     fn clear_last_chunk(&self, last_chunk: &mut ArenaChunk<T>) {
         // Determine how much was filled.
-        let start = last_chunk.start().addr();
+        let start = last_chunk.start().addr_without_provenance();
         // We obtain the value of the pointer to the first uninitialized element.
-        let end = self.ptr.get().addr();
+        let end = self.ptr.get().addr_without_provenance();
         // We then calculate the number of elements to be dropped in the last chunk,
         // which is the filled area's length.
         let diff = if mem::size_of::<T>() == 0 {
@@ -396,11 +398,11 @@ impl DroplessArena {
             self.start.set(chunk.start());
 
             // Align the end to DROPLESS_ALIGNMENT.
-            let end = align_down(chunk.end().addr(), DROPLESS_ALIGNMENT);
+            let end = align_down(chunk.end().addr_without_provenance(), DROPLESS_ALIGNMENT);
 
             // Make sure we don't go past `start`. This should not happen since the allocation
             // should be at least DROPLESS_ALIGNMENT - 1 bytes.
-            debug_assert!(chunk.start().addr() <= end);
+            debug_assert!(chunk.start().addr_without_provenance() <= end);
 
             self.end.set(chunk.end().with_addr(end));
 
@@ -415,9 +417,9 @@ impl DroplessArena {
         // This loop executes once or twice: if allocation fails the first
         // time, the `grow` ensures it will succeed the second time.
         loop {
-            let start = self.start.get().addr();
+            let start = self.start.get().addr_without_provenance();
             let old_end = self.end.get();
-            let end = old_end.addr();
+            let end = old_end.addr_without_provenance();
 
             // Align allocated bytes so that `self.end` stays aligned to
             // DROPLESS_ALIGNMENT.

compiler/rustc_codegen_ssa/src/mono_item.rs

@@ -138,7 +138,11 @@ impl<'a, 'tcx: 'a> MonoItemExt<'a, 'tcx> for MonoItem<'tcx> {
     fn to_raw_string(&self) -> String {
         match *self {
             MonoItem::Fn(instance) => {
-                format!("Fn({:?}, {})", instance.def, instance.args.as_ptr().addr())
+                format!(
+                    "Fn({:?}, {})",
+                    instance.def,
+                    instance.args.as_ptr().addr_without_provenance()
+                )
             }
             MonoItem::Static(id) => format!("Static({id:?})"),
             MonoItem::GlobalAsm(id) => format!("GlobalAsm({id:?})"),

compiler/rustc_data_structures/src/tagged_ptr/copy.rs

@@ -104,7 +104,7 @@ where
     #[inline]
     pub fn tag(&self) -> T {
         // Unpack the tag, according to the `self.packed` encoding scheme
-        let tag = self.packed.addr().get() >> Self::TAG_BIT_SHIFT;
+        let tag = self.packed.addr_without_provenance().get() >> Self::TAG_BIT_SHIFT;
 
         // Safety:
         // The shift retrieves the original value from `T::into_usize`,

compiler/rustc_hir_typeck/messages.ftl

@@ -90,8 +90,8 @@ hir_typeck_lossy_provenance_int2ptr =
 
 hir_typeck_lossy_provenance_ptr2int =
     under strict provenance it is considered bad style to cast pointer `{$expr_ty}` to integer `{$cast_ty}`
-    .suggestion = use `.addr()` to obtain the address of a pointer
-    .help = if you can't comply with strict provenance and need to expose the pointer provenance you can use `.expose_addr()` instead
+    .suggestion = use `.addr_without_provenance()` to obtain the address of a pointer without its provenance -- but note that this cannot be cast back to a pointer later; you need to use `with_addr` instead
+    .help = if you need to cast the address back to an integer later, use `.expose_addr()` instead
 
 hir_typeck_method_call_on_unknown_raw_pointee =
     cannot call a method on a raw pointer with an unknown pointee type

compiler/rustc_hir_typeck/src/errors.rs

@@ -256,28 +256,32 @@ pub enum LossyProvenancePtr2IntSuggestion<'tcx> {
     NeedsParensCast {
         #[suggestion_part(code = "(")]
         expr_span: Span,
-        #[suggestion_part(code = ").addr() as {cast_ty}")]
+        #[suggestion_part(code = ").addr_without_provenance() as {cast_ty}")]
         cast_span: Span,
         cast_ty: Ty<'tcx>,
     },
     #[multipart_suggestion(hir_typeck_suggestion, applicability = "maybe-incorrect")]
     NeedsParens {
         #[suggestion_part(code = "(")]
         expr_span: Span,
-        #[suggestion_part(code = ").addr()")]
+        #[suggestion_part(code = ").addr_without_provenance()")]
         cast_span: Span,
     },
     #[suggestion(
         hir_typeck_suggestion,
-        code = ".addr() as {cast_ty}",
+        code = ".addr_without_provenance() as {cast_ty}",
         applicability = "maybe-incorrect"
     )]
     NeedsCast {
         #[primary_span]
         cast_span: Span,
         cast_ty: Ty<'tcx>,
     },
-    #[suggestion(hir_typeck_suggestion, code = ".addr()", applicability = "maybe-incorrect")]
+    #[suggestion(
+        hir_typeck_suggestion,
+        code = ".addr_without_provenance()",
+        applicability = "maybe-incorrect"
+    )]
     Other {
         #[primary_span]
         cast_span: Span,

compiler/rustc_middle/src/ty/generic_args.rs

@@ -149,7 +149,7 @@ impl<'tcx> GenericArg<'tcx> {
         // pointers were originally created from `Interned` types in `pack()`,
         // and this is just going in the other direction.
         unsafe {
-            match self.ptr.addr().get() & TAG_MASK {
+            match self.ptr.addr_without_provenance().get() & TAG_MASK {
                 REGION_TAG => GenericArgKind::Lifetime(ty::Region(Interned::new_unchecked(
                     ptr.cast::<ty::RegionKind<'tcx>>().as_ref(),
                 ))),

compiler/rustc_middle/src/ty/mod.rs

@@ -623,7 +623,7 @@ impl<'tcx> Term<'tcx> {
         // pointers were originally created from `Interned` types in `pack()`,
         // and this is just going in the other direction.
         unsafe {
-            match self.ptr.addr().get() & TAG_MASK {
+            match self.ptr.addr_without_provenance().get() & TAG_MASK {
                 TYPE_TAG => TermKind::Ty(Ty(Interned::new_unchecked(
                     ptr.cast::<WithCachedTypeInfo<ty::TyKind<'tcx>>>().as_ref(),
                 ))),

library/alloc/src/rc.rs

@@ -2840,7 +2840,7 @@ impl<T, A: Allocator> Weak<T, A> {
 }
 
 pub(crate) fn is_dangling<T: ?Sized>(ptr: *const T) -> bool {
-    (ptr.cast::<()>()).addr() == usize::MAX
+    (ptr.cast::<()>()).addr_without_provenance() == usize::MAX
 }
 
 /// Helper type to allow accessing the reference counts without

library/alloc/src/vec/into_iter.rs

@@ -222,7 +222,9 @@ impl<T, A: Allocator> Iterator for IntoIter<T, A> {
     #[inline]
     fn size_hint(&self) -> (usize, Option<usize>) {
         let exact = if T::IS_ZST {
-            self.end.addr().wrapping_sub(self.ptr.as_ptr().addr())
+            self.end
+                .addr_without_provenance()
+                .wrapping_sub(self.ptr.as_ptr().addr_without_provenance())
         } else {
             unsafe { non_null!(self.end, T).sub_ptr(self.ptr) }
         };

library/core/src/hash/mod.rs

@@ -955,7 +955,7 @@ mod impls {
         #[inline]
         fn hash<H: Hasher>(&self, state: &mut H) {
             let (address, metadata) = self.to_raw_parts();
-            state.write_usize(address.addr());
+            state.write_usize(address.addr_without_provenance());
             metadata.hash(state);
         }
     }
@@ -965,7 +965,7 @@ mod impls {
         #[inline]
         fn hash<H: Hasher>(&self, state: &mut H) {
             let (address, metadata) = self.to_raw_parts();
-            state.write_usize(address.addr());
+            state.write_usize(address.addr_without_provenance());
             metadata.hash(state);
         }
     }