Include arguments to the precondition check in failure messages

Author: saethlin

library/core/src/alloc/layout.rs

@@ -130,7 +130,7 @@ impl Layout {
         assert_unsafe_precondition!(
             check_library_ub,
             "Layout::from_size_align_unchecked requires that align is a power of 2 \
-            and the rounded-up allocation size does not exceed isize::MAX",
+            and the rounded-up allocation size does not exceed isize::MAX (size:{size}, align:{align})",
             (
                 size: usize = size,
                 align: usize = align,

library/core/src/ascii/ascii_char.rs

@@ -506,7 +506,7 @@ impl AsciiChar {
     pub const unsafe fn digit_unchecked(d: u8) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
-            "`ascii::Char::digit_unchecked` input cannot exceed 9.",
+            "`ascii::Char::digit_unchecked` input cannot exceed 9. (d:{d})",
             (d: u8 = d) => d < 10
         );
 

library/core/src/char/convert.rs

@@ -26,7 +26,7 @@ pub(super) const unsafe fn from_u32_unchecked(i: u32) -> char {
     unsafe {
         assert_unsafe_precondition!(
             check_language_ub,
-            "invalid value for `char`",
+            "invalid value for `char` ({i})",
             (i: u32 = i) => char_try_from_u32(i).is_ok()
         );
         transmute(i)

library/core/src/intrinsics/mod.rs

@@ -4354,7 +4354,8 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
     ub_checks::assert_unsafe_precondition!(
         check_language_ub,
         "ptr::copy_nonoverlapping requires that both pointer arguments are aligned and non-null \
-        and the specified memory ranges do not overlap",
+        and the specified memory ranges do not overlap \
+        (src:{src:?}, dst:{dst:?}, size:{size}, align:{align}, count:{count})",
         (
             src: *const () = src as *const (),
             dst: *mut () = dst as *mut (),
@@ -4459,7 +4460,8 @@ pub const unsafe fn copy<T>(src: *const T, dst: *mut T, count: usize) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::copy requires that both pointer arguments are aligned and non-null",
+            "ptr::copy requires that both pointer arguments are aligned and non-null \
+            (src:{src:?}, dst:{dst:?}, align:{align})",
             (
                 src: *const () = src as *const (),
                 dst: *mut () = dst as *mut (),
@@ -4542,7 +4544,8 @@ pub const unsafe fn write_bytes<T>(dst: *mut T, val: u8, count: usize) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write_bytes requires that the destination pointer is aligned and non-null",
+            "ptr::write_bytes requires that the destination pointer is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *const () = dst as *const (),
                 align: usize = align_of::<T>(),

library/core/src/num/int_macros.rs

@@ -514,6 +514,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -664,6 +665,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -814,6 +816,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -1158,6 +1161,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_neg cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                 ) => !lhs.overflowing_neg().1,
@@ -1286,6 +1290,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,
@@ -1407,6 +1412,7 @@ macro_rules! int_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,

library/core/src/num/nonzero.rs

@@ -403,6 +403,7 @@ where
                     ub_checks::assert_unsafe_precondition!(
                         check_language_ub,
                         "NonZero::new_unchecked requires the argument to be non-zero",
+                        // FIXME: Can't print n here because of how the check is written
                         () => false,
                     );
                     intrinsics::unreachable()
@@ -443,6 +444,7 @@ where
                     ub_checks::assert_unsafe_precondition!(
                         check_library_ub,
                         "NonZero::from_mut_unchecked requires the argument to dereference as non-zero",
+                        // FIXME: Can't print n here because of how the check is written
                         () => false,
                     );
                     intrinsics::unreachable()

library/core/src/num/uint_macros.rs

@@ -561,6 +561,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_add cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -751,6 +752,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_sub cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -934,6 +936,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_mul cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     lhs: $SelfT = self,
                     rhs: $SelfT = rhs,
@@ -1504,6 +1507,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shl cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,
@@ -1625,6 +1629,7 @@ macro_rules! uint_impl {
             assert_unsafe_precondition!(
                 check_language_ub,
                 concat!(stringify!($SelfT), "::unchecked_shr cannot overflow"),
+                // FIXME: concat! prevents adding formatting
                 (
                     rhs: u32 = rhs,
                 ) => rhs < <$ActualT>::BITS,

library/core/src/ops/index_range.rs

@@ -21,7 +21,8 @@ impl IndexRange {
     pub const unsafe fn new_unchecked(start: usize, end: usize) -> Self {
         ub_checks::assert_unsafe_precondition!(
             check_library_ub,
-            "IndexRange::new_unchecked requires `start <= end`",
+            "IndexRange::new_unchecked requires `start <= end` \
+            (start:{start}, end:{end})",
             (start: usize = start, end: usize = end) => start <= end,
         );
         IndexRange { start, end }

library/core/src/ptr/alignment.rs

@@ -75,7 +75,8 @@ impl Alignment {
     pub const unsafe fn new_unchecked(align: usize) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
-            "Alignment::new_unchecked requires a power of two",
+            "Alignment::new_unchecked requires a power of two \
+            (align:{align})",
             (align: usize = align) => align.is_power_of_two()
         );
 

library/core/src/ptr/const_ptr.rs

@@ -443,7 +443,8 @@ impl<T: ?Sized> *const T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::offset requires the address calculation to not overflow",
+            "ptr::offset requires the address calculation to not overflow \
+            (ptr:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: isize = count,
@@ -789,7 +790,8 @@ impl<T: ?Sized> *const T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::sub_ptr requires `self >= origin`",
+            "ptr::sub_ptr requires `self >= origin` \
+            (self:{this:?}, origin:{origin:?})",
             (
                 this: *const () = self as *const (),
                 origin: *const () = origin as *const (),
@@ -955,7 +957,8 @@ impl<T: ?Sized> *const T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::add requires that the address calculation does not overflow",
+            "ptr::add requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,
@@ -1060,7 +1063,8 @@ impl<T: ?Sized> *const T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::sub requires that the address calculation does not overflow",
+            "ptr::sub requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,

library/core/src/ptr/mod.rs

@@ -1078,7 +1078,8 @@ pub const unsafe fn swap_nonoverlapping<T>(x: *mut T, y: *mut T, count: usize) {
     ub_checks::assert_unsafe_precondition!(
         check_language_ub,
         "ptr::swap_nonoverlapping requires that both pointer arguments are aligned and non-null \
-        and the specified memory ranges do not overlap",
+        and the specified memory ranges do not overlap \
+        (x:{x:?}, y:{y:?}, size:{size}, align:{align}, count:{count})",
         (
             x: *mut () = x as *mut (),
             y: *mut () = y as *mut (),
@@ -1223,7 +1224,8 @@ pub const unsafe fn replace<T>(dst: *mut T, src: T) -> T {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::replace requires that the pointer argument is aligned and non-null",
+            "ptr::replace requires that the pointer argument is aligned and non-null\
+            (dst:{addr:?}, (align:{align}))",
             (
                 addr: *const () = dst as *const (),
                 align: usize = align_of::<T>(),
@@ -1376,7 +1378,8 @@ pub const unsafe fn read<T>(src: *const T) -> T {
         #[cfg(debug_assertions)] // Too expensive to always enable (for now?)
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::read requires that the pointer argument is aligned and non-null",
+            "ptr::read requires that the pointer argument is aligned and non-null \
+            (src:{addr:?}, align:{align})",
             (
                 addr: *const () = src as *const (),
                 align: usize = align_of::<T>(),
@@ -1580,7 +1583,8 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
         #[cfg(debug_assertions)] // Too expensive to always enable (for now?)
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write requires that the pointer argument is aligned and non-null",
+            "ptr::write requires that the pointer argument is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *mut () = dst as *mut (),
                 align: usize = align_of::<T>(),
@@ -1752,7 +1756,8 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::read_volatile requires that the pointer argument is aligned and non-null",
+            "ptr::read_volatile requires that the pointer argument is aligned and non-null \
+            (src:{addr:?}, align:{align})",
             (
                 addr: *const () = src as *const (),
                 align: usize = align_of::<T>(),
@@ -1832,7 +1837,8 @@ pub unsafe fn write_volatile<T>(dst: *mut T, src: T) {
     unsafe {
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::write_volatile requires that the pointer argument is aligned and non-null",
+            "ptr::write_volatile requires that the pointer argument is aligned and non-null \
+            (dst:{addr:?}, align:{align})",
             (
                 addr: *mut () = dst as *mut (),
                 align: usize = align_of::<T>(),

library/core/src/ptr/mut_ptr.rs

@@ -439,7 +439,8 @@ impl<T: ?Sized> *mut T {
 
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::offset requires the address calculation to not overflow",
+            "ptr::offset requires the address calculation to not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: isize = count,
@@ -1045,7 +1046,8 @@ impl<T: ?Sized> *mut T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::add requires that the address calculation does not overflow",
+            "ptr::add requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,
@@ -1150,7 +1152,8 @@ impl<T: ?Sized> *mut T {
         #[cfg(debug_assertions)] // Expensive, and doesn't catch much in the wild.
         ub_checks::assert_unsafe_precondition!(
             check_language_ub,
-            "ptr::sub requires that the address calculation does not overflow",
+            "ptr::sub requires that the address calculation does not overflow \
+            (self:{this:?}, count:{count}, size:{size})",
             (
                 this: *const () = self as *const (),
                 count: usize = count,

library/core/src/ptr/non_null.rs

@@ -195,7 +195,7 @@ impl<T: ?Sized> NonNull<T> {
         unsafe {
             assert_unsafe_precondition!(
                 check_language_ub,
-                "NonNull::new_unchecked requires that the pointer is non-null",
+                "NonNull::new_unchecked requires that the pointer is non-null (ptr:{ptr:?})",
                 (ptr: *mut () = ptr as *mut ()) => !ptr.is_null()
             );
             NonNull { pointer: ptr as _ }

library/core/src/slice/index.rs

@@ -242,8 +242,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const T {
         assert_unsafe_precondition!(
             check_language_ub,
-            "slice::get_unchecked requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked requires that the index is within the slice \
+            (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
         // cannot be longer than `isize::MAX`. They also guarantee that
@@ -261,8 +262,9 @@ unsafe impl<T> SliceIndex<[T]> for usize {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut T {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
-            (this: usize = self, len: usize = slice.len()) => this < len
+            "slice::get_unchecked_mut requires that the index is within the slice \
+            (index:{index}, len:{len})",
+            (index: usize = self, len: usize = slice.len()) => index < len
         );
         // SAFETY: see comments for `get_unchecked` above.
         unsafe { get_mut_noubcheck(slice, self) }
@@ -310,7 +312,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked requires that the index is within the slice",
+            "slice::get_unchecked requires that the index is within the slice \
+            (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
         // SAFETY: the caller guarantees that `slice` is not dangling, so it
@@ -324,7 +327,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::IndexRange {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the index is within the slice",
+            "slice::get_unchecked_mut requires that the index is within the slice \
+            (end:{end}, len:{len})",
             (end: usize = self.end(), len: usize = slice.len()) => end <= len
         );
 
@@ -389,7 +393,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
     unsafe fn get_unchecked(self, slice: *const [T]) -> *const [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked requires that the range is within the slice",
+            "slice::get_unchecked requires that the range is within the slice \
+            (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,
@@ -413,7 +418,8 @@ unsafe impl<T> SliceIndex<[T]> for ops::Range<usize> {
     unsafe fn get_unchecked_mut(self, slice: *mut [T]) -> *mut [T] {
         assert_unsafe_precondition!(
             check_library_ub,
-            "slice::get_unchecked_mut requires that the range is within the slice",
+            "slice::get_unchecked_mut requires that the range is within the slice \
+            (range:{start}..{end}, len:{len})",
             (
                 start: usize = self.start,
                 end: usize = self.end,