add const_leak and reject interning non-leaked const_allocate ptrs

[fee1-dead]

Implements as discussed on Zulip: #t-compiler/const-eval > const heap

r? @rust-lang/wg-const-eval

Fixes #129233

[rustbot]

Some changes occurred to the CTFE / Miri interpreter

cc @rust-lang/miri

Some changes occurred to the intrinsics. Make sure the CTFE / Miri interpreter
gets adapted for the changes, if necessary.

cc @rust-lang/miri, @RalfJung, @oli-obk, @lcnr

Some changes occurred to the CTFE machinery

cc @RalfJung, @oli-obk, @lcnr

[juntyr]

I'm really excited about this experiment and the movement on const alloc, so thanks for working on it <3

[oli-obk]

For now we could just error on this. I don't think this should really happen. Either you leaked, then you don't have an owned value anymore, or you didn't, then it got an error

[oli-obk]

We also need a test that only errors with this error message and looks otherwise benign

[oli-obk]

Do we need a separate memory kind? I think the interner will be happy with anything that didn't get deallocated

[oli-obk]

Similar to how it interns stack allocations from the trailing expression

[oli-obk]

Please turn this into an exhaustive match on the base memory kind enum.

[oli-obk]

Why is this not reusing the may_leak method?

[RalfJung]

This isn't about leaking though, it's about interning. I don't think it is the same condition as what Miri's leak check needs?

[fee1-dead]

We intern stack allocations and those are marked as may_leak = false

[RalfJung]

Please turn this into an exhaustive match on the base memory kind enum.

I agree with this part though -- we should have a list of that we are allowed to intern. So the trait should be called AllowIntern or so, and it should be defined in intern.rs as that's the one place it is needed (not machine.rs).

[RalfJung]

Why does this reallocate? I don't think that is the right semantics. It will be very hard to use this to intern a graph of allocations since you need to mutate the all pointers into the allocation. And it will be impossible to do this in a cyclic graph.

[fee1-dead]

It will be very hard to use this to intern a graph of allocations since you need to mutate the all pointers into the allocation.

True. I originally went with a "just change the original memory kind" approach but got really scared by the following lines:

rust/compiler/rustc_const_eval/src/interpret/memory.rs

Lines 1609 to 1614 in 688ea65

	/// The result must be used immediately; it is not allowed to convert
	/// the returned data back into a `Pointer` and store that in machine state.
	/// (In fact that's not even possible since `M::ProvenanceExtra` is generic and
	/// we don't have an operation to turn it back into `M::Provenance`.)
	#[inline(always)]
	pub fn ptr_get_alloc_id(

[RalfJung]

Hm, I don't see how that comment would conflict with "change the memory kind"?

[fee1-dead]

I made it so that it now makes the allocation global (tcx managed).

[RalfJung]

In terms of naming, I think we said that Box::leak would not be performing this operation, so "leak" seems like a suboptimal choice. Maybe something like "make_global" or "into_static" or so?

The original plan I proposed also makes the allocation immutable when it gets marked as global -- basically, this operation should indicate that you are done preparing this allocation and it is ready to be interned. (We actually intern it later as that's easier, but for the API this does not matter.)

[RalfJung]

This risks breaking key invariants like "tcx-managed allocations do not have any dangling pointers". So as nice as this is I think it won't work.

[fee1-dead]

I'm pretty sure both ptr_get_alloc_id and self.memory.alloc_map.remove(&alloc_id) calls above ensure that this allocation is valid, unless you mean that the allocation itself could contain values that are dangling pointers to other stuff?

[RalfJung]

Yes that's what I mean.