Rollup merge of rust-lang#97763 - RalfJung:fallible-cast, r=lcnr

Allow ptr_from_addr_cast to fail

This is needed for rust-lang/miri#2133: I would like to have an option in Miri to error when a int2ptr cast is executed.

Author: Dylan-DPC

compiler/rustc_const_eval/src/interpret/cast.rs

@@ -221,7 +221,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
         let addr = addr.to_machine_usize(self)?;
 
         // Then turn address into pointer.
-        let ptr = M::ptr_from_addr_cast(&self, addr);
+        let ptr = M::ptr_from_addr_cast(&self, addr)?;
         Ok(Scalar::from_maybe_pointer(ptr, self).into())
     }
 

compiler/rustc_const_eval/src/interpret/machine.rs

@@ -294,11 +294,10 @@ pub trait Machine<'mir, 'tcx>: Sized {
     fn ptr_from_addr_cast(
         ecx: &InterpCx<'mir, 'tcx, Self>,
         addr: u64,
-    ) -> Pointer<Option<Self::PointerTag>>;
+    ) -> InterpResult<'tcx, Pointer<Option<Self::PointerTag>>>;
 
-    // FIXME: Transmuting an integer to a pointer should just always return a `None`
-    // provenance, but that causes problems with function pointers in Miri.
     /// Hook for returning a pointer from a transmute-like operation on an addr.
+    /// This is only needed to support Miri's (unsound) "allow-ptr-int-transmute" flag.
     fn ptr_from_addr_transmute(
         ecx: &InterpCx<'mir, 'tcx, Self>,
         addr: u64,
@@ -519,8 +518,10 @@ pub macro compile_time_machine(<$mir: lifetime, $tcx: lifetime>) {
     fn ptr_from_addr_cast(
         _ecx: &InterpCx<$mir, $tcx, Self>,
         addr: u64,
-    ) -> Pointer<Option<AllocId>> {
-        Pointer::new(None, Size::from_bytes(addr))
+    ) -> InterpResult<$tcx, Pointer<Option<AllocId>>> {
+        // Allow these casts, but make the pointer not dereferenceable.
+        // (I.e., they behave like transmutation.)
+        Ok(Pointer::new(None, Size::from_bytes(addr)))
     }
 
     #[inline(always)]