Auto merge of #148190 - RalfJung:box_new, r=RalfJung

replace box_new with lower-level intrinsics

The `box_new` intrinsic is super special: during THIR construction it turns into an `ExprKind::Box` (formerly known as the `box` keyword), which then during MIR building turns into a special instruction sequence that invokes the exchange_malloc lang item (which has a name from a different time) and a special MIR statement to represent a shallowly-initialized `Box` (which raises [interesting opsem questions](#97270)).

This PR is the n-th attempt to get rid of `box_new`. That's non-trivial because it usually causes a perf regression: replacing `box_new` by naive unsafe code will incur extra copies in debug builds, making the resulting binaries a lot slower, and will generate a lot more MIR, making compilation measurably slower. Furthermore, `vec!` is a macro, so the exact code it expands to is highly relevant for borrow checking, type inference, and temporary scopes.

To avoid those problems, this PR does its best to make the MIR almost exactly the same as what it was before. `box_new` is used in two places, `Box::new` and `vec!`:
- For `Box::new` that is fairly easy: the `move_by_value` intrinsic is basically all we need. However, to avoid the extra copy that would usually be generated for the argument of a function call, we need to special-case this intrinsic during MIR building. That's what the first commit does.
- `vec!` is a lot more tricky. As a macro, its details leak to stable code, so almost every variant I tried broke either type inference or the lifetimes of temporaries in some ui test or ended up accepting unsound code due to the borrow checker not enforcing all the constraints I hoped it would enforce. I ended up with a variant that involves a new intrinsic, `fn write_box_via_move<T>(b: Box<MaybeUninit<T>>, x: T) -> Box<MaybeUninit<T>>`, that writes a value into a `Box<MaybeUninit<T>>` and returns that box again. In exchange we can get rid of somewhat similar code in the lowering for `ExprKind::Box`, and the `exchange_malloc` lang item. (We can also get rid of `Rvalue::ShallowInitBox`; I didn't include that in this PR -- I think @cjgillot has a commit for this somewhere [around here](https://github.com/rust-lang/rust/pull/147862/commits).)

See [here](#148190 (comment)) for the latest perf numbers. Most of the regressions are in deep-vector which consists entirely of an invocation of `vec!`, so any change to that macro affects this benchmark disproportionally.

This is my first time even looking at MIR building code, so I am very low confidence in that part of the patch, in particular when it comes to scopes and drops and things like that.

I also had do nerf some clippy tests because clippy gets confused by the new expansion of `vec!` so it makes fewer suggestions when `vec!` is involved.

### `vec!` FAQ

- Why does `write_box_via_move` return the `Box` again? Because we need to expand `vec!` to a bunch of method invocations without any blocks or let-statements, or else the temporary scopes (and type inference) don't work out.
- Why is `box_assume_init_into_vec_unsafe` (unsoundly!) a safe function? Because we can't use an unsafe block in `vec!` as that would necessarily also include the `$x` (due to it all being one big method invocation) and therefore interpret the user's code as being inside `unsafe`, which would be bad (and 10 years later, we still don't have safe blocks for macros like this).
- Why does `write_box_via_move` use `Box` as input/output type, and not, say, raw pointers? Because that is the only way to get the correct behavior when `$x` panics or has control effects: we need the `Box` to be dropped in that case. (As a nice side-effect this also makes the intrinsic safe, which is imported as explained in the previous bullet.)
- Can't we make it safe by having `write_box_via_move` return `Box<T>`? Yes we could, but there's no easy way for the intrinsic to convert its `Box<MaybeUninit<T>>` to a `Box<T>`. Transmuting would be unsound as the borrow checker would no longer properly enforce that lifetimes involved in a `vec!` invocation behave correctly.
- Is this macro truly cursed? Yes, yes it is.

Author: bors

compiler/rustc_codegen_cranelift/example/mini_core.rs

@@ -622,11 +622,6 @@ impl<T: ?Sized> Deref for Box<T> {
     }
 }
 
-#[lang = "exchange_malloc"]
-unsafe fn allocate(size: usize, _align: usize) -> *mut u8 {
-    unsafe { libc::malloc(size) }
-}
-
 #[lang = "drop"]
 pub trait Drop {
     fn drop(&mut self);

compiler/rustc_codegen_gcc/example/mini_core.rs

@@ -628,11 +628,6 @@ impl<T: ?Sized, A: Allocator> Deref for Box<T, A> {
     }
 }
 
-#[lang = "exchange_malloc"]
-unsafe fn allocate(size: usize, _align: usize) -> *mut u8 {
-    libc::malloc(size)
-}
-
 #[lang = "drop"]
 pub trait Drop {
     fn drop(&mut self);

compiler/rustc_const_eval/src/check_consts/check.rs

@@ -850,13 +850,6 @@ impl<'tcx> Visitor<'tcx> for Checker<'_, 'tcx> {
                     return;
                 }
 
-                // This can be called on stable via the `vec!` macro.
-                if tcx.is_lang_item(callee, LangItem::ExchangeMalloc) {
-                    self.check_op(ops::HeapAllocation);
-                    // Allow this call, skip all the checks below.
-                    return;
-                }
-
                 // Intrinsics are language primitives, not regular calls, so treat them separately.
                 if let Some(intrinsic) = tcx.intrinsic(callee) {
                     if !tcx.is_const_fn(callee) {

compiler/rustc_const_eval/src/check_consts/ops.rs

@@ -561,18 +561,6 @@ impl<'tcx> NonConstOp<'tcx> for Coroutine {
     }
 }
 
-#[derive(Debug)]
-pub(crate) struct HeapAllocation;
-impl<'tcx> NonConstOp<'tcx> for HeapAllocation {
-    fn build_error(&self, ccx: &ConstCx<'_, 'tcx>, span: Span) -> Diag<'tcx> {
-        ccx.dcx().create_err(errors::UnallowedHeapAllocations {
-            span,
-            kind: ccx.const_kind(),
-            teach: ccx.tcx.sess.teach(E0010),
-        })
-    }
-}
-
 #[derive(Debug)]
 pub(crate) struct InlineAsm;
 impl<'tcx> NonConstOp<'tcx> for InlineAsm {

compiler/rustc_const_eval/src/errors.rs

@@ -289,31 +289,6 @@ pub(crate) struct UnallowedOpInConstContext {
     pub msg: String,
 }
 
-#[derive(Diagnostic)]
-#[diag(r#"allocations are not allowed in {$kind ->
-    [const] constant
-    [static] static
-    [const_fn] constant function
-    *[other] {""}
-}s"#, code = E0010)]
-pub(crate) struct UnallowedHeapAllocations {
-    #[primary_span]
-    #[label(
-        r#"allocation not allowed in {$kind ->
-            [const] constant
-            [static] static
-            [const_fn] constant function
-            *[other] {""}
-        }s"#
-    )]
-    pub span: Span,
-    pub kind: ConstContext,
-    #[note(
-        "the runtime heap is not yet available at compile-time, so no runtime heap allocations can be created"
-    )]
-    pub teach: bool,
-}
-
 #[derive(Diagnostic)]
 #[diag(r#"inline assembly is not allowed in {$kind ->
     [const] constant

compiler/rustc_error_codes/src/error_codes/E0010.md

@@ -1,9 +1,11 @@
+#### Note: this error code is no longer emitted by the compiler.
+
 The value of statics and constants must be known at compile time, and they live
 for the entire lifetime of a program. Creating a boxed value allocates memory on
 the heap at runtime, and therefore cannot be done at compile time.
 
 Erroneous code example:
 
-```compile_fail,E0010
+```ignore (no longer emitted)
 const CON : Vec<i32> = vec![1, 2, 3];
 ```

compiler/rustc_error_codes/src/lib.rs

@@ -20,7 +20,8 @@
 //
 // Do *not* remove entries from this list. Instead, just add a note to the corresponding markdown
 // file saying that this error is not emitted by the compiler any more (see E0001.md for an
-// example), and remove all code examples that do not build any more.
+// example), and remove all code examples that do not build any more by marking them
+// with `ignore (no longer emitted)`.
 #[macro_export]
 #[rustfmt::skip]
 macro_rules! error_codes {

compiler/rustc_hir/src/lang_items.rs

@@ -320,7 +320,6 @@ language_item_table! {
     FormatArgument,          sym::format_argument,     format_argument,            Target::Struct,         GenericRequirement::None;
     FormatArguments,         sym::format_arguments,    format_arguments,           Target::Struct,         GenericRequirement::None;
 
-    ExchangeMalloc,          sym::exchange_malloc,     exchange_malloc_fn,         Target::Fn,             GenericRequirement::None;
     DropInPlace,             sym::drop_in_place,       drop_in_place_fn,           Target::Fn,             GenericRequirement::Minimum(1);
     AllocLayout,             sym::alloc_layout,        alloc_layout,               Target::Struct,         GenericRequirement::None;
 

compiler/rustc_hir_analysis/src/check/intrinsic.rs

@@ -77,7 +77,6 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::autodiff
         | sym::bitreverse
         | sym::black_box
-        | sym::box_new
         | sym::breakpoint
         | sym::bswap
         | sym::caller_location
@@ -223,6 +222,7 @@ fn intrinsic_operation_unsafety(tcx: TyCtxt<'_>, intrinsic_id: LocalDefId) -> hi
         | sym::wrapping_add
         | sym::wrapping_mul
         | sym::wrapping_sub
+        | sym::write_box_via_move
         // tidy-alphabetical-end
         => hir::Safety::Safe,
         _ => hir::Safety::Unsafe,
@@ -584,6 +584,13 @@ pub(crate) fn check_intrinsic_type(
         sym::write_via_move => {
             (1, 0, vec![Ty::new_mut_ptr(tcx, param(0)), param(0)], tcx.types.unit)
         }
+        sym::write_box_via_move => {
+            let t = param(0);
+            let maybe_uninit_t = Ty::new_maybe_uninit(tcx, t);
+            let box_mu_t = Ty::new_box(tcx, maybe_uninit_t);
+
+            (1, 0, vec![box_mu_t, param(0)], box_mu_t)
+        }
 
         sym::typed_swap_nonoverlapping => {
             (1, 0, vec![Ty::new_mut_ptr(tcx, param(0)); 2], tcx.types.unit)
@@ -689,8 +696,6 @@ pub(crate) fn check_intrinsic_type(
 
         sym::ub_checks | sym::overflow_checks => (0, 0, Vec::new(), tcx.types.bool),
 
-        sym::box_new => (1, 0, vec![param(0)], Ty::new_box(tcx, param(0))),
-
         // contract_check_requires::<C>(C) -> bool, where C: impl Fn() -> bool
         sym::contract_check_requires => (1, 0, vec![param(0)], tcx.types.unit),
         sym::contract_check_ensures => {

compiler/rustc_hir_typeck/src/fn_ctxt/suggestions.rs

@@ -3110,6 +3110,7 @@ impl<'a, 'tcx> FnCtxt<'a, 'tcx> {
                     {
                         let deref_kind = if checked_ty.is_box() {
                             // detect Box::new(..)
+                            // FIXME: use `box_new` diagnostic item instead?
                             if let ExprKind::Call(box_new, [_]) = expr.kind
                                 && let ExprKind::Path(qpath) = &box_new.kind
                                 && let Res::Def(DefKind::AssocFn, fn_id) =