c-variadic: make VaList::drop call the rust va_end

Author: folkertdev

library/core/src/ffi/va_list.rs

@@ -5,7 +5,7 @@
 #[cfg(not(target_arch = "xtensa"))]
 use crate::ffi::c_void;
 use crate::fmt;
-use crate::intrinsics::{va_arg, va_copy};
+use crate::intrinsics::{va_arg, va_copy, va_end};
 use crate::marker::PhantomCovariantLifetime;
 
 // There are currently three flavors of how a C `va_list` is implemented for
@@ -200,15 +200,10 @@ impl Clone for VaList<'_> {
     }
 }
 
-impl Drop for VaList<'_> {
+impl<'f> Drop for VaList<'f> {
     fn drop(&mut self) {
-        // For all current LLVM targets `va_end` is a no-op.
-        //
-        // We implement `Drop` here because some future target might need to actually run
-        // destructors (e.g. to deallocate).
-        //
-        // Rust requires that not calling `va_end` on a `va_list` does not cause undefined
-        // behaviour: it is safe to leak values.
+        // SAFETY: this variable argument list is being dropped, so won't be read from again.
+        unsafe { va_end(self) }
     }
 }
 

library/core/src/intrinsics/mod.rs

@@ -3480,12 +3480,21 @@ pub fn va_copy<'f>(src: &VaList<'f>) -> VaList<'f> {
     src.duplicate()
 }
 
-/// Destroy the arglist `ap` after initialization with `va_start` or `va_copy`.
+/// Destroy the variable argument list `ap` after initialization with `va_start` (part of the
+/// desugaring of `...`) or `va_copy`.
+///
+/// Code generation backends should not provide a custom implementation for this intrinsic. This
+/// intrinsic *does not* map to the LLVM `va_end` intrinsic.
+///
+/// This function is a no-op on all current targets, but used as a hook for const evaluation to
+/// detect UB when a variable argument list is used incorrectly.
 ///
 /// # Safety
 ///
 /// `ap` must not be used to access variable arguments after this call.
 ///
 #[rustc_intrinsic]
 #[rustc_nounwind]
-pub unsafe fn va_end(ap: &mut VaList<'_>);
+pub unsafe fn va_end(ap: &mut VaList<'_>) {
+    /* deliberately does nothing */
+}