Macro core::intrinsics::assert_unsafe_precondition

source ·

macro_rules! assert_unsafe_precondition {
    ($name:expr, $([$($tt:tt)*])?($($i:ident:$ty:ty),*$(,)?) => $e:expr) => { ... };
}

🔬This is a nightly-only experimental API. (core_intrinsics)

Expand description

Check that the preconditions of an unsafe function are followed, if debug_assertions are on, and only at runtime.

This macro should be called as assert_unsafe_precondition!([Generics](name: Type) => Expression) where the names specified will be moved into the macro as captured variables, and defines an item to call const_eval_select on. The tokens inside the square brackets are used to denote generics for the function declarations and can be omitted if there is no generics.

Safety

Invoking this macro is only sound if the following code is already UB when the passed expression evaluates to false.

This macro expands to a check at runtime if debug_assertions is set. It has no effect at compile time, but the semantics of the contained const_eval_select must be the same at runtime and at compile time. Thus if the expression evaluates to false, this macro produces different behavior at compile time and at runtime, and invoking it is incorrect.

So in a sense it is UB if this macro is useful, but we expect callers of unsafe fn to make the occasional mistake, and this check should help them figure things out.