Fix unsoundness in new is_power_of_two fast path

oli-obk · oli-obk · commit 69b540e32f96 · 2024-02-01T09:29:51.000Z
diff --git a/library/core/src/num/uint_macros.rs b/library/core/src/num/uint_macros.rs
@@ -1376,9 +1376,9 @@ macro_rules! uint_impl {
                 }
                 // SAFETY: We just checked this is a power of two. and above zero.
                 let power_used = unsafe { intrinsics::cttz_nonzero(self) as u32 };
-                if exp > Self::BITS / power_used { return None; } // Division of constants is free
+                if exp >= Self::BITS / power_used { return None; } // Division of constants is free
 
-                // SAFETY: exp <= Self::BITS / power_used
+                // SAFETY: exp < Self::BITS / power_used
                 unsafe { Some(intrinsics::unchecked_shl(
                     1 as Self,
                     intrinsics::unchecked_mul(power_used, exp) as Self
@@ -1920,9 +1920,9 @@ macro_rules! uint_impl {
                 }
                 // SAFETY: We just checked this is a power of two. and above zero.
                 let power_used = unsafe { intrinsics::cttz_nonzero(self) as u32 };
-                if exp > Self::BITS / power_used {  return 0; } // Division of constants is free
+                if exp >= Self::BITS / power_used {  return 0; } // Division of constants is free
 
-                // SAFETY: exp <= Self::BITS / power_used
+                // SAFETY: exp < Self::BITS / power_used
                 unsafe { intrinsics::unchecked_shl(
                     1 as Self,
                     intrinsics::unchecked_mul(power_used, exp) as Self
@@ -2395,9 +2395,9 @@ macro_rules! uint_impl {
                 }
                 // SAFETY: We just checked this is a power of two. and above zero.
                 let power_used = unsafe { intrinsics::cttz_nonzero(self) as u32 };
-                if exp > Self::BITS / power_used {  return (0, true); } // Division of constants is free
+                if exp >= Self::BITS / power_used {  return (0, true); } // Division of constants is free
 
-                // SAFETY: exp <= Self::BITS / power_used
+                // SAFETY: exp < Self::BITS / power_used
                 unsafe { (intrinsics::unchecked_shl(
                     1 as Self,
                     intrinsics::unchecked_mul(power_used, exp) as Self
@@ -2475,12 +2475,12 @@ macro_rules! uint_impl {
                 }
                 // SAFETY: We just checked this is a power of two. and above zero.
                 let power_used = unsafe { intrinsics::cttz_nonzero(self) as u32 };
-                if exp > Self::BITS / power_used { // Division of constants is free
+                if exp >= Self::BITS / power_used { // Division of constants is free
                     #[allow(arithmetic_overflow)]
                     return Self::MAX * Self::MAX * 0;
                 }
 
-                // SAFETY: exp <= Self::BITS / power_used
+                // SAFETY: exp < Self::BITS / power_used
                 unsafe { intrinsics::unchecked_shl(
                     1 as Self,
                     intrinsics::unchecked_mul(power_used, exp) as Self
diff --git a/src/tools/miri/tests/pass/checked_pow_const_pow2_arg.rs b/src/tools/miri/tests/pass/checked_pow_const_pow2_arg.rs
@@ -0,0 +1,6 @@
+fn main() {
+    match 2u64.checked_pow(64) {
+        Some(n) => println!("2^64: {n}"),
+        None => {}
+    }
+}
