Guard HIR lowered contracts with contract_checks

dawidl022 · dawidl022 · commit ff980f23bd87 · 2025-10-11T00:16:29.000+01:00
Refactor contract HIR lowering to ensure no contract code is
executed when contract-checks are disabled.

The call to contract_checks is moved to inside the lowered fn
body, and contract closures are built conditionally, ensuring
no side-effects present in contracts occur when those are disabled.
diff --git a/core/src/intrinsics/mod.rs b/core/src/intrinsics/mod.rs
@@ -2637,9 +2637,10 @@ pub const unsafe fn const_make_global(ptr: *mut u8) -> *const u8 {
 /// of not prematurely committing at compile-time to whether contract
 /// checking is turned on, so that we can specify contracts in libstd
 /// and let an end user opt into turning them on.
-#[rustc_const_unstable(feature = "contracts_internals", issue = "128044" /* compiler-team#759 */)]
 #[unstable(feature = "contracts_internals", issue = "128044" /* compiler-team#759 */)]
+#[rustc_const_unstable(feature = "contracts", issue = "128044")]
 #[inline(always)]
+#[lang = "contract_checks"]
 #[rustc_intrinsic]
 pub const fn contract_checks() -> bool {
     // FIXME: should this be `false` or `cfg!(contract_checks)`?
@@ -2668,7 +2669,7 @@ pub const fn contract_check_requires<C: Fn() -> bool + Copy>(cond: C) {
         if const {
                 // Do nothing
         } else {
-            if contract_checks() && !cond() {
+            if !cond() {
                 // Emit no unwind panic in case this was a safety requirement.
                 crate::panicking::panic_nounwind("failed requires check");
             }
@@ -2681,6 +2682,8 @@ pub const fn contract_check_requires<C: Fn() -> bool + Copy>(cond: C) {
 /// By default, if `contract_checks` is enabled, this will panic with no unwind if the condition
 /// returns false.
 ///
+/// If `cond` is `None`, then no postcondition checking is performed.
+///
 /// Note that this function is a no-op during constant evaluation.
 #[unstable(feature = "contracts_internals", issue = "128044")]
 // Similar to `contract_check_requires`, we need to use the user-facing
@@ -2689,16 +2692,24 @@ pub const fn contract_check_requires<C: Fn() -> bool + Copy>(cond: C) {
 #[rustc_const_unstable(feature = "contracts", issue = "128044")]
 #[lang = "contract_check_ensures"]
 #[rustc_intrinsic]
-pub const fn contract_check_ensures<C: Fn(&Ret) -> bool + Copy, Ret>(cond: C, ret: Ret) -> Ret {
+pub const fn contract_check_ensures<C: Fn(&Ret) -> bool + Copy, Ret>(
+    cond: Option<C>,
+    ret: Ret,
+) -> Ret {
     const_eval_select!(
-        @capture[C: Fn(&Ret) -> bool + Copy, Ret] { cond: C, ret: Ret } -> Ret :
+        @capture[C: Fn(&Ret) -> bool + Copy, Ret] { cond: Option<C>, ret: Ret } -> Ret :
         if const {
             // Do nothing
             ret
         } else {
-            if contract_checks() && !cond(&ret) {
-                // Emit no unwind panic in case this was a safety requirement.
-                crate::panicking::panic_nounwind("failed ensures check");
+            match cond {
+                crate::option::Option::Some(cond) => {
+                    if !cond(&ret) {
+                        // Emit no unwind panic in case this was a safety requirement.
+                        crate::panicking::panic_nounwind("failed ensures check");
+                    }
+                },
+                crate::option::Option::None => {},
             }
             ret
         }
