From 6ffa285fc35651cb7f4b738a0f6e84718b821fd8 Mon Sep 17 00:00:00 2001
From: mlugg <mlugg@mlugg.co.uk>
Date: Sun, 15 Jun 2025 14:18:37 +0100
Subject: compiler: fix `@intFromFloat` safety check

This safety check was completely broken; it triggered unchecked illegal
behavior *in order to implement the safety check*. You definitely can't
do that! Instead, we must explicitly check the boundaries. This is a
tiny bit fiddly, because we need to make sure we do floating-point
rounding in the correct direction, and also handle the fact that the
operation truncates so the boundary works differently for min vs max.

Instead of implementing this safety check in Sema, there are now
dedicated AIR instructions for safety-checked intfromfloat (two
instructions; which one is used depends on the float mode). Currently,
no backend directly implements them; instead, a `Legalize.Feature` is
added which expands the safety check, and this feature is enabled for
all backends we currently test, including the LLVM backend.

The `u0` case is still handled in Sema, because Sema needs to check for
that anyway due to the comptime-known result. The old safety check here
was also completely broken and has therefore been rewritten. In that
case, we just check for 'abs(input) < 1.0'.

I've added a bunch of test coverage for the boundary cases of
`@intFromFloat`, both for successes (in `test/behavior/cast.zig`) and
failures (in `test/cases/safety/`).

Resolves: #24161
---
 src/codegen/llvm.zig | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/codegen/llvm.zig')

diff --git a/src/codegen/llvm.zig b/src/codegen/llvm.zig
index 658764ba3c..b4950179c4 100644
--- a/src/codegen/llvm.zig
+++ b/src/codegen/llvm.zig
@@ -37,7 +37,10 @@ const compilerRtIntAbbrev = target_util.compilerRtIntAbbrev;
 const Error = error{ OutOfMemory, CodegenFail };
 
 pub fn legalizeFeatures(_: *const std.Target) ?*const Air.Legalize.Features {
-    return null;
+    return comptime &.initMany(&.{
+        .expand_int_from_float_safe,
+        .expand_int_from_float_optimized_safe,
+    });
 }
 
 fn subArchName(target: std.Target, comptime family: std.Target.Cpu.Arch.Family, mappings: anytype) ?[]const u8 {
@@ -4987,6 +4990,8 @@ pub const FuncGen = struct {
 
                 .int_from_float           => try self.airIntFromFloat(inst, .normal),
                 .int_from_float_optimized => try self.airIntFromFloat(inst, .fast),
+                .int_from_float_safe           => unreachable, // handled by `legalizeFeatures`
+                .int_from_float_optimized_safe => unreachable, // handled by `legalizeFeatures`
 
                 .array_to_slice => try self.airArrayToSlice(inst),
                 .float_from_int => try self.airFloatFromInt(inst),
-- 
cgit v1.2.3