2018-10-26 04:31:20 -05:00
|
|
|
use std::cell::RefCell;
|
2018-11-15 11:15:05 -06:00
|
|
|
use std::collections::HashSet;
|
|
|
|
use std::rc::Rc;
|
2019-04-15 08:36:09 -05:00
|
|
|
use std::fmt;
|
|
|
|
use std::num::NonZeroU64;
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-05 09:05:17 -06:00
|
|
|
use rustc::ty::{self, layout::Size};
|
2019-04-17 01:42:41 -05:00
|
|
|
use rustc::hir::{MutMutable, MutImmutable};
|
2018-12-12 04:11:20 -06:00
|
|
|
use rustc::mir::RetagKind;
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2018-11-01 02:55:03 -05:00
|
|
|
use crate::{
|
2019-04-03 03:48:11 -05:00
|
|
|
EvalResult, InterpError, MiriEvalContext, HelpersEvalContextExt, Evaluator, MutValueVisitor,
|
2019-04-15 08:36:09 -05:00
|
|
|
MemoryKind, MiriMemoryKind, RangeMap, Allocation, AllocationExtra,
|
2018-11-28 02:33:33 -06:00
|
|
|
Pointer, Immediate, ImmTy, PlaceTy, MPlaceTy,
|
2018-10-16 11:01:50 -05:00
|
|
|
};
|
2018-10-16 04:21:38 -05:00
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
pub type PtrId = NonZeroU64;
|
2019-04-17 07:57:13 -05:00
|
|
|
pub type CallId = NonZeroU64;
|
2018-10-16 04:21:38 -05:00
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Tracking pointer provenance
|
2018-10-16 04:21:38 -05:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
2019-04-15 08:36:09 -05:00
|
|
|
pub enum Tag {
|
|
|
|
Tagged(PtrId),
|
|
|
|
Untagged,
|
2018-10-16 04:21:38 -05:00
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
impl fmt::Display for Tag {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2018-10-16 11:01:50 -05:00
|
|
|
match self {
|
2019-04-15 08:36:09 -05:00
|
|
|
Tag::Tagged(id) => write!(f, "{}", id),
|
|
|
|
Tag::Untagged => write!(f, "<untagged>"),
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Indicates which permission is granted (by this item to some pointers)
|
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
|
|
|
pub enum Permission {
|
|
|
|
/// Grants unique mutable access.
|
|
|
|
Unique,
|
|
|
|
/// Grants shared mutable access.
|
|
|
|
SharedReadWrite,
|
|
|
|
/// Greants shared read-only access.
|
|
|
|
SharedReadOnly,
|
2018-10-30 10:46:28 -05:00
|
|
|
}
|
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
/// An item in the per-location borrow stack.
|
2018-10-16 04:21:38 -05:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
2019-04-17 07:57:13 -05:00
|
|
|
pub struct Item {
|
|
|
|
/// The permission this item grants.
|
|
|
|
perm: Permission,
|
|
|
|
/// The pointers the permission is granted to.
|
|
|
|
tag: Tag,
|
|
|
|
/// An optional protector, ensuring the item cannot get popped until `CallId` is over.
|
|
|
|
protector: Option<CallId>,
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
impl fmt::Display for Item {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
2019-04-17 07:57:13 -05:00
|
|
|
write!(f, "[{:?} for {}", self.perm, self.tag)?;
|
|
|
|
if let Some(call) = self.protector {
|
|
|
|
write!(f, " (call {})", call)?;
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
2019-04-17 07:57:13 -05:00
|
|
|
write!(f, "]")?;
|
|
|
|
Ok(())
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
2018-10-16 04:21:38 -05:00
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
/// Extra per-location state.
|
2019-01-05 08:26:16 -06:00
|
|
|
#[derive(Clone, Debug, PartialEq, Eq)]
|
2018-11-05 09:05:17 -06:00
|
|
|
pub struct Stack {
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Used *mostly* as a stack; never empty.
|
|
|
|
/// We sometimes push into the middle but never remove from the middle.
|
|
|
|
/// The same tag may occur multiple times, e.g. from a two-phase borrow.
|
|
|
|
/// Invariants:
|
2019-04-17 07:57:13 -05:00
|
|
|
/// * Above a `SharedReadOnly` there can only be more `SharedReadOnly`.
|
2019-04-15 08:36:09 -05:00
|
|
|
borrows: Vec<Item>,
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
|
|
|
|
/// Extra per-allocation state.
|
|
|
|
#[derive(Clone, Debug)]
|
|
|
|
pub struct Stacks {
|
|
|
|
// Even reading memory can have effects on the stack, so we need a `RefCell` here.
|
|
|
|
stacks: RefCell<RangeMap<Stack>>,
|
|
|
|
// Pointer to global state
|
|
|
|
global: MemoryState,
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Extra global state, available to the memory access hooks.
|
|
|
|
#[derive(Debug)]
|
|
|
|
pub struct GlobalState {
|
|
|
|
next_ptr_id: PtrId,
|
|
|
|
next_call_id: CallId,
|
|
|
|
active_calls: HashSet<CallId>,
|
2018-10-19 09:07:40 -05:00
|
|
|
}
|
2019-04-15 08:36:09 -05:00
|
|
|
pub type MemoryState = Rc<RefCell<GlobalState>>;
|
2018-10-19 09:07:40 -05:00
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
/// Indicates which kind of access is being performed.
|
2018-11-21 08:25:47 -06:00
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
|
|
|
pub enum AccessKind {
|
|
|
|
Read,
|
2019-04-17 01:42:41 -05:00
|
|
|
Write,
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
impl fmt::Display for AccessKind {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
match self {
|
|
|
|
AccessKind::Read => write!(f, "read"),
|
2019-04-17 01:42:41 -05:00
|
|
|
AccessKind::Write => write!(f, "write"),
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Indicates which kind of reference is being created.
|
2019-04-17 01:42:41 -05:00
|
|
|
/// Used by high-level `reborrow` to compute which permissions to grant to the
|
2019-04-15 08:36:09 -05:00
|
|
|
/// new pointer.
|
|
|
|
#[derive(Copy, Clone, Debug, Hash, PartialEq, Eq)]
|
|
|
|
pub enum RefKind {
|
2019-04-17 01:42:41 -05:00
|
|
|
/// `&mut` and `Box`.
|
|
|
|
Unique,
|
2019-04-15 08:36:09 -05:00
|
|
|
/// `&` with or without interior mutability.
|
2019-04-17 01:42:41 -05:00
|
|
|
Shared,
|
|
|
|
/// `*mut`/`*const` (raw pointers).
|
|
|
|
Raw { mutable: bool },
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
impl fmt::Display for RefKind {
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
|
|
match self {
|
2019-04-17 01:42:41 -05:00
|
|
|
RefKind::Unique => write!(f, "unique"),
|
|
|
|
RefKind::Shared => write!(f, "shared"),
|
|
|
|
RefKind::Raw { mutable: true } => write!(f, "raw (mutable)"),
|
|
|
|
RefKind::Raw { mutable: false } => write!(f, "raw (constant)"),
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
}
|
2018-11-15 11:15:05 -06:00
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Utilities for initialization and ID generation
|
|
|
|
impl Default for GlobalState {
|
2018-11-15 11:15:05 -06:00
|
|
|
fn default() -> Self {
|
2019-04-15 08:36:09 -05:00
|
|
|
GlobalState {
|
|
|
|
next_ptr_id: NonZeroU64::new(1).unwrap(),
|
2019-04-17 07:57:13 -05:00
|
|
|
next_call_id: NonZeroU64::new(1).unwrap(),
|
2018-11-15 11:15:05 -06:00
|
|
|
active_calls: HashSet::default(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
impl GlobalState {
|
|
|
|
pub fn new_ptr(&mut self) -> PtrId {
|
|
|
|
let id = self.next_ptr_id;
|
|
|
|
self.next_ptr_id = NonZeroU64::new(id.get() + 1).unwrap();
|
|
|
|
id
|
|
|
|
}
|
|
|
|
|
2018-11-15 11:15:05 -06:00
|
|
|
pub fn new_call(&mut self) -> CallId {
|
2019-04-15 08:36:09 -05:00
|
|
|
let id = self.next_call_id;
|
2018-11-15 11:15:05 -06:00
|
|
|
trace!("new_call: Assigning ID {}", id);
|
|
|
|
self.active_calls.insert(id);
|
2019-04-17 07:57:13 -05:00
|
|
|
self.next_call_id = NonZeroU64::new(id.get() + 1).unwrap();
|
2018-11-15 11:15:05 -06:00
|
|
|
id
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn end_call(&mut self, id: CallId) {
|
|
|
|
assert!(self.active_calls.remove(&id));
|
|
|
|
}
|
2018-11-15 12:49:00 -06:00
|
|
|
|
|
|
|
fn is_active(&self, id: CallId) -> bool {
|
|
|
|
self.active_calls.contains(&id)
|
|
|
|
}
|
2018-11-15 11:15:05 -06:00
|
|
|
}
|
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
// # Stacked Borrows Core Begin
|
2018-11-09 03:53:28 -06:00
|
|
|
|
|
|
|
/// We need to make at least the following things true:
|
|
|
|
///
|
2019-04-15 10:06:42 -05:00
|
|
|
/// U1: After creating a `Uniq`, it is at the top.
|
|
|
|
/// U2: If the top is `Uniq`, accesses must be through that `Uniq` or remove it it.
|
2019-04-15 08:36:09 -05:00
|
|
|
/// U3: If an access happens with a `Uniq`, it requires the `Uniq` to be in the stack.
|
2018-11-09 03:53:28 -06:00
|
|
|
///
|
2019-04-15 10:06:42 -05:00
|
|
|
/// F1: After creating a `&`, the parts outside `UnsafeCell` have our `SharedReadOnly` on top.
|
|
|
|
/// F2: If a write access happens, it pops the `SharedReadOnly`. This has three pieces:
|
|
|
|
/// F2a: If a write happens granted by an item below our `SharedReadOnly`, the `SharedReadOnly`
|
|
|
|
/// gets popped.
|
|
|
|
/// F2b: No `SharedReadWrite` or `Unique` will ever be added on top of our `SharedReadOnly`.
|
2019-04-15 08:36:09 -05:00
|
|
|
/// F3: If an access happens with an `&` outside `UnsafeCell`,
|
2019-04-15 10:06:42 -05:00
|
|
|
/// it requires the `SharedReadOnly` to still be in the stack.
|
2019-04-15 08:36:09 -05:00
|
|
|
|
|
|
|
impl Default for Tag {
|
|
|
|
#[inline(always)]
|
|
|
|
fn default() -> Tag {
|
|
|
|
Tag::Untagged
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Core relations on `Permission` define which accesses are allowed:
|
|
|
|
/// On every access, we try to find a *granting* item, and then we remove all
|
|
|
|
/// *incompatible* items above it.
|
|
|
|
impl Permission {
|
|
|
|
/// This defines for a given permission, whether it permits the given kind of access.
|
|
|
|
fn grants(self, access: AccessKind) -> bool {
|
|
|
|
match (self, access) {
|
|
|
|
// Unique and SharedReadWrite allow any kind of access.
|
|
|
|
(Permission::Unique, _) |
|
|
|
|
(Permission::SharedReadWrite, _) =>
|
|
|
|
true,
|
|
|
|
// SharedReadOnly only permits read access.
|
|
|
|
(Permission::SharedReadOnly, AccessKind::Read) =>
|
|
|
|
true,
|
2019-04-17 01:42:41 -05:00
|
|
|
(Permission::SharedReadOnly, AccessKind::Write) =>
|
2019-04-15 08:36:09 -05:00
|
|
|
false,
|
2018-11-21 08:44:47 -06:00
|
|
|
}
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
2019-04-15 10:06:42 -05:00
|
|
|
/// This defines for a given permission, which other permissions it can tolerate "above" itself
|
2019-04-15 08:36:09 -05:00
|
|
|
/// for which kinds of accesses.
|
|
|
|
/// If true, then `other` is allowed to remain on top of `self` when `access` happens.
|
2019-04-15 10:06:42 -05:00
|
|
|
fn compatible_with(self, access: AccessKind, other: Permission) -> bool {
|
2019-04-15 08:36:09 -05:00
|
|
|
use self::Permission::*;
|
|
|
|
|
|
|
|
match (self, access, other) {
|
|
|
|
// Some cases are impossible.
|
|
|
|
(SharedReadOnly, _, SharedReadWrite) |
|
|
|
|
(SharedReadOnly, _, Unique) =>
|
|
|
|
bug!("There can never be a SharedReadWrite or a Unique on top of a SharedReadOnly"),
|
|
|
|
// When `other` is `SharedReadOnly`, that is NEVER compatible with
|
|
|
|
// write accesses.
|
2019-04-15 10:06:42 -05:00
|
|
|
// This makes sure read-only pointers become invalid on write accesses (ensures F2a).
|
2019-04-17 01:42:41 -05:00
|
|
|
(_, AccessKind::Write, SharedReadOnly) =>
|
2019-04-15 08:36:09 -05:00
|
|
|
false,
|
|
|
|
// When `other` is `Unique`, that is compatible with nothing.
|
|
|
|
// This makes sure unique pointers become invalid on incompatible accesses (ensures U2).
|
|
|
|
(_, _, Unique) =>
|
|
|
|
false,
|
|
|
|
// When we are unique and this is a write/dealloc, we tolerate nothing.
|
2019-04-15 10:06:42 -05:00
|
|
|
// This makes sure we re-assert uniqueness ("being on top") on write accesses.
|
2019-04-15 08:36:09 -05:00
|
|
|
// (This is particularily important such that when a new mutable ref gets created, it gets
|
2019-04-17 07:57:13 -05:00
|
|
|
// pushed onto the right item -- this behaves like a write and we assert uniqueness of the
|
2019-04-15 08:36:09 -05:00
|
|
|
// pointer from which this comes, *if* it was a unique pointer.)
|
2019-04-17 01:42:41 -05:00
|
|
|
(Unique, AccessKind::Write, _) =>
|
2019-04-15 08:36:09 -05:00
|
|
|
false,
|
|
|
|
// `SharedReadWrite` items can tolerate any other akin items for any kind of access.
|
|
|
|
(SharedReadWrite, _, SharedReadWrite) =>
|
|
|
|
true,
|
|
|
|
// Any item can tolerate read accesses for shared items.
|
|
|
|
// This includes unique items! Reads from unique pointers do not invalidate
|
|
|
|
// other pointers.
|
|
|
|
(_, AccessKind::Read, SharedReadWrite) |
|
|
|
|
(_, AccessKind::Read, SharedReadOnly) =>
|
|
|
|
true,
|
|
|
|
// That's it.
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-17 01:42:41 -05:00
|
|
|
/// Core per-location operations: access, dealloc, reborrow.
|
2019-04-15 08:36:09 -05:00
|
|
|
impl<'tcx> Stack {
|
|
|
|
/// Find the item granting the given kind of access to the given tag, and where that item is in the stack.
|
|
|
|
fn find_granting(&self, access: AccessKind, tag: Tag) -> Option<(usize, Permission)> {
|
|
|
|
self.borrows.iter()
|
|
|
|
.enumerate() // we also need to know *where* in the stack
|
|
|
|
.rev() // search top-to-bottom
|
|
|
|
// Return permission of first item that grants access.
|
2019-04-15 10:06:42 -05:00
|
|
|
// We require a permission with the right tag, ensuring U3 and F3.
|
2019-04-17 09:25:38 -05:00
|
|
|
.find_map(|(idx, item)|
|
2019-04-17 07:57:13 -05:00
|
|
|
if item.perm.grants(access) && tag == item.tag {
|
|
|
|
Some((idx, item.perm))
|
|
|
|
} else {
|
|
|
|
None
|
|
|
|
}
|
|
|
|
)
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Test if a memory `access` using pointer tagged `tag` is granted.
|
|
|
|
/// If yes, return the index of the item that granted it.
|
2018-11-15 12:49:00 -06:00
|
|
|
fn access(
|
|
|
|
&mut self,
|
2019-04-15 08:36:09 -05:00
|
|
|
access: AccessKind,
|
|
|
|
tag: Tag,
|
|
|
|
global: &GlobalState,
|
|
|
|
) -> EvalResult<'tcx, usize> {
|
|
|
|
// Two main steps: Find granting item, remove all incompatible items above.
|
|
|
|
|
|
|
|
// Step 1: Find granting item.
|
|
|
|
let (granting_idx, granting_perm) = self.find_granting(access, tag)
|
|
|
|
.ok_or_else(|| InterpError::MachineError(format!(
|
2019-04-17 09:25:38 -05:00
|
|
|
"no item granting {} access to tag {} found in borrow stack",
|
|
|
|
access, tag,
|
2019-04-15 08:36:09 -05:00
|
|
|
)))?;
|
2019-04-16 08:26:21 -05:00
|
|
|
|
2019-04-17 07:57:13 -05:00
|
|
|
// Step 2: Remove everything incompatible above them. Make sure we do not remove protected
|
|
|
|
// items.
|
2019-04-16 08:26:21 -05:00
|
|
|
// We do *not* maintain a stack discipline here. We could, in principle, decide to only
|
|
|
|
// keep the items immediately above `granting_idx` that are compatible, and then pop the rest.
|
|
|
|
// However, that kills off entire "branches" of pointer derivation too easily:
|
|
|
|
// in `let raw = &mut *x as *mut _; let _val = *x;`, the second statement would pop the `Unique`
|
2019-04-17 09:22:33 -05:00
|
|
|
// from the reborrow of the first statement, and subsequently also pop the `SharedReadWrite` for `raw`.
|
2019-04-17 07:57:13 -05:00
|
|
|
// This pattern occurs a lot in the standard library: create a raw pointer, then also create a shared
|
|
|
|
// reference and use that.
|
2019-04-15 08:36:09 -05:00
|
|
|
{
|
2019-04-16 08:26:21 -05:00
|
|
|
// Implemented with indices because there does not seem to be a nice iterator and range-based
|
|
|
|
// API for this.
|
2019-04-15 08:36:09 -05:00
|
|
|
let mut cur = granting_idx + 1;
|
|
|
|
while let Some(item) = self.borrows.get(cur) {
|
2019-04-17 07:57:13 -05:00
|
|
|
if granting_perm.compatible_with(access, item.perm) {
|
|
|
|
// Keep this, check next.
|
|
|
|
cur += 1;
|
|
|
|
} else {
|
|
|
|
// Aha! This is a bad one, remove it, and make sure it is not protected.
|
|
|
|
let item = self.borrows.remove(cur);
|
|
|
|
if let Some(call) = item.protector {
|
|
|
|
if global.is_active(call) {
|
2018-11-21 08:25:47 -06:00
|
|
|
return err!(MachineError(format!(
|
2019-04-17 09:25:38 -05:00
|
|
|
"not granting {} access to tag {} because incompatible item {} is protected",
|
|
|
|
access, tag, item
|
|
|
|
)));
|
2018-11-21 08:25:47 -06:00
|
|
|
}
|
|
|
|
}
|
2019-04-17 07:57:13 -05:00
|
|
|
trace!("access: removing item {}", item);
|
2018-11-09 03:53:28 -06:00
|
|
|
}
|
|
|
|
}
|
2018-10-23 08:59:50 -05:00
|
|
|
}
|
2019-04-15 08:36:09 -05:00
|
|
|
|
2019-04-17 01:42:41 -05:00
|
|
|
// Done.
|
|
|
|
return Ok(granting_idx);
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Deallocate a location: Like a write access, but also there must be no
|
2019-04-17 07:57:13 -05:00
|
|
|
/// active protectors at all.
|
2019-04-17 01:42:41 -05:00
|
|
|
fn dealloc(
|
|
|
|
&mut self,
|
|
|
|
tag: Tag,
|
|
|
|
global: &GlobalState,
|
|
|
|
) -> EvalResult<'tcx> {
|
|
|
|
// Step 1: Find granting item.
|
|
|
|
self.find_granting(AccessKind::Write, tag)
|
|
|
|
.ok_or_else(|| InterpError::MachineError(format!(
|
2019-04-17 09:25:38 -05:00
|
|
|
"no item granting write access for deallocation to tag {} found in borrow stack",
|
|
|
|
tag,
|
2019-04-17 01:42:41 -05:00
|
|
|
)))?;
|
|
|
|
|
2019-04-17 07:57:13 -05:00
|
|
|
// We must make sure there are no protected items remaining on the stack.
|
2019-04-17 01:42:41 -05:00
|
|
|
// Also clear the stack, no more accesses are possible.
|
2019-04-17 09:22:33 -05:00
|
|
|
for item in self.borrows.drain(..) {
|
2019-04-17 07:57:13 -05:00
|
|
|
if let Some(call) = item.protector {
|
|
|
|
if global.is_active(call) {
|
2019-04-17 01:42:41 -05:00
|
|
|
return err!(MachineError(format!(
|
2019-04-17 07:57:13 -05:00
|
|
|
"deallocating with active protector ({})", call
|
2019-04-17 01:42:41 -05:00
|
|
|
)))
|
2018-11-22 09:26:06 -06:00
|
|
|
}
|
|
|
|
}
|
2018-11-13 10:05:47 -06:00
|
|
|
}
|
2018-11-22 09:26:06 -06:00
|
|
|
|
2019-04-17 01:42:41 -05:00
|
|
|
Ok(())
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/// `reborrow` helper function: test that the stack invariants are still maintained.
|
|
|
|
fn test_invariants(&self) {
|
|
|
|
let mut saw_shared_read_only = false;
|
|
|
|
for item in self.borrows.iter() {
|
2019-04-17 07:57:13 -05:00
|
|
|
match item.perm {
|
|
|
|
Permission::SharedReadOnly => {
|
2019-04-15 08:36:09 -05:00
|
|
|
saw_shared_read_only = true;
|
|
|
|
}
|
2019-04-17 07:57:13 -05:00
|
|
|
// Otherwise, if we saw one before, that's a bug.
|
|
|
|
perm if saw_shared_read_only => {
|
|
|
|
bug!("Found {:?} on top of a SharedReadOnly!", perm);
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
_ => {}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-15 10:06:42 -05:00
|
|
|
/// Derived a new pointer from one with the given tag.
|
2019-05-11 04:03:53 -05:00
|
|
|
/// `weak` controls whether this operation is weak or string: weak granting does not act as
|
|
|
|
/// an access, and they add the new item directly on top of the one it is derived
|
2019-04-17 07:57:13 -05:00
|
|
|
/// from instead of all the way at the top of the stack.
|
2019-05-11 04:03:53 -05:00
|
|
|
fn grant(
|
2019-04-15 08:36:09 -05:00
|
|
|
&mut self,
|
|
|
|
derived_from: Tag,
|
2019-04-17 07:57:13 -05:00
|
|
|
weak: bool,
|
|
|
|
new: Item,
|
2019-04-15 08:36:09 -05:00
|
|
|
global: &GlobalState,
|
|
|
|
) -> EvalResult<'tcx> {
|
2019-04-17 01:42:41 -05:00
|
|
|
// Figure out which access `perm` corresponds to.
|
2019-04-17 07:57:13 -05:00
|
|
|
let access = if new.perm.grants(AccessKind::Write) {
|
2019-04-17 09:25:38 -05:00
|
|
|
AccessKind::Write
|
|
|
|
} else {
|
|
|
|
AccessKind::Read
|
|
|
|
};
|
2019-04-17 01:42:41 -05:00
|
|
|
// Now we figure out which item grants our parent (`derived_from`) this kind of access.
|
|
|
|
// We use that to determine where to put the new item.
|
|
|
|
let (derived_from_idx, _) = self.find_granting(access, derived_from)
|
2019-04-15 08:36:09 -05:00
|
|
|
.ok_or_else(|| InterpError::MachineError(format!(
|
2019-04-17 09:22:33 -05:00
|
|
|
"no item to reborrow for {:?} from tag {} found in borrow stack", new.perm, derived_from,
|
2019-04-15 08:36:09 -05:00
|
|
|
)))?;
|
|
|
|
|
2019-04-17 07:57:13 -05:00
|
|
|
// Compute where to put the new item.
|
|
|
|
// Either way, we ensure that we insert the new item in a way that between
|
2019-04-15 10:06:42 -05:00
|
|
|
// `derived_from` and the new one, there are only items *compatible with* `derived_from`.
|
2019-04-17 07:57:13 -05:00
|
|
|
let new_idx = if weak {
|
2019-04-30 08:31:53 -05:00
|
|
|
// A weak SharedReadOnly reborrow might be added below other items, violating the
|
2019-04-30 06:48:16 -05:00
|
|
|
// invariant that only SharedReadOnly can sit on top of SharedReadOnly.
|
2019-04-30 08:31:53 -05:00
|
|
|
assert!(new.perm != Permission::SharedReadOnly, "Weak SharedReadOnly reborrows don't work");
|
2019-04-15 08:36:09 -05:00
|
|
|
// A very liberal reborrow because the new pointer does not expect any kind of aliasing guarantee.
|
|
|
|
// Just insert new permission as child of old permission, and maintain everything else.
|
|
|
|
// This inserts "as far down as possible", which is good because it makes this pointer as
|
|
|
|
// long-lived as possible *and* we want all the items that are incompatible with this
|
|
|
|
// to actually get removed from the stack. If we pushed a `SharedReadWrite` on top of
|
|
|
|
// a `SharedReadOnly`, we'd violate the invariant that `SaredReadOnly` are at the top
|
|
|
|
// and we'd allow write access without invalidating frozen shared references!
|
2019-04-15 10:06:42 -05:00
|
|
|
// This ensures F2b for `SharedReadWrite` by adding the new item below any
|
|
|
|
// potentially existing `SharedReadOnly`.
|
2019-04-17 09:22:33 -05:00
|
|
|
derived_from_idx + 1
|
2019-04-15 08:36:09 -05:00
|
|
|
} else {
|
|
|
|
// A "safe" reborrow for a pointer that actually expects some aliasing guarantees.
|
|
|
|
// Here, creating a reference actually counts as an access, and pops incompatible
|
|
|
|
// stuff off the stack.
|
2019-04-15 10:06:42 -05:00
|
|
|
// This ensures F2b for `Unique`, by removing offending `SharedReadOnly`.
|
2019-04-15 08:36:09 -05:00
|
|
|
let check_idx = self.access(access, derived_from, global)?;
|
|
|
|
assert_eq!(check_idx, derived_from_idx, "somehow we saw different items??");
|
|
|
|
|
|
|
|
// We insert "as far up as possible": We know only compatible items are remaining
|
|
|
|
// on top of `derived_from`, and we want the new item at the top so that we
|
|
|
|
// get the strongest possible guarantees.
|
2019-04-15 10:06:42 -05:00
|
|
|
// This ensures U1 and F1.
|
2019-04-17 07:57:13 -05:00
|
|
|
self.borrows.len()
|
|
|
|
};
|
2019-04-15 10:06:42 -05:00
|
|
|
|
2019-04-17 07:57:13 -05:00
|
|
|
// Put the new item there. As an optimization, deduplicate if it is equal to one of its new neighbors.
|
|
|
|
if self.borrows[new_idx-1] == new || self.borrows.get(new_idx) == Some(&new) {
|
|
|
|
// Optimization applies, done.
|
|
|
|
trace!("reborrow: avoiding adding redundant item {}", new);
|
|
|
|
} else {
|
|
|
|
trace!("reborrow: adding item {}", new);
|
|
|
|
self.borrows.insert(new_idx, new);
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure that after all this, the stack's invariant is still maintained.
|
|
|
|
if cfg!(debug_assertions) {
|
|
|
|
self.test_invariants();
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|
2019-04-17 01:42:41 -05:00
|
|
|
// # Stacked Borrows Core End
|
2018-10-16 11:01:50 -05:00
|
|
|
|
2019-04-17 07:23:21 -05:00
|
|
|
/// Map per-stack operations to higher-level per-location-range operations.
|
2018-10-17 08:15:53 -05:00
|
|
|
impl<'tcx> Stacks {
|
2019-04-15 08:36:09 -05:00
|
|
|
/// Creates new stack with initial tag.
|
|
|
|
pub(crate) fn new(
|
2018-10-17 08:15:53 -05:00
|
|
|
size: Size,
|
2019-04-15 08:36:09 -05:00
|
|
|
tag: Tag,
|
|
|
|
extra: MemoryState,
|
|
|
|
) -> Self {
|
2019-04-17 07:57:13 -05:00
|
|
|
let item = Item { perm: Permission::Unique, tag, protector: None };
|
2019-04-15 08:36:09 -05:00
|
|
|
let stack = Stack {
|
|
|
|
borrows: vec![item],
|
|
|
|
};
|
|
|
|
Stacks {
|
|
|
|
stacks: RefCell::new(RangeMap::new(size, stack)),
|
|
|
|
global: extra,
|
2018-10-17 08:15:53 -05:00
|
|
|
}
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
2018-10-17 08:15:53 -05:00
|
|
|
|
2019-04-17 07:23:21 -05:00
|
|
|
/// Call `f` on every stack in the range.
|
|
|
|
fn for_each(
|
2019-04-17 01:42:41 -05:00
|
|
|
&self,
|
|
|
|
ptr: Pointer<Tag>,
|
|
|
|
size: Size,
|
2019-04-17 07:57:13 -05:00
|
|
|
f: impl Fn(&mut Stack, &GlobalState) -> EvalResult<'tcx>,
|
2018-11-09 03:53:28 -06:00
|
|
|
) -> EvalResult<'tcx> {
|
2019-04-15 08:36:09 -05:00
|
|
|
let global = self.global.borrow();
|
2018-11-05 09:05:17 -06:00
|
|
|
let mut stacks = self.stacks.borrow_mut();
|
|
|
|
for stack in stacks.iter_mut(ptr.offset, size) {
|
2019-04-17 07:57:13 -05:00
|
|
|
f(stack, &*global)?;
|
2018-11-05 09:05:17 -06:00
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-17 01:42:41 -05:00
|
|
|
/// Glue code to connect with Miri Machine Hooks
|
2019-04-15 08:36:09 -05:00
|
|
|
impl Stacks {
|
|
|
|
pub fn new_allocation(
|
|
|
|
size: Size,
|
|
|
|
extra: &MemoryState,
|
|
|
|
kind: MemoryKind<MiriMemoryKind>,
|
|
|
|
) -> (Self, Tag) {
|
|
|
|
let tag = match kind {
|
|
|
|
MemoryKind::Stack => {
|
|
|
|
// New unique borrow. This `Uniq` is not accessible by the program,
|
|
|
|
// so it will only ever be used when using the local directly (i.e.,
|
|
|
|
// not through a pointer). That is, whenever we directly use a local, this will pop
|
|
|
|
// everything else off the stack, invalidating all previous pointers,
|
|
|
|
// and in particular, *all* raw pointers. This subsumes the explicit
|
|
|
|
// `reset` which the blog post [1] says to perform when accessing a local.
|
|
|
|
//
|
|
|
|
// [1]: <https://www.ralfj.de/blog/2018/08/07/stacked-borrows.html>
|
|
|
|
Tag::Tagged(extra.borrow_mut().new_ptr())
|
|
|
|
}
|
|
|
|
_ => {
|
|
|
|
Tag::Untagged
|
|
|
|
}
|
2018-11-15 11:15:05 -06:00
|
|
|
};
|
2019-04-15 08:36:09 -05:00
|
|
|
let stack = Stacks::new(size, tag, Rc::clone(extra));
|
|
|
|
(stack, tag)
|
2018-11-15 06:29:55 -06:00
|
|
|
}
|
2019-04-15 08:36:09 -05:00
|
|
|
}
|
2018-11-15 06:29:55 -06:00
|
|
|
|
2019-04-15 08:36:09 -05:00
|
|
|
impl AllocationExtra<Tag> for Stacks {
|
2018-10-29 13:48:43 -05:00
|
|
|
#[inline(always)]
|
2018-11-12 01:54:12 -06:00
|
|
|
fn memory_read<'tcx>(
|
2019-04-15 08:36:09 -05:00
|
|
|
alloc: &Allocation<Tag, Stacks>,
|
|
|
|
ptr: Pointer<Tag>,
|
2018-10-29 13:48:43 -05:00
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2019-04-17 07:23:21 -05:00
|
|
|
trace!("read access with tag {}: {:?}, size {}", ptr.tag, ptr, size.bytes());
|
2019-04-17 07:57:13 -05:00
|
|
|
alloc.extra.for_each(ptr, size, |stack, global| {
|
|
|
|
stack.access(AccessKind::Read, ptr.tag, global)?;
|
2019-04-17 07:23:21 -05:00
|
|
|
Ok(())
|
|
|
|
})
|
2018-10-29 13:48:43 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
#[inline(always)]
|
2018-11-12 01:54:12 -06:00
|
|
|
fn memory_written<'tcx>(
|
2019-04-15 08:36:09 -05:00
|
|
|
alloc: &mut Allocation<Tag, Stacks>,
|
|
|
|
ptr: Pointer<Tag>,
|
2018-10-29 13:48:43 -05:00
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2019-04-17 07:23:21 -05:00
|
|
|
trace!("write access with tag {}: {:?}, size {}", ptr.tag, ptr, size.bytes());
|
2019-04-17 07:57:13 -05:00
|
|
|
alloc.extra.for_each(ptr, size, |stack, global| {
|
|
|
|
stack.access(AccessKind::Write, ptr.tag, global)?;
|
2019-04-17 07:23:21 -05:00
|
|
|
Ok(())
|
|
|
|
})
|
2018-10-29 13:48:43 -05:00
|
|
|
}
|
|
|
|
|
2018-11-12 01:54:12 -06:00
|
|
|
#[inline(always)]
|
2018-11-14 09:03:38 -06:00
|
|
|
fn memory_deallocated<'tcx>(
|
2019-04-15 08:36:09 -05:00
|
|
|
alloc: &mut Allocation<Tag, Stacks>,
|
|
|
|
ptr: Pointer<Tag>,
|
2018-10-29 13:48:43 -05:00
|
|
|
size: Size,
|
|
|
|
) -> EvalResult<'tcx> {
|
2019-04-17 07:23:21 -05:00
|
|
|
trace!("deallocation with tag {}: {:?}, size {}", ptr.tag, ptr, size.bytes());
|
2019-04-17 07:57:13 -05:00
|
|
|
alloc.extra.for_each(ptr, size, |stack, global| {
|
|
|
|
stack.dealloc(ptr.tag, global)
|
2019-04-17 07:23:21 -05:00
|
|
|
})
|
2018-10-22 11:01:32 -05:00
|
|
|
}
|
2018-10-17 08:15:53 -05:00
|
|
|
}
|
|
|
|
|
2019-04-17 07:57:13 -05:00
|
|
|
/// Retagging/reborrowing. There is some policy in here, such as which permissions
|
|
|
|
/// to grant for which references, when to add protectors, and how to realize two-phase
|
|
|
|
/// borrows in terms of the primitives above.
|
2018-12-11 07:18:51 -06:00
|
|
|
impl<'a, 'mir, 'tcx> EvalContextPrivExt<'a, 'mir, 'tcx> for crate::MiriEvalContext<'a, 'mir, 'tcx> {}
|
|
|
|
trait EvalContextPrivExt<'a, 'mir, 'tcx: 'a+'mir>: crate::MiriEvalContextExt<'a, 'mir, 'tcx> {
|
|
|
|
fn reborrow(
|
|
|
|
&mut self,
|
2019-04-15 08:36:09 -05:00
|
|
|
place: MPlaceTy<'tcx, Tag>,
|
2018-12-11 07:18:51 -06:00
|
|
|
size: Size,
|
2019-04-17 01:42:41 -05:00
|
|
|
kind: RefKind,
|
2019-04-15 08:36:09 -05:00
|
|
|
new_tag: Tag,
|
2019-04-17 07:57:13 -05:00
|
|
|
force_weak: bool,
|
|
|
|
protect: bool,
|
2018-12-11 07:18:51 -06:00
|
|
|
) -> EvalResult<'tcx> {
|
|
|
|
let this = self.eval_context_mut();
|
2019-04-17 07:57:13 -05:00
|
|
|
let protector = if protect { Some(this.frame().extra) } else { None };
|
2019-04-15 08:36:09 -05:00
|
|
|
let ptr = place.ptr.to_ptr()?;
|
2019-04-17 07:23:21 -05:00
|
|
|
trace!("reborrow: {:?} reference {} derived from {} (pointee {}): {:?}, size {}",
|
|
|
|
kind, new_tag, ptr.tag, place.layout.ty, ptr, size.bytes());
|
2018-12-11 07:18:51 -06:00
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
// Get the allocation. It might not be mutable, so we cannot use `get_mut`.
|
2018-12-11 07:18:51 -06:00
|
|
|
let alloc = this.memory().get(ptr.alloc_id)?;
|
|
|
|
alloc.check_bounds(this, ptr, size)?;
|
|
|
|
// Update the stacks.
|
2019-04-17 07:57:13 -05:00
|
|
|
// Make sure that raw pointers and mutable shared references are reborrowed "weak":
|
|
|
|
// There could be existing unique pointers reborrowed from them that should remain valid!
|
2019-04-17 01:42:41 -05:00
|
|
|
let perm = match kind {
|
|
|
|
RefKind::Unique => Permission::Unique,
|
|
|
|
RefKind::Raw { mutable: true } => Permission::SharedReadWrite,
|
|
|
|
RefKind::Shared | RefKind::Raw { mutable: false } => {
|
|
|
|
// Shared references and *const are a whole different kind of game, the
|
|
|
|
// permission is not uniform across the entire range!
|
|
|
|
// We need a frozen-sensitive reborrow.
|
|
|
|
return this.visit_freeze_sensitive(place, size, |cur_ptr, size, frozen| {
|
|
|
|
// We are only ever `SharedReadOnly` inside the frozen bits.
|
|
|
|
let perm = if frozen { Permission::SharedReadOnly } else { Permission::SharedReadWrite };
|
2019-04-30 06:48:16 -05:00
|
|
|
let weak = perm == Permission::SharedReadWrite;
|
2019-04-17 07:57:13 -05:00
|
|
|
let item = Item { perm, tag: new_tag, protector };
|
|
|
|
alloc.extra.for_each(cur_ptr, size, |stack, global| {
|
2019-05-11 04:03:53 -05:00
|
|
|
stack.grant(cur_ptr.tag, force_weak || weak, item, global)
|
2019-04-17 07:23:21 -05:00
|
|
|
})
|
2019-04-17 01:42:41 -05:00
|
|
|
});
|
|
|
|
}
|
|
|
|
};
|
|
|
|
debug_assert_ne!(perm, Permission::SharedReadOnly, "SharedReadOnly must be used frozen-sensitive");
|
2019-04-17 07:57:13 -05:00
|
|
|
let weak = perm == Permission::SharedReadWrite;
|
|
|
|
let item = Item { perm, tag: new_tag, protector };
|
|
|
|
alloc.extra.for_each(ptr, size, |stack, global| {
|
2019-05-11 04:03:53 -05:00
|
|
|
stack.grant(ptr.tag, force_weak || weak, item, global)
|
2019-04-17 07:23:21 -05:00
|
|
|
})
|
2018-12-11 07:18:51 -06:00
|
|
|
}
|
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
/// Retags an indidual pointer, returning the retagged version.
|
2018-12-12 04:11:20 -06:00
|
|
|
/// `mutbl` can be `None` to make this a raw pointer.
|
2018-12-11 07:18:51 -06:00
|
|
|
fn retag_reference(
|
|
|
|
&mut self,
|
2019-04-15 08:36:09 -05:00
|
|
|
val: ImmTy<'tcx, Tag>,
|
2019-04-17 01:42:41 -05:00
|
|
|
kind: RefKind,
|
2019-04-17 07:57:13 -05:00
|
|
|
protect: bool,
|
2018-12-11 07:18:51 -06:00
|
|
|
two_phase: bool,
|
2019-04-15 08:36:09 -05:00
|
|
|
) -> EvalResult<'tcx, Immediate<Tag>> {
|
2018-12-11 07:18:51 -06:00
|
|
|
let this = self.eval_context_mut();
|
|
|
|
// We want a place for where the ptr *points to*, so we get one.
|
|
|
|
let place = this.ref_to_mplace(val)?;
|
|
|
|
let size = this.size_and_align_of_mplace(place)?
|
|
|
|
.map(|(size, _)| size)
|
|
|
|
.unwrap_or_else(|| place.layout.size);
|
|
|
|
if size == Size::ZERO {
|
|
|
|
// Nothing to do for ZSTs.
|
|
|
|
return Ok(*val);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Compute new borrow.
|
2019-04-17 01:42:41 -05:00
|
|
|
let new_tag = match kind {
|
|
|
|
RefKind::Raw { .. } => Tag::Untagged,
|
|
|
|
_ => Tag::Tagged(this.memory().extra.borrow_mut().new_ptr()),
|
2018-12-11 07:18:51 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
// Reborrow.
|
2019-04-19 01:36:05 -05:00
|
|
|
// TODO: With `two_phase == true`, this performs a weak reborrow for a `Unique`. That
|
|
|
|
// can lead to some possibly surprising effects, if the parent permission is
|
|
|
|
// `SharedReadWrite` then we now have a `Unique` in the middle of them, which "splits"
|
|
|
|
// them in terms of what remains valid when the `Unique` gets used. Is that really
|
|
|
|
// what we want?
|
2019-04-17 07:57:13 -05:00
|
|
|
this.reborrow(place, size, kind, new_tag, /*force_weak:*/ two_phase, protect)?;
|
2019-04-15 08:36:09 -05:00
|
|
|
let new_place = place.replace_tag(new_tag);
|
2018-12-11 07:18:51 -06:00
|
|
|
// Handle two-phase borrows.
|
|
|
|
if two_phase {
|
2019-04-17 01:42:41 -05:00
|
|
|
assert!(kind == RefKind::Unique, "two-phase shared borrows make no sense");
|
2019-04-17 07:57:13 -05:00
|
|
|
// Grant read access *to the parent pointer* with the old tag *derived from the new tag* (`new_place`).
|
|
|
|
// This means the old pointer has multiple items in the stack now, which otherwise cannot happen
|
|
|
|
// for unique references -- but in this case it precisely expresses the semantics we want.
|
2019-04-15 08:36:09 -05:00
|
|
|
let old_tag = place.ptr.to_ptr().unwrap().tag;
|
2019-04-17 07:57:13 -05:00
|
|
|
this.reborrow(new_place, size, RefKind::Shared, old_tag, /*force_weak:*/ false, /*protect:*/ false)?;
|
2018-12-11 07:18:51 -06:00
|
|
|
}
|
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
// Return new pointer.
|
2018-12-11 07:18:51 -06:00
|
|
|
Ok(new_place.to_ref())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-12-11 07:16:58 -06:00
|
|
|
impl<'a, 'mir, 'tcx> EvalContextExt<'a, 'mir, 'tcx> for crate::MiriEvalContext<'a, 'mir, 'tcx> {}
|
|
|
|
pub trait EvalContextExt<'a, 'mir, 'tcx: 'a+'mir>: crate::MiriEvalContextExt<'a, 'mir, 'tcx> {
|
2018-10-24 10:17:44 -05:00
|
|
|
fn retag(
|
|
|
|
&mut self,
|
2018-12-12 04:11:20 -06:00
|
|
|
kind: RetagKind,
|
2019-04-15 08:36:09 -05:00
|
|
|
place: PlaceTy<'tcx, Tag>
|
2018-10-24 10:17:44 -05:00
|
|
|
) -> EvalResult<'tcx> {
|
2018-12-11 07:16:58 -06:00
|
|
|
let this = self.eval_context_mut();
|
2019-04-17 07:57:13 -05:00
|
|
|
// Determine mutability and whether to add a protector.
|
2018-11-21 08:21:41 -06:00
|
|
|
// Cannot use `builtin_deref` because that reports *immutable* for `Box`,
|
|
|
|
// making it useless.
|
2019-04-17 01:42:41 -05:00
|
|
|
fn qualify(ty: ty::Ty<'_>, kind: RetagKind) -> Option<(RefKind, bool)> {
|
2018-11-21 08:21:41 -06:00
|
|
|
match ty.sty {
|
2019-02-15 19:29:38 -06:00
|
|
|
// References are simple.
|
2019-04-17 01:42:41 -05:00
|
|
|
ty::Ref(_, _, MutMutable) =>
|
|
|
|
Some((RefKind::Unique, kind == RetagKind::FnEntry)),
|
|
|
|
ty::Ref(_, _, MutImmutable) =>
|
|
|
|
Some((RefKind::Shared, kind == RetagKind::FnEntry)),
|
2019-02-15 19:29:38 -06:00
|
|
|
// Raw pointers need to be enabled.
|
2019-04-17 01:42:41 -05:00
|
|
|
ty::RawPtr(tym) if kind == RetagKind::Raw =>
|
|
|
|
Some((RefKind::Raw { mutable: tym.mutbl == MutMutable }, false)),
|
2019-04-17 07:57:13 -05:00
|
|
|
// Boxes do not get a protector: protectors reflect that references outlive the call
|
2018-11-21 08:21:41 -06:00
|
|
|
// they were passed in to; that's just not the case for boxes.
|
2019-04-17 01:42:41 -05:00
|
|
|
ty::Adt(..) if ty.is_box() => Some((RefKind::Unique, false)),
|
2018-11-21 08:21:41 -06:00
|
|
|
_ => None,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
// We need a visitor to visit all references. However, that requires
|
2018-11-13 05:48:20 -06:00
|
|
|
// a `MemPlace`, so we have a fast path for reference types that
|
|
|
|
// avoids allocating.
|
2019-04-17 07:57:13 -05:00
|
|
|
if let Some((mutbl, protector)) = qualify(place.layout.ty, kind) {
|
2019-02-15 19:29:38 -06:00
|
|
|
// Fast path.
|
2018-12-11 07:16:58 -06:00
|
|
|
let val = this.read_immediate(this.place_to_op(place)?)?;
|
2019-04-17 07:57:13 -05:00
|
|
|
let val = this.retag_reference(val, mutbl, protector, kind == RetagKind::TwoPhase)?;
|
2018-12-11 07:16:58 -06:00
|
|
|
this.write_immediate(val, place)?;
|
2018-11-17 05:35:43 -06:00
|
|
|
return Ok(());
|
|
|
|
}
|
2018-12-11 07:16:58 -06:00
|
|
|
let place = this.force_allocation(place)?;
|
2018-11-13 05:48:20 -06:00
|
|
|
|
2018-12-12 04:11:20 -06:00
|
|
|
let mut visitor = RetagVisitor { ecx: this, kind };
|
2018-11-13 05:48:20 -06:00
|
|
|
visitor.visit_value(place)?;
|
|
|
|
|
2019-02-15 19:29:38 -06:00
|
|
|
// The actual visitor.
|
2018-11-13 05:48:20 -06:00
|
|
|
struct RetagVisitor<'ecx, 'a, 'mir, 'tcx> {
|
|
|
|
ecx: &'ecx mut MiriEvalContext<'a, 'mir, 'tcx>,
|
2018-12-12 04:11:20 -06:00
|
|
|
kind: RetagKind,
|
2018-11-13 05:48:20 -06:00
|
|
|
}
|
|
|
|
impl<'ecx, 'a, 'mir, 'tcx>
|
|
|
|
MutValueVisitor<'a, 'mir, 'tcx, Evaluator<'tcx>>
|
|
|
|
for
|
|
|
|
RetagVisitor<'ecx, 'a, 'mir, 'tcx>
|
|
|
|
{
|
2019-04-15 08:36:09 -05:00
|
|
|
type V = MPlaceTy<'tcx, Tag>;
|
2018-11-13 05:48:20 -06:00
|
|
|
|
|
|
|
#[inline(always)]
|
|
|
|
fn ecx(&mut self) -> &mut MiriEvalContext<'a, 'mir, 'tcx> {
|
|
|
|
&mut self.ecx
|
|
|
|
}
|
|
|
|
|
|
|
|
// Primitives of reference type, that is the one thing we are interested in.
|
2019-04-15 08:36:09 -05:00
|
|
|
fn visit_primitive(&mut self, place: MPlaceTy<'tcx, Tag>) -> EvalResult<'tcx>
|
2018-11-13 05:48:20 -06:00
|
|
|
{
|
2018-11-17 05:33:44 -06:00
|
|
|
// Cannot use `builtin_deref` because that reports *immutable* for `Box`,
|
|
|
|
// making it useless.
|
2019-04-17 07:57:13 -05:00
|
|
|
if let Some((mutbl, protector)) = qualify(place.layout.ty, self.kind) {
|
2018-11-21 08:21:41 -06:00
|
|
|
let val = self.ecx.read_immediate(place.into())?;
|
2018-12-12 04:11:20 -06:00
|
|
|
let val = self.ecx.retag_reference(
|
|
|
|
val,
|
|
|
|
mutbl,
|
2019-04-17 07:57:13 -05:00
|
|
|
protector,
|
2018-12-12 04:11:20 -06:00
|
|
|
self.kind == RetagKind::TwoPhase
|
|
|
|
)?;
|
2018-11-21 08:21:41 -06:00
|
|
|
self.ecx.write_immediate(val, place.into())?;
|
|
|
|
}
|
2018-11-13 05:48:20 -06:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-24 10:17:44 -05:00
|
|
|
Ok(())
|
|
|
|
}
|
2018-10-16 11:01:50 -05:00
|
|
|
}
|