2020-01-05 02:37:57 +01:00
|
|
|
use rustc_data_structures::fx::FxHashSet;
|
2019-12-31 21:25:16 +01:00
|
|
|
use rustc_errors::struct_span_err;
|
2020-01-05 02:37:57 +01:00
|
|
|
use rustc_hir as hir;
|
2020-04-12 13:45:41 +01:00
|
|
|
use rustc_hir::def_id::{DefId, LocalDefId};
|
2020-05-13 23:43:21 +02:00
|
|
|
use rustc_hir::hir_id::HirId;
|
2020-01-07 18:12:06 +01:00
|
|
|
use rustc_hir::intravisit;
|
2020-01-05 02:37:57 +01:00
|
|
|
use rustc_hir::Node;
|
2020-03-29 17:19:48 +02:00
|
|
|
use rustc_middle::mir::visit::{MutatingUseContext, PlaceContext, Visitor};
|
|
|
|
|
use rustc_middle::mir::*;
|
|
|
|
|
use rustc_middle::ty::query::Providers;
|
|
|
|
|
use rustc_middle::ty::{self, TyCtxt};
|
2021-02-25 19:38:53 +01:00
|
|
|
use rustc_session::lint::builtin::{UNSAFE_OP_IN_UNSAFE_FN, UNUSED_UNSAFE};
|
2020-05-13 23:43:21 +02:00
|
|
|
use rustc_session::lint::Level;
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2018-11-03 13:03:05 +01:00
|
|
|
use std::ops::Bound;
|
|
|
|
|
|
2019-06-14 19:39:39 +03:00
|
|
|
pub struct UnsafetyChecker<'a, 'tcx> {
|
2019-06-03 18:26:48 -04:00
|
|
|
body: &'a Body<'tcx>,
|
2020-05-01 15:16:17 +02:00
|
|
|
body_did: LocalDefId,
|
2017-09-19 16:20:02 +03:00
|
|
|
violations: Vec<UnsafetyViolation>,
|
|
|
|
|
source_info: SourceInfo,
|
2019-06-14 00:48:52 +03:00
|
|
|
tcx: TyCtxt<'tcx>,
|
2017-09-19 16:20:02 +03:00
|
|
|
param_env: ty::ParamEnv<'tcx>,
|
2019-02-08 14:53:55 +01:00
|
|
|
/// Mark an `unsafe` block as used, so we don't lint it.
|
2019-02-22 15:48:14 +01:00
|
|
|
used_unsafe: FxHashSet<hir::HirId>,
|
|
|
|
|
inherited_blocks: Vec<(hir::HirId, bool)>,
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2019-06-11 12:47:30 +03:00
|
|
|
impl<'a, 'tcx> UnsafetyChecker<'a, 'tcx> {
|
2018-08-22 15:56:37 +02:00
|
|
|
fn new(
|
2019-06-03 18:26:48 -04:00
|
|
|
body: &'a Body<'tcx>,
|
2020-05-01 15:16:17 +02:00
|
|
|
body_did: LocalDefId,
|
2019-06-14 00:48:52 +03:00
|
|
|
tcx: TyCtxt<'tcx>,
|
2018-08-22 15:56:37 +02:00
|
|
|
param_env: ty::ParamEnv<'tcx>,
|
|
|
|
|
) -> Self {
|
2017-09-19 16:20:02 +03:00
|
|
|
Self {
|
2019-06-03 18:26:48 -04:00
|
|
|
body,
|
2020-05-01 15:16:17 +02:00
|
|
|
body_did,
|
2017-09-19 16:20:02 +03:00
|
|
|
violations: vec![],
|
2020-05-06 10:30:11 +10:00
|
|
|
source_info: SourceInfo::outermost(body.span),
|
2017-09-19 16:20:02 +03:00
|
|
|
tcx,
|
|
|
|
|
param_env,
|
2018-10-16 16:57:53 +02:00
|
|
|
used_unsafe: Default::default(),
|
2017-11-05 20:04:18 +02:00
|
|
|
inherited_blocks: vec![],
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-06 00:48:37 -08:00
|
|
|
impl<'tcx> Visitor<'tcx> for UnsafetyChecker<'_, 'tcx> {
|
2019-12-22 17:42:04 -05:00
|
|
|
fn visit_terminator(&mut self, terminator: &Terminator<'tcx>, location: Location) {
|
2017-09-19 16:20:02 +03:00
|
|
|
self.source_info = terminator.source_info;
|
|
|
|
|
match terminator.kind {
|
2019-12-22 17:42:04 -05:00
|
|
|
TerminatorKind::Goto { .. }
|
|
|
|
|
| TerminatorKind::SwitchInt { .. }
|
|
|
|
|
| TerminatorKind::Drop { .. }
|
|
|
|
|
| TerminatorKind::Yield { .. }
|
|
|
|
|
| TerminatorKind::Assert { .. }
|
|
|
|
|
| TerminatorKind::DropAndReplace { .. }
|
|
|
|
|
| TerminatorKind::GeneratorDrop
|
|
|
|
|
| TerminatorKind::Resume
|
|
|
|
|
| TerminatorKind::Abort
|
|
|
|
|
| TerminatorKind::Return
|
|
|
|
|
| TerminatorKind::Unreachable
|
2020-06-02 09:15:24 +02:00
|
|
|
| TerminatorKind::FalseEdge { .. }
|
2019-12-22 17:42:04 -05:00
|
|
|
| TerminatorKind::FalseUnwind { .. } => {
|
2017-11-05 16:48:22 +02:00
|
|
|
// safe (at least as emitted during MIR construction)
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TerminatorKind::Call { ref func, .. } => {
|
2019-06-03 18:26:48 -04:00
|
|
|
let func_ty = func.ty(self.body, self.tcx);
|
2017-09-19 16:20:02 +03:00
|
|
|
let sig = func_ty.fn_sig(self.tcx);
|
|
|
|
|
if let hir::Unsafety::Unsafe = sig.unsafety() {
|
2019-12-22 17:42:04 -05:00
|
|
|
self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-07-14 12:12:01 +10:00
|
|
|
UnsafetyViolationDetails::CallToUnsafeFunction,
|
2019-12-22 17:42:04 -05:00
|
|
|
)
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2020-05-01 15:16:17 +02:00
|
|
|
|
2020-08-03 00:49:11 +02:00
|
|
|
if let ty::FnDef(func_id, _) = func_ty.kind() {
|
|
|
|
|
self.check_target_features(*func_id);
|
2020-05-01 15:16:17 +02:00
|
|
|
}
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2020-02-14 18:17:50 +00:00
|
|
|
|
|
|
|
|
TerminatorKind::InlineAsm { .. } => self.require_unsafe(
|
|
|
|
|
UnsafetyViolationKind::General,
|
2020-07-14 12:12:01 +10:00
|
|
|
UnsafetyViolationDetails::UseOfInlineAssembly,
|
2020-02-14 18:17:50 +00:00
|
|
|
),
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2019-04-22 21:07:14 +01:00
|
|
|
self.super_terminator(terminator, location);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2019-12-22 17:42:04 -05:00
|
|
|
fn visit_statement(&mut self, statement: &Statement<'tcx>, location: Location) {
|
2017-09-19 16:20:02 +03:00
|
|
|
self.source_info = statement.source_info;
|
|
|
|
|
match statement.kind {
|
2019-12-22 17:42:04 -05:00
|
|
|
StatementKind::Assign(..)
|
|
|
|
|
| StatementKind::FakeRead(..)
|
|
|
|
|
| StatementKind::SetDiscriminant { .. }
|
|
|
|
|
| StatementKind::StorageLive(..)
|
|
|
|
|
| StatementKind::StorageDead(..)
|
|
|
|
|
| StatementKind::Retag { .. }
|
|
|
|
|
| StatementKind::AscribeUserType(..)
|
2020-08-15 04:42:13 -07:00
|
|
|
| StatementKind::Coverage(..)
|
2019-12-22 17:42:04 -05:00
|
|
|
| StatementKind::Nop => {
|
2017-09-19 16:20:02 +03:00
|
|
|
// safe (at least as emitted during MIR construction)
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-23 08:57:04 +00:00
|
|
|
StatementKind::CopyNonOverlapping(..) => unreachable!(),
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2019-04-22 21:07:14 +01:00
|
|
|
self.super_statement(statement, location);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2019-12-22 17:42:04 -05:00
|
|
|
fn visit_rvalue(&mut self, rvalue: &Rvalue<'tcx>, location: Location) {
|
2018-12-07 18:26:46 +01:00
|
|
|
match rvalue {
|
2019-12-22 17:42:04 -05:00
|
|
|
Rvalue::Aggregate(box ref aggregate, _) => match aggregate {
|
|
|
|
|
&AggregateKind::Array(..) | &AggregateKind::Tuple => {}
|
2021-12-22 14:35:17 -05:00
|
|
|
&AggregateKind::Adt(adt_did, ..) => {
|
|
|
|
|
match self.tcx.layout_scalar_valid_range(adt_did) {
|
2019-12-22 17:42:04 -05:00
|
|
|
(Bound::Unbounded, Bound::Unbounded) => {}
|
|
|
|
|
_ => self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-07-14 12:12:01 +10:00
|
|
|
UnsafetyViolationDetails::InitializingTypeWith,
|
2019-12-22 17:42:04 -05:00
|
|
|
),
|
2018-11-03 13:03:05 +01:00
|
|
|
}
|
|
|
|
|
}
|
2019-12-22 17:42:04 -05:00
|
|
|
&AggregateKind::Closure(def_id, _) | &AggregateKind::Generator(def_id, _, _) => {
|
|
|
|
|
let UnsafetyCheckResult { violations, unsafe_blocks } =
|
2020-04-17 15:25:44 +01:00
|
|
|
self.tcx.unsafety_check_result(def_id.expect_local());
|
2019-12-22 17:42:04 -05:00
|
|
|
self.register_violations(&violations, &unsafe_blocks);
|
|
|
|
|
}
|
2018-12-07 18:26:46 +01:00
|
|
|
},
|
2019-12-22 17:42:04 -05:00
|
|
|
_ => {}
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
self.super_rvalue(rvalue, location);
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-22 17:42:04 -05:00
|
|
|
fn visit_place(&mut self, place: &Place<'tcx>, context: PlaceContext, _location: Location) {
|
2020-05-16 16:04:31 +02:00
|
|
|
// On types with `scalar_valid_range`, prevent
|
2019-12-28 15:51:44 +00:00
|
|
|
// * `&mut x.field`
|
|
|
|
|
// * `x.field = y;`
|
|
|
|
|
// * `&x.field` if `field`'s type has interior mutability
|
|
|
|
|
// because either of these would allow modifying the layout constrained field and
|
|
|
|
|
// insert values that violate the layout constraints.
|
|
|
|
|
if context.is_mutating_use() || context.is_borrow() {
|
2020-03-30 19:22:12 -03:00
|
|
|
self.check_mut_borrowing_layout_constrained_field(*place, context.is_mutating_use());
|
2019-12-28 15:51:44 +00:00
|
|
|
}
|
|
|
|
|
|
2020-11-21 13:20:34 +01:00
|
|
|
// Some checks below need the extra metainfo of the local declaration.
|
|
|
|
|
let decl = &self.body.local_decls[place.local];
|
|
|
|
|
|
|
|
|
|
// Check the base local: it might be an unsafe-to-access static. We only check derefs of the
|
|
|
|
|
// temporary holding the static pointer to avoid duplicate errors
|
|
|
|
|
// <https://github.com/rust-lang/rust/pull/78068#issuecomment-731753506>.
|
|
|
|
|
if decl.internal && place.projection.first() == Some(&ProjectionElem::Deref) {
|
|
|
|
|
// If the projection root is an artifical local that we introduced when
|
|
|
|
|
// desugaring `static`, give a more specific error message
|
|
|
|
|
// (avoid the general "raw pointer" clause below, that would only be confusing).
|
|
|
|
|
if let Some(box LocalInfo::StaticRef { def_id, .. }) = decl.local_info {
|
|
|
|
|
if self.tcx.is_mutable_static(def_id) {
|
|
|
|
|
self.require_unsafe(
|
|
|
|
|
UnsafetyViolationKind::General,
|
|
|
|
|
UnsafetyViolationDetails::UseOfMutableStatic,
|
|
|
|
|
);
|
|
|
|
|
return;
|
|
|
|
|
} else if self.tcx.is_foreign_item(def_id) {
|
2020-05-13 23:43:21 +02:00
|
|
|
self.require_unsafe(
|
2020-11-21 13:20:34 +01:00
|
|
|
UnsafetyViolationKind::General,
|
|
|
|
|
UnsafetyViolationDetails::UseOfExternStatic,
|
2020-05-13 23:43:21 +02:00
|
|
|
);
|
2020-11-21 13:20:34 +01:00
|
|
|
return;
|
2020-05-13 23:43:21 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-11-21 13:20:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for raw pointer `Deref`.
|
|
|
|
|
for (base, proj) in place.iter_projections() {
|
|
|
|
|
if proj == ProjectionElem::Deref {
|
|
|
|
|
let base_ty = base.ty(self.body, self.tcx).ty;
|
|
|
|
|
if base_ty.is_unsafe_ptr() {
|
|
|
|
|
self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-11-21 13:20:34 +01:00
|
|
|
UnsafetyViolationDetails::DerefOfRawPointer,
|
|
|
|
|
)
|
2018-11-03 15:21:44 +01:00
|
|
|
}
|
2019-07-30 00:07:28 +02:00
|
|
|
}
|
2020-11-21 13:20:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for union fields. For this we traverse right-to-left, as the last `Deref` changes
|
|
|
|
|
// whether we *read* the union field or potentially *write* to it (if this place is being assigned to).
|
|
|
|
|
let mut saw_deref = false;
|
|
|
|
|
for (base, proj) in place.iter_projections().rev() {
|
|
|
|
|
if proj == ProjectionElem::Deref {
|
|
|
|
|
saw_deref = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let base_ty = base.ty(self.body, self.tcx).ty;
|
2021-06-02 00:00:00 +00:00
|
|
|
if base_ty.is_union() {
|
2020-11-21 13:20:34 +01:00
|
|
|
// If we did not hit a `Deref` yet and the overall place use is an assignment, the
|
|
|
|
|
// rules are different.
|
|
|
|
|
let assign_to_field = !saw_deref
|
|
|
|
|
&& matches!(
|
2020-10-26 19:35:01 +01:00
|
|
|
context,
|
|
|
|
|
PlaceContext::MutatingUse(
|
|
|
|
|
MutatingUseContext::Store
|
|
|
|
|
| MutatingUseContext::Drop
|
|
|
|
|
| MutatingUseContext::AsmOutput
|
|
|
|
|
)
|
|
|
|
|
);
|
2020-11-21 13:20:34 +01:00
|
|
|
// If this is just an assignment, determine if the assigned type needs dropping.
|
|
|
|
|
if assign_to_field {
|
|
|
|
|
// We have to check the actual type of the assignment, as that determines if the
|
|
|
|
|
// old value is being dropped.
|
|
|
|
|
let assigned_ty = place.ty(&self.body.local_decls, self.tcx).ty;
|
|
|
|
|
// To avoid semver hazard, we only consider `Copy` and `ManuallyDrop` non-dropping.
|
|
|
|
|
let manually_drop = assigned_ty
|
|
|
|
|
.ty_adt_def()
|
|
|
|
|
.map_or(false, |adt_def| adt_def.is_manually_drop());
|
|
|
|
|
let nodrop = manually_drop
|
|
|
|
|
|| assigned_ty.is_copy_modulo_regions(
|
|
|
|
|
self.tcx.at(self.source_info.span),
|
|
|
|
|
self.param_env,
|
|
|
|
|
);
|
|
|
|
|
if !nodrop {
|
2020-10-18 13:53:54 +02:00
|
|
|
self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-11-21 13:20:34 +01:00
|
|
|
UnsafetyViolationDetails::AssignToDroppingUnionField,
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
// write to non-drop union field, safe
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2020-11-21 13:20:34 +01:00
|
|
|
} else {
|
|
|
|
|
self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-11-21 13:20:34 +01:00
|
|
|
UnsafetyViolationDetails::AccessToUnionField,
|
|
|
|
|
)
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
2019-07-30 00:07:28 +02:00
|
|
|
}
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-06 00:48:37 -08:00
|
|
|
impl<'tcx> UnsafetyChecker<'_, 'tcx> {
|
2020-07-14 12:12:01 +10:00
|
|
|
fn require_unsafe(&mut self, kind: UnsafetyViolationKind, details: UnsafetyViolationDetails) {
|
2021-04-25 12:52:42 +02:00
|
|
|
// Violations can turn out to be `UnsafeFn` during analysis, but they should not start out as such.
|
|
|
|
|
assert_ne!(kind, UnsafetyViolationKind::UnsafeFn);
|
|
|
|
|
|
2017-09-19 16:20:02 +03:00
|
|
|
let source_info = self.source_info;
|
2020-05-13 23:43:21 +02:00
|
|
|
let lint_root = self.body.source_scopes[self.source_info.scope]
|
|
|
|
|
.local_data
|
|
|
|
|
.as_ref()
|
|
|
|
|
.assert_crate_local()
|
|
|
|
|
.lint_root;
|
2019-12-22 17:42:04 -05:00
|
|
|
self.register_violations(
|
2020-07-14 12:12:01 +10:00
|
|
|
&[UnsafetyViolation { source_info, lint_root, kind, details }],
|
2019-12-22 17:42:04 -05:00
|
|
|
&[],
|
|
|
|
|
);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2019-12-22 17:42:04 -05:00
|
|
|
fn register_violations(
|
|
|
|
|
&mut self,
|
|
|
|
|
violations: &[UnsafetyViolation],
|
|
|
|
|
unsafe_blocks: &[(hir::HirId, bool)],
|
|
|
|
|
) {
|
2019-11-26 22:17:35 +02:00
|
|
|
let safety = self.body.source_scopes[self.source_info.scope]
|
|
|
|
|
.local_data
|
2019-11-26 19:55:03 +02:00
|
|
|
.as_ref()
|
|
|
|
|
.assert_crate_local()
|
|
|
|
|
.safety;
|
2018-12-11 09:07:03 +01:00
|
|
|
let within_unsafe = match safety {
|
2018-11-03 00:22:12 +01:00
|
|
|
// `unsafe` blocks are required in safe code
|
2018-12-11 09:07:03 +01:00
|
|
|
Safety::Safe => {
|
2017-09-19 16:20:02 +03:00
|
|
|
for violation in violations {
|
2018-11-05 18:06:26 +01:00
|
|
|
match violation.kind {
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General => {}
|
2021-02-25 19:38:53 +01:00
|
|
|
UnsafetyViolationKind::UnsafeFn => {
|
2020-05-03 23:11:34 +02:00
|
|
|
bug!("`UnsafetyViolationKind::UnsafeFn` in an `Safe` context")
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-02-25 19:38:53 +01:00
|
|
|
if !self.violations.contains(violation) {
|
|
|
|
|
self.violations.push(*violation)
|
2018-11-03 00:22:12 +01:00
|
|
|
}
|
2020-05-03 23:11:34 +02:00
|
|
|
}
|
|
|
|
|
false
|
|
|
|
|
}
|
|
|
|
|
// With the RFC 2585, no longer allow `unsafe` operations in `unsafe fn`s
|
2020-11-19 18:32:35 +01:00
|
|
|
Safety::FnUnsafe => {
|
2020-05-03 23:11:34 +02:00
|
|
|
for violation in violations {
|
|
|
|
|
let mut violation = *violation;
|
|
|
|
|
|
2021-02-25 19:38:53 +01:00
|
|
|
violation.kind = UnsafetyViolationKind::UnsafeFn;
|
2018-11-03 00:22:12 +01:00
|
|
|
if !self.violations.contains(&violation) {
|
|
|
|
|
self.violations.push(violation)
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
2017-11-05 20:04:18 +02:00
|
|
|
false
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2021-04-29 20:54:22 -05:00
|
|
|
Safety::BuiltinUnsafe => true,
|
2019-02-22 15:48:14 +01:00
|
|
|
Safety::ExplicitUnsafe(hir_id) => {
|
2018-11-03 11:09:52 +01:00
|
|
|
// mark unsafe block as used if there are any unsafe operations inside
|
2017-09-19 16:20:02 +03:00
|
|
|
if !violations.is_empty() {
|
2019-02-22 15:48:14 +01:00
|
|
|
self.used_unsafe.insert(hir_id);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2017-11-05 20:04:18 +02:00
|
|
|
true
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2017-11-05 20:04:18 +02:00
|
|
|
};
|
2019-12-22 17:42:04 -05:00
|
|
|
self.inherited_blocks.extend(
|
|
|
|
|
unsafe_blocks.iter().map(|&(hir_id, is_used)| (hir_id, is_used && !within_unsafe)),
|
|
|
|
|
);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2018-11-03 16:30:05 +01:00
|
|
|
fn check_mut_borrowing_layout_constrained_field(
|
|
|
|
|
&mut self,
|
2020-03-30 19:22:12 -03:00
|
|
|
place: Place<'tcx>,
|
2018-11-05 13:26:07 +01:00
|
|
|
is_mut_use: bool,
|
2018-11-03 16:30:05 +01:00
|
|
|
) {
|
2021-01-09 23:33:38 -06:00
|
|
|
for (place_base, elem) in place.iter_projections().rev() {
|
2019-07-30 00:07:28 +02:00
|
|
|
match elem {
|
2019-12-28 15:51:44 +00:00
|
|
|
// Modifications behind a dereference don't affect the value of
|
|
|
|
|
// the pointer.
|
|
|
|
|
ProjectionElem::Deref => return,
|
2018-11-03 16:30:05 +01:00
|
|
|
ProjectionElem::Field(..) => {
|
2021-01-09 23:33:38 -06:00
|
|
|
let ty = place_base.ty(&self.body.local_decls, self.tcx).ty;
|
2020-08-03 00:49:11 +02:00
|
|
|
if let ty::Adt(def, _) = ty.kind() {
|
2020-03-22 13:36:56 +01:00
|
|
|
if self.tcx.layout_scalar_valid_range(def.did)
|
|
|
|
|
!= (Bound::Unbounded, Bound::Unbounded)
|
|
|
|
|
{
|
2020-07-14 12:12:01 +10:00
|
|
|
let details = if is_mut_use {
|
|
|
|
|
UnsafetyViolationDetails::MutationOfLayoutConstrainedField
|
2019-12-28 15:51:44 +00:00
|
|
|
|
2020-03-22 13:36:56 +01:00
|
|
|
// Check `is_freeze` as late as possible to avoid cycle errors
|
|
|
|
|
// with opaque types.
|
2020-06-21 11:20:48 +02:00
|
|
|
} else if !place
|
|
|
|
|
.ty(self.body, self.tcx)
|
|
|
|
|
.ty
|
|
|
|
|
.is_freeze(self.tcx.at(self.source_info.span), self.param_env)
|
|
|
|
|
{
|
2020-07-14 12:12:01 +10:00
|
|
|
UnsafetyViolationDetails::BorrowOfLayoutConstrainedField
|
2020-03-22 13:36:56 +01:00
|
|
|
} else {
|
|
|
|
|
continue;
|
|
|
|
|
};
|
2021-04-25 12:52:42 +02:00
|
|
|
self.require_unsafe(UnsafetyViolationKind::General, details);
|
2020-03-22 13:36:56 +01:00
|
|
|
}
|
2018-11-03 16:30:05 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
_ => {}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-01 15:16:17 +02:00
|
|
|
|
|
|
|
|
/// Checks whether calling `func_did` needs an `unsafe` context or not, i.e. whether
|
|
|
|
|
/// the called function has target features the calling function hasn't.
|
|
|
|
|
fn check_target_features(&mut self, func_did: DefId) {
|
2021-05-06 07:50:40 -07:00
|
|
|
// Unsafety isn't required on wasm targets. For more information see
|
|
|
|
|
// the corresponding check in typeck/src/collect.rs
|
|
|
|
|
if self.tcx.sess.target.options.is_like_wasm {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-01 15:16:17 +02:00
|
|
|
let callee_features = &self.tcx.codegen_fn_attrs(func_did).target_features;
|
|
|
|
|
let self_features = &self.tcx.codegen_fn_attrs(self.body_did).target_features;
|
|
|
|
|
|
|
|
|
|
// Is `callee_features` a subset of `calling_features`?
|
|
|
|
|
if !callee_features.iter().all(|feature| self_features.contains(feature)) {
|
|
|
|
|
self.require_unsafe(
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General,
|
2020-07-14 12:12:01 +10:00
|
|
|
UnsafetyViolationDetails::CallToFunctionWith,
|
2020-05-01 15:16:17 +02:00
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2020-07-05 23:00:14 +03:00
|
|
|
pub(crate) fn provide(providers: &mut Providers) {
|
2020-07-06 23:49:53 +02:00
|
|
|
*providers = Providers {
|
|
|
|
|
unsafety_check_result: |tcx, def_id| {
|
2020-07-21 22:54:18 +02:00
|
|
|
if let Some(def) = ty::WithOptConstParam::try_lookup(def_id, tcx) {
|
2020-07-16 19:36:18 +02:00
|
|
|
tcx.unsafety_check_result_for_const_arg(def)
|
|
|
|
|
} else {
|
|
|
|
|
unsafety_check_result(tcx, ty::WithOptConstParam::unknown(def_id))
|
|
|
|
|
}
|
2020-07-06 23:49:53 +02:00
|
|
|
},
|
2020-07-15 11:26:26 +02:00
|
|
|
unsafety_check_result_for_const_arg: |tcx, (did, param_did)| {
|
2020-07-15 10:50:54 +02:00
|
|
|
unsafety_check_result(
|
|
|
|
|
tcx,
|
|
|
|
|
ty::WithOptConstParam { did, const_param_did: Some(param_did) },
|
|
|
|
|
)
|
2020-07-06 23:49:53 +02:00
|
|
|
},
|
|
|
|
|
..*providers
|
|
|
|
|
};
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2017-11-05 20:04:18 +02:00
|
|
|
struct UnusedUnsafeVisitor<'a> {
|
2019-02-22 15:48:14 +01:00
|
|
|
used_unsafe: &'a FxHashSet<hir::HirId>,
|
|
|
|
|
unsafe_blocks: &'a mut Vec<(hir::HirId, bool)>,
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2021-12-06 00:48:37 -08:00
|
|
|
impl<'tcx> intravisit::Visitor<'tcx> for UnusedUnsafeVisitor<'_> {
|
2019-11-30 15:08:22 +01:00
|
|
|
fn visit_block(&mut self, block: &'tcx hir::Block<'tcx>) {
|
2020-01-05 02:37:57 +01:00
|
|
|
intravisit::walk_block(self, block);
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2020-01-05 01:50:05 +01:00
|
|
|
if let hir::BlockCheckMode::UnsafeBlock(hir::UnsafeSource::UserProvided) = block.rules {
|
2019-02-22 15:48:14 +01:00
|
|
|
self.unsafe_blocks.push((block.hir_id, self.used_unsafe.contains(&block.hir_id)));
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-21 18:12:39 +02:00
|
|
|
fn check_unused_unsafe(
|
|
|
|
|
tcx: TyCtxt<'_>,
|
2020-04-12 13:45:41 +01:00
|
|
|
def_id: LocalDefId,
|
2019-06-12 00:11:55 +03:00
|
|
|
used_unsafe: &FxHashSet<hir::HirId>,
|
2019-06-21 18:12:39 +02:00
|
|
|
unsafe_blocks: &mut Vec<(hir::HirId, bool)>,
|
2019-06-12 00:11:55 +03:00
|
|
|
) {
|
2020-08-12 12:22:56 +02:00
|
|
|
let body_id = tcx.hir().maybe_body_owned_by(tcx.hir().local_def_id_to_hir_id(def_id));
|
2017-09-19 16:20:02 +03:00
|
|
|
|
|
|
|
|
let body_id = match body_id {
|
|
|
|
|
Some(body) => body,
|
|
|
|
|
None => {
|
|
|
|
|
debug!("check_unused_unsafe({:?}) - no body found", def_id);
|
2019-12-22 17:42:04 -05:00
|
|
|
return;
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
};
|
2018-12-04 13:45:36 +01:00
|
|
|
let body = tcx.hir().body(body_id);
|
2019-12-22 17:42:04 -05:00
|
|
|
debug!("check_unused_unsafe({:?}, body={:?}, used_unsafe={:?})", def_id, body, used_unsafe);
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2019-12-22 17:42:04 -05:00
|
|
|
let mut visitor = UnusedUnsafeVisitor { used_unsafe, unsafe_blocks };
|
2020-01-05 02:37:57 +01:00
|
|
|
intravisit::Visitor::visit_body(&mut visitor, body);
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2020-07-06 23:49:53 +02:00
|
|
|
fn unsafety_check_result<'tcx>(
|
|
|
|
|
tcx: TyCtxt<'tcx>,
|
2020-07-15 10:50:54 +02:00
|
|
|
def: ty::WithOptConstParam<LocalDefId>,
|
2020-07-06 23:49:53 +02:00
|
|
|
) -> &'tcx UnsafetyCheckResult {
|
|
|
|
|
debug!("unsafety_violations({:?})", def);
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2018-11-27 02:59:49 +00:00
|
|
|
// N.B., this borrow is valid because all the consumers of
|
2017-11-05 18:09:39 +02:00
|
|
|
// `mir_built` force this.
|
2020-07-06 23:49:53 +02:00
|
|
|
let body = &tcx.mir_built(def).borrow();
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2020-07-06 23:49:53 +02:00
|
|
|
let param_env = tcx.param_env(def.did);
|
2018-12-07 18:26:46 +01:00
|
|
|
|
2021-07-10 11:33:42 +02:00
|
|
|
let mut checker = UnsafetyChecker::new(body, def.did, tcx, param_env);
|
2020-03-28 14:54:41 -07:00
|
|
|
checker.visit_body(&body);
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2020-07-06 23:49:53 +02:00
|
|
|
check_unused_unsafe(tcx, def.did, &checker.used_unsafe, &mut checker.inherited_blocks);
|
|
|
|
|
|
|
|
|
|
tcx.arena.alloc(UnsafetyCheckResult {
|
2017-11-05 20:04:18 +02:00
|
|
|
violations: checker.violations.into(),
|
2019-12-22 17:42:04 -05:00
|
|
|
unsafe_blocks: checker.inherited_blocks.into(),
|
2020-07-06 23:49:53 +02:00
|
|
|
})
|
2017-11-05 20:04:18 +02:00
|
|
|
}
|
|
|
|
|
|
2019-02-22 15:48:14 +01:00
|
|
|
/// Returns the `HirId` for an enclosing scope that is also `unsafe`.
|
2019-06-12 00:11:55 +03:00
|
|
|
fn is_enclosed(
|
2019-06-14 00:48:52 +03:00
|
|
|
tcx: TyCtxt<'_>,
|
2019-06-12 00:11:55 +03:00
|
|
|
used_unsafe: &FxHashSet<hir::HirId>,
|
|
|
|
|
id: hir::HirId,
|
2021-01-17 11:07:43 +01:00
|
|
|
unsafe_op_in_unsafe_fn_allowed: bool,
|
|
|
|
|
) -> Option<(&'static str, hir::HirId)> {
|
2019-06-24 09:46:38 +02:00
|
|
|
let parent_id = tcx.hir().get_parent_node(id);
|
2017-11-05 20:04:18 +02:00
|
|
|
if parent_id != id {
|
|
|
|
|
if used_unsafe.contains(&parent_id) {
|
2021-01-17 11:07:43 +01:00
|
|
|
Some(("block", parent_id))
|
2018-08-25 15:56:16 +01:00
|
|
|
} else if let Some(Node::Item(&hir::Item {
|
2019-12-22 17:42:04 -05:00
|
|
|
kind: hir::ItemKind::Fn(ref sig, _, _), ..
|
|
|
|
|
})) = tcx.hir().find(parent_id)
|
|
|
|
|
{
|
2021-01-17 11:07:43 +01:00
|
|
|
if sig.header.unsafety == hir::Unsafety::Unsafe && unsafe_op_in_unsafe_fn_allowed {
|
|
|
|
|
Some(("fn", parent_id))
|
2020-05-03 23:11:34 +02:00
|
|
|
} else {
|
|
|
|
|
None
|
2018-02-17 22:31:14 -05:00
|
|
|
}
|
2017-11-05 20:04:18 +02:00
|
|
|
} else {
|
2021-01-17 11:07:43 +01:00
|
|
|
is_enclosed(tcx, used_unsafe, parent_id, unsafe_op_in_unsafe_fn_allowed)
|
2017-11-05 20:04:18 +02:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
None
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-14 00:48:52 +03:00
|
|
|
fn report_unused_unsafe(tcx: TyCtxt<'_>, used_unsafe: &FxHashSet<hir::HirId>, id: hir::HirId) {
|
2020-03-09 11:42:37 -07:00
|
|
|
let span = tcx.sess.source_map().guess_head_span(tcx.hir().span(id));
|
2020-01-31 22:24:57 +10:00
|
|
|
tcx.struct_span_lint_hir(UNUSED_UNSAFE, id, span, |lint| {
|
2020-02-06 01:27:46 +10:00
|
|
|
let msg = "unnecessary `unsafe` block";
|
2020-01-31 22:24:57 +10:00
|
|
|
let mut db = lint.build(msg);
|
|
|
|
|
db.span_label(span, msg);
|
2021-01-17 11:07:43 +01:00
|
|
|
if let Some((kind, id)) =
|
|
|
|
|
is_enclosed(tcx, used_unsafe, id, unsafe_op_in_unsafe_fn_allowed(tcx, id))
|
|
|
|
|
{
|
2020-01-31 22:24:57 +10:00
|
|
|
db.span_label(
|
2020-03-09 11:42:37 -07:00
|
|
|
tcx.sess.source_map().guess_head_span(tcx.hir().span(id)),
|
2020-01-31 22:24:57 +10:00
|
|
|
format!("because it's nested under this `unsafe` {}", kind),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
db.emit();
|
|
|
|
|
});
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
|
2020-05-17 17:02:57 +02:00
|
|
|
pub fn check_unsafety(tcx: TyCtxt<'_>, def_id: LocalDefId) {
|
2017-09-19 16:20:02 +03:00
|
|
|
debug!("check_unsafety({:?})", def_id);
|
2017-11-11 02:20:53 +09:00
|
|
|
|
|
|
|
|
// closures are handled by their parent fn.
|
2020-05-17 17:02:57 +02:00
|
|
|
if tcx.is_closure(def_id.to_def_id()) {
|
2017-11-11 02:20:53 +09:00
|
|
|
return;
|
|
|
|
|
}
|
2017-09-19 16:20:02 +03:00
|
|
|
|
2020-05-17 17:02:57 +02:00
|
|
|
let UnsafetyCheckResult { violations, unsafe_blocks } = tcx.unsafety_check_result(def_id);
|
2017-11-05 20:04:18 +02:00
|
|
|
|
2020-07-14 12:12:01 +10:00
|
|
|
for &UnsafetyViolation { source_info, lint_root, kind, details } in violations.iter() {
|
|
|
|
|
let (description, note) = details.description_and_note();
|
|
|
|
|
|
2017-09-19 16:20:02 +03:00
|
|
|
// Report an error.
|
2020-05-13 23:43:21 +02:00
|
|
|
let unsafe_fn_msg =
|
2020-05-19 00:18:50 +02:00
|
|
|
if unsafe_op_in_unsafe_fn_allowed(tcx, lint_root) { " function or" } else { "" };
|
2020-05-13 23:43:21 +02:00
|
|
|
|
2017-11-16 20:12:23 +02:00
|
|
|
match kind {
|
2021-04-25 12:52:42 +02:00
|
|
|
UnsafetyViolationKind::General => {
|
2020-05-03 23:11:34 +02:00
|
|
|
// once
|
2017-11-16 20:12:23 +02:00
|
|
|
struct_span_err!(
|
2019-12-22 17:42:04 -05:00
|
|
|
tcx.sess,
|
|
|
|
|
source_info.span,
|
|
|
|
|
E0133,
|
2020-05-13 23:43:21 +02:00
|
|
|
"{} is unsafe and requires unsafe{} block",
|
2020-05-03 23:11:34 +02:00
|
|
|
description,
|
2020-05-13 23:43:21 +02:00
|
|
|
unsafe_fn_msg,
|
2019-12-22 17:42:04 -05:00
|
|
|
)
|
2020-07-14 12:12:01 +10:00
|
|
|
.span_label(source_info.span, description)
|
|
|
|
|
.note(note)
|
2019-12-22 17:42:04 -05:00
|
|
|
.emit();
|
2017-11-16 20:12:23 +02:00
|
|
|
}
|
2020-05-13 23:43:21 +02:00
|
|
|
UnsafetyViolationKind::UnsafeFn => tcx.struct_span_lint_hir(
|
2020-05-03 23:11:34 +02:00
|
|
|
UNSAFE_OP_IN_UNSAFE_FN,
|
2020-05-13 23:43:21 +02:00
|
|
|
lint_root,
|
2020-05-03 23:11:34 +02:00
|
|
|
source_info.span,
|
|
|
|
|
|lint| {
|
|
|
|
|
lint.build(&format!(
|
|
|
|
|
"{} is unsafe and requires unsafe block (error E0133)",
|
2020-05-19 00:19:31 +02:00
|
|
|
description,
|
2020-05-03 23:11:34 +02:00
|
|
|
))
|
2020-07-14 12:12:01 +10:00
|
|
|
.span_label(source_info.span, description)
|
|
|
|
|
.note(note)
|
2020-05-03 23:11:34 +02:00
|
|
|
.emit();
|
|
|
|
|
},
|
|
|
|
|
),
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
2017-11-05 20:04:18 +02:00
|
|
|
|
2020-04-16 14:24:52 +02:00
|
|
|
let (mut unsafe_used, mut unsafe_unused): (FxHashSet<_>, Vec<_>) = Default::default();
|
|
|
|
|
for &(block_id, is_used) in unsafe_blocks.iter() {
|
|
|
|
|
if is_used {
|
|
|
|
|
unsafe_used.insert(block_id);
|
|
|
|
|
} else {
|
|
|
|
|
unsafe_unused.push(block_id);
|
2017-11-05 20:04:18 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-04-16 20:00:54 +02:00
|
|
|
// The unused unsafe blocks might not be in source order; sort them so that the unused unsafe
|
|
|
|
|
// error messages are properly aligned and the issue-45107 and lint-unused-unsafe tests pass.
|
2020-04-16 14:53:09 +02:00
|
|
|
unsafe_unused.sort_by_cached_key(|hir_id| tcx.hir().span(*hir_id));
|
2020-04-16 14:24:52 +02:00
|
|
|
|
|
|
|
|
for &block_id in &unsafe_unused {
|
|
|
|
|
report_unused_unsafe(tcx, &unsafe_used, block_id);
|
|
|
|
|
}
|
2017-09-19 16:20:02 +03:00
|
|
|
}
|
2020-05-13 23:43:21 +02:00
|
|
|
|
|
|
|
|
fn unsafe_op_in_unsafe_fn_allowed(tcx: TyCtxt<'_>, id: HirId) -> bool {
|
|
|
|
|
tcx.lint_level_at_node(UNSAFE_OP_IN_UNSAFE_FN, id).0 == Level::Allow
|
|
|
|
|
}
|
