mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rust/src/comp/middle/alias.rs

672 lines
23 KiB
Rust
Raw Normal View History

Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
import front::ast;
import front::ast::ident;
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
import front::ast::node_id;
import front::ast::def_id;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
import util::common::span;
import visit::vt;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
import std::vec;
import std::str;
import std::option;
import std::option::some;
import std::option::none;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
import std::option::is_none;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
// This is not an alias-analyser (though it would merit from becoming one, or
// at getting input from one, to be more precise). It is a pass that checks
// whether aliases are used in a safe way. Beyond that, though it doesn't have
// a lot to do with aliases, it also checks whether assignments are valid
// (using an lval, which is actually mutable), since it already has all the
// information needed to do that (and the typechecker, which would be a
// logical place for such a check, doesn't).
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
tag valid { valid; overwritten(span, ast::path); val_taken(span, ast::path); }
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
type restrict =
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
@rec(vec[node_id] root_vars,
node_id block_defnum,
vec[node_id] bindings,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
vec[ty::t] tys,
vec[uint] depends_on,
mutable valid ok);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
type scope = vec[restrict];
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
tag local_info { arg(ast::mode); objfield(ast::mutability); }
Implement mutable/immutable alias distinction. Before, all aliases were implicitly mutable, and writing &mutable was the same as writing &. Now, the two are distinguished, and assignments to regular aliases are no longer allowed.
2011-06-10 12:03:50 +02:00
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
type ctx = rec(@ty::ctxt tcx,
std::map::hashmap[node_id, local_info] local_map);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
Refactor data structures representing constraints (again...) I added a "resolved" version of the ast::constr type -- ty::constr_def -- that has a def_id field instead of an ann_field. This is more consistent with other types and eliminates some checking. Incidentally, I removed the def_map argument to the top-level function in middle::alias, since the ty::ctxt already has a def_map field.
2011-06-15 15:14:30 -07:00
fn check_crate(@ty::ctxt tcx, &@ast::crate crate) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto cx =
@rec(tcx=tcx,
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
// Stores information about object fields and function
// arguments that's otherwise not easily available.
local_map=util::common::new_int_hash());
auto v =
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
@rec(visit_fn=bind visit_fn(cx, _, _, _, _, _, _, _),
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
visit_item=bind visit_item(cx, _, _, _),
visit_expr=bind visit_expr(cx, _, _, _)
with *visit::default_visitor[scope]());
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
visit::visit_crate(*crate, [], visit::vtor(v));
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
fn visit_fn(@ctx cx, &ast::_fn f, &vec[ast::ty_param] tp, &span sp,
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
&ident name, ast::node_id id, &scope sc, &vt[scope] v) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
visit::visit_fn_decl(f.decl, sc, v);
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (ast::arg arg_ in f.decl.inputs) {
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
cx.local_map.insert(arg_.id, arg(arg_.mode));
Implement mutable/immutable alias distinction. Before, all aliases were implicitly mutable, and writing &mutable was the same as writing &. Now, the two are distinguished, and assignments to regular aliases are no longer allowed.
2011-06-10 12:03:50 +02:00
}
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
vt(v).visit_block(f.body, [], v);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
fn visit_item(@ctx cx, &@ast::item i, &scope sc, &vt[scope] v) {
alt (i.node) {
Refactor ast::item representation Most of the fields in an AST item were present in all variants. Things could be simplified considerably by putting them in the rec rather than in the variant tags.
2011-06-16 11:53:06 +02:00
case (ast::item_obj(?o, _, _)) {
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (ast::obj_field f in o.fields) {
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
cx.local_map.insert(f.id, objfield(f.mut));
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
}
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
}
visit::visit_item(i, sc, v);
}
fn visit_expr(@ctx cx, &@ast::expr ex, &scope sc, &vt[scope] v) {
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
auto handled = true;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
alt (ex.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_call(?f, ?args)) {
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
check_call(*cx, f, args, sc);
handled = false;
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_be(?cl)) {
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
check_tail_call(*cx, cl);
visit::visit_expr(cl, sc, v);
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_alt(?input, ?arms)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_alt(*cx, input, arms, sc, v);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_put(?val)) {
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
alt (val) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
case (some(?ex)) {
auto root = expr_root(*cx, ex, false);
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
if (mut_field(root.ds)) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(ex.span,
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
"result of put must be" +
" immutably rooted");
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
visit_expr(cx, ex, sc, v);
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_for_each(?decl, ?call, ?block)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_for_each(*cx, decl, call, block, sc, v);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_for(?decl, ?seq, ?block)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_for(*cx, decl, seq, block, sc, v);
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_path(?pt)) {
check_var(*cx, ex, pt, ex.id, false, sc);
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
handled = false;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_move(?dest, ?src)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_assign(cx, dest, src, sc, v);
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_assign(?dest, ?src)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_assign(cx, dest, src, sc, v);
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_assign_op(_, ?dest, ?src)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
check_assign(cx, dest, src, sc, v);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
case (_) { handled = false; }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
if (!handled) { visit::visit_expr(ex, sc, v); }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
fn check_call(&ctx cx, &@ast::expr f, &vec[@ast::expr] args, &scope sc) ->
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
rec(vec[node_id] root_vars, vec[ty::t] unsafe_ts) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto fty = ty::expr_ty(*cx.tcx, f);
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
auto arg_ts = fty_args(cx, fty);
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
let vec[node_id] roots = [];
let vec[tup(uint, node_id)] mut_roots = [];
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
let vec[ty::t] unsafe_ts = [];
let vec[uint] unsafe_t_offsets = [];
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
auto i = 0u;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
for (ty::arg arg_t in arg_ts) {
if (arg_t.mode != ty::mo_val) {
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
auto arg = args.(i);
auto root = expr_root(cx, arg, false);
if (arg_t.mode == ty::mo_alias(true)) {
alt (path_def_id(cx, arg)) {
case (some(?did)) {
vec::push(mut_roots, tup(i, did._1));
}
case (_) {
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
if (!mut_field(root.ds)) {
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
auto m =
"passing a temporary value or \
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
immutable field by mutable alias";
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(arg.span, m);
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
}
}
}
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
alt (path_def_id(cx, root.ex)) {
case (some(?did)) { vec::push(roots, did._1); }
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
alt (inner_mut(root.ds)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
case (some(?t)) {
vec::push(unsafe_ts, t);
vec::push(unsafe_t_offsets, i);
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
}
i += 1u;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
if (vec::len(unsafe_ts) > 0u) {
alt (f.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_path(_)) {
if (def_is_local(cx.tcx.def_map.get(f.id), true)) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(f.span,
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
#fmt("function may alias with \
argument %u, which is not immutably rooted",
unsafe_t_offsets.(0)));
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
}
auto j = 0u;
for (ty::t unsafe in unsafe_ts) {
auto offset = unsafe_t_offsets.(j);
j += 1u;
auto i = 0u;
for (ty::arg arg_t in arg_ts) {
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
auto mut_alias = arg_t.mode == ty::mo_alias(true);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
if (i != offset &&
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
ty_can_unsafely_include(cx, unsafe, arg_t.ty, mut_alias))
{
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(args.(i).span,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
#fmt("argument %u may alias with \
argument %u, which is not immutably rooted",
i, offset));
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
i += 1u;
}
}
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
// Ensure we're not passing a root by mutable alias.
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
for (tup(uint, node_id) root in mut_roots) {
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
auto mut_alias_to_root = vec::count(root._1, roots) > 1u;
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (restrict r in sc) {
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
if (vec::member(root._1, r.root_vars)) {
mut_alias_to_root = true;
}
}
if (mut_alias_to_root) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(args.(root._0).span,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
"passing a mutable alias to a \
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
variable that roots another alias");
}
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
ret rec(root_vars=roots, unsafe_ts=unsafe_ts);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
fn check_tail_call(&ctx cx, &@ast::expr call) {
auto args;
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
auto f =
alt (call.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_call(?f, ?args_)) { args = args_; f }
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
};
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
auto i = 0u;
for (ty::arg arg_t in fty_args(cx, ty::expr_ty(*cx.tcx, f))) {
if (arg_t.mode != ty::mo_val) {
auto mut_a = arg_t.mode == ty::mo_alias(true);
auto ok = true;
alt (args.(i).node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_path(_)) {
auto def = cx.tcx.def_map.get(args.(i).id);
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
auto dnum = ast::def_id_of_def(def)._1;
alt (cx.local_map.find(dnum)) {
case (some(arg(ast::alias(?mut)))) {
if (mut_a && !mut) {
Fix some uses of span_warn in alias.rs that should be span_fatal
2011-06-20 10:44:38 +02:00
cx.tcx.sess.span_fatal(args.(i).span,
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
"passing an immutable \
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
alias by mutable alias");
}
}
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
case (_) { ok = !def_is_local(def, false); }
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
}
}
case (_) { ok = false; }
}
if (!ok) {
Fix some uses of span_warn in alias.rs that should be span_fatal
2011-06-20 10:44:38 +02:00
cx.tcx.sess.span_fatal(args.(i).span,
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
"can not pass a local value by \
alias to a tail call");
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
}
}
i += 1u;
}
}
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
fn check_alt(&ctx cx, &@ast::expr input, &vec[ast::arm] arms, &scope sc,
&vt[scope] v) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
visit::visit_expr(input, sc, v);
auto root = expr_root(cx, input, true);
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto roots =
alt (path_def_id(cx, root.ex)) {
case (some(?did)) { [did._1] }
case (_) { [] }
};
let vec[ty::t] forbidden_tp =
alt (inner_mut(root.ds)) { case (some(?t)) { [t] } case (_) { [] } };
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
for (ast::arm a in arms) {
auto dnums = arm_defnums(a);
auto new_sc = sc;
if (vec::len(dnums) > 0u) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
new_sc =
sc +
[@rec(root_vars=roots,
block_defnum=dnums.(0),
bindings=dnums,
tys=forbidden_tp,
depends_on=deps(sc, roots),
mutable ok=valid)];
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
visit::visit_arm(a, new_sc, v);
}
}
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn arm_defnums(&ast::arm arm) -> vec[node_id] {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto dnums = [];
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn walk_pat(&mutable vec[node_id] found, &@ast::pat p) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
alt (p.node) {
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
case (ast::pat_bind(_, ?id)) { vec::push(found, id); }
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
case (ast::pat_tag(_, ?children, _)) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
for (@ast::pat child in children) { walk_pat(found, child); }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
walk_pat(dnums, arm.pat);
ret dnums;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Change decl to local in expr_for and expr_for_each Since the decl in a for or for-each loop must always be a local decl, I changed the AST to express this. Fewer potential match failures and "the impossible happened" error messages = yay!
2011-06-13 17:04:15 -07:00
fn check_for_each(&ctx cx, &@ast::local local, &@ast::expr call,
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
&ast::block block, &scope sc, &vt[scope] v) {
visit::visit_expr(call, sc, v);
alt (call.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_call(?f, ?args)) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto data = check_call(cx, f, args, sc);
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
auto defnum = local.node.id;
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto new_sc =
@rec(root_vars=data.root_vars,
block_defnum=defnum,
bindings=[defnum],
tys=data.unsafe_ts,
depends_on=deps(sc, data.root_vars),
mutable ok=valid);
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
visit::visit_block(block, sc + [new_sc], v);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
fn check_for(&ctx cx, &@ast::local local, &@ast::expr seq, &ast::block block,
&scope sc, &vt[scope] v) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
visit::visit_expr(seq, sc, v);
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
auto defnum = local.node.id;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto root = expr_root(cx, seq, false);
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto root_def =
alt (path_def_id(cx, root.ex)) {
case (some(?did)) { [did._1] }
case (_) { [] }
};
auto unsafe =
alt (inner_mut(root.ds)) { case (some(?t)) { [t] } case (_) { [] } };
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
// If this is a mutable vector, don't allow it to be touched.
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto seq_t = ty::expr_ty(*cx.tcx, seq);
alt (ty::struct(*cx.tcx, seq_t)) {
case (ty::ty_vec(?mt)) {
if (mt.mut != ast::imm) { unsafe = [seq_t]; }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
rustc: Implement "for" over interior vectors
2011-06-20 16:52:43 -07:00
case (ty::ty_str) { /* no-op */ }
case (ty::ty_ivec(?mt)) {
if (mt.mut != ast::imm) { unsafe = [seq_t]; }
}
case (ty::ty_istr) { /* no-op */ }
rustc: Output an unimplemented message when alias encounters an unknown sequence type
2011-06-21 10:59:05 -04:00
case (_) {
cx.tcx.sess.span_unimpl(seq.span, "unknown seq type " +
pretty::ppaux::ty_to_str(*cx.tcx, seq_t));
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto new_sc =
@rec(root_vars=root_def,
block_defnum=defnum,
bindings=[defnum],
tys=unsafe,
depends_on=deps(sc, root_def),
mutable ok=valid);
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
visit::visit_block(block, sc + [new_sc], v);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn check_var(&ctx cx, &@ast::expr ex, &ast::path p, ast::node_id id,
bool assign, &scope sc) {
auto def = cx.tcx.def_map.get(id);
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
if (!def_is_local(def, true)) { ret; }
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto my_defnum = ast::def_id_of_def(def)._1;
auto var_t = ty::expr_ty(*cx.tcx, ex);
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (restrict r in sc) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
// excludes variables introduced since the alias was made
if (my_defnum < r.block_defnum) {
for (ty::t t in r.tys) {
if (ty_can_unsafely_include(cx, t, var_t, assign)) {
r.ok = val_taken(ex.span, p);
}
}
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
} else if (vec::member(my_defnum, r.bindings)) {
test_scope(cx, sc, r, p);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
}
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
// FIXME does not catch assigning to immutable object fields yet
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
fn check_assign(&@ctx cx, &@ast::expr dest, &@ast::expr src, &scope sc,
&vt[scope] v) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
visit_expr(cx, src, sc, v);
alt (dest.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_path(?p)) {
auto dnum = ast::def_id_of_def(cx.tcx.def_map.get(dest.id))._1;
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
if (is_immutable_alias(cx, sc, dnum)) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(dest.span,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
"assigning to immutable alias");
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
} else if (is_immutable_objfield(cx, dnum)) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(dest.span,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
"assigning to immutable obj field");
Implement mutable/immutable alias distinction. Before, all aliases were implicitly mutable, and writing &mutable was the same as writing &. Now, the two are distinguished, and assignments to regular aliases are no longer allowed.
2011-06-10 12:03:50 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto var_t = ty::expr_ty(*cx.tcx, dest);
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (restrict r in sc) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
if (vec::member(dnum, r.root_vars)) {
r.ok = overwritten(dest.span, p);
}
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
check_var(*cx, dest, p, dest.id, true, sc);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
case (_) {
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
auto root = expr_root(*cx, dest, false);
if (vec::len(root.ds) == 0u) {
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(dest.span, "assignment to non-lvalue");
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
} else if (!root.ds.(0).mut) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto name =
alt (root.ds.(0).kind) {
case (unbox) { "box" }
case (field) { "field" }
case (index) { "vec content" }
};
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(dest.span,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
"assignment to immutable " + name);
Extend alias analysis to check assignments This is a somewhat odd place to put these checks, but the data tracked by that pass, and the available functions, make it trivial to do such a check there.
2011-06-15 12:17:37 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
visit_expr(cx, dest, sc, v);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn is_immutable_alias(&@ctx cx, &scope sc, node_id dnum) -> bool {
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
alt (cx.local_map.find(dnum)) {
case (some(arg(ast::alias(false)))) { ret true; }
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { }
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
}
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (restrict r in sc) {
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
if (vec::member(dnum, r.bindings)) { ret true; }
}
ret false;
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn is_immutable_objfield(&@ctx cx, node_id dnum) -> bool {
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
ret cx.local_map.find(dnum) == some(objfield(ast::imm));
}
Handle mutable references in alias analysis
2011-06-10 16:38:13 +02:00
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
fn test_scope(&ctx cx, &scope sc, &restrict r, &ast::path p) {
auto prob = r.ok;
for (uint dep in r.depends_on) {
if (prob != valid) { break; }
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
prob = sc.(dep).ok;
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
}
if (prob != valid) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto msg =
alt (prob) {
case (overwritten(?sp, ?wpt)) {
tup(sp, "overwriting " + ast::path_name(wpt))
}
case (val_taken(?sp, ?vpt)) {
tup(sp, "taking the value of " + ast::path_name(vpt))
}
};
rustc: Rename session.span_err -> span_fatal, err -> fatal Issue #440
2011-06-18 22:41:20 -07:00
cx.tcx.sess.span_fatal(msg._0,
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
msg._1 + " will invalidate alias " +
ast::path_name(p) + ", which is still used");
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
}
}
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
fn deps(&scope sc, vec[node_id] roots) -> vec[uint] {
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
auto i = 0u;
auto result = [];
Implement checking against assignments to immutable obj fields
2011-06-15 14:59:51 +02:00
for (restrict r in sc) {
Get rid of def_ids and anns in AST nodes, use single node_id This reduces some redundancy in the AST data structures and cruft in the code that works with them. To get a def_id from a node_id, apply ast::local_def, which adds the local crate_num to the given node_id. Most code only deals with crate-local node_ids, and won't have to create def_ids at all.
2011-06-19 22:41:21 +02:00
for (node_id dn in roots) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
if (vec::member(dn, r.bindings)) { vec::push(result, i); }
Properly handle lifetime of aliases in nested blocks There was a bug that would cause the alias analyser to allow you to invalidate an alias that was no longer directly referred to, even if another alias was rooted in it. It now properly tracks dependencies between live aliases. Required another case of copying values in map.rs.
2011-06-09 14:19:13 +02:00
}
i += 1u;
}
ret result;
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
tag deref_t { unbox; field; index; }
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
type deref = rec(bool mut, deref_t kind, ty::t outer_t);
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
// Finds the root (the thing that is dereferenced) for the given expr, and a
// vec of dereferences that were used on this root. Note that, in this vec,
// the inner derefs come in front, so foo.bar.baz becomes rec(ex=foo,
// ds=[field(baz),field(bar)])
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
fn expr_root(&ctx cx, @ast::expr ex, bool autoderef) ->
rec(@ast::expr ex, vec[deref] ds) {
fn maybe_auto_unbox(&ctx cx, &ty::t t) ->
rec(ty::t t, option::t[deref] d) {
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
alt (ty::struct(*cx.tcx, t)) {
case (ty::ty_box(?mt)) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
ret rec(t=mt.ty,
d=some(rec(mut=mt.mut != ast::imm,
kind=unbox,
outer_t=t)));
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { ret rec(t=t, d=none); }
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
}
}
fn maybe_push_auto_unbox(&option::t[deref] d, &mutable vec[deref] ds) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
alt (d) { case (some(?d)) { vec::push(ds, d); } case (none) { } }
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
}
let vec[deref] ds = [];
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
while (true) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
alt ({ ex.node }) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_field(?base, ?ident)) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto auto_unbox =
maybe_auto_unbox(cx, ty::expr_ty(*cx.tcx, base));
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
auto mut = false;
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
alt (ty::struct(*cx.tcx, auto_unbox.t)) {
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
case (ty::ty_tup(?fields)) {
auto fnm = ty::field_num(cx.tcx.sess, ex.span, ident);
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
mut = fields.(fnm).mut != ast::imm;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
case (ty::ty_rec(?fields)) {
for (ty::field fld in fields) {
if (str::eq(ident, fld.ident)) {
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
mut = fld.mt.mut != ast::imm;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
break;
}
}
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (ty::ty_obj(_)) { }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
vec::push(ds, rec(mut=mut, kind=field, outer_t=auto_unbox.t));
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
maybe_push_auto_unbox(auto_unbox.d, ds);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
ex = base;
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_index(?base, _)) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
auto auto_unbox =
maybe_auto_unbox(cx, ty::expr_ty(*cx.tcx, base));
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
alt (ty::struct(*cx.tcx, auto_unbox.t)) {
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
case (ty::ty_vec(?mt)) {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
vec::push(ds,
rec(mut=mt.mut != ast::imm,
kind=index,
outer_t=auto_unbox.t));
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
rustc: Add missing case for interior vectors in alias.rs
2011-06-17 19:02:30 -07:00
case (ty::ty_ivec(?mt)) {
vec::push(ds,
rec(mut=mt.mut != ast::imm,
kind=index,
outer_t=auto_unbox.t));
}
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
maybe_push_auto_unbox(auto_unbox.d, ds);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
ex = base;
}
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_unary(?op, ?base)) {
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
if (op == ast::deref) {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
auto base_t = ty::expr_ty(*cx.tcx, base);
alt (ty::struct(*cx.tcx, base_t)) {
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
case (ty::ty_box(?mt)) {
Make it possible to use * to dereference a resource
2011-06-28 16:38:14 +02:00
vec::push(ds, rec(mut=mt.mut != ast::imm,
kind=unbox,
outer_t=base_t));
}
case (ty::ty_res(_, ?inner)) {
vec::push(ds, rec(mut=false,
kind=unbox,
outer_t=base_t));
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
}
ex = base;
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
} else { break; }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
case (_) { break; }
}
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
if (autoderef) {
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
auto auto_unbox = maybe_auto_unbox(cx, ty::expr_ty(*cx.tcx, ex));
maybe_push_auto_unbox(auto_unbox.d, ds);
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
ret rec(ex=ex, ds=ds);
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
fn mut_field(&vec[deref] ds) -> bool {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
for (deref d in ds) { if (d.mut) { ret true; } }
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
ret false;
}
fn inner_mut(&vec[deref] ds) -> option::t[ty::t] {
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
for (deref d in ds) { if (d.mut) { ret some(d.outer_t); } }
Refactor expr_root in alias.rs It was too clunky and specific before. Now returns a vec of dereference specs instead of a bunch of special-case information. Further accessors extract the information they need from this vec.
2011-06-15 11:03:23 +02:00
ret none;
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
fn path_def_id(&ctx cx, &@ast::expr ex) -> option::t[ast::def_id] {
alt (ex.node) {
Move expr ids into the expr record type This simplifies the tag variants a bit and makes expr_node_id obsolete.
2011-06-21 22:16:40 +02:00
case (ast::expr_path(_)) {
ret some(ast::def_id_of_def(cx.tcx.def_map.get(ex.id)));
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (_) { ret none; }
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
fn ty_can_unsafely_include(&ctx cx, ty::t needle, ty::t haystack, bool mut) ->
bool {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
fn get_mut(bool cur, &ty::mt mt) -> bool {
ret cur || mt.mut != ast::imm;
}
fn helper(&ty::ctxt tcx, ty::t needle, ty::t haystack, bool mut) -> bool {
if (needle == haystack) { ret true; }
alt (ty::struct(tcx, haystack)) {
case (ty::ty_tag(_, ?ts)) {
for (ty::t t in ts) {
if (helper(tcx, needle, t, mut)) { ret true; }
}
ret false;
}
case (ty::ty_box(?mt)) {
ret helper(tcx, needle, mt.ty, get_mut(mut, mt));
}
case (ty::ty_vec(?mt)) {
ret helper(tcx, needle, mt.ty, get_mut(mut, mt));
}
case (ty::ty_ptr(?mt)) {
ret helper(tcx, needle, mt.ty, get_mut(mut, mt));
}
case (ty::ty_tup(?mts)) {
for (ty::mt mt in mts) {
if (helper(tcx, needle, mt.ty, get_mut(mut, mt))) {
ret true;
}
}
ret false;
}
case (ty::ty_rec(?fields)) {
for (ty::field f in fields) {
if (helper(tcx, needle, f.mt.ty, get_mut(mut, f.mt))) {
ret true;
}
}
ret false;
}
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (
// These may contain anything.
ty::ty_fn(_, _, _, _, _)) {
ret true;
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
case (ty::ty_obj(_)) { ret true; }
Reformat source tree (minus a couple tests that are still grumpy).
2011-06-15 11:19:50 -07:00
case (
// A type param may include everything, but can only be
// treated as opaque downstream, and is thus safe unless we
// saw mutable fields, in which case the whole thing can be
// overwritten.
ty::ty_param(_)) {
ret mut;
}
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
case (_) { ret false; }
}
}
ret helper(*cx.tcx, needle, haystack, mut);
}
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
fn def_is_local(&ast::def d, bool objfields_count) -> bool {
A revised, improved alias-checker The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
2011-06-07 11:20:51 +02:00
ret alt (d) {
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
case (ast::def_local(_)) { true }
case (ast::def_arg(_)) { true }
case (ast::def_obj_field(_)) { objfields_count }
case (ast::def_binding(_)) { true }
case (_) { false }
};
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
}
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
fn fty_args(&ctx cx, ty::t fty) -> vec[ty::arg] {
ret alt (ty::struct(*cx.tcx, fty)) {
Reformat a bunch of recent churn.
2011-06-16 16:55:46 -07:00
case (ty::ty_fn(_, ?args, _, _, _)) { args }
case (ty::ty_native_fn(_, ?args, _)) { args }
};
Implement checking of alias safety in tail calls.
2011-06-15 21:01:28 +02:00
}
First take on an alias-safety checker The alias checker works by ensuring that any value to which an alias is created is rooted in some way that ensures it outlives the alias. It is now disallowed to create an alias to the content of a mutable box, or to a box hanging off a mutable field. There is also machinery in place to prevent assignment to local variables whenever they are the root of a live alias.
2011-06-06 15:22:13 +02:00
// Local Variables:
// mode: rust
// fill-column: 78;
// indent-tabs-mode: nil
// c-basic-offset: 4
// buffer-file-coding-system: utf-8-unix
// compile-command: "make -k -C $RBUILD 2>&1 | sed -e 's/\\/x\\//x:\\//g'";
// End:
Reference in New Issue Copy Permalink