2020-05-16 16:17:07 +02:00
|
|
|
use rustc_middle::mir::visit::{PlaceContext, Visitor};
|
|
|
|
|
use rustc_middle::mir::*;
|
|
|
|
|
use rustc_middle::ty::{self, TyCtxt};
|
|
|
|
|
|
2021-12-02 09:17:32 -08:00
|
|
|
use crate::MirLint;
|
2023-04-30 02:20:53 +01:00
|
|
|
use crate::{errors, util};
|
2020-05-16 16:17:07 +02:00
|
|
|
|
|
|
|
|
pub struct CheckPackedRef;
|
|
|
|
|
|
2021-12-02 09:17:32 -08:00
|
|
|
impl<'tcx> MirLint<'tcx> for CheckPackedRef {
|
|
|
|
|
fn run_lint(&self, tcx: TyCtxt<'tcx>, body: &Body<'tcx>) {
|
2020-10-04 11:01:38 -07:00
|
|
|
let param_env = tcx.param_env(body.source.def_id());
|
2020-05-16 16:17:07 +02:00
|
|
|
let source_info = SourceInfo::outermost(body.span);
|
|
|
|
|
let mut checker = PackedRefChecker { body, tcx, param_env, source_info };
|
|
|
|
|
checker.visit_body(&body);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct PackedRefChecker<'a, 'tcx> {
|
|
|
|
|
body: &'a Body<'tcx>,
|
|
|
|
|
tcx: TyCtxt<'tcx>,
|
|
|
|
|
param_env: ty::ParamEnv<'tcx>,
|
|
|
|
|
source_info: SourceInfo,
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-06 00:48:37 -08:00
|
|
|
impl<'tcx> Visitor<'tcx> for PackedRefChecker<'_, 'tcx> {
|
2020-05-16 16:17:07 +02:00
|
|
|
fn visit_terminator(&mut self, terminator: &Terminator<'tcx>, location: Location) {
|
|
|
|
|
// Make sure we know where in the MIR we are.
|
|
|
|
|
self.source_info = terminator.source_info;
|
|
|
|
|
self.super_terminator(terminator, location);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn visit_statement(&mut self, statement: &Statement<'tcx>, location: Location) {
|
|
|
|
|
// Make sure we know where in the MIR we are.
|
|
|
|
|
self.source_info = statement.source_info;
|
|
|
|
|
self.super_statement(statement, location);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn visit_place(&mut self, place: &Place<'tcx>, context: PlaceContext, _location: Location) {
|
|
|
|
|
if context.is_borrow() {
|
|
|
|
|
if util::is_disaligned(self.tcx, self.body, self.param_env, *place) {
|
2021-02-25 19:38:53 +01:00
|
|
|
let def_id = self.body.source.instance.def_id();
|
Allow more deriving on packed structs.
Currently, deriving on packed structs has some non-trivial limitations,
related to the fact that taking references on unaligned fields is UB.
The current approach to field accesses in derived code:
- Normal case: `&self.0`
- In a packed struct that derives `Copy`: `&{self.0}`
- In a packed struct that doesn't derive `Copy`: `&self.0`
Plus, we disallow deriving any builtin traits other than `Default` for any
packed generic type, because it's possible that there might be
misaligned fields. This is a fairly broad restriction.
Plus, we disallow deriving any builtin traits other than `Default` for most
packed types that don't derive `Copy`. (The exceptions are those where the
alignments inherently satisfy the packing, e.g. in a type with
`repr(packed(N))` where all the fields have alignments of `N` or less
anyway. Such types are pretty strange, because the `packed` attribute is
not having any effect.)
This commit introduces a new, simpler approach to field accesses:
- Normal case: `&self.0`
- In a packed struct: `&{self.0}`
In the latter case, this requires that all fields impl `Copy`, which is
a new restriction. This means that the following example compiles under
the old approach and doesn't compile under the new approach.
```
#[derive(Debug)]
struct NonCopy(u8);
#[derive(Debug)
#[repr(packed)]
struct MyType(NonCopy);
```
(Note that the old approach's support for cases like this was brittle.
Changing the `u8` to a `u16` would be enough to stop it working. So not
much capability is lost here.)
However, the other constraints from the old rules are removed. We can now
derive builtin traits for packed generic structs like this:
```
trait Trait { type A; }
#[derive(Hash)]
#[repr(packed)]
pub struct Foo<T: Trait>(T, T::A);
```
To allow this, we add a `T: Copy` bound in the derived impl and a `T::A:
Copy` bound in where clauses. So `T` and `T::A` must impl `Copy`.
We can now also derive builtin traits for packed structs that don't derive
`Copy`, so long as the fields impl `Copy`:
```
#[derive(Hash)]
#[repr(packed)]
pub struct Foo(u32);
```
This includes types that hand-impl `Copy` rather than deriving it, such as the
following, that show up in winapi-0.2:
```
#[derive(Clone)]
#[repr(packed)]
struct MyType(i32);
impl Copy for MyType {}
```
The new approach is simpler to understand and implement, and it avoids
the need for the `unsafe_derive_on_repr_packed` check.
One exception is required for backwards-compatibility: we allow `[u8]`
fields for now. There is a new lint for this,
`byte_slice_in_packed_struct_with_derive`.
2022-11-21 14:40:32 +11:00
|
|
|
if let Some(impl_def_id) = self.tcx.impl_of_method(def_id)
|
2023-02-16 17:17:55 +00:00
|
|
|
&& self.tcx.is_builtin_derived(impl_def_id)
|
2021-12-13 20:56:40 +00:00
|
|
|
{
|
Allow more deriving on packed structs.
Currently, deriving on packed structs has some non-trivial limitations,
related to the fact that taking references on unaligned fields is UB.
The current approach to field accesses in derived code:
- Normal case: `&self.0`
- In a packed struct that derives `Copy`: `&{self.0}`
- In a packed struct that doesn't derive `Copy`: `&self.0`
Plus, we disallow deriving any builtin traits other than `Default` for any
packed generic type, because it's possible that there might be
misaligned fields. This is a fairly broad restriction.
Plus, we disallow deriving any builtin traits other than `Default` for most
packed types that don't derive `Copy`. (The exceptions are those where the
alignments inherently satisfy the packing, e.g. in a type with
`repr(packed(N))` where all the fields have alignments of `N` or less
anyway. Such types are pretty strange, because the `packed` attribute is
not having any effect.)
This commit introduces a new, simpler approach to field accesses:
- Normal case: `&self.0`
- In a packed struct: `&{self.0}`
In the latter case, this requires that all fields impl `Copy`, which is
a new restriction. This means that the following example compiles under
the old approach and doesn't compile under the new approach.
```
#[derive(Debug)]
struct NonCopy(u8);
#[derive(Debug)
#[repr(packed)]
struct MyType(NonCopy);
```
(Note that the old approach's support for cases like this was brittle.
Changing the `u8` to a `u16` would be enough to stop it working. So not
much capability is lost here.)
However, the other constraints from the old rules are removed. We can now
derive builtin traits for packed generic structs like this:
```
trait Trait { type A; }
#[derive(Hash)]
#[repr(packed)]
pub struct Foo<T: Trait>(T, T::A);
```
To allow this, we add a `T: Copy` bound in the derived impl and a `T::A:
Copy` bound in where clauses. So `T` and `T::A` must impl `Copy`.
We can now also derive builtin traits for packed structs that don't derive
`Copy`, so long as the fields impl `Copy`:
```
#[derive(Hash)]
#[repr(packed)]
pub struct Foo(u32);
```
This includes types that hand-impl `Copy` rather than deriving it, such as the
following, that show up in winapi-0.2:
```
#[derive(Clone)]
#[repr(packed)]
struct MyType(i32);
impl Copy for MyType {}
```
The new approach is simpler to understand and implement, and it avoids
the need for the `unsafe_derive_on_repr_packed` check.
One exception is required for backwards-compatibility: we allow `[u8]`
fields for now. There is a new lint for this,
`byte_slice_in_packed_struct_with_derive`.
2022-11-21 14:40:32 +11:00
|
|
|
// If we ever reach here it means that the generated derive
|
|
|
|
|
// code is somehow doing an unaligned reference, which it
|
|
|
|
|
// shouldn't do.
|
2023-02-16 17:17:55 +00:00
|
|
|
span_bug!(self.source_info.span, "builtin derive created an unaligned reference");
|
2021-02-25 19:38:53 +01:00
|
|
|
} else {
|
2023-04-30 02:20:53 +01:00
|
|
|
self.tcx.sess.emit_err(errors::UnalignedPackedRef { span: self.source_info.span });
|
2021-02-25 19:38:53 +01:00
|
|
|
}
|
2020-05-16 16:17:07 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
