Commit Graph

84295 Commits

Author SHA1 Message Date
bors
c7df1f530b Auto merge of #54453 - nikomatsakis:nll-issue-53121-shred-outlives, r=pnkfelix
rework how we handle outlives relationships

When we encounter an outlives relationship involving a projection, we use to over-constrain in some cases with region constraints. We also used to evaluate whether the where-clauses in the environment might apply **before** running inference.

We now avoid doing both of those things:

- If there are where-clauses in the environment that might be useful, we add no constraints.
- After inference is done, we check if we wound up inferring values compatible with the where-clause, and make use of them if so.

I realize now that this PR includes some meandering commits and refactorings from when I expected to go in a different direction. If desired, I could try to remove some of those.

Fixes #53121
Fixes #53789

r? @pnkfelix
2018-09-26 18:16:55 +00:00
Michael Bradshaw
c0769545b0 Make core::mem::needs_drop a const fn 2018-09-26 11:04:56 -07:00
Matthias Krüger
45f45e53a5 update clippy submodule to a72e786c
Fixes clippy build.
2018-09-26 19:17:11 +02:00
bors
6846f22a13 Auto merge of #51946 - japaric:emit-stack-sizes, r=nikomatsakis
[eRFC] add -Z emit-stack-sizes

# What

This PR exposes LLVM's ability to report the stack usage of each function through the unstable /
experimental `-Z emit-stack-sizes` flag.

# Motivation

The end goal is to enable whole program analysis of stack usage to prove absence of stack overflows
at compile time. Such property is important in systems that lack a MMU / MPU and where stack
overflows can corrupt memory. And in systems that have protection against stack overflows such proof
can be used to opt out of runtime checks (e.g. stack probes or the MPU).

Such analysis requires the call graph of the program, which can be obtained from MIR, and the stack
usage of each function in the program. Precise information about the later later can only be
obtained from LLVM as it depends on the optimization level and optimization options like LTO.

This PR does **not** attempt to add the ability to perform such whole program analysis to rustc;
it simply does the minimal amount of work to enable such analysis to be implemented out of tree.

# Implementation

This PR exposes a way to set LLVM's `EmitStackSizeSection` option from the command line. The option
is documented [here]; the documentation is copied below for convenience and posteriority:

[here]: https://llvm.org/docs/CodeGenerator.html#emitting-function-stack-size-information

> A section containing metadata on function stack sizes will be emitted when
> TargetLoweringObjectFile::StackSizesSection is not null, and TargetOptions::EmitStackSizeSection
> is set (-stack-size-section). The section will contain an array of pairs of function symbol values
> (pointer size) and stack sizes (unsigned LEB128). The stack size values only include the space
> allocated in the function prologue. Functions with dynamic stack allocations are not included.

Where the LLVM feature is not available (e.g. LLVM version < 6.0) or can't be applied (e.g. the
output format doesn't support sections e.g. .wasm files) the flag does nothing -- i.e. no error or
warning is emitted.

# Example usage

``` console
$ cargo new --bin hello && cd $_

$ cat >src/main.rs <<'EOF'
use std::{mem, ptr};

fn main() {
    registers();
    stack();
}

#[inline(never)]
fn registers() {
    unsafe {
        // values loaded into registers
        ptr::read_volatile(&(0u64, 1u64));
    }
}

#[inline(never)]
fn stack() {
    unsafe {
        // array allocated on the stack
        let array: [i32; 4] = mem::uninitialized();
        for elem in &array {
            ptr::read_volatile(&elem);
        }
    }
}
EOF

$ # we need a custom linking step to preserve the .stack_sizes section
$ # (see unresolved questions for a solution that doesn't require custom linking)
$ cat > keep-stack-sizes.x <<'EOF'
SECTIONS
{
  .stack_sizes :
  {
    KEEP(*(.stack_sizes));
  }
}
EOF

$ cargo rustc --release -- \
    -Z emit-stack-sizes \
    -C link-arg=-Wl,-Tkeep-stack-sizes.x \
    -C link-arg=-N

$ size -A target/release/hello | grep stack_sizes
.stack_sizes    117   185136
```

Then a tool like [`stack-sizes`] can be used to print the information in human readable format

[`stack-sizes`]: https://github.com/japaric/stack-sizes/#stack-sizes

``` console
$ stack-sizes target/release/hello
address                 size    name
0x000000000004b0        0       core::array::<impl core::iter::traits::IntoIterator for &'a [T; _]>::into_iter::ha50e6661c0ec84aa
0x000000000004c0        8       std::rt::lang_start::ha02aea783e0e1b3e
0x000000000004f0        8       std::rt::lang_start::{{closure}}::h5115b527d5244952
0x00000000000500        8       core::ops::function::FnOnce::call_once::h6bfa1076da82b0fb
0x00000000000510        0       core::ptr::drop_in_place::hb4de82e57787bc70
0x00000000000520        8       hello::main::h08bb6cec0556bd66
0x00000000000530        0       hello::registers::h9d058a5d765ec1d2
0x00000000000540        24      hello::stack::h88c8cb66adfdc6f3
0x00000000000580        8       main
0x000000000005b0        0       __rust_alloc
0x000000000005c0        0       __rust_dealloc
0x000000000005d0        0       __rust_realloc
0x000000000005e0        0       __rust_alloc_zeroed
```

# Stability

Like `-Z sanitize` this is a re-export of an LLVM feature. To me knowledge, we don't have a policy
about stabilization of such features as they are incompatible with, or demand extra implementation
effort from, alternative backends (e.g. cranelift). As such this feature will remain experimental /
unstable for the foreseeable future.

# Unresolved questions

## Section name

Should we rename the `.stack_sizes` section to `.debug_stacksizes`?

With the former name linkers will strip the section unless told otherwise using a linker script,
which means getting this information requires both knowledge about linker scripts and a custom
linker invocation (see example above).

If we use the `.debug_stacksizes` name (I believe) linkers will always keep the section, which means
`-Z emit-stack-sizes` is the only thing required to get the stack usage information.

# ~TODOs~

~Investigate why this doesn't work with the `thumb` targets. I get the LLVM error shown below:~

``` console
$ cargo new --lib foo && cd $_

$ echo '#![no_std] pub fn foo() {}' > src/lib.rs

$ cargo rustc --target thumbv7m-none-eabi -- -Z emit-stack-sizes
LLVM ERROR: unsupported relocation on symbol
```

~which sounds like it might be related to the `relocation-model` option. Maybe `relocation-model =
static` is not supported for some reason?~

This fixed itself after the LLVM upgrade.

---

r? @nikomatsakis
cc @rust-lang/compiler @perlindgren @whitequark
2018-09-26 15:40:37 +00:00
Alex Crichton
243030b140 std: Don't let rust_panic get inlined
It's meant for breakpoints, so if it gets inlined we can't set a
breakpoint on it easily!
2018-09-26 07:48:43 -07:00
Levente Kurusa
0991d2098f
fixup! codegen_llvm: check inline assembly constraints with LLVM 2018-09-26 16:23:10 +02:00
Jorge Aparicio
531e356650 don't run the test on macOS 2018-09-26 16:22:52 +02:00
QuietMisdreavus
869ebc4f95 add declaration blocks to attribute/derive pages 2018-09-26 09:18:58 -05:00
Niko Matsakis
f23fd4bc02 rustc_driver/test.rs: rustfmt 2018-09-26 09:38:26 -04:00
Niko Matsakis
cbaf36adaf fix rustc_driver tests 2018-09-26 09:38:26 -04:00
Niko Matsakis
e2deef32d4 pacify the mercilous tidy. 2018-09-26 09:38:26 -04:00
Niko Matsakis
ffe87f63ea rustfmt error_reporting/mod.rs and dropck.rs
Pacify the mercilous tidy.
2018-09-26 09:38:26 -04:00
Niko Matsakis
f87189dd3c update tests and add stderr files 2018-09-26 09:38:26 -04:00
Niko Matsakis
a13c9f6bfd convert from an UnlessNll flag to a SuppressRegionErrors flag
Hopefully this will help clarify the behavior in the various borrowck
modes
2018-09-26 09:38:26 -04:00
Niko Matsakis
0b4791e60b make NLL handle IfEq bounds by using SCC normalization 2018-09-26 09:38:26 -04:00
Niko Matsakis
0f5dae0322 switch to use VerifyBound instead of RegionTest 2018-09-26 09:38:26 -04:00
Niko Matsakis
2392a09397 region_infer: rustfmt 2018-09-26 09:38:26 -04:00
Niko Matsakis
dc9317ff8c use IfEq to defer equality comparison around where clauses` 2018-09-26 09:38:26 -04:00
Niko Matsakis
7f8c42d7f0 refactor away AnyRegions and AllRegions
It's a bit cleaner to just have `AnyBound` and `AllBound`, after all.
2018-09-26 09:38:26 -04:00
Niko Matsakis
18b86e9406 introduce VerifyBound::IfEq (presently unused) 2018-09-26 09:38:26 -04:00
Niko Matsakis
58fd6fad24 change to use impl Trait a bit 2018-09-26 09:38:26 -04:00
Niko Matsakis
85d12e2f0b remove handling of verify from taintset
This lets us remove `for_each_region` and makes things simpler.
2018-09-26 09:38:26 -04:00
Niko Matsakis
b5469c5fd7 make normalize work on any type-foldable 2018-09-26 09:38:26 -04:00
Niko Matsakis
688aaf3bbb lexical_region_resolve: rustfmt 2018-09-26 09:38:26 -04:00
Niko Matsakis
582a369bc3 encapsulate infcx too into the delegate 2018-09-26 09:38:26 -04:00
Niko Matsakis
c6f4513804 extract out NLL-specific code from relate-tys into a delegate
No functional change.
2018-09-26 09:38:26 -04:00
Niko Matsakis
a4955d1b2c refactor NLL relate_tys to use Region internally, not RegionVid
No functional change.
2018-09-26 09:38:26 -04:00
Niko Matsakis
689b791422 use approx. bounds to decide whether to add outlives obligations
Before, if we had a projection like `<T as Foo<'0>>::Bar: 'x` and a
where clause like `<T as Foo<'a>>::Bar: 'a`, we considered those to
have nothing to do with one another. Therefore, we would use the
"overconstrained" path of adding `T: 'x` and `'0: 'x` requirements. We
now do a "fuzzy" match where we erase regions first and hence we see
the env bound `'a`.
2018-09-26 09:38:26 -04:00
Niko Matsakis
4b193cb92a propagate the compare_ty fn further up 2018-09-26 09:38:26 -04:00
Niko Matsakis
13d579bd62 introduce the idea of an "approximate match"
In fact, however, we currently always give back the same exact answers
as ever. But we don't rely on them being exact anymore.
2018-09-26 09:38:26 -04:00
Niko Matsakis
db0e62692e introduce a "comparison fn" instead of always use == 2018-09-26 09:38:26 -04:00
Niko Matsakis
9b63dcc773 split out getting the declared bounds from the env versus trait
Right now, we just concatenate them
2018-09-26 09:38:26 -04:00
Niko Matsakis
b0e1fec332 break out the code that computes VerifyBounds
Later, we'll defer this work until a separate phase.
2018-09-26 09:38:26 -04:00
Niko Matsakis
b2e0215a1f apply process_registered_region_obligations at the end of regionck
We used to apply it repeatedly as we went, relying on the current
value of the `region_bound_pairs_accum` vector. But now we save those
values into a map, so we can just process all the registered region
obligations at the end.
2018-09-26 09:38:26 -04:00
Niko Matsakis
9e305a8a23 type_check/mod.rs: rustfmt 2018-09-26 09:38:24 -04:00
Niko Matsakis
2f31698c26 use RegionBoundPairs type alias 2018-09-26 09:37:02 -04:00
Niko Matsakis
d5d2232838 auto_trait.rs: rustfmt 2018-09-26 09:30:54 -04:00
Niko Matsakis
672e071a42 change RegionObligation to store a SubregionOrigin 2018-09-26 09:30:54 -04:00
Niko Matsakis
1830c9e8f9 use a UnlessNll flag to consolidate error reporting paths 2018-09-26 09:30:54 -04:00
Niko Matsakis
84563dac88 build up a map of the region-bound pairs for each body-id
Presently unused.
2018-09-26 09:30:54 -04:00
Niko Matsakis
1fb4ea91f2 outlives/env: rustfmt 2018-09-26 09:30:54 -04:00
Niko Matsakis
80ed62eea7 regionck: rustfmt 2018-09-26 09:30:54 -04:00
Jorge Aparicio
234e7c4d2e docs: this llvm feature only supports the ELF object format 2018-09-26 15:25:57 +02:00
Jorge Aparicio
5e686b2104 unstable-book: recommend an INFO section
that makes the output .stack_sizes section non-allocatable when linking with
either GNU LD or LLD
2018-09-26 15:21:26 +02:00
Jorge Aparicio
7d2bb283ce use rustc -Vv in the run-make test 2018-09-26 15:21:26 +02:00
Jorge Aparicio
5362752a1e run test only if LLVM version is >= 6.0.0 2018-09-26 15:21:26 +02:00
Jorge Aparicio
f5bc678255 add run-make test 2018-09-26 15:21:26 +02:00
Jorge Aparicio
39afcd0673 document this feature in the unstable book 2018-09-26 15:21:26 +02:00
Jorge Aparicio
3c0907ce51 add -Z emit-stack-sizes 2018-09-26 15:21:26 +02:00
bors
e783d2be40 Auto merge of #54199 - nikomatsakis:predicate_may_hold-failure, r=eddyb
overlook overflows in rustdoc trait solving

Context:

The new rustdoc "auto trait" feature walks across impls and tries to run trait solving on them with a lot of unconstrained variables. This is prone to overflows. These overflows used to cause an ICE because of a caching bug (fixed in this PR). But even once that is fixed, it means that rustdoc causes an overflow rather than generating docs.

This PR therefore adds a new helper that propagates the overflow error out. This requires rustdoc to then decide what to do when it encounters such an overflow: technically, an overflow represents neither "yes" nor "no", but rather a failure to make a decision. I've decided to opt on the side of treating this as "yes, implemented", since rustdoc already takes an optimistic view. This may prove to include too many items, but I *suspect* not.

We could probably reduce the rate of overflows by unifying more of the parameters from the impl -- right now we only seem to consider the self type. Moreover, in the future, as we transition to Chalk, overflow errors are expected to just "go away" (in some cases, though, queries might return an ambiguous result).

Fixes #52873

cc @QuietMisdreavus -- this is the stuff we were talking about earlier
cc @GuillaumeGomez -- this supersedes #53687
2018-09-26 12:39:20 +00:00