Skip to content

Mark places as initialized when mutably borrowed #90788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 23, 2021
Merged

Mark places as initialized when mutably borrowed #90788

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bea1bde
Mark mutably borrowed places as maybe initialized
ecstatic-morse Nov 11, 2021
d846fe0
Add regression test for #90752
ecstatic-morse Nov 11, 2021
ece0e6a
Add raw pointer variant of #90752 with incorrect behavior
ecstatic-morse Nov 11, 2021
22d937d
Sanity check for move from an uninit variable whose address is taken
ecstatic-morse Nov 11, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 67 additions & 6 deletions compiler/rustc_mir_dataflow/src/impls/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,18 @@

use rustc_index::bit_set::BitSet;
use rustc_index::vec::Idx;
use rustc_middle::mir::visit::{MirVisitable, Visitor};
use rustc_middle::mir::{self, Body, Location};
use rustc_middle::ty::{self, TyCtxt};

use crate::drop_flag_effects;
use crate::drop_flag_effects_for_function_entry;
use crate::drop_flag_effects_for_location;
use crate::elaborate_drops::DropFlagState;
use crate::framework::SwitchIntEdgeEffects;
use crate::move_paths::{HasMoveData, InitIndex, InitKind, MoveData, MovePathIndex};
use crate::move_paths::{HasMoveData, InitIndex, InitKind, LookupResult, MoveData, MovePathIndex};
use crate::on_lookup_result_bits;
use crate::MoveDataParamEnv;
use crate::{drop_flag_effects, on_all_children_bits};
use crate::{lattice, AnalysisDomain, GenKill, GenKillAnalysis};

mod borrowed_locals;
Expand Down Expand Up @@ -307,22 +308,45 @@ impl<'tcx> GenKillAnalysis<'tcx> for MaybeInitializedPlaces<'_, 'tcx> {
fn statement_effect(
&self,
trans: &mut impl GenKill<Self::Idx>,
_statement: &mir::Statement<'tcx>,
statement: &mir::Statement<'tcx>,
location: Location,
) {
drop_flag_effects_for_location(self.tcx, self.body, self.mdpe, location, |path, s| {
Self::update_bits(trans, path, s)
});

if !self.tcx.sess.opts.debugging_opts.precise_enum_drop_elaboration {
return;
}

// Mark all places as "maybe init" if they are mutably borrowed. See #90752.
for_each_mut_borrow(statement, location, |place| {
let LookupResult::Exact(mpi) = self.move_data().rev_lookup.find(place.as_ref()) else { return };
on_all_children_bits(self.tcx, self.body, self.move_data(), mpi, |child| {
trans.gen(child);
})
})
}

fn terminator_effect(
&self,
trans: &mut impl GenKill<Self::Idx>,
_terminator: &mir::Terminator<'tcx>,
terminator: &mir::Terminator<'tcx>,
location: Location,
) {
drop_flag_effects_for_location(self.tcx, self.body, self.mdpe, location, |path, s| {
Self::update_bits(trans, path, s)
});

if !self.tcx.sess.opts.debugging_opts.precise_enum_drop_elaboration {
return;
}

for_each_mut_borrow(terminator, location, |place| {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Can you go ahead and copy the comment from line 322 here as well? Seems like we should try to keep these as similar as possible.

let LookupResult::Exact(mpi) = self.move_data().rev_lookup.find(place.as_ref()) else { return };
on_all_children_bits(self.tcx, self.body, self.move_data(), mpi, |child| {
trans.gen(child);
})
})
}

Expand Down Expand Up @@ -427,7 +451,10 @@ impl<'tcx> GenKillAnalysis<'tcx> for MaybeUninitializedPlaces<'_, 'tcx> {
) {
drop_flag_effects_for_location(self.tcx, self.body, self.mdpe, location, |path, s| {
Self::update_bits(trans, path, s)
})
});

// Unlike in `MaybeInitializedPlaces` above, we don't need to change the state when a
// mutable borrow occurs. Places cannot become uninitialized through a mutable reference.
}

fn terminator_effect(
Expand All @@ -438,7 +465,7 @@ impl<'tcx> GenKillAnalysis<'tcx> for MaybeUninitializedPlaces<'_, 'tcx> {
) {
drop_flag_effects_for_location(self.tcx, self.body, self.mdpe, location, |path, s| {
Self::update_bits(trans, path, s)
})
});
}

fn call_return_effect(
Expand Down Expand Up @@ -704,3 +731,37 @@ fn switch_on_enum_discriminant(
_ => None,
}
}

struct OnMutBorrow<F>(F);

impl<F> Visitor<'_> for OnMutBorrow<F>
where
F: FnMut(&mir::Place<'_>),
{
fn visit_rvalue(&mut self, rvalue: &mir::Rvalue<'_>, location: Location) {
// FIXME: Does `&raw const foo` allow mutation? See #90413.
match rvalue {
mir::Rvalue::Ref(_, mir::BorrowKind::Mut { .. }, place)
| mir::Rvalue::AddressOf(_, place) => (self.0)(place),

_ => {}
}

self.super_rvalue(rvalue, location)
}
}

/// Calls `f` for each mutable borrow or raw reference in the program.
///
/// This DOES NOT call `f` for a shared borrow of a type with interior mutability. That's okay for
/// initializedness, because we cannot move from an `UnsafeCell` (outside of `core::cell`), but
/// other analyses will likely need to check for `!Freeze`.
fn for_each_mut_borrow<'tcx>(
mir: &impl MirVisitable<'tcx>,
location: Location,
f: impl FnMut(&mir::Place<'_>),
) {
let mut vis = OnMutBorrow(f);

mir.apply(location, &mut vis);
}
41 changes: 41 additions & 0 deletions src/test/ui/drop/issue-90752-raw-ptr-shenanigans.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// run-pass
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe instead of checking that we are getting the wrong result we should just have ignore-test FIXME(#90788)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If someone (including me) were to change the behavior of this test, they should be made aware.


use std::cell::RefCell;

struct S<'a>(i32, &'a RefCell<Vec<i32>>);

impl<'a> Drop for S<'a> {
fn drop(&mut self) {
self.1.borrow_mut().push(self.0);
}
}

fn test(drops: &RefCell<Vec<i32>>) {
let mut foo = None;
let pfoo: *mut _ = &mut foo;

match foo {
None => (),
_ => return,
}

// Both S(0) and S(1) should be dropped, but aren't.
unsafe { *pfoo = Some((S(0, drops), S(1, drops))); }

match foo {
Some((_x, _)) => {}
_ => {}
}
}

fn main() {
let drops = RefCell::new(Vec::new());
test(&drops);

// Ideally, we want this...
//assert_eq!(*drops.borrow(), &[0, 1]);

// But the delayed access through the raw pointer confuses drop elaboration,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unfortunate. Do you have an idea about how this could be fixed in the future?

Copy link
Contributor Author

@ecstatic-morse ecstatic-morse Nov 13, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We typically handle this is by assuming that any variable which has been mutably borrowed at some point in the CFG could change at any subsequent point. The correctness of that approach doesn't depend on stacked borrows.

We can't implement it directly on top of MaybeInitializedPlaces, however, since it would break code that moves out of a variable after taking a mutable reference to it. We would need two state vectors like #90214 has, preferably only in drop elaboration where the increased precision from tracking variants is worthwhile. I think tracking variants does nothing for the borrow checker since it still has FalseEdges.

// causing S(1) to be leaked.
assert_eq!(*drops.borrow(), &[0]);
}
32 changes: 32 additions & 0 deletions src/test/ui/drop/issue-90752.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
// run-pass

use std::cell::RefCell;

struct S<'a>(i32, &'a RefCell<Vec<i32>>);

impl<'a> Drop for S<'a> {
fn drop(&mut self) {
self.1.borrow_mut().push(self.0);
}
}

fn test(drops: &RefCell<Vec<i32>>) {
let mut foo = None;
match foo {
None => (),
_ => return,
}

*(&mut foo) = Some((S(0, drops), S(1, drops))); // Both S(0) and S(1) should be dropped

match foo {
Some((_x, _)) => {}
_ => {}
}
}

fn main() {
let drops = RefCell::new(Vec::new());
test(&drops);
assert_eq!(*drops.borrow(), &[0, 1]);
}
12 changes: 12 additions & 0 deletions src/test/ui/moves/move-of-addr-of-mut.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
// Ensure that taking a mutable raw ptr to an uninitialized variable does not change its
// initializedness.

struct S;

fn main() {
let mut x: S;
std::ptr::addr_of_mut!(x); //~ borrow of

let y = x; // Should error here if `addr_of_mut` is ever allowed on uninitialized variables
drop(y);
}
11 changes: 11 additions & 0 deletions src/test/ui/moves/move-of-addr-of-mut.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
error[E0381]: borrow of possibly-uninitialized variable: `x`
--> $DIR/move-of-addr-of-mut.rs:8:5
|
LL | std::ptr::addr_of_mut!(x);
| ^^^^^^^^^^^^^^^^^^^^^^^^^ use of possibly-uninitialized `x`
|
= note: this error originates in the macro `std::ptr::addr_of_mut` (in Nightly builds, run with -Z macro-backtrace for more info)

error: aborting due to previous error

For more information about this error, try `rustc --explain E0381`.