From 6f8a1ee45eae53bb53a488bea62edad0879b34b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= Date: Tue, 25 Jan 2022 00:00:00 +0000 Subject: [PATCH 1/9] Check if call return type is visibly uninhabited when building MIR --- .../rustc_mir_build/src/build/expr/into.rs | 13 +++-- compiler/rustc_mir_build/src/build/mod.rs | 5 +- src/test/codegen/set-discriminant-invalid.rs | 2 +- .../inline/inline_diverging.h.Inline.diff | 49 +++++++++---------- .../mir-opt/issue_72181_1.main.mir_map.0.mir | 2 +- .../ui/consts/const-eval/ub-enum.32bit.stderr | 22 +++------ .../ui/consts/const-eval/ub-enum.64bit.stderr | 22 +++------ src/test/ui/consts/const-eval/ub-enum.rs | 4 +- .../validate_uninhabited_zsts.32bit.stderr | 9 ++-- .../validate_uninhabited_zsts.64bit.stderr | 9 ++-- .../const-eval/validate_uninhabited_zsts.rs | 2 +- src/test/ui/generator/issue-93161.rs | 3 +- src/test/ui/statics/uninhabited-static.rs | 4 +- src/test/ui/statics/uninhabited-static.stderr | 18 +++---- .../privately-uninhabited-mir-call.rs | 29 +++++++++++ .../privately-uninhabited-mir-call.stderr | 9 ++++ .../issue-45087-unreachable-unsafe.mir.stderr | 20 +++++++- .../unsafe/issue-45087-unreachable-unsafe.rs | 23 +++++++++ ...issue-45087-unreachable-unsafe.thir.stderr | 20 +++++++- 19 files changed, 167 insertions(+), 98 deletions(-) create mode 100644 src/test/ui/uninhabited/privately-uninhabited-mir-call.rs create mode 100644 src/test/ui/uninhabited/privately-uninhabited-mir-call.stderr diff --git a/compiler/rustc_mir_build/src/build/expr/into.rs b/compiler/rustc_mir_build/src/build/expr/into.rs index a8f623dbe4693..418042ea665f3 100644 --- a/compiler/rustc_mir_build/src/build/expr/into.rs +++ b/compiler/rustc_mir_build/src/build/expr/into.rs @@ -255,10 +255,15 @@ impl<'a, 'tcx> Builder<'a, 'tcx> { func: fun, args, cleanup: None, - // FIXME(varkor): replace this with an uninhabitedness-based check. - // This requires getting access to the current module to call - // `tcx.is_ty_uninhabited_from`, which is currently tricky to do. - destination: if expr.ty.is_never() { + // The presence or absence of a return edge affects control-flow sensitive + // MIR checks and ultimately whether code is accepted or not. We can only + // omit the return edge if a return type is visibly uninhabited to a module + // that makes the call. + destination: if this.tcx.is_ty_uninhabited_from( + this.parent_module, + expr.ty, + this.param_env, + ) { None } else { Some((destination, success)) diff --git a/compiler/rustc_mir_build/src/build/mod.rs b/compiler/rustc_mir_build/src/build/mod.rs index ab3dc8f020cc9..c4db2b3278642 100644 --- a/compiler/rustc_mir_build/src/build/mod.rs +++ b/compiler/rustc_mir_build/src/build/mod.rs @@ -350,6 +350,7 @@ struct Builder<'a, 'tcx> { def_id: DefId, hir_id: hir::HirId, + parent_module: DefId, check_overflow: bool, fn_span: Span, arg_count: usize, @@ -807,15 +808,17 @@ impl<'a, 'tcx> Builder<'a, 'tcx> { ); let lint_level = LintLevel::Explicit(hir_id); + let param_env = tcx.param_env(def.did); let mut builder = Builder { thir, tcx, infcx, typeck_results: tcx.typeck_opt_const_arg(def), region_scope_tree: tcx.region_scope_tree(def.did), - param_env: tcx.param_env(def.did), + param_env, def_id: def.did.to_def_id(), hir_id, + parent_module: tcx.parent_module(hir_id).to_def_id(), check_overflow, cfg: CFG { basic_blocks: IndexVec::new() }, fn_span: span, diff --git a/src/test/codegen/set-discriminant-invalid.rs b/src/test/codegen/set-discriminant-invalid.rs index d9614f062b7e9..bccb9e4c75862 100644 --- a/src/test/codegen/set-discriminant-invalid.rs +++ b/src/test/codegen/set-discriminant-invalid.rs @@ -28,7 +28,7 @@ impl IntoError for Api #[no_mangle] fn into_error(self, error: Self::Source) -> Error { Error::Api { - source: (|v| v)(error), + source: error, } } } diff --git a/src/test/mir-opt/inline/inline_diverging.h.Inline.diff b/src/test/mir-opt/inline/inline_diverging.h.Inline.diff index bea33073366f7..3b890e4be2e29 100644 --- a/src/test/mir-opt/inline/inline_diverging.h.Inline.diff +++ b/src/test/mir-opt/inline/inline_diverging.h.Inline.diff @@ -4,21 +4,22 @@ fn h() -> () { let mut _0: (); // return place in scope 0 at $DIR/inline-diverging.rs:21:12: 21:12 let _1: (!, !); // in scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 -+ let mut _2: fn() -> ! {sleep}; // in scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 -+ let mut _9: (); // in scope 0 at $DIR/inline-diverging.rs:27:13: 27:16 -+ let mut _10: (); // in scope 0 at $DIR/inline-diverging.rs:28:13: 28:16 ++ let mut _2: (!, !); // in scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 ++ let mut _3: fn() -> ! {sleep}; // in scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 ++ let mut _10: (); // in scope 0 at $DIR/inline-diverging.rs:27:13: 27:16 ++ let mut _11: (); // in scope 0 at $DIR/inline-diverging.rs:28:13: 28:16 + scope 1 (inlined call_twice:: ! {sleep}>) { // at $DIR/inline-diverging.rs:22:5: 22:22 -+ debug f => _2; // in scope 1 at $DIR/inline-diverging.rs:26:36: 26:37 -+ let _3: !; // in scope 1 at $DIR/inline-diverging.rs:27:9: 27:10 -+ let mut _4: &fn() -> ! {sleep}; // in scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 -+ let mut _6: &fn() -> ! {sleep}; // in scope 1 at $DIR/inline-diverging.rs:28:13: 28:14 -+ let mut _7: !; // in scope 1 at $DIR/inline-diverging.rs:29:6: 29:7 -+ let mut _8: !; // in scope 1 at $DIR/inline-diverging.rs:29:9: 29:10 ++ debug f => _3; // in scope 1 at $DIR/inline-diverging.rs:26:36: 26:37 ++ let _4: !; // in scope 1 at $DIR/inline-diverging.rs:27:9: 27:10 ++ let mut _5: &fn() -> ! {sleep}; // in scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 ++ let mut _7: &fn() -> ! {sleep}; // in scope 1 at $DIR/inline-diverging.rs:28:13: 28:14 ++ let mut _8: !; // in scope 1 at $DIR/inline-diverging.rs:29:6: 29:7 ++ let mut _9: !; // in scope 1 at $DIR/inline-diverging.rs:29:9: 29:10 + scope 2 { -+ debug a => _3; // in scope 2 at $DIR/inline-diverging.rs:27:9: 27:10 -+ let _5: !; // in scope 2 at $DIR/inline-diverging.rs:28:9: 28:10 ++ debug a => _4; // in scope 2 at $DIR/inline-diverging.rs:27:9: 27:10 ++ let _6: !; // in scope 2 at $DIR/inline-diverging.rs:28:9: 28:10 + scope 3 { -+ debug b => _5; // in scope 3 at $DIR/inline-diverging.rs:28:9: 28:10 ++ debug b => _6; // in scope 3 at $DIR/inline-diverging.rs:28:9: 28:10 + } + scope 6 (inlined ! {sleep} as Fn<()>>::call - shim(fn() -> ! {sleep})) { // at $DIR/inline-diverging.rs:28:13: 28:16 + scope 7 (inlined sleep) { // at $SRC_DIR/core/src/ops/function.rs:LL:COL @@ -33,27 +34,25 @@ bb0: { StorageLive(_1); // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 -- _1 = call_twice:: ! {sleep}>(sleep) -> bb1; // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 +- call_twice:: ! {sleep}>(sleep); // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 + StorageLive(_2); // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 -+ _2 = sleep; // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 ++ StorageLive(_3); // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 ++ _3 = sleep; // scope 0 at $DIR/inline-diverging.rs:22:5: 22:22 // mir::Constant - // + span: $DIR/inline-diverging.rs:22:5: 22:15 - // + literal: Const { ty: fn(fn() -> ! {sleep}) -> (!, !) {call_twice:: ! {sleep}>}, val: Value(Scalar()) } - // mir::Constant // + span: $DIR/inline-diverging.rs:22:16: 22:21 // + literal: Const { ty: fn() -> ! {sleep}, val: Value(Scalar()) } -+ StorageLive(_3); // scope 1 at $DIR/inline-diverging.rs:27:9: 27:10 -+ StorageLive(_4); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 -+ _4 = &_2; // scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 -+ StorageLive(_9); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:16 -+ _9 = const (); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:16 ++ StorageLive(_4); // scope 1 at $DIR/inline-diverging.rs:27:9: 27:10 ++ StorageLive(_5); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 ++ _5 = &_3; // scope 1 at $DIR/inline-diverging.rs:27:13: 27:14 ++ StorageLive(_10); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:16 ++ _10 = const (); // scope 1 at $DIR/inline-diverging.rs:27:13: 27:16 + goto -> bb1; // scope 5 at $DIR/inline-diverging.rs:39:5: 39:12 - } - - bb1: { -- StorageDead(_1); // scope 0 at $DIR/inline-diverging.rs:22:22: 22:23 -- _0 = const (); // scope 0 at $DIR/inline-diverging.rs:21:12: 23:2 -- return; // scope 0 at $DIR/inline-diverging.rs:23:2: 23:2 ++ } ++ ++ bb1: { + goto -> bb1; // scope 5 at $DIR/inline-diverging.rs:39:5: 39:12 } } diff --git a/src/test/mir-opt/issue_72181_1.main.mir_map.0.mir b/src/test/mir-opt/issue_72181_1.main.mir_map.0.mir index 5fb57c285beca..4aff444515809 100644 --- a/src/test/mir-opt/issue_72181_1.main.mir_map.0.mir +++ b/src/test/mir-opt/issue_72181_1.main.mir_map.0.mir @@ -21,7 +21,7 @@ fn main() -> () { StorageLive(_2); // scope 0 at $DIR/issue-72181-1.rs:16:9: 16:10 StorageLive(_3); // scope 2 at $DIR/issue-72181-1.rs:17:41: 17:43 _3 = (); // scope 2 at $DIR/issue-72181-1.rs:17:41: 17:43 - _2 = transmute::<(), Void>(move _3) -> [return: bb1, unwind: bb4]; // scope 2 at $DIR/issue-72181-1.rs:17:9: 17:44 + transmute::<(), Void>(move _3) -> bb4; // scope 2 at $DIR/issue-72181-1.rs:17:9: 17:44 // mir::Constant // + span: $DIR/issue-72181-1.rs:17:9: 17:40 // + literal: Const { ty: unsafe extern "rust-intrinsic" fn(()) -> Void {transmute::<(), Void>}, val: Value(Scalar()) } diff --git a/src/test/ui/consts/const-eval/ub-enum.32bit.stderr b/src/test/ui/consts/const-eval/ub-enum.32bit.stderr index 850acb52b0c89..98e22efa7a9bf 100644 --- a/src/test/ui/consts/const-eval/ub-enum.32bit.stderr +++ b/src/test/ui/consts/const-eval/ub-enum.32bit.stderr @@ -119,27 +119,17 @@ LL | const BAD_OPTION_CHAR: Option<(char, char)> = Some(('x', unsafe { mem::tran 78 00 00 00 ff ff ff ff │ x....... } -error[E0080]: it is undefined behavior to use this value - --> $DIR/ub-enum.rs:92:1 +error[E0080]: evaluation of constant value failed + --> $DIR/ub-enum.rs:92:77 | LL | const BAD_UNINHABITED_WITH_DATA1: Result<(i32, Never), (i32, !)> = unsafe { mem::transmute(0u64) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at ..0.1: encountered a value of uninhabited type Never - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 8, align: 4) { - 00 00 00 00 00 00 00 00 │ ........ - } + | ^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type -error[E0080]: it is undefined behavior to use this value - --> $DIR/ub-enum.rs:94:1 +error[E0080]: evaluation of constant value failed + --> $DIR/ub-enum.rs:94:77 | LL | const BAD_UNINHABITED_WITH_DATA2: Result<(i32, !), (i32, Never)> = unsafe { mem::transmute(0u64) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at ..0.1: encountered a value of the never type `!` - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 8, align: 4) { - 00 00 00 00 00 00 00 00 │ ........ - } + | ^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type error: aborting due to 13 previous errors diff --git a/src/test/ui/consts/const-eval/ub-enum.64bit.stderr b/src/test/ui/consts/const-eval/ub-enum.64bit.stderr index 4f7dd5cdf7c73..18b16fde31e74 100644 --- a/src/test/ui/consts/const-eval/ub-enum.64bit.stderr +++ b/src/test/ui/consts/const-eval/ub-enum.64bit.stderr @@ -119,27 +119,17 @@ LL | const BAD_OPTION_CHAR: Option<(char, char)> = Some(('x', unsafe { mem::tran 78 00 00 00 ff ff ff ff │ x....... } -error[E0080]: it is undefined behavior to use this value - --> $DIR/ub-enum.rs:92:1 +error[E0080]: evaluation of constant value failed + --> $DIR/ub-enum.rs:92:77 | LL | const BAD_UNINHABITED_WITH_DATA1: Result<(i32, Never), (i32, !)> = unsafe { mem::transmute(0u64) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at ..0.1: encountered a value of uninhabited type Never - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 8, align: 4) { - 00 00 00 00 00 00 00 00 │ ........ - } + | ^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type -error[E0080]: it is undefined behavior to use this value - --> $DIR/ub-enum.rs:94:1 +error[E0080]: evaluation of constant value failed + --> $DIR/ub-enum.rs:94:77 | LL | const BAD_UNINHABITED_WITH_DATA2: Result<(i32, !), (i32, Never)> = unsafe { mem::transmute(0u64) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at ..0.1: encountered a value of the never type `!` - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 8, align: 4) { - 00 00 00 00 00 00 00 00 │ ........ - } + | ^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type error: aborting due to 13 previous errors diff --git a/src/test/ui/consts/const-eval/ub-enum.rs b/src/test/ui/consts/const-eval/ub-enum.rs index e408d8ec072e3..86288685303ca 100644 --- a/src/test/ui/consts/const-eval/ub-enum.rs +++ b/src/test/ui/consts/const-eval/ub-enum.rs @@ -90,9 +90,9 @@ const BAD_OPTION_CHAR: Option<(char, char)> = Some(('x', unsafe { mem::transmute // All variants are uninhabited but also have data. // Use `0` as constant to make behavior endianess-independent. const BAD_UNINHABITED_WITH_DATA1: Result<(i32, Never), (i32, !)> = unsafe { mem::transmute(0u64) }; -//~^ ERROR is undefined behavior +//~^ ERROR evaluation of constant value failed const BAD_UNINHABITED_WITH_DATA2: Result<(i32, !), (i32, Never)> = unsafe { mem::transmute(0u64) }; -//~^ ERROR is undefined behavior +//~^ ERROR evaluation of constant value failed fn main() { } diff --git a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.32bit.stderr b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.32bit.stderr index 7dc1ec865af8a..bbb8511a65410 100644 --- a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.32bit.stderr +++ b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.32bit.stderr @@ -10,14 +10,11 @@ LL | unsafe { std::mem::transmute(()) } LL | const FOO: [Empty; 3] = [foo(); 3]; | ----- inside `FOO` at $DIR/validate_uninhabited_zsts.rs:13:26 -error[E0080]: it is undefined behavior to use this value - --> $DIR/validate_uninhabited_zsts.rs:16:1 +error[E0080]: evaluation of constant value failed + --> $DIR/validate_uninhabited_zsts.rs:16:35 | LL | const BAR: [Empty; 3] = [unsafe { std::mem::transmute(()) }; 3]; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at [0]: encountered a value of uninhabited type Empty - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 0, align: 1) {} + | ^^^^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type warning: the type `!` does not permit zero-initialization --> $DIR/validate_uninhabited_zsts.rs:4:14 diff --git a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.64bit.stderr b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.64bit.stderr index 7dc1ec865af8a..bbb8511a65410 100644 --- a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.64bit.stderr +++ b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.64bit.stderr @@ -10,14 +10,11 @@ LL | unsafe { std::mem::transmute(()) } LL | const FOO: [Empty; 3] = [foo(); 3]; | ----- inside `FOO` at $DIR/validate_uninhabited_zsts.rs:13:26 -error[E0080]: it is undefined behavior to use this value - --> $DIR/validate_uninhabited_zsts.rs:16:1 +error[E0080]: evaluation of constant value failed + --> $DIR/validate_uninhabited_zsts.rs:16:35 | LL | const BAR: [Empty; 3] = [unsafe { std::mem::transmute(()) }; 3]; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at [0]: encountered a value of uninhabited type Empty - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 0, align: 1) {} + | ^^^^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type warning: the type `!` does not permit zero-initialization --> $DIR/validate_uninhabited_zsts.rs:4:14 diff --git a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.rs b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.rs index 346504845561d..990d5a308238f 100644 --- a/src/test/ui/consts/const-eval/validate_uninhabited_zsts.rs +++ b/src/test/ui/consts/const-eval/validate_uninhabited_zsts.rs @@ -14,7 +14,7 @@ const FOO: [Empty; 3] = [foo(); 3]; #[warn(const_err)] const BAR: [Empty; 3] = [unsafe { std::mem::transmute(()) }; 3]; -//~^ ERROR it is undefined behavior to use this value +//~^ ERROR evaluation of constant value failed //~| WARN the type `Empty` does not permit zero-initialization fn main() { diff --git a/src/test/ui/generator/issue-93161.rs b/src/test/ui/generator/issue-93161.rs index 9988acbcb73e1..92305609c835c 100644 --- a/src/test/ui/generator/issue-93161.rs +++ b/src/test/ui/generator/issue-93161.rs @@ -1,5 +1,6 @@ // edition:2021 // run-pass +// compile-flags: -Zdrop-tracking #![feature(never_type)] @@ -32,7 +33,7 @@ fn never() -> Never { } async fn includes_never(crash: bool, x: u32) -> u32 { - let mut result = async { x * x }.await; + let result = async { x * x }.await; if !crash { return result; } diff --git a/src/test/ui/statics/uninhabited-static.rs b/src/test/ui/statics/uninhabited-static.rs index d564547489106..f5c6f444317fe 100644 --- a/src/test/ui/statics/uninhabited-static.rs +++ b/src/test/ui/statics/uninhabited-static.rs @@ -11,11 +11,11 @@ extern { static VOID2: Void = unsafe { std::mem::transmute(()) }; //~ ERROR static of uninhabited type //~| WARN: previously accepted -//~| ERROR undefined behavior to use this value +//~| ERROR could not evaluate static initializer //~| WARN: type `Void` does not permit zero-initialization static NEVER2: Void = unsafe { std::mem::transmute(()) }; //~ ERROR static of uninhabited type //~| WARN: previously accepted -//~| ERROR undefined behavior to use this value +//~| ERROR could not evaluate static initializer //~| WARN: type `Void` does not permit zero-initialization fn main() {} diff --git a/src/test/ui/statics/uninhabited-static.stderr b/src/test/ui/statics/uninhabited-static.stderr index c38cf10d6e648..1e0becb7d5aa8 100644 --- a/src/test/ui/statics/uninhabited-static.stderr +++ b/src/test/ui/statics/uninhabited-static.stderr @@ -43,23 +43,17 @@ LL | static NEVER2: Void = unsafe { std::mem::transmute(()) }; = note: for more information, see issue #74840 = note: uninhabited statics cannot be initialized, and any access would be an immediate error -error[E0080]: it is undefined behavior to use this value - --> $DIR/uninhabited-static.rs:12:1 +error[E0080]: could not evaluate static initializer + --> $DIR/uninhabited-static.rs:12:31 | LL | static VOID2: Void = unsafe { std::mem::transmute(()) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a value of uninhabited type Void - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 0, align: 1) {} + | ^^^^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type -error[E0080]: it is undefined behavior to use this value - --> $DIR/uninhabited-static.rs:16:1 +error[E0080]: could not evaluate static initializer + --> $DIR/uninhabited-static.rs:16:32 | LL | static NEVER2: Void = unsafe { std::mem::transmute(()) }; - | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a value of uninhabited type Void - | - = note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior. - = note: the raw bytes of the constant (size: 0, align: 1) {} + | ^^^^^^^^^^^^^^^^^^^^^^^ transmuting to uninhabited type warning: the type `Void` does not permit zero-initialization --> $DIR/uninhabited-static.rs:12:31 diff --git a/src/test/ui/uninhabited/privately-uninhabited-mir-call.rs b/src/test/ui/uninhabited/privately-uninhabited-mir-call.rs new file mode 100644 index 0000000000000..b37ec2696de2f --- /dev/null +++ b/src/test/ui/uninhabited/privately-uninhabited-mir-call.rs @@ -0,0 +1,29 @@ +// Verifies that MIR building for a call expression respects +// privacy when checking if a call return type is uninhabited. + +pub mod widget { + enum Unimplemented {} + pub struct Widget(Unimplemented); + + impl Widget { + pub fn new() -> Widget { + todo!(); + } + } + + pub fn f() { + let x: &mut u32; + Widget::new(); + // Ok. Widget type returned from new is known to be uninhabited + // and the following code is considered unreachable. + *x = 1; + } +} + +fn main() { + let y: &mut u32; + widget::Widget::new(); + // Error. Widget type is not known to be uninhabited here, + // so the following code is considered reachable. + *y = 2; //~ ERROR use of possibly-uninitialized variable +} diff --git a/src/test/ui/uninhabited/privately-uninhabited-mir-call.stderr b/src/test/ui/uninhabited/privately-uninhabited-mir-call.stderr new file mode 100644 index 0000000000000..fb1953411685e --- /dev/null +++ b/src/test/ui/uninhabited/privately-uninhabited-mir-call.stderr @@ -0,0 +1,9 @@ +error[E0381]: use of possibly-uninitialized variable: `y` + --> $DIR/privately-uninhabited-mir-call.rs:28:5 + | +LL | *y = 2; + | ^^^^^^ use of possibly-uninitialized `y` + +error: aborting due to previous error + +For more information about this error, try `rustc --explain E0381`. diff --git a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.mir.stderr b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.mir.stderr index 33f762ccf6301..e7960960774fc 100644 --- a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.mir.stderr +++ b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.mir.stderr @@ -1,11 +1,27 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block - --> $DIR/issue-45087-unreachable-unsafe.rs:6:5 + --> $DIR/issue-45087-unreachable-unsafe.rs:7:5 | LL | *(1 as *mut u32) = 42; | ^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer | = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior -error: aborting due to previous error +error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block + --> $DIR/issue-45087-unreachable-unsafe.rs:17:5 + | +LL | *a = 1; + | ^^^^^^ dereference of raw pointer + | + = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior + +error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block + --> $DIR/issue-45087-unreachable-unsafe.rs:29:5 + | +LL | *b = 1; + | ^^^^^^ dereference of raw pointer + | + = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior + +error: aborting due to 3 previous errors For more information about this error, try `rustc --explain E0133`. diff --git a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.rs b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.rs index 071cea8fbd78b..3e3da667c0b08 100644 --- a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.rs +++ b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.rs @@ -1,3 +1,4 @@ +// Verify that unreachable code undergoes unsafety checks. // revisions: mir thir // [thir]compile-flags: -Z thir-unsafeck @@ -6,3 +7,25 @@ fn main() { *(1 as *mut u32) = 42; //~^ ERROR dereference of raw pointer is unsafe } + +fn panic() -> ! { + panic!(); +} + +fn f(a: *mut u32) { + panic(); + *a = 1; + //~^ ERROR dereference of raw pointer is unsafe +} + +enum Void {} + +fn uninhabited() -> Void { + panic!(); +} + +fn g(b: *mut u32) { + uninhabited(); + *b = 1; + //~^ ERROR dereference of raw pointer is unsafe +} diff --git a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.thir.stderr b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.thir.stderr index 73a113652b833..e81adad450750 100644 --- a/src/test/ui/unsafe/issue-45087-unreachable-unsafe.thir.stderr +++ b/src/test/ui/unsafe/issue-45087-unreachable-unsafe.thir.stderr @@ -1,11 +1,27 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block - --> $DIR/issue-45087-unreachable-unsafe.rs:6:5 + --> $DIR/issue-45087-unreachable-unsafe.rs:7:5 | LL | *(1 as *mut u32) = 42; | ^^^^^^^^^^^^^^^^ dereference of raw pointer | = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior -error: aborting due to previous error +error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block + --> $DIR/issue-45087-unreachable-unsafe.rs:17:5 + | +LL | *a = 1; + | ^^ dereference of raw pointer + | + = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior + +error[E0133]: dereference of raw pointer is unsafe and requires unsafe function or block + --> $DIR/issue-45087-unreachable-unsafe.rs:29:5 + | +LL | *b = 1; + | ^^ dereference of raw pointer + | + = note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior + +error: aborting due to 3 previous errors For more information about this error, try `rustc --explain E0133`. From 5640304c63c5c77b721424be88791503a0e0ea3d Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 17 Apr 2022 17:26:15 -0400 Subject: [PATCH 2/9] add log warnings for when we overwrite parts of a pointer, and de-init the rest --- compiler/rustc_middle/src/mir/interpret/allocation.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/compiler/rustc_middle/src/mir/interpret/allocation.rs b/compiler/rustc_middle/src/mir/interpret/allocation.rs index 438f356f072c6..357e67de7575a 100644 --- a/compiler/rustc_middle/src/mir/interpret/allocation.rs +++ b/compiler/rustc_middle/src/mir/interpret/allocation.rs @@ -509,6 +509,9 @@ impl Allocation { if Tag::ERR_ON_PARTIAL_PTR_OVERWRITE { return Err(AllocError::PartialPointerOverwrite(first)); } + warn!( + "Partial pointer overwrite! De-initializing memory at offsets {first:?}..{start:?}." + ); self.init_mask.set_range(first, start, false); } if last > end { @@ -517,10 +520,15 @@ impl Allocation { last - cx.data_layout().pointer_size, )); } + warn!( + "Partial pointer overwrite! De-initializing memory at offsets {end:?}..{last:?}." + ); self.init_mask.set_range(end, last, false); } // Forget all the relocations. + // Since relocations do not overlap, we know that removing until `last` (exclusive) is fine, + // i.e., this will not remove any other relocations just after the ones we care about. self.relocations.0.remove_range(first..last); Ok(()) From 989e7479d9cbd285c8104a5bbd9159ff2d66188f Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 17 Apr 2022 18:07:19 -0400 Subject: [PATCH 3/9] interpret: more debug logging for read_scalar and write_scalar --- .../rustc_const_eval/src/interpret/memory.rs | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs index a165fa23f30ac..6504624ad67c5 100644 --- a/compiler/rustc_const_eval/src/interpret/memory.rs +++ b/compiler/rustc_const_eval/src/interpret/memory.rs @@ -877,9 +877,17 @@ impl<'tcx, 'a, Tag: Provenance, Extra> AllocRefMut<'a, 'tcx, Tag, Extra> { range: AllocRange, val: ScalarMaybeUninit, ) -> InterpResult<'tcx> { + let range = self.range.subrange(range); + debug!( + "write_scalar in {} at {:#x}, size {}: {:?}", + self.alloc_id, + range.start.bytes(), + range.size.bytes(), + val + ); Ok(self .alloc - .write_scalar(&self.tcx, self.range.subrange(range), val) + .write_scalar(&self.tcx, range, val) .map_err(|e| e.to_interp_error(self.alloc_id))?) } @@ -899,10 +907,19 @@ impl<'tcx, 'a, Tag: Provenance, Extra> AllocRefMut<'a, 'tcx, Tag, Extra> { impl<'tcx, 'a, Tag: Provenance, Extra> AllocRef<'a, 'tcx, Tag, Extra> { pub fn read_scalar(&self, range: AllocRange) -> InterpResult<'tcx, ScalarMaybeUninit> { - Ok(self + let range = self.range.subrange(range); + let res = self .alloc - .read_scalar(&self.tcx, self.range.subrange(range)) - .map_err(|e| e.to_interp_error(self.alloc_id))?) + .read_scalar(&self.tcx, range) + .map_err(|e| e.to_interp_error(self.alloc_id))?; + debug!( + "read_scalar in {} at {:#x}, size {}: {:?}", + self.alloc_id, + range.start.bytes(), + range.size.bytes(), + res + ); + Ok(res) } pub fn read_ptr_sized(&self, offset: Size) -> InterpResult<'tcx, ScalarMaybeUninit> { From f3bdcfb8b08a14a556caa3d1adae835c8bfd8c58 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 17 Apr 2022 18:45:01 -0400 Subject: [PATCH 4/9] downgrade really verbose logging to trace --- compiler/rustc_const_eval/src/interpret/eval_context.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compiler/rustc_const_eval/src/interpret/eval_context.rs b/compiler/rustc_const_eval/src/interpret/eval_context.rs index f0fff602fe4cf..827959113b907 100644 --- a/compiler/rustc_const_eval/src/interpret/eval_context.rs +++ b/compiler/rustc_const_eval/src/interpret/eval_context.rs @@ -679,7 +679,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> { return_place: Option<&PlaceTy<'tcx, M::PointerTag>>, return_to_block: StackPopCleanup, ) -> InterpResult<'tcx> { - debug!("body: {:#?}", body); + trace!("body: {:#?}", body); // first push a stack frame so we have access to the local substs let pre_frame = Frame { body, @@ -836,7 +836,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> { return Ok(()); } - debug!("locals: {:#?}", frame.locals); + trace!("locals: {:#?}", frame.locals); // Cleanup: deallocate all locals that are backed by an allocation. for local in &frame.locals { From 620c0a4d5b7949e51ada8dbed4e700f6b9531cdc Mon Sep 17 00:00:00 2001 From: CAD97 Date: Sun, 17 Apr 2022 23:23:58 -0500 Subject: [PATCH 5/9] Replace sys/unix/weak AtomicUsize with AtomicPtr --- library/std/src/sys/unix/weak.rs | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/library/std/src/sys/unix/weak.rs b/library/std/src/sys/unix/weak.rs index da63c068384a2..e4ff21b25bd9c 100644 --- a/library/std/src/sys/unix/weak.rs +++ b/library/std/src/sys/unix/weak.rs @@ -25,7 +25,8 @@ use crate::ffi::CStr; use crate::marker::PhantomData; use crate::mem; -use crate::sync::atomic::{self, AtomicUsize, Ordering}; +use crate::ptr; +use crate::sync::atomic::{self, AtomicPtr, Ordering}; // We can use true weak linkage on ELF targets. #[cfg(not(any(target_os = "macos", target_os = "ios")))] @@ -83,13 +84,13 @@ pub(crate) macro dlsym { } pub(crate) struct DlsymWeak { name: &'static str, - addr: AtomicUsize, + func: AtomicPtr, _marker: PhantomData, } impl DlsymWeak { pub(crate) const fn new(name: &'static str) -> Self { - DlsymWeak { name, addr: AtomicUsize::new(1), _marker: PhantomData } + DlsymWeak { name, func: AtomicPtr::new(ptr::invalid_mut(1)), _marker: PhantomData } } #[inline] @@ -97,11 +98,11 @@ impl DlsymWeak { unsafe { // Relaxed is fine here because we fence before reading through the // pointer (see the comment below). - match self.addr.load(Ordering::Relaxed) { - 1 => self.initialize(), - 0 => None, - addr => { - let func = mem::transmute_copy::(&addr); + match self.func.load(Ordering::Relaxed) { + func if func.addr() == 1 => self.initialize(), + func if func.is_null() => None, + func => { + let func = mem::transmute_copy::<*mut libc::c_void, F>(&func); // The caller is presumably going to read through this value // (by calling the function we've dlsymed). This means we'd // need to have loaded it with at least C11's consume @@ -129,25 +130,22 @@ impl DlsymWeak { // Cold because it should only happen during first-time initialization. #[cold] unsafe fn initialize(&self) -> Option { - assert_eq!(mem::size_of::(), mem::size_of::()); + assert_eq!(mem::size_of::(), mem::size_of::<*mut libc::c_void>()); let val = fetch(self.name); // This synchronizes with the acquire fence in `get`. - self.addr.store(val, Ordering::Release); + self.func.store(val, Ordering::Release); - match val { - 0 => None, - addr => Some(mem::transmute_copy::(&addr)), - } + if val.is_null() { None } else { Some(mem::transmute_copy::<*mut libc::c_void, F>(&val)) } } } -unsafe fn fetch(name: &str) -> usize { +unsafe fn fetch(name: &str) -> *mut libc::c_void { let name = match CStr::from_bytes_with_nul(name.as_bytes()) { Ok(cstr) => cstr, - Err(..) => return 0, + Err(..) => return ptr::null_mut(), }; - libc::dlsym(libc::RTLD_DEFAULT, name.as_ptr()) as usize + libc::dlsym(libc::RTLD_DEFAULT, name.as_ptr()) } #[cfg(not(any(target_os = "linux", target_os = "android")))] From 0255398ff74422155187ee2ee7b095fc16838107 Mon Sep 17 00:00:00 2001 From: Chris Morgan Date: Tue, 19 Apr 2022 13:02:20 +1000 Subject: [PATCH 6/9] Improve AddrParseError description MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The existing description was incorrect for socket addresses, and misleading: users would see “invalid IP address syntax” and suppose they were supposed to provide an IP address rather than a socket address. I contemplated making it two variants (IP, socket), but realised we can do still better for the IPv4 and IPv6 types, so here it is as six. I contemplated more precise error descriptions (e.g. “invalid IPv6 socket address syntax: expected a decimal scope ID after %”), but that’s a more invasive change, and probably not worthwhile anyway. --- library/std/src/net/parser.rs | 39 +++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/library/std/src/net/parser.rs b/library/std/src/net/parser.rs index 4e16a55edece2..fb292ed29a18a 100644 --- a/library/std/src/net/parser.rs +++ b/library/std/src/net/parser.rs @@ -59,12 +59,12 @@ impl<'a> Parser<'a> { /// Run a parser, but fail if the entire input wasn't consumed. /// Doesn't run atomically. - fn parse_with(&mut self, inner: F) -> Result + fn parse_with(&mut self, inner: F, kind: AddrKind) -> Result where F: FnOnce(&mut Parser<'_>) -> Option, { let result = inner(self); - if self.state.is_empty() { result } else { None }.ok_or(AddrParseError(())) + if self.state.is_empty() { result } else { None }.ok_or(AddrParseError(kind)) } /// Peek the next character from the input @@ -278,7 +278,7 @@ impl<'a> Parser<'a> { impl FromStr for IpAddr { type Err = AddrParseError; fn from_str(s: &str) -> Result { - Parser::new(s).parse_with(|p| p.read_ip_addr()) + Parser::new(s).parse_with(|p| p.read_ip_addr(), AddrKind::Ip) } } @@ -288,9 +288,9 @@ impl FromStr for Ipv4Addr { fn from_str(s: &str) -> Result { // don't try to parse if too long if s.len() > 15 { - Err(AddrParseError(())) + Err(AddrParseError(AddrKind::Ipv4)) } else { - Parser::new(s).parse_with(|p| p.read_ipv4_addr()) + Parser::new(s).parse_with(|p| p.read_ipv4_addr(), AddrKind::Ipv4) } } } @@ -299,7 +299,7 @@ impl FromStr for Ipv4Addr { impl FromStr for Ipv6Addr { type Err = AddrParseError; fn from_str(s: &str) -> Result { - Parser::new(s).parse_with(|p| p.read_ipv6_addr()) + Parser::new(s).parse_with(|p| p.read_ipv6_addr(), AddrKind::Ipv6) } } @@ -307,7 +307,7 @@ impl FromStr for Ipv6Addr { impl FromStr for SocketAddrV4 { type Err = AddrParseError; fn from_str(s: &str) -> Result { - Parser::new(s).parse_with(|p| p.read_socket_addr_v4()) + Parser::new(s).parse_with(|p| p.read_socket_addr_v4(), AddrKind::SocketV4) } } @@ -315,7 +315,7 @@ impl FromStr for SocketAddrV4 { impl FromStr for SocketAddrV6 { type Err = AddrParseError; fn from_str(s: &str) -> Result { - Parser::new(s).parse_with(|p| p.read_socket_addr_v6()) + Parser::new(s).parse_with(|p| p.read_socket_addr_v6(), AddrKind::SocketV6) } } @@ -323,10 +323,20 @@ impl FromStr for SocketAddrV6 { impl FromStr for SocketAddr { type Err = AddrParseError; fn from_str(s: &str) -> Result { - Parser::new(s).parse_with(|p| p.read_socket_addr()) + Parser::new(s).parse_with(|p| p.read_socket_addr(), AddrKind::Socket) } } +#[derive(Debug, Clone, PartialEq, Eq)] +enum AddrKind { + Ip, + Ipv4, + Ipv6, + Socket, + SocketV4, + SocketV6, +} + /// An error which can be returned when parsing an IP address or a socket address. /// /// This error is used as the error type for the [`FromStr`] implementation for @@ -353,7 +363,7 @@ impl FromStr for SocketAddr { /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[derive(Debug, Clone, PartialEq, Eq)] -pub struct AddrParseError(()); +pub struct AddrParseError(AddrKind); #[stable(feature = "addr_parse_error_error", since = "1.4.0")] impl fmt::Display for AddrParseError { @@ -367,6 +377,13 @@ impl fmt::Display for AddrParseError { impl Error for AddrParseError { #[allow(deprecated)] fn description(&self) -> &str { - "invalid IP address syntax" + match self.0 { + AddrKind::Ip => "invalid IP address syntax", + AddrKind::Ipv4 => "invalid IPv4 address syntax", + AddrKind::Ipv6 => "invalid IPv6 address syntax", + AddrKind::Socket => "invalid socket address syntax", + AddrKind::SocketV4 => "invalid IPv4 socket address syntax", + AddrKind::SocketV6 => "invalid IPv6 socket address syntax", + } } } From 65987ae8f57e6f529c0de33ac0787a20bad266fb Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Tue, 19 Apr 2022 09:20:51 +0200 Subject: [PATCH 7/9] Make std::sys::wasm::futex consistent with unix::futex. --- library/std/src/sys/wasm/atomics/futex.rs | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/library/std/src/sys/wasm/atomics/futex.rs b/library/std/src/sys/wasm/atomics/futex.rs index bbe9bd6951af9..11413ba3bf564 100644 --- a/library/std/src/sys/wasm/atomics/futex.rs +++ b/library/std/src/sys/wasm/atomics/futex.rs @@ -3,19 +3,33 @@ use crate::convert::TryInto; use crate::sync::atomic::AtomicU32; use crate::time::Duration; -pub fn futex_wait(futex: &AtomicU32, expected: u32, timeout: Option) { +/// Wait for a futex_wake operation to wake us. +/// +/// Returns directly if the futex doesn't hold the expected value. +/// +/// Returns false on timeout, and true in all other cases. +pub fn futex_wait(futex: &AtomicU32, expected: u32, timeout: Option) -> bool { let timeout = timeout.and_then(|t| t.as_nanos().try_into().ok()).unwrap_or(-1); unsafe { wasm32::memory_atomic_wait32( futex as *const AtomicU32 as *mut i32, expected as i32, timeout, - ); + ) < 2 } } -pub fn futex_wake(futex: &AtomicU32) { +/// Wake up one thread that's blocked on futex_wait on this futex. +/// +/// Returns true if this actually woke up such a thread, +/// or false if no thread was waiting on this futex. +pub fn futex_wake(futex: &AtomicU32) -> bool { + unsafe { wasm32::memory_atomic_notify(futex as *const AtomicU32 as *mut i32, 1) > 0 } +} + +/// Wake up all threads that are waiting on futex_wait on this futex. +pub fn futex_wake_all(futex: &AtomicU32) { unsafe { - wasm32::memory_atomic_notify(futex as *const AtomicU32 as *mut i32, 1); + wasm32::memory_atomic_notify(futex as *const AtomicU32 as *mut i32, i32::MAX as u32); } } From 8f2913cc2475682da493b06ce81cf1e4fc621f0e Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Tue, 19 Apr 2022 09:21:11 +0200 Subject: [PATCH 8/9] Use futex locks on wasm+atomics. --- library/std/src/sys/wasm/atomics/condvar.rs | 102 -------------- library/std/src/sys/wasm/atomics/mutex.rs | 64 --------- library/std/src/sys/wasm/atomics/rwlock.rs | 145 -------------------- library/std/src/sys/wasm/atomics/thread.rs | 34 ----- library/std/src/sys/wasm/mod.rs | 15 +- 5 files changed, 6 insertions(+), 354 deletions(-) delete mode 100644 library/std/src/sys/wasm/atomics/condvar.rs delete mode 100644 library/std/src/sys/wasm/atomics/mutex.rs delete mode 100644 library/std/src/sys/wasm/atomics/rwlock.rs diff --git a/library/std/src/sys/wasm/atomics/condvar.rs b/library/std/src/sys/wasm/atomics/condvar.rs deleted file mode 100644 index f06c07c54093f..0000000000000 --- a/library/std/src/sys/wasm/atomics/condvar.rs +++ /dev/null @@ -1,102 +0,0 @@ -use crate::arch::wasm32; -use crate::cmp; -use crate::mem; -use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; -use crate::sys::locks::Mutex; -use crate::time::Duration; - -pub struct Condvar { - cnt: AtomicUsize, -} - -pub type MovableCondvar = Condvar; - -// Condition variables are implemented with a simple counter internally that is -// likely to cause spurious wakeups. Blocking on a condition variable will first -// read the value of the internal counter, unlock the given mutex, and then -// block if and only if the counter's value is still the same. Notifying a -// condition variable will modify the counter (add one for now) and then wake up -// a thread waiting on the address of the counter. -// -// A thread waiting on the condition variable will as a result avoid going to -// sleep if it's notified after the lock is unlocked but before it fully goes to -// sleep. A sleeping thread is guaranteed to be woken up at some point as it can -// only be woken up with a call to `wake`. -// -// Note that it's possible for 2 or more threads to be woken up by a call to -// `notify_one` with this implementation. That can happen where the modification -// of `cnt` causes any threads in the middle of `wait` to avoid going to sleep, -// and the subsequent `wake` may wake up a thread that's actually blocking. We -// consider this a spurious wakeup, though, which all users of condition -// variables must already be prepared to handle. As a result, this source of -// spurious wakeups is currently though to be ok, although it may be problematic -// later on if it causes too many spurious wakeups. - -impl Condvar { - pub const fn new() -> Condvar { - Condvar { cnt: AtomicUsize::new(0) } - } - - #[inline] - pub unsafe fn init(&mut self) { - // nothing to do - } - - pub unsafe fn notify_one(&self) { - self.cnt.fetch_add(1, SeqCst); - // SAFETY: ptr() is always valid - unsafe { - wasm32::memory_atomic_notify(self.ptr(), 1); - } - } - - #[inline] - pub unsafe fn notify_all(&self) { - self.cnt.fetch_add(1, SeqCst); - // SAFETY: ptr() is always valid - unsafe { - wasm32::memory_atomic_notify(self.ptr(), u32::MAX); // -1 == "wake everyone" - } - } - - pub unsafe fn wait(&self, mutex: &Mutex) { - // "atomically block and unlock" implemented by loading our current - // counter's value, unlocking the mutex, and blocking if the counter - // still has the same value. - // - // Notifications happen by incrementing the counter and then waking a - // thread. Incrementing the counter after we unlock the mutex will - // prevent us from sleeping and otherwise the call to `wake` will - // wake us up once we're asleep. - let ticket = self.cnt.load(SeqCst) as i32; - mutex.unlock(); - let val = wasm32::memory_atomic_wait32(self.ptr(), ticket, -1); - // 0 == woken, 1 == not equal to `ticket`, 2 == timeout (shouldn't happen) - debug_assert!(val == 0 || val == 1); - mutex.lock(); - } - - pub unsafe fn wait_timeout(&self, mutex: &Mutex, dur: Duration) -> bool { - let ticket = self.cnt.load(SeqCst) as i32; - mutex.unlock(); - let nanos = dur.as_nanos(); - let nanos = cmp::min(i64::MAX as u128, nanos); - - // If the return value is 2 then a timeout happened, so we return - // `false` as we weren't actually notified. - let ret = wasm32::memory_atomic_wait32(self.ptr(), ticket, nanos as i64) != 2; - mutex.lock(); - return ret; - } - - #[inline] - pub unsafe fn destroy(&self) { - // nothing to do - } - - #[inline] - fn ptr(&self) -> *mut i32 { - assert_eq!(mem::size_of::(), mem::size_of::()); - self.cnt.as_mut_ptr() as *mut i32 - } -} diff --git a/library/std/src/sys/wasm/atomics/mutex.rs b/library/std/src/sys/wasm/atomics/mutex.rs deleted file mode 100644 index 1acc8392444c1..0000000000000 --- a/library/std/src/sys/wasm/atomics/mutex.rs +++ /dev/null @@ -1,64 +0,0 @@ -use crate::arch::wasm32; -use crate::mem; -use crate::sync::atomic::{AtomicUsize, Ordering::SeqCst}; - -pub struct Mutex { - locked: AtomicUsize, -} - -pub type MovableMutex = Mutex; - -// Mutexes have a pretty simple implementation where they contain an `i32` -// internally that is 0 when unlocked and 1 when the mutex is locked. -// Acquisition has a fast path where it attempts to cmpxchg the 0 to a 1, and -// if it fails it then waits for a notification. Releasing a lock is then done -// by swapping in 0 and then notifying any waiters, if present. - -impl Mutex { - pub const fn new() -> Mutex { - Mutex { locked: AtomicUsize::new(0) } - } - - #[inline] - pub unsafe fn init(&mut self) { - // nothing to do - } - - pub unsafe fn lock(&self) { - while !self.try_lock() { - // SAFETY: the caller must uphold the safety contract for `memory_atomic_wait32`. - let val = unsafe { - wasm32::memory_atomic_wait32( - self.ptr(), - 1, // we expect our mutex is locked - -1, // wait infinitely - ) - }; - // we should have either woke up (0) or got a not-equal due to a - // race (1). We should never time out (2) - debug_assert!(val == 0 || val == 1); - } - } - - pub unsafe fn unlock(&self) { - let prev = self.locked.swap(0, SeqCst); - debug_assert_eq!(prev, 1); - wasm32::memory_atomic_notify(self.ptr(), 1); // wake up one waiter, if any - } - - #[inline] - pub unsafe fn try_lock(&self) -> bool { - self.locked.compare_exchange(0, 1, SeqCst, SeqCst).is_ok() - } - - #[inline] - pub unsafe fn destroy(&self) { - // nothing to do - } - - #[inline] - fn ptr(&self) -> *mut i32 { - assert_eq!(mem::size_of::(), mem::size_of::()); - self.locked.as_mut_ptr() as *mut i32 - } -} diff --git a/library/std/src/sys/wasm/atomics/rwlock.rs b/library/std/src/sys/wasm/atomics/rwlock.rs deleted file mode 100644 index 690bb155e1a27..0000000000000 --- a/library/std/src/sys/wasm/atomics/rwlock.rs +++ /dev/null @@ -1,145 +0,0 @@ -use crate::cell::UnsafeCell; -use crate::sys::locks::{Condvar, Mutex}; - -pub struct RwLock { - lock: Mutex, - cond: Condvar, - state: UnsafeCell, -} - -pub type MovableRwLock = RwLock; - -enum State { - Unlocked, - Reading(usize), - Writing, -} - -unsafe impl Send for RwLock {} -unsafe impl Sync for RwLock {} - -// This rwlock implementation is a relatively simple implementation which has a -// condition variable for readers/writers as well as a mutex protecting the -// internal state of the lock. A current downside of the implementation is that -// unlocking the lock will notify *all* waiters rather than just readers or just -// writers. This can cause lots of "thundering stampede" problems. While -// hopefully correct this implementation is very likely to want to be changed in -// the future. - -impl RwLock { - pub const fn new() -> RwLock { - RwLock { lock: Mutex::new(), cond: Condvar::new(), state: UnsafeCell::new(State::Unlocked) } - } - - #[inline] - pub unsafe fn read(&self) { - self.lock.lock(); - while !(*self.state.get()).inc_readers() { - self.cond.wait(&self.lock); - } - self.lock.unlock(); - } - - #[inline] - pub unsafe fn try_read(&self) -> bool { - self.lock.lock(); - let ok = (*self.state.get()).inc_readers(); - self.lock.unlock(); - return ok; - } - - #[inline] - pub unsafe fn write(&self) { - self.lock.lock(); - while !(*self.state.get()).inc_writers() { - self.cond.wait(&self.lock); - } - self.lock.unlock(); - } - - #[inline] - pub unsafe fn try_write(&self) -> bool { - self.lock.lock(); - let ok = (*self.state.get()).inc_writers(); - self.lock.unlock(); - return ok; - } - - #[inline] - pub unsafe fn read_unlock(&self) { - self.lock.lock(); - let notify = (*self.state.get()).dec_readers(); - self.lock.unlock(); - if notify { - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); - } - } - - #[inline] - pub unsafe fn write_unlock(&self) { - self.lock.lock(); - (*self.state.get()).dec_writers(); - self.lock.unlock(); - // FIXME: should only wake up one of these some of the time - self.cond.notify_all(); - } - - #[inline] - pub unsafe fn destroy(&self) { - self.lock.destroy(); - self.cond.destroy(); - } -} - -impl State { - fn inc_readers(&mut self) -> bool { - match *self { - State::Unlocked => { - *self = State::Reading(1); - true - } - State::Reading(ref mut cnt) => { - *cnt += 1; - true - } - State::Writing => false, - } - } - - fn inc_writers(&mut self) -> bool { - match *self { - State::Unlocked => { - *self = State::Writing; - true - } - State::Reading(_) | State::Writing => false, - } - } - - fn dec_readers(&mut self) -> bool { - let zero = match *self { - State::Reading(ref mut cnt) => { - *cnt -= 1; - *cnt == 0 - } - State::Unlocked | State::Writing => invalid(), - }; - if zero { - *self = State::Unlocked; - } - zero - } - - fn dec_writers(&mut self) { - match *self { - State::Writing => {} - State::Unlocked | State::Reading(_) => invalid(), - } - *self = State::Unlocked; - } -} - -fn invalid() -> ! { - panic!("inconsistent rwlock"); -} diff --git a/library/std/src/sys/wasm/atomics/thread.rs b/library/std/src/sys/wasm/atomics/thread.rs index 16418a06226e4..714b704922794 100644 --- a/library/std/src/sys/wasm/atomics/thread.rs +++ b/library/std/src/sys/wasm/atomics/thread.rs @@ -53,37 +53,3 @@ pub mod guard { None } } - -// We currently just use our own thread-local to store our -// current thread's ID, and then we lazily initialize it to something allocated -// from a global counter. -pub fn my_id() -> u32 { - use crate::sync::atomic::{AtomicU32, Ordering::SeqCst}; - - static NEXT_ID: AtomicU32 = AtomicU32::new(0); - - #[thread_local] - static mut MY_ID: u32 = 0; - - unsafe { - // If our thread ID isn't set yet then we need to allocate one. Do so - // with with a simple "atomically add to a global counter" strategy. - // This strategy doesn't handled what happens when the counter - // overflows, however, so just abort everything once the counter - // overflows and eventually we could have some sort of recycling scheme - // (or maybe this is all totally irrelevant by that point!). In any case - // though we're using a CAS loop instead of a `fetch_add` to ensure that - // the global counter never overflows. - if MY_ID == 0 { - let mut cur = NEXT_ID.load(SeqCst); - MY_ID = loop { - let next = cur.checked_add(1).unwrap_or_else(|| crate::process::abort()); - match NEXT_ID.compare_exchange(cur, next, SeqCst, SeqCst) { - Ok(_) => break next, - Err(i) => cur = i, - } - }; - } - MY_ID - } -} diff --git a/library/std/src/sys/wasm/mod.rs b/library/std/src/sys/wasm/mod.rs index 9f6700caf14bf..9992e44b0e756 100644 --- a/library/std/src/sys/wasm/mod.rs +++ b/library/std/src/sys/wasm/mod.rs @@ -49,16 +49,13 @@ pub mod time; cfg_if::cfg_if! { if #[cfg(target_feature = "atomics")] { - #[path = "atomics/condvar.rs"] - mod condvar; - #[path = "atomics/mutex.rs"] - mod mutex; - #[path = "atomics/rwlock.rs"] - mod rwlock; + #[path = "../unix/locks"] pub mod locks { - pub use super::condvar::*; - pub use super::mutex::*; - pub use super::rwlock::*; + #![allow(unsafe_op_in_unsafe_fn)] + mod futex; + mod futex_rwlock; + pub use futex::{Mutex, MovableMutex, Condvar, MovableCondvar}; + pub use futex_rwlock::{RwLock, MovableRwLock}; } #[path = "atomics/futex.rs"] pub mod futex; From cff3f1e8d52a1bd6340362cbe7689dd6fa4f72e1 Mon Sep 17 00:00:00 2001 From: Geoffry Song Date: Wed, 20 Apr 2022 00:46:50 +0000 Subject: [PATCH 9/9] remove_dir_all_recursive: treat ELOOP the same as ENOTDIR --- library/std/src/sys/unix/fs.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/std/src/sys/unix/fs.rs b/library/std/src/sys/unix/fs.rs index 7181451de575f..a60b19976ba4e 100644 --- a/library/std/src/sys/unix/fs.rs +++ b/library/std/src/sys/unix/fs.rs @@ -1647,8 +1647,9 @@ mod remove_dir_impl { fn remove_dir_all_recursive(parent_fd: Option, path: &CStr) -> io::Result<()> { // try opening as directory let fd = match openat_nofollow_dironly(parent_fd, &path) { - Err(err) if err.raw_os_error() == Some(libc::ENOTDIR) => { + Err(err) if matches!(err.raw_os_error(), Some(libc::ENOTDIR | libc::ELOOP)) => { // not a directory - don't traverse further + // (for symlinks, older Linux kernels may return ELOOP instead of ENOTDIR) return match parent_fd { // unlink... Some(parent_fd) => {