1 //! Validates the MIR to ensure that invariants are upheld.
3 use crate::dataflow::impls::MaybeStorageLive;
4 use crate::dataflow::{Analysis, ResultsCursor};
5 use crate::util::storage::AlwaysLiveLocals;
8 use rustc_index::bit_set::BitSet;
9 use rustc_infer::infer::TyCtxtInferExt;
10 use rustc_middle::mir::interpret::Scalar;
11 use rustc_middle::mir::traversal;
12 use rustc_middle::mir::visit::{PlaceContext, Visitor};
13 use rustc_middle::mir::{
14 AggregateKind, BasicBlock, Body, BorrowKind, Local, Location, MirPhase, Operand, PlaceRef,
15 Rvalue, SourceScope, Statement, StatementKind, Terminator, TerminatorKind,
17 use rustc_middle::ty::fold::BottomUpFolder;
18 use rustc_middle::ty::{self, ParamEnv, Ty, TyCtxt, TypeFoldable};
19 use rustc_target::abi::Size;
21 #[derive(Copy, Clone, Debug)]
27 pub struct Validator {
28 /// Describes at which point in the pipeline this validation is happening.
30 /// The phase for which we are upholding the dialect. If the given phase forbids a specific
31 /// element, this validator will now emit errors if that specific element is encountered.
32 /// Note that phases that change the dialect cause all *following* phases to check the
33 /// invariants of the new dialect. A phase that changes dialects never checks the new invariants
35 pub mir_phase: MirPhase,
38 impl<'tcx> MirPass<'tcx> for Validator {
39 fn run_pass(&self, tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) {
40 let def_id = body.source.def_id();
41 let param_env = tcx.param_env(def_id);
42 let mir_phase = self.mir_phase;
44 let always_live_locals = AlwaysLiveLocals::new(body);
45 let storage_liveness = MaybeStorageLive::new(always_live_locals)
46 .into_engine(tcx, body)
47 .iterate_to_fixpoint()
48 .into_results_cursor(body);
56 reachable_blocks: traversal::reachable_as_bitset(body),
58 place_cache: Vec::new(),
64 /// Returns whether the two types are equal up to lifetimes.
65 /// All lifetimes, including higher-ranked ones, get ignored for this comparison.
66 /// (This is unlike the `erasing_regions` methods, which keep higher-ranked lifetimes for soundness reasons.)
68 /// The point of this function is to approximate "equal up to subtyping". However,
69 /// the approximation is incorrect as variance is ignored.
70 pub fn equal_up_to_regions(
72 param_env: ParamEnv<'tcx>,
81 // Normalize lifetimes away on both sides, then compare.
82 let param_env = param_env.with_reveal_all_normalized(tcx);
83 let normalize = |ty: Ty<'tcx>| {
84 tcx.normalize_erasing_regions(
86 ty.fold_with(&mut BottomUpFolder {
88 // FIXME: We erase all late-bound lifetimes, but this is not fully correct.
89 // If you have a type like `<for<'a> fn(&'a u32) as SomeTrait>::Assoc`,
90 // this is not necessarily equivalent to `<fn(&'static u32) as SomeTrait>::Assoc`,
91 // since one may have an `impl SomeTrait for fn(&32)` and
92 // `impl SomeTrait for fn(&'static u32)` at the same time which
93 // specify distinct values for Assoc. (See also #56105)
94 lt_op: |_| tcx.lifetimes.re_erased,
95 // Leave consts and types unchanged.
101 tcx.infer_ctxt().enter(|infcx| infcx.can_eq(param_env, normalize(src), normalize(dest)).is_ok())
104 struct TypeChecker<'a, 'tcx> {
106 body: &'a Body<'tcx>,
108 param_env: ParamEnv<'tcx>,
110 reachable_blocks: BitSet<BasicBlock>,
111 storage_liveness: ResultsCursor<'a, 'tcx, MaybeStorageLive>,
112 place_cache: Vec<PlaceRef<'tcx>>,
115 impl<'a, 'tcx> TypeChecker<'a, 'tcx> {
116 fn fail(&self, location: Location, msg: impl AsRef<str>) {
117 let span = self.body.source_info(location).span;
118 // We use `delay_span_bug` as we might see broken MIR when other errors have already
120 self.tcx.sess.diagnostic().delay_span_bug(
123 "broken MIR in {:?} ({}) at {:?}:\n{}",
124 self.body.source.instance,
132 fn check_edge(&self, location: Location, bb: BasicBlock, edge_kind: EdgeKind) {
133 if let Some(bb) = self.body.basic_blocks().get(bb) {
134 let src = self.body.basic_blocks().get(location.block).unwrap();
135 match (src.is_cleanup, bb.is_cleanup, edge_kind) {
136 // Non-cleanup blocks can jump to non-cleanup blocks along non-unwind edges
137 (false, false, EdgeKind::Normal)
138 // Non-cleanup blocks can jump to cleanup blocks along unwind edges
139 | (false, true, EdgeKind::Unwind)
140 // Cleanup blocks can jump to cleanup blocks along non-unwind edges
141 | (true, true, EdgeKind::Normal) => {}
142 // All other jumps are invalid
147 "{:?} edge to {:?} violates unwind invariants (cleanup {:?} -> {:?})",
157 self.fail(location, format!("encountered jump to invalid basic block {:?}", bb))
161 /// Check if src can be assigned into dest.
162 /// This is not precise, it will accept some incorrect assignments.
163 fn mir_assign_valid_types(&self, src: Ty<'tcx>, dest: Ty<'tcx>) -> bool {
164 // Fast path before we normalize.
166 // Equal types, all is good.
169 // Normalize projections and things like that.
170 // FIXME: We need to reveal_all, as some optimizations change types in ways
171 // that require unfolding opaque types.
172 let param_env = self.param_env.with_reveal_all_normalized(self.tcx);
173 let src = self.tcx.normalize_erasing_regions(param_env, src);
174 let dest = self.tcx.normalize_erasing_regions(param_env, dest);
176 // Type-changing assignments can happen when subtyping is used. While
177 // all normal lifetimes are erased, higher-ranked types with their
178 // late-bound lifetimes are still around and can lead to type
179 // differences. So we compare ignoring lifetimes.
180 equal_up_to_regions(self.tcx, param_env, src, dest)
184 impl<'a, 'tcx> Visitor<'tcx> for TypeChecker<'a, 'tcx> {
185 fn visit_local(&mut self, local: &Local, context: PlaceContext, location: Location) {
186 if self.body.local_decls.get(*local).is_none() {
189 format!("local {:?} has no corresponding declaration in `body.local_decls`", local),
193 if self.reachable_blocks.contains(location.block) && context.is_use() {
194 // Uses of locals must occur while the local's storage is allocated.
195 self.storage_liveness.seek_after_primary_effect(location);
196 let locals_with_storage = self.storage_liveness.get();
197 if !locals_with_storage.contains(*local) {
198 self.fail(location, format!("use of local {:?}, which has no storage here", local));
203 fn visit_operand(&mut self, operand: &Operand<'tcx>, location: Location) {
204 // This check is somewhat expensive, so only run it when -Zvalidate-mir is passed.
205 if self.tcx.sess.opts.debugging_opts.validate_mir {
206 // `Operand::Copy` is only supposed to be used with `Copy` types.
207 if let Operand::Copy(place) = operand {
208 let ty = place.ty(&self.body.local_decls, self.tcx).ty;
209 let span = self.body.source_info(location).span;
211 if !ty.is_copy_modulo_regions(self.tcx.at(span), self.param_env) {
212 self.fail(location, format!("`Operand::Copy` with non-`Copy` type {}", ty));
217 self.super_operand(operand, location);
220 fn visit_statement(&mut self, statement: &Statement<'tcx>, location: Location) {
221 match &statement.kind {
222 StatementKind::Assign(box (dest, rvalue)) => {
223 // LHS and RHS of the assignment must have the same type.
224 let left_ty = dest.ty(&self.body.local_decls, self.tcx).ty;
225 let right_ty = rvalue.ty(&self.body.local_decls, self.tcx);
226 if !self.mir_assign_valid_types(right_ty, left_ty) {
230 "encountered `{:?}` with incompatible types:\n\
231 left-hand side has type: {}\n\
232 right-hand side has type: {}",
233 statement.kind, left_ty, right_ty,
238 // The sides of an assignment must not alias. Currently this just checks whether the places
240 Rvalue::Use(Operand::Copy(src) | Operand::Move(src)) => {
244 "encountered `Assign` statement with overlapping memory",
248 // The deaggregator currently does not deaggreagate arrays.
249 // So for now, we ignore them here.
250 Rvalue::Aggregate(box AggregateKind::Array { .. }, _) => {}
251 // All other aggregates must be gone after some phases.
252 Rvalue::Aggregate(box kind, _) => {
253 if self.mir_phase > MirPhase::DropLowering
254 && !matches!(kind, AggregateKind::Generator(..))
256 // Generators persist until the state machine transformation, but all
257 // other aggregates must have been lowered.
260 format!("{:?} have been lowered to field assignments", rvalue),
262 } else if self.mir_phase > MirPhase::GeneratorLowering {
263 // No more aggregates after drop and generator lowering.
266 format!("{:?} have been lowered to field assignments", rvalue),
270 Rvalue::Ref(_, BorrowKind::Shallow, _) => {
271 if self.mir_phase > MirPhase::DropLowering {
274 "`Assign` statement with a `Shallow` borrow should have been removed after drop lowering phase",
281 StatementKind::AscribeUserType(..) => {
282 if self.mir_phase > MirPhase::DropLowering {
285 "`AscribeUserType` should have been removed after drop lowering phase",
289 StatementKind::FakeRead(..) => {
290 if self.mir_phase > MirPhase::DropLowering {
293 "`FakeRead` should have been removed after drop lowering phase",
300 self.super_statement(statement, location);
303 fn visit_terminator(&mut self, terminator: &Terminator<'tcx>, location: Location) {
304 match &terminator.kind {
305 TerminatorKind::Goto { target } => {
306 self.check_edge(location, *target, EdgeKind::Normal);
308 TerminatorKind::SwitchInt { targets, switch_ty, discr } => {
309 let ty = discr.ty(&self.body.local_decls, self.tcx);
310 if ty != *switch_ty {
314 "encountered `SwitchInt` terminator with type mismatch: {:?} != {:?}",
320 let target_width = self.tcx.sess.target.pointer_width;
322 let size = Size::from_bits(match switch_ty.kind() {
323 ty::Uint(uint) => uint.normalize(target_width).bit_width().unwrap(),
324 ty::Int(int) => int.normalize(target_width).bit_width().unwrap(),
327 other => bug!("unhandled type: {:?}", other),
330 for (value, target) in targets.iter() {
331 if Scalar::<()>::try_from_uint(value, size).is_none() {
334 format!("the value {:#x} is not a proper {:?}", value, switch_ty),
338 self.check_edge(location, target, EdgeKind::Normal);
340 self.check_edge(location, targets.otherwise(), EdgeKind::Normal);
342 TerminatorKind::Drop { target, unwind, .. } => {
343 self.check_edge(location, *target, EdgeKind::Normal);
344 if let Some(unwind) = unwind {
345 self.check_edge(location, *unwind, EdgeKind::Unwind);
348 TerminatorKind::DropAndReplace { target, unwind, .. } => {
349 if self.mir_phase > MirPhase::DropLowering {
352 "`DropAndReplace` is not permitted to exist after drop elaboration",
355 self.check_edge(location, *target, EdgeKind::Normal);
356 if let Some(unwind) = unwind {
357 self.check_edge(location, *unwind, EdgeKind::Unwind);
360 TerminatorKind::Call { func, args, destination, cleanup, .. } => {
361 let func_ty = func.ty(&self.body.local_decls, self.tcx);
362 match func_ty.kind() {
363 ty::FnPtr(..) | ty::FnDef(..) => {}
366 format!("encountered non-callable type {} in `Call` terminator", func_ty),
369 if let Some((_, target)) = destination {
370 self.check_edge(location, *target, EdgeKind::Normal);
372 if let Some(cleanup) = cleanup {
373 self.check_edge(location, *cleanup, EdgeKind::Unwind);
376 // The call destination place and Operand::Move place used as an argument might be
377 // passed by a reference to the callee. Consequently they must be non-overlapping.
378 // Currently this simply checks for duplicate places.
379 self.place_cache.clear();
380 if let Some((destination, _)) = destination {
381 self.place_cache.push(destination.as_ref());
384 if let Operand::Move(place) = arg {
385 self.place_cache.push(place.as_ref());
388 let all_len = self.place_cache.len();
389 self.place_cache.sort_unstable();
390 self.place_cache.dedup();
391 let has_duplicates = all_len != self.place_cache.len();
396 "encountered overlapping memory in `Call` terminator: {:?}",
402 TerminatorKind::Assert { cond, target, cleanup, .. } => {
403 let cond_ty = cond.ty(&self.body.local_decls, self.tcx);
404 if cond_ty != self.tcx.types.bool {
408 "encountered non-boolean condition of type {} in `Assert` terminator",
413 self.check_edge(location, *target, EdgeKind::Normal);
414 if let Some(cleanup) = cleanup {
415 self.check_edge(location, *cleanup, EdgeKind::Unwind);
418 TerminatorKind::Yield { resume, drop, .. } => {
419 if self.mir_phase > MirPhase::GeneratorLowering {
420 self.fail(location, "`Yield` should have been replaced by generator lowering");
422 self.check_edge(location, *resume, EdgeKind::Normal);
423 if let Some(drop) = drop {
424 self.check_edge(location, *drop, EdgeKind::Normal);
427 TerminatorKind::FalseEdge { real_target, imaginary_target } => {
428 self.check_edge(location, *real_target, EdgeKind::Normal);
429 self.check_edge(location, *imaginary_target, EdgeKind::Normal);
431 TerminatorKind::FalseUnwind { real_target, unwind } => {
432 self.check_edge(location, *real_target, EdgeKind::Normal);
433 if let Some(unwind) = unwind {
434 self.check_edge(location, *unwind, EdgeKind::Unwind);
437 TerminatorKind::InlineAsm { destination, .. } => {
438 if let Some(destination) = destination {
439 self.check_edge(location, *destination, EdgeKind::Normal);
442 // Nothing to validate for these.
443 TerminatorKind::Resume
444 | TerminatorKind::Abort
445 | TerminatorKind::Return
446 | TerminatorKind::Unreachable
447 | TerminatorKind::GeneratorDrop => {}
450 self.super_terminator(terminator, location);
453 fn visit_source_scope(&mut self, scope: &SourceScope) {
454 if self.body.source_scopes.get(*scope).is_none() {
455 self.tcx.sess.diagnostic().delay_span_bug(
458 "broken MIR in {:?} ({}):\ninvalid source scope {:?}",
459 self.body.source.instance, self.when, scope,
projects / rust.git / blob