1 // Copyright 2012-2014 The Rust Project Developers. See the COPYRIGHT
2 // file at the top-level directory of this distribution and at
3 // http://rust-lang.org/COPYRIGHT.
5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8 // option. This file may not be copied, modified, or distributed
9 // except according to those terms.
11 // ----------------------------------------------------------------------
14 // The borrow check proceeds in two phases. In phase one, we gather the full
15 // set of loans that are required at any point. These are sorted according to
16 // their associated scopes. In phase two, checking loans, we will then make
17 // sure that all of these loans are honored.
20 use borrowck::move_data::MoveData;
21 use rustc::middle::expr_use_visitor as euv;
22 use rustc::middle::mem_categorization as mc;
23 use rustc::middle::mem_categorization::Categorization;
24 use rustc::middle::region;
25 use rustc::ty::{self, TyCtxt};
31 use self::restrictions::RestrictionResult;
38 pub fn gather_loans_in_fn<'a, 'tcx>(bccx: &BorrowckCtxt<'a, 'tcx>,
40 -> (Vec<Loan<'tcx>>, move_data::MoveData<'tcx>) {
41 let def_id = bccx.tcx.hir().body_owner_def_id(body);
42 let param_env = bccx.tcx.param_env(def_id);
43 let mut glcx = GatherLoanCtxt {
45 all_loans: Vec::new(),
46 item_ub: region::Scope {
47 id: bccx.tcx.hir().body(body).value.hir_id.local_id,
48 data: region::ScopeData::Node
50 move_data: MoveData::default(),
51 move_error_collector: move_error::MoveErrorCollector::new(),
54 let rvalue_promotable_map = bccx.tcx.rvalue_promotable_map(def_id);
55 euv::ExprUseVisitor::new(&mut glcx,
58 &bccx.region_scope_tree,
60 Some(rvalue_promotable_map))
61 .consume_body(bccx.body);
63 glcx.report_potential_errors();
64 let GatherLoanCtxt { all_loans, move_data, .. } = glcx;
65 (all_loans, move_data)
68 struct GatherLoanCtxt<'a, 'tcx: 'a> {
69 bccx: &'a BorrowckCtxt<'a, 'tcx>,
70 move_data: move_data::MoveData<'tcx>,
71 move_error_collector: move_error::MoveErrorCollector<'tcx>,
72 all_loans: Vec<Loan<'tcx>>,
73 /// `item_ub` is used as an upper-bound on the lifetime whenever we
74 /// ask for the scope of an expression categorized as an upvar.
75 item_ub: region::Scope,
78 impl<'a, 'tcx> euv::Delegate<'tcx> for GatherLoanCtxt<'a, 'tcx> {
80 consume_id: ast::NodeId,
83 mode: euv::ConsumeMode) {
84 debug!("consume(consume_id={}, cmt={:?}, mode={:?})",
85 consume_id, cmt, mode);
88 euv::Move(move_reason) => {
89 gather_moves::gather_move_from_expr(
90 self.bccx, &self.move_data, &mut self.move_error_collector,
91 self.bccx.tcx.hir().node_to_hir_id(consume_id).local_id, cmt, move_reason);
97 fn matched_pat(&mut self,
98 matched_pat: &hir::Pat,
100 mode: euv::MatchMode) {
101 debug!("matched_pat(matched_pat={:?}, cmt={:?}, mode={:?})",
107 fn consume_pat(&mut self,
108 consume_pat: &hir::Pat,
109 cmt: &mc::cmt_<'tcx>,
110 mode: euv::ConsumeMode) {
111 debug!("consume_pat(consume_pat={:?}, cmt={:?}, mode={:?})",
117 euv::Copy => { return; }
121 gather_moves::gather_move_from_pat(
122 self.bccx, &self.move_data, &mut self.move_error_collector,
127 borrow_id: ast::NodeId,
129 cmt: &mc::cmt_<'tcx>,
130 loan_region: ty::Region<'tcx>,
132 loan_cause: euv::LoanCause)
134 debug!("borrow(borrow_id={}, cmt={:?}, loan_region={:?}, \
135 bk={:?}, loan_cause={:?})",
136 borrow_id, cmt, loan_region,
138 let hir_id = self.bccx.tcx.hir().node_to_hir_id(borrow_id);
139 self.guarantee_valid(hir_id.local_id,
148 assignment_id: ast::NodeId,
149 assignment_span: Span,
150 assignee_cmt: &mc::cmt_<'tcx>,
153 self.guarantee_assignment_valid(assignment_id,
158 fn decl_without_init(&mut self, id: ast::NodeId, _span: Span) {
161 .node_id_to_type(self.bccx.tcx.hir().node_to_hir_id(id));
162 gather_moves::gather_decl(self.bccx, &self.move_data, id, ty);
166 /// Implements the A-* rules in README.md.
167 fn check_aliasability<'a, 'tcx>(bccx: &BorrowckCtxt<'a, 'tcx>,
169 loan_cause: AliasableViolationKind,
170 cmt: &mc::cmt_<'tcx>,
171 req_kind: ty::BorrowKind)
174 let aliasability = cmt.freely_aliasable();
175 debug!("check_aliasability aliasability={:?} req_kind={:?}",
176 aliasability, req_kind);
178 match (aliasability, req_kind) {
179 (mc::Aliasability::NonAliasable, _) => {
180 /* Uniquely accessible path -- OK for `&` and `&mut` */
183 (mc::Aliasability::FreelyAliasable(mc::AliasableStatic), ty::ImmBorrow) => {
184 // Borrow of an immutable static item.
187 (mc::Aliasability::FreelyAliasable(mc::AliasableStaticMut), _) => {
188 // Even touching a static mut is considered unsafe. We assume the
189 // user knows what they're doing in these cases.
192 (mc::Aliasability::FreelyAliasable(alias_cause), ty::UniqueImmBorrow) |
193 (mc::Aliasability::FreelyAliasable(alias_cause), ty::MutBorrow) => {
194 bccx.report_aliasability_violation(
207 /// Implements the M-* rules in README.md.
208 fn check_mutability<'a, 'tcx>(bccx: &BorrowckCtxt<'a, 'tcx>,
210 cause: AliasableViolationKind,
211 cmt: &mc::cmt_<'tcx>,
212 req_kind: ty::BorrowKind)
214 debug!("check_mutability(cause={:?} cmt={:?} req_kind={:?}",
215 cause, cmt, req_kind);
217 ty::UniqueImmBorrow | ty::ImmBorrow => {
219 // I am intentionally leaving this here to help
220 // refactoring if, in the future, we should add new
221 // kinds of mutability.
222 mc::McImmutable | mc::McDeclared | mc::McInherited => {
223 // both imm and mut data can be lent as imm;
224 // for mutable data, this is a freeze
231 // Only mutable data can be lent as mutable.
232 if !cmt.mutbl.is_mutable() {
233 Err(bccx.report(BckError { span: borrow_span,
244 impl<'a, 'tcx> GatherLoanCtxt<'a, 'tcx> {
245 pub fn tcx(&self) -> TyCtxt<'a, 'tcx, 'tcx> { self.bccx.tcx }
247 /// Guarantees that `cmt` is assignable, or reports an error.
248 fn guarantee_assignment_valid(&mut self,
249 assignment_id: ast::NodeId,
250 assignment_span: Span,
251 cmt: &mc::cmt_<'tcx>) {
253 let opt_lp = opt_loan_path(cmt);
254 debug!("guarantee_assignment_valid(assignment_id={}, cmt={:?}) opt_lp={:?}",
255 assignment_id, cmt, opt_lp);
257 if let Categorization::Local(..) = cmt.cat {
258 // Only re-assignments to locals require it to be
259 // mutable - this is checked in check_loans.
261 // Check that we don't allow assignments to non-mutable data.
262 if check_mutability(self.bccx, assignment_span, MutabilityViolation,
263 cmt, ty::MutBorrow).is_err() {
264 return; // reported an error, no sense in reporting more.
268 // Check that we don't allow assignments to aliasable data
269 if check_aliasability(self.bccx, assignment_span, MutabilityViolation,
270 cmt, ty::MutBorrow).is_err() {
271 return; // reported an error, no sense in reporting more.
276 if let Categorization::Local(..) = cmt.cat {
277 // Only re-assignments to locals require it to be
278 // mutable - this is checked in check_loans.
280 self.mark_loan_path_as_mutated(&lp);
282 gather_moves::gather_assignment(self.bccx, &self.move_data,
283 self.bccx.tcx.hir().node_to_hir_id(assignment_id)
289 // This can occur with e.g. `*foo() = 5`. In such
290 // cases, there is no need to check for conflicts
291 // with moves etc, just ignore.
296 /// Guarantees that `addr_of(cmt)` will be valid for the duration of `static_scope_r`, or
297 /// reports an error. This may entail taking out loans, which will be added to the
299 fn guarantee_valid(&mut self,
300 borrow_id: hir::ItemLocalId,
302 cmt: &mc::cmt_<'tcx>,
303 req_kind: ty::BorrowKind,
304 loan_region: ty::Region<'tcx>,
305 cause: euv::LoanCause) {
306 debug!("guarantee_valid(borrow_id={:?}, cmt={:?}, \
307 req_mutbl={:?}, loan_region={:?})",
313 // a loan for the empty region can never be dereferenced, so
315 if *loan_region == ty::ReEmpty {
319 // Check that the lifetime of the borrow does not exceed
320 // the lifetime of the data being borrowed.
321 if lifetime::guarantee_lifetime(self.bccx, self.item_ub,
322 borrow_span, cause, cmt, loan_region).is_err() {
323 return; // reported an error, no sense in reporting more.
326 // Check that we don't allow mutable borrows of non-mutable data.
327 if check_mutability(self.bccx, borrow_span, BorrowViolation(cause),
328 cmt, req_kind).is_err() {
329 return; // reported an error, no sense in reporting more.
332 // Check that we don't allow mutable borrows of aliasable data.
333 if check_aliasability(self.bccx, borrow_span, BorrowViolation(cause),
334 cmt, req_kind).is_err() {
335 return; // reported an error, no sense in reporting more.
338 // Compute the restrictions that are required to enforce the
340 let restr = restrictions::compute_restrictions(
341 self.bccx, borrow_span, cause, &cmt, loan_region);
343 debug!("guarantee_valid(): restrictions={:?}", restr);
345 // Create the loan record (if needed).
346 let loan = match restr {
347 RestrictionResult::Safe => {
348 // No restrictions---no loan record necessary
352 RestrictionResult::SafeIf(loan_path, restricted_paths) => {
353 let loan_scope = match *loan_region {
354 ty::ReScope(scope) => scope,
356 ty::ReEarlyBound(ref br) => {
357 self.bccx.region_scope_tree.early_free_scope(self.tcx(), br)
360 ty::ReFree(ref fr) => {
361 self.bccx.region_scope_tree.free_scope(self.tcx(), fr)
364 ty::ReStatic => self.item_ub,
367 ty::ReClosureBound(..) |
368 ty::ReLateBound(..) |
370 ty::RePlaceholder(..) |
374 "invalid borrow lifetime: {:?}",
378 debug!("loan_scope = {:?}", loan_scope);
380 let borrow_scope = region::Scope {
382 data: region::ScopeData::Node
384 let gen_scope = self.compute_gen_scope(borrow_scope, loan_scope);
385 debug!("gen_scope = {:?}", gen_scope);
387 let kill_scope = self.compute_kill_scope(loan_scope, &loan_path);
388 debug!("kill_scope = {:?}", kill_scope);
390 if req_kind == ty::MutBorrow {
391 self.mark_loan_path_as_mutated(&loan_path);
395 index: self.all_loans.len(),
407 debug!("guarantee_valid(borrow_id={:?}), loan={:?}",
410 // let loan_path = loan.loan_path;
411 // let loan_gen_scope = loan.gen_scope;
412 // let loan_kill_scope = loan.kill_scope;
413 self.all_loans.push(loan);
415 // if loan_gen_scope != borrow_id {
416 // FIXME(https://github.com/rust-lang/rfcs/issues/811) Nested method calls
418 // Typically, the scope of the loan includes the point at
419 // which the loan is originated. This
420 // This is a subtle case. See the test case
421 // <compile-fail/borrowck-bad-nested-calls-free.rs>
422 // to see what we are guarding against.
424 //let restr = restrictions::compute_restrictions(
425 // self.bccx, borrow_span, cmt, RESTR_EMPTY);
428 // index: self.all_loans.len(),
431 // mutbl: ConstMutability,
432 // gen_scope: borrow_id,
434 // span: borrow_span,
440 pub fn mark_loan_path_as_mutated(&self, loan_path: &LoanPath) {
441 //! For mutable loans of content whose mutability derives
442 //! from a local variable, mark the mutability decl as necessary.
444 let mut wrapped_path = Some(loan_path);
445 let mut through_borrow = false;
447 while let Some(current_path) = wrapped_path {
448 wrapped_path = match current_path.kind {
451 let hir_id = self.bccx.tcx.hir().node_to_hir_id(local_id);
452 self.bccx.used_mut_nodes.borrow_mut().insert(hir_id);
456 LpUpvar(ty::UpvarId{ var_path: ty::UpvarPath { hir_id }, closure_expr_id: _ }) => {
457 self.bccx.used_mut_nodes.borrow_mut().insert(hir_id);
460 LpExtend(ref base, mc::McInherited, LpDeref(pointer_kind)) |
461 LpExtend(ref base, mc::McDeclared, LpDeref(pointer_kind)) => {
462 if pointer_kind != mc::Unique {
463 through_borrow = true;
467 LpDowncast(ref base, _) |
468 LpExtend(ref base, mc::McInherited, _) |
469 LpExtend(ref base, mc::McDeclared, _) => {
472 LpExtend(_, mc::McImmutable, _) => {
481 pub fn compute_gen_scope(&self,
482 borrow_scope: region::Scope,
483 loan_scope: region::Scope)
485 //! Determine when to introduce the loan. Typically the loan
486 //! is introduced at the point of the borrow, but in some cases,
487 //! notably method arguments, the loan may be introduced only
488 //! later, once it comes into scope.
490 if self.bccx.region_scope_tree.is_subscope_of(borrow_scope, loan_scope) {
497 pub fn compute_kill_scope(&self, loan_scope: region::Scope, lp: &LoanPath<'tcx>)
499 //! Determine when the loan restrictions go out of scope.
500 //! This is either when the lifetime expires or when the
501 //! local variable which roots the loan-path goes out of scope,
502 //! whichever happens faster.
504 //! It may seem surprising that we might have a loan region
505 //! larger than the variable which roots the loan-path; this can
506 //! come about when variables of `&mut` type are re-borrowed,
507 //! as in this example:
509 //! struct Foo { counter: u32 }
511 //! fn counter<'a>(v: &'a mut Foo) -> &'a mut u32 {
515 //! In this case, the reference (`'a`) outlives the
516 //! variable `v` that hosts it. Note that this doesn't come up
517 //! with immutable `&` pointers, because borrows of such pointers
518 //! do not require restrictions and hence do not cause a loan.
520 let lexical_scope = lp.kill_scope(self.bccx);
521 if self.bccx.region_scope_tree.is_subscope_of(lexical_scope, loan_scope) {
524 assert!(self.bccx.region_scope_tree.is_subscope_of(loan_scope, lexical_scope));
529 pub fn report_potential_errors(&self) {
530 self.move_error_collector.report_potential_errors(self.bccx);