1 // Copyright 2017 The Rust Project Developers. See the COPYRIGHT
2 // file at the top-level directory of this distribution and at
3 // http://rust-lang.org/COPYRIGHT.
5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8 // option. This file may not be copied, modified, or distributed
9 // except according to those terms.
11 //! This query borrow-checks the MIR to (further) ensure it is not broken.
13 use borrow_check::nll::region_infer::{RegionCausalInfo, RegionInferenceContext};
15 use rustc::hir::def_id::DefId;
16 use rustc::hir::map::definitions::DefPathData;
17 use rustc::infer::InferCtxt;
18 use rustc::ty::{self, ParamEnv, TyCtxt};
19 use rustc::ty::maps::Providers;
20 use rustc::mir::{AssertMessage, BasicBlock, BorrowKind, Location, Place};
21 use rustc::mir::{Mir, Mutability, Operand, Projection, ProjectionElem, Rvalue};
22 use rustc::mir::{Field, Statement, StatementKind, Terminator, TerminatorKind};
23 use rustc::mir::ClosureRegionRequirements;
25 use rustc_data_structures::control_flow_graph::dominators::Dominators;
26 use rustc_data_structures::fx::FxHashSet;
27 use rustc_data_structures::indexed_set::IdxSetBuf;
28 use rustc_data_structures::indexed_vec::Idx;
34 use dataflow::{do_dataflow, DebugFormatted};
35 use dataflow::FlowAtLocation;
36 use dataflow::MoveDataParamEnv;
37 use dataflow::{DataflowResultsConsumer};
38 use dataflow::{MaybeInitializedPlaces, MaybeUninitializedPlaces};
39 use dataflow::{EverInitializedPlaces, MovingOutStatements};
40 use dataflow::Borrows;
41 use dataflow::indexes::BorrowIndex;
42 use dataflow::move_paths::{IllegalMoveOriginKind, MoveError};
43 use dataflow::move_paths::{HasMoveData, LookupResult, MoveData, MovePathIndex};
44 use util::borrowck_errors::{BorrowckErrors, Origin};
45 use util::collect_writes::FindAssignments;
49 use self::borrow_set::{BorrowSet, BorrowData};
50 use self::flows::Flows;
51 use self::prefixes::PrefixSet;
52 use self::MutateMode::{JustWrite, WriteAndRead};
62 pub fn provide(providers: &mut Providers) {
63 *providers = Providers {
69 fn mir_borrowck<'a, 'tcx>(
70 tcx: TyCtxt<'a, 'tcx, 'tcx>,
72 ) -> Option<ClosureRegionRequirements<'tcx>> {
73 let input_mir = tcx.mir_validated(def_id);
74 debug!("run query mir_borrowck: {}", tcx.item_path_str(def_id));
76 if !tcx.has_attr(def_id, "rustc_mir_borrowck") && !tcx.use_mir_borrowck() {
80 let opt_closure_req = tcx.infer_ctxt().enter(|infcx| {
81 let input_mir: &Mir = &input_mir.borrow();
82 do_mir_borrowck(&infcx, input_mir, def_id)
84 debug!("mir_borrowck done");
89 fn do_mir_borrowck<'a, 'gcx, 'tcx>(
90 infcx: &InferCtxt<'a, 'gcx, 'tcx>,
91 input_mir: &Mir<'gcx>,
93 ) -> Option<ClosureRegionRequirements<'gcx>> {
95 let attributes = tcx.get_attrs(def_id);
96 let param_env = tcx.param_env(def_id);
98 .as_local_node_id(def_id)
99 .expect("do_mir_borrowck: non-local DefId");
101 // Replace all regions with fresh inference variables. This
102 // requires first making our own copy of the MIR. This copy will
103 // be modified (in place) to contain non-lexical lifetimes. It
104 // will have a lifetime tied to the inference context.
105 let mut mir: Mir<'tcx> = input_mir.clone();
106 let free_regions = nll::replace_regions_in_mir(infcx, def_id, param_env, &mut mir);
107 let mir = &mir; // no further changes
109 let move_data: MoveData<'tcx> = match MoveData::gather_moves(mir, tcx) {
110 Ok(move_data) => move_data,
111 Err((move_data, move_errors)) => {
112 for move_error in move_errors {
113 let (span, kind): (Span, IllegalMoveOriginKind) = match move_error {
114 MoveError::UnionMove { .. } => {
115 unimplemented!("don't know how to report union move errors yet.")
117 MoveError::IllegalMove {
118 cannot_move_out_of: o,
119 } => (o.span, o.kind),
121 let origin = Origin::Mir;
122 let mut err = match kind {
123 IllegalMoveOriginKind::Static => {
124 tcx.cannot_move_out_of(span, "static item", origin)
126 IllegalMoveOriginKind::BorrowedContent => {
127 tcx.cannot_move_out_of(span, "borrowed content", origin)
129 IllegalMoveOriginKind::InteriorOfTypeWithDestructor { container_ty: ty } => {
130 tcx.cannot_move_out_of_interior_of_drop(span, ty, origin)
132 IllegalMoveOriginKind::InteriorOfSliceOrArray { ty, is_index } => {
133 tcx.cannot_move_out_of_interior_noncopy(span, ty, is_index, origin)
142 let mdpe = MoveDataParamEnv {
143 move_data: move_data,
144 param_env: param_env,
146 let body_id = match tcx.def_key(def_id).disambiguated_data.data {
147 DefPathData::StructCtor | DefPathData::EnumVariant(_) => None,
148 _ => Some(tcx.hir.body_owned_by(id)),
151 let dead_unwinds = IdxSetBuf::new_empty(mir.basic_blocks().len());
152 let mut flow_inits = FlowAtLocation::new(do_dataflow(
158 MaybeInitializedPlaces::new(tcx, mir, &mdpe),
159 |bd, i| DebugFormatted::new(&bd.move_data().move_paths[i]),
161 let flow_uninits = FlowAtLocation::new(do_dataflow(
167 MaybeUninitializedPlaces::new(tcx, mir, &mdpe),
168 |bd, i| DebugFormatted::new(&bd.move_data().move_paths[i]),
170 let flow_move_outs = FlowAtLocation::new(do_dataflow(
176 MovingOutStatements::new(tcx, mir, &mdpe),
177 |bd, i| DebugFormatted::new(&bd.move_data().moves[i]),
179 let flow_ever_inits = FlowAtLocation::new(do_dataflow(
185 EverInitializedPlaces::new(tcx, mir, &mdpe),
186 |bd, i| DebugFormatted::new(&bd.move_data().inits[i]),
189 let borrow_set = Rc::new(BorrowSet::build(tcx, mir));
191 // If we are in non-lexical mode, compute the non-lexical lifetimes.
192 let (regioncx, opt_closure_req) = nll::compute_regions(
202 let regioncx = Rc::new(regioncx);
203 let flow_inits = flow_inits; // remove mut
205 let flow_borrows = FlowAtLocation::new(do_dataflow(
211 Borrows::new(tcx, mir, regioncx.clone(), def_id, body_id, &borrow_set),
212 |rs, i| DebugFormatted::new(&rs.location(i)),
215 let movable_generator = match tcx.hir.get(id) {
216 hir::map::Node::NodeExpr(&hir::Expr {
217 node: hir::ExprClosure(.., Some(hir::GeneratorMovability::Static)),
223 let dominators = mir.dominators();
225 let mut mbcx = MirBorrowckCtxt {
229 move_data: &mdpe.move_data,
230 param_env: param_env,
232 locals_are_invalidated_at_exit: match tcx.hir.body_owner_kind(id) {
233 hir::BodyOwnerKind::Const | hir::BodyOwnerKind::Static(_) => false,
234 hir::BodyOwnerKind::Fn => true,
236 access_place_error_reported: FxHashSet(),
237 reservation_error_reported: FxHashSet(),
238 moved_error_reported: FxHashSet(),
239 nonlexical_regioncx: regioncx,
240 nonlexical_cause_info: None,
245 let mut state = Flows::new(
253 mbcx.analyze_results(&mut state); // entry point for DataflowResultsConsumer
259 pub struct MirBorrowckCtxt<'cx, 'gcx: 'tcx, 'tcx: 'cx> {
260 tcx: TyCtxt<'cx, 'gcx, 'tcx>,
263 move_data: &'cx MoveData<'tcx>,
264 param_env: ParamEnv<'gcx>,
265 movable_generator: bool,
266 /// This keeps track of whether local variables are free-ed when the function
267 /// exits even without a `StorageDead`, which appears to be the case for
270 /// I'm not sure this is the right approach - @eddyb could you try and
272 locals_are_invalidated_at_exit: bool,
273 /// This field keeps track of when borrow errors are reported in the access_place function
274 /// so that there is no duplicate reporting. This field cannot also be used for the conflicting
275 /// borrow errors that is handled by the `reservation_error_reported` field as the inclusion
276 /// of the `Span` type (while required to mute some errors) stops the muting of the reservation
278 access_place_error_reported: FxHashSet<(Place<'tcx>, Span)>,
279 /// This field keeps track of when borrow conflict errors are reported
280 /// for reservations, so that we don't report seemingly duplicate
281 /// errors for corresponding activations
283 /// FIXME: Ideally this would be a set of BorrowIndex, not Places,
284 /// but it is currently inconvenient to track down the BorrowIndex
285 /// at the time we detect and report a reservation error.
286 reservation_error_reported: FxHashSet<Place<'tcx>>,
287 /// This field keeps track of errors reported in the checking of moved variables,
288 /// so that we don't report report seemingly duplicate errors.
289 moved_error_reported: FxHashSet<Place<'tcx>>,
290 /// Non-lexical region inference context, if NLL is enabled. This
291 /// contains the results from region inference and lets us e.g.
292 /// find out which CFG points are contained in each borrow region.
293 nonlexical_regioncx: Rc<RegionInferenceContext<'tcx>>,
294 nonlexical_cause_info: Option<RegionCausalInfo>,
296 /// The set of borrows extracted from the MIR
297 borrow_set: Rc<BorrowSet<'tcx>>,
299 /// Dominators for MIR
300 dominators: Dominators<BasicBlock>,
304 // 1. assignments are always made to mutable locations (FIXME: does that still really go here?)
305 // 2. loans made in overlapping scopes do not conflict
306 // 3. assignments do not affect things loaned out as immutable
307 // 4. moves do not affect things loaned out in any way
308 impl<'cx, 'gcx, 'tcx> DataflowResultsConsumer<'cx, 'tcx> for MirBorrowckCtxt<'cx, 'gcx, 'tcx> {
309 type FlowState = Flows<'cx, 'gcx, 'tcx>;
311 fn mir(&self) -> &'cx Mir<'tcx> {
315 fn visit_block_entry(&mut self, bb: BasicBlock, flow_state: &Self::FlowState) {
316 debug!("MirBorrowckCtxt::process_block({:?}): {}", bb, flow_state);
319 fn visit_statement_entry(
322 stmt: &Statement<'tcx>,
323 flow_state: &Self::FlowState,
326 "MirBorrowckCtxt::process_statement({:?}, {:?}): {}",
327 location, stmt, flow_state
329 let span = stmt.source_info.span;
331 self.check_activations(location, span, flow_state);
334 StatementKind::Assign(ref lhs, ref rhs) => {
336 ContextKind::AssignRhs.new(location),
343 ContextKind::AssignLhs.new(location),
350 StatementKind::SetDiscriminant {
355 ContextKind::SetDiscrim.new(location),
357 Shallow(Some(ArtificialField::Discriminant)),
362 StatementKind::InlineAsm {
367 let context = ContextKind::InlineAsm.new(location);
368 for (o, output) in asm.outputs.iter().zip(outputs) {
370 // FIXME(eddyb) indirect inline asm outputs should
371 // be encoeded through MIR place derefs instead.
375 (Deep, Read(ReadKind::Copy)),
376 LocalMutationIsAllowed::No,
379 self.check_if_path_or_subpath_is_moved(
381 InitializationRequiringAction::Use,
389 if o.is_rw { Deep } else { Shallow(None) },
390 if o.is_rw { WriteAndRead } else { JustWrite },
395 for input in inputs {
396 self.consume_operand(context, (input, span), flow_state);
399 StatementKind::EndRegion(ref _rgn) => {
400 // ignored when consuming results (update to
401 // flow_state already handled).
404 StatementKind::UserAssertTy(..) |
405 StatementKind::Validate(..) |
406 StatementKind::StorageLive(..) => {
407 // `Nop`, `UserAssertTy`, `Validate`, and `StorageLive` are irrelevant
410 StatementKind::StorageDead(local) => {
412 ContextKind::StorageDead.new(location),
413 (&Place::Local(local), span),
414 (Shallow(None), Write(WriteKind::StorageDeadOrDrop)),
415 LocalMutationIsAllowed::Yes,
422 fn visit_terminator_entry(
425 term: &Terminator<'tcx>,
426 flow_state: &Self::FlowState,
430 "MirBorrowckCtxt::process_terminator({:?}, {:?}): {}",
431 location, term, flow_state
433 let span = term.source_info.span;
435 self.check_activations(location, span, flow_state);
438 TerminatorKind::SwitchInt {
444 self.consume_operand(ContextKind::SwitchInt.new(loc), (discr, span), flow_state);
446 TerminatorKind::Drop {
447 location: ref drop_place,
451 let gcx = self.tcx.global_tcx();
453 // Compute the type with accurate region information.
454 let drop_place_ty = drop_place.ty(self.mir, self.tcx);
456 // Erase the regions.
457 let drop_place_ty = self.tcx.erase_regions(&drop_place_ty).to_ty(self.tcx);
459 // "Lift" into the gcx -- once regions are erased, this type should be in the
460 // global arenas; this "lift" operation basically just asserts that is true, but
461 // that is useful later.
462 let drop_place_ty = gcx.lift(&drop_place_ty).unwrap();
464 self.visit_terminator_drop(loc, term, flow_state, drop_place, drop_place_ty, span);
466 TerminatorKind::DropAndReplace {
467 location: ref drop_place,
468 value: ref new_value,
473 ContextKind::DropAndReplace.new(loc),
479 self.consume_operand(
480 ContextKind::DropAndReplace.new(loc),
485 TerminatorKind::Call {
491 self.consume_operand(ContextKind::CallOperator.new(loc), (func, span), flow_state);
493 self.consume_operand(
494 ContextKind::CallOperand.new(loc),
499 if let Some((ref dest, _ /*bb*/)) = *destination {
501 ContextKind::CallDest.new(loc),
509 TerminatorKind::Assert {
516 self.consume_operand(ContextKind::Assert.new(loc), (cond, span), flow_state);
518 AssertMessage::BoundsCheck { ref len, ref index } => {
519 self.consume_operand(ContextKind::Assert.new(loc), (len, span), flow_state);
520 self.consume_operand(
521 ContextKind::Assert.new(loc),
526 AssertMessage::Math(_ /*const_math_err*/) => {}
527 AssertMessage::GeneratorResumedAfterReturn => {}
528 AssertMessage::GeneratorResumedAfterPanic => {}
532 TerminatorKind::Yield {
537 self.consume_operand(ContextKind::Yield.new(loc), (value, span), flow_state);
539 if self.movable_generator {
540 // Look for any active borrows to locals
541 let borrow_set = self.borrow_set.clone();
542 flow_state.with_outgoing_borrows(|borrows| {
544 let borrow = &borrow_set[i];
545 self.check_for_local_borrow(borrow, span);
551 TerminatorKind::Resume | TerminatorKind::Return | TerminatorKind::GeneratorDrop => {
552 // Returning from the function implicitly kills storage for all locals and statics.
553 // Often, the storage will already have been killed by an explicit
554 // StorageDead, but we don't always emit those (notably on unwind paths),
555 // so this "extra check" serves as a kind of backup.
556 let borrow_set = self.borrow_set.clone();
557 flow_state.with_outgoing_borrows(|borrows| {
559 let borrow = &borrow_set[i];
560 let context = ContextKind::StorageDead.new(loc);
561 self.check_for_invalidation_at_exit(context, borrow, span);
565 TerminatorKind::Goto { target: _ }
566 | TerminatorKind::Abort
567 | TerminatorKind::Unreachable
568 | TerminatorKind::FalseEdges {
570 imaginary_targets: _,
572 | TerminatorKind::FalseUnwind {
576 // no data used, thus irrelevant to borrowck
582 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
588 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
594 use self::ShallowOrDeep::{Deep, Shallow};
595 use self::ReadOrWrite::{Activation, Read, Reservation, Write};
597 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
598 enum ArtificialField {
603 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
605 /// From the RFC: "A *shallow* access means that the immediate
606 /// fields reached at P are accessed, but references or pointers
607 /// found within are not dereferenced. Right now, the only access
608 /// that is shallow is an assignment like `x = ...;`, which would
609 /// be a *shallow write* of `x`."
610 Shallow(Option<ArtificialField>),
612 /// From the RFC: "A *deep* access means that all data reachable
613 /// through the given place may be invalidated or accesses by
618 /// Kind of access to a value: read or write
619 /// (For informational purposes only)
620 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
622 /// From the RFC: "A *read* means that the existing data may be
623 /// read, but will not be changed."
626 /// From the RFC: "A *write* means that the data may be mutated to
627 /// new values or otherwise invalidated (for example, it could be
628 /// de-initialized, as in a move operation).
631 /// For two-phase borrows, we distinguish a reservation (which is treated
632 /// like a Read) from an activation (which is treated like a write), and
633 /// each of those is furthermore distinguished from Reads/Writes above.
634 Reservation(WriteKind),
635 Activation(WriteKind, BorrowIndex),
638 /// Kind of read access to a value
639 /// (For informational purposes only)
640 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
646 /// Kind of write access to a value
647 /// (For informational purposes only)
648 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
651 MutableBorrow(BorrowKind),
656 /// When checking permissions for a place access, this flag is used to indicate that an immutable
657 /// local place can be mutated.
659 /// FIXME: @nikomatsakis suggested that this flag could be removed with the following modifications:
660 /// - Merge `check_access_permissions()` and `check_if_reassignment_to_immutable_state()`
661 /// - Split `is_mutable()` into `is_assignable()` (can be directly assigned) and
662 /// `is_declared_mutable()`
663 /// - Take flow state into consideration in `is_assignable()` for local variables
664 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
665 enum LocalMutationIsAllowed {
667 /// We want use of immutable upvars to cause a "write to immutable upvar"
668 /// error, not an "reassignment" error.
673 struct AccessErrorsReported {
674 mutability_error: bool,
676 conflict_error: bool,
679 #[derive(Copy, Clone)]
680 enum InitializationRequiringAction {
687 impl InitializationRequiringAction {
688 fn as_noun(self) -> &'static str {
690 InitializationRequiringAction::Update => "update",
691 InitializationRequiringAction::Borrow => "borrow",
692 InitializationRequiringAction::Use => "use",
693 InitializationRequiringAction::Assignment => "assign",
697 fn as_verb_in_past_tense(self) -> &'static str {
699 InitializationRequiringAction::Update => "updated",
700 InitializationRequiringAction::Borrow => "borrowed",
701 InitializationRequiringAction::Use => "used",
702 InitializationRequiringAction::Assignment => "assigned",
707 impl<'cx, 'gcx, 'tcx> MirBorrowckCtxt<'cx, 'gcx, 'tcx> {
708 /// Returns true if the borrow represented by `kind` is
709 /// allowed to be split into separate Reservation and
710 /// Activation phases.
711 fn allow_two_phase_borrow(&self, kind: BorrowKind) -> bool {
712 self.tcx.two_phase_borrows()
713 && (kind.allows_two_phase_borrow()
714 || self.tcx.sess.opts.debugging_opts.two_phase_beyond_autoref)
717 /// Invokes `access_place` as appropriate for dropping the value
718 /// at `drop_place`. Note that the *actual* `Drop` in the MIR is
719 /// always for a variable (e.g., `Drop(x)`) -- but we recursively
720 /// break this variable down into subpaths (e.g., `Drop(x.foo)`)
721 /// to indicate more precisely which fields might actually be
722 /// accessed by a destructor.
723 fn visit_terminator_drop(
726 term: &Terminator<'tcx>,
727 flow_state: &Flows<'cx, 'gcx, 'tcx>,
728 drop_place: &Place<'tcx>,
729 erased_drop_place_ty: ty::Ty<'gcx>,
732 match erased_drop_place_ty.sty {
733 // When a struct is being dropped, we need to check
734 // whether it has a destructor, if it does, then we can
735 // call it, if it does not then we need to check the
736 // individual fields instead. This way if `foo` has a
737 // destructor but `bar` does not, we will only check for
738 // borrows of `x.foo` and not `x.bar`. See #47703.
739 ty::TyAdt(def, substs) if def.is_struct() && !def.has_dtor(self.tcx) => {
740 for (index, field) in def.all_fields().enumerate() {
741 let gcx = self.tcx.global_tcx();
742 let field_ty = field.ty(gcx, substs);
743 let field_ty = gcx.normalize_erasing_regions(self.param_env, field_ty);
744 let place = drop_place.clone().field(Field::new(index), field_ty);
746 self.visit_terminator_drop(loc, term, flow_state, &place, field_ty, span);
750 // We have now refined the type of the value being
751 // dropped (potentially) to just the type of a
752 // subfield; so check whether that field's type still
753 // "needs drop". If so, we assume that the destructor
754 // may access any data it likes (i.e., a Deep Write).
755 let gcx = self.tcx.global_tcx();
756 if erased_drop_place_ty.needs_drop(gcx, self.param_env) {
758 ContextKind::Drop.new(loc),
760 (Deep, Write(WriteKind::StorageDeadOrDrop)),
761 LocalMutationIsAllowed::Yes,
769 /// Checks an access to the given place to see if it is allowed. Examines the set of borrows
770 /// that are in scope, as well as which paths have been initialized, to ensure that (a) the
771 /// place is initialized and (b) it is not borrowed in some way that would prevent this
774 /// Returns true if an error is reported, false otherwise.
778 place_span: (&Place<'tcx>, Span),
779 kind: (ShallowOrDeep, ReadOrWrite),
780 is_local_mutation_allowed: LocalMutationIsAllowed,
781 flow_state: &Flows<'cx, 'gcx, 'tcx>,
782 ) -> AccessErrorsReported {
785 if let Activation(_, borrow_index) = rw {
786 if self.reservation_error_reported.contains(&place_span.0) {
788 "skipping access_place for activation of invalid reservation \
789 place: {:?} borrow_index: {:?}",
790 place_span.0, borrow_index
792 return AccessErrorsReported {
793 mutability_error: false,
794 conflict_error: true,
799 if self.access_place_error_reported
800 .contains(&(place_span.0.clone(), place_span.1))
803 "access_place: suppressing error place_span=`{:?}` kind=`{:?}`",
806 return AccessErrorsReported {
807 mutability_error: false,
808 conflict_error: true,
812 let mutability_error =
813 self.check_access_permissions(place_span, rw, is_local_mutation_allowed);
815 self.check_access_for_conflict(context, place_span, sd, rw, flow_state);
817 if conflict_error || mutability_error {
819 "access_place: logging error place_span=`{:?}` kind=`{:?}`",
822 self.access_place_error_reported
823 .insert((place_span.0.clone(), place_span.1));
826 AccessErrorsReported {
832 fn check_access_for_conflict(
835 place_span: (&Place<'tcx>, Span),
838 flow_state: &Flows<'cx, 'gcx, 'tcx>,
841 "check_access_for_conflict(context={:?}, place_span={:?}, sd={:?}, rw={:?})",
848 let mut error_reported = false;
849 self.each_borrow_involving_path(
853 |this, borrow_index, borrow| match (rw, borrow.kind) {
854 // Obviously an activation is compatible with its own
855 // reservation (or even prior activating uses of same
856 // borrow); so don't check if they interfere.
858 // NOTE: *reservations* do conflict with themselves;
859 // thus aren't injecting unsoundenss w/ this check.)
860 (Activation(_, activating), _) if activating == borrow_index => {
862 "check_access_for_conflict place_span: {:?} sd: {:?} rw: {:?} \
863 skipping {:?} b/c activation of same borrow_index",
867 (borrow_index, borrow),
872 (Read(_), BorrowKind::Shared) | (Reservation(..), BorrowKind::Shared) => {
876 (Read(kind), BorrowKind::Unique) | (Read(kind), BorrowKind::Mut { .. }) => {
877 // Reading from mere reservations of mutable-borrows is OK.
878 if !this.is_active(borrow, context.loc) {
879 assert!(this.allow_two_phase_borrow(borrow.kind));
880 return Control::Continue;
885 error_reported = true;
886 this.report_use_while_mutably_borrowed(context, place_span, borrow)
888 ReadKind::Borrow(bk) => {
889 error_reported = true;
890 this.report_conflicting_borrow(
901 (Reservation(kind), BorrowKind::Unique)
902 | (Reservation(kind), BorrowKind::Mut { .. })
903 | (Activation(kind, _), _)
904 | (Write(kind), _) => {
908 "recording invalid reservation of \
912 this.reservation_error_reported.insert(place_span.0.clone());
914 Activation(_, activating) => {
916 "observing check_place for activation of \
921 Read(..) | Write(..) => {}
925 WriteKind::MutableBorrow(bk) => {
926 error_reported = true;
927 this.report_conflicting_borrow(
934 WriteKind::StorageDeadOrDrop => {
935 error_reported = true;
936 this.report_borrowed_value_does_not_live_long_enough(
942 WriteKind::Mutate => {
943 error_reported = true;
944 this.report_illegal_mutation_of_borrowed(context, place_span, borrow)
947 error_reported = true;
948 this.report_move_out_while_borrowed(context, place_span, &borrow)
962 place_span: (&Place<'tcx>, Span),
965 flow_state: &Flows<'cx, 'gcx, 'tcx>,
967 // Write of P[i] or *P, or WriteAndRead of any P, requires P init'd.
969 MutateMode::WriteAndRead => {
970 self.check_if_path_or_subpath_is_moved(
972 InitializationRequiringAction::Update,
977 MutateMode::JustWrite => {
978 self.check_if_assigned_path_is_moved(context, place_span, flow_state);
982 let errors_reported = self.access_place(
985 (kind, Write(WriteKind::Mutate)),
986 // We want immutable upvars to cause an "assignment to immutable var"
987 // error, not an "reassignment of immutable var" error, because the
988 // latter can't find a good previous assignment span.
990 // There's probably a better way to do this.
991 LocalMutationIsAllowed::ExceptUpvars,
995 if !errors_reported.mutability_error {
996 // check for reassignments to immutable local variables
997 self.check_if_reassignment_to_immutable_state(context, place_span, flow_state);
1004 (rvalue, span): (&Rvalue<'tcx>, Span),
1005 _location: Location,
1006 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1009 Rvalue::Ref(_ /*rgn*/, bk, ref place) => {
1010 let access_kind = match bk {
1011 BorrowKind::Shared => (Deep, Read(ReadKind::Borrow(bk))),
1012 BorrowKind::Unique | BorrowKind::Mut { .. } => {
1013 let wk = WriteKind::MutableBorrow(bk);
1014 if self.allow_two_phase_borrow(bk) {
1015 (Deep, Reservation(wk))
1026 LocalMutationIsAllowed::No,
1030 self.check_if_path_or_subpath_is_moved(
1032 InitializationRequiringAction::Borrow,
1038 Rvalue::Use(ref operand)
1039 | Rvalue::Repeat(ref operand, _)
1040 | Rvalue::UnaryOp(_ /*un_op*/, ref operand)
1041 | Rvalue::Cast(_ /*cast_kind*/, ref operand, _ /*ty*/) => {
1042 self.consume_operand(context, (operand, span), flow_state)
1045 Rvalue::Len(ref place) | Rvalue::Discriminant(ref place) => {
1046 let af = match *rvalue {
1047 Rvalue::Len(..) => ArtificialField::ArrayLength,
1048 Rvalue::Discriminant(..) => ArtificialField::Discriminant,
1049 _ => unreachable!(),
1054 (Shallow(Some(af)), Read(ReadKind::Copy)),
1055 LocalMutationIsAllowed::No,
1058 self.check_if_path_or_subpath_is_moved(
1060 InitializationRequiringAction::Use,
1066 Rvalue::BinaryOp(_bin_op, ref operand1, ref operand2)
1067 | Rvalue::CheckedBinaryOp(_bin_op, ref operand1, ref operand2) => {
1068 self.consume_operand(context, (operand1, span), flow_state);
1069 self.consume_operand(context, (operand2, span), flow_state);
1072 Rvalue::NullaryOp(_op, _ty) => {
1073 // nullary ops take no dynamic input; no borrowck effect.
1075 // FIXME: is above actually true? Do we want to track
1076 // the fact that uninitialized data can be created via
1080 Rvalue::Aggregate(ref _aggregate_kind, ref operands) => for operand in operands {
1081 self.consume_operand(context, (operand, span), flow_state);
1089 (operand, span): (&Operand<'tcx>, Span),
1090 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1093 Operand::Copy(ref place) => {
1094 // copy of place: check if this is "copy of frozen path"
1095 // (FIXME: see check_loans.rs)
1099 (Deep, Read(ReadKind::Copy)),
1100 LocalMutationIsAllowed::No,
1104 // Finally, check if path was already moved.
1105 self.check_if_path_or_subpath_is_moved(
1107 InitializationRequiringAction::Use,
1112 Operand::Move(ref place) => {
1113 // move of place: check if this is move of already borrowed path
1117 (Deep, Write(WriteKind::Move)),
1118 LocalMutationIsAllowed::Yes,
1122 // Finally, check if path was already moved.
1123 self.check_if_path_or_subpath_is_moved(
1125 InitializationRequiringAction::Use,
1130 Operand::Constant(_) => {}
1134 /// Returns whether a borrow of this place is invalidated when the function
1136 fn check_for_invalidation_at_exit(
1139 borrow: &BorrowData<'tcx>,
1142 debug!("check_for_invalidation_at_exit({:?})", borrow);
1143 let place = &borrow.borrowed_place;
1144 let root_place = self.prefixes(place, PrefixSet::All).last().unwrap();
1146 // FIXME(nll-rfc#40): do more precise destructor tracking here. For now
1147 // we just know that all locals are dropped at function exit (otherwise
1148 // we'll have a memory leak) and assume that all statics have a destructor.
1150 // FIXME: allow thread-locals to borrow other thread locals?
1151 let (might_be_alive, will_be_dropped) = match root_place {
1152 Place::Static(statik) => {
1153 // Thread-locals might be dropped after the function exits, but
1154 // "true" statics will never be.
1155 let is_thread_local = self.tcx
1156 .get_attrs(statik.def_id)
1158 .any(|attr| attr.check_name("thread_local"));
1160 (true, is_thread_local)
1162 Place::Local(_) => {
1163 // Locals are always dropped at function exit, and if they
1164 // have a destructor it would've been called already.
1165 (false, self.locals_are_invalidated_at_exit)
1167 Place::Projection(..) => {
1168 bug!("root of {:?} is a projection ({:?})?", place, root_place)
1172 if !will_be_dropped {
1174 "place_is_invalidated_at_exit({:?}) - won't be dropped",
1180 // FIXME: replace this with a proper borrow_conflicts_with_place when
1182 let sd = if might_be_alive { Deep } else { Shallow(None) };
1184 if self.places_conflict(place, root_place, sd) {
1185 debug!("check_for_invalidation_at_exit({:?}): INVALID", place);
1186 // FIXME: should be talking about the region lifetime instead
1187 // of just a span here.
1188 let span = self.tcx.sess.codemap().end_point(span);
1189 self.report_borrowed_value_does_not_live_long_enough(
1197 /// Reports an error if this is a borrow of local data.
1198 /// This is called for all Yield statements on movable generators
1199 fn check_for_local_borrow(&mut self, borrow: &BorrowData<'tcx>, yield_span: Span) {
1200 fn borrow_of_local_data<'tcx>(place: &Place<'tcx>) -> bool {
1202 Place::Static(..) => false,
1203 Place::Local(..) => true,
1204 Place::Projection(box proj) => {
1206 // Reborrow of already borrowed data is ignored
1207 // Any errors will be caught on the initial borrow
1208 ProjectionElem::Deref => false,
1210 // For interior references and downcasts, find out if the base is local
1211 ProjectionElem::Field(..)
1212 | ProjectionElem::Index(..)
1213 | ProjectionElem::ConstantIndex { .. }
1214 | ProjectionElem::Subslice { .. }
1215 | ProjectionElem::Downcast(..) => borrow_of_local_data(&proj.base),
1221 debug!("check_for_local_borrow({:?})", borrow);
1223 if borrow_of_local_data(&borrow.borrowed_place) {
1225 .cannot_borrow_across_generator_yield(
1226 self.retrieve_borrow_span(borrow),
1234 fn check_activations(
1238 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1240 if !self.tcx.two_phase_borrows() {
1244 // Two-phase borrow support: For each activation that is newly
1245 // generated at this statement, check if it interferes with
1247 let borrow_set = self.borrow_set.clone();
1248 for &borrow_index in borrow_set.activations_at_location(location) {
1249 let borrow = &borrow_set[borrow_index];
1251 // only mutable borrows should be 2-phase
1252 assert!(match borrow.kind {
1253 BorrowKind::Shared => false,
1254 BorrowKind::Unique | BorrowKind::Mut { .. } => true,
1258 ContextKind::Activation.new(location),
1259 (&borrow.borrowed_place, span),
1262 Activation(WriteKind::MutableBorrow(borrow.kind), borrow_index),
1264 LocalMutationIsAllowed::No,
1267 // We do not need to call `check_if_path_or_subpath_is_moved`
1268 // again, as we already called it when we made the
1269 // initial reservation.
1274 impl<'cx, 'gcx, 'tcx> MirBorrowckCtxt<'cx, 'gcx, 'tcx> {
1275 fn check_if_reassignment_to_immutable_state(
1278 (place, span): (&Place<'tcx>, Span),
1279 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1281 debug!("check_if_reassignment_to_immutable_state({:?})", place);
1282 // determine if this path has a non-mut owner (and thus needs checking).
1283 if let Ok(()) = self.is_mutable(place, LocalMutationIsAllowed::No) {
1287 "check_if_reassignment_to_immutable_state({:?}) - is an imm local",
1291 for i in flow_state.ever_inits.iter_incoming() {
1292 let init = self.move_data.inits[i];
1293 let init_place = &self.move_data.move_paths[init.path].place;
1294 if self.places_conflict(&init_place, place, Deep) {
1295 self.report_illegal_reassignment(context, (place, span), init.span);
1301 fn check_if_full_path_is_moved(
1304 desired_action: InitializationRequiringAction,
1305 place_span: (&Place<'tcx>, Span),
1306 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1308 // FIXME: analogous code in check_loans first maps `place` to
1309 // its base_path ... but is that what we want here?
1310 let place = self.base_path(place_span.0);
1312 let maybe_uninits = &flow_state.uninits;
1313 let curr_move_outs = &flow_state.move_outs;
1317 // 1. Move of `a.b.c`, use of `a.b.c`
1318 // 2. Move of `a.b.c`, use of `a.b.c.d` (without first reinitializing `a.b.c.d`)
1319 // 3. Uninitialized `(a.b.c: &_)`, use of `*a.b.c`; note that with
1320 // partial initialization support, one might have `a.x`
1321 // initialized but not `a.b`.
1325 // 4. Move of `a.b.c`, use of `a.b.d`
1326 // 5. Uninitialized `a.x`, initialized `a.b`, use of `a.b`
1327 // 6. Copied `(a.b: &_)`, use of `*(a.b).c`; note that `a.b`
1328 // must have been initialized for the use to be sound.
1329 // 7. Move of `a.b.c` then reinit of `a.b.c.d`, use of `a.b.c.d`
1331 // The dataflow tracks shallow prefixes distinctly (that is,
1332 // field-accesses on P distinctly from P itself), in order to
1333 // track substructure initialization separately from the whole
1336 // E.g., when looking at (*a.b.c).d, if the closest prefix for
1337 // which we have a MovePath is `a.b`, then that means that the
1338 // initialization state of `a.b` is all we need to inspect to
1339 // know if `a.b.c` is valid (and from that we infer that the
1340 // dereference and `.d` access is also valid, since we assume
1341 // `a.b.c` is assigned a reference to a initialized and
1342 // well-formed record structure.)
1344 // Therefore, if we seek out the *closest* prefix for which we
1345 // have a MovePath, that should capture the initialization
1346 // state for the place scenario.
1348 // This code covers scenarios 1, 2, and 3.
1350 debug!("check_if_full_path_is_moved place: {:?}", place);
1351 match self.move_path_closest_to(place) {
1353 if maybe_uninits.contains(&mpi) {
1354 self.report_use_of_moved_or_uninitialized(
1361 return; // don't bother finding other problems.
1364 Err(NoMovePathFound::ReachedStatic) => {
1365 // Okay: we do not build MoveData for static variables
1366 } // Only query longest prefix with a MovePath, not further
1367 // ancestors; dataflow recurs on children when parents
1368 // move (to support partial (re)inits).
1370 // (I.e. querying parents breaks scenario 7; but may want
1371 // to do such a query based on partial-init feature-gate.)
1375 fn check_if_path_or_subpath_is_moved(
1378 desired_action: InitializationRequiringAction,
1379 place_span: (&Place<'tcx>, Span),
1380 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1382 // FIXME: analogous code in check_loans first maps `place` to
1383 // its base_path ... but is that what we want here?
1384 let place = self.base_path(place_span.0);
1386 let maybe_uninits = &flow_state.uninits;
1387 let curr_move_outs = &flow_state.move_outs;
1391 // 1. Move of `a.b.c`, use of `a` or `a.b`
1392 // partial initialization support, one might have `a.x`
1393 // initialized but not `a.b`.
1394 // 2. All bad scenarios from `check_if_full_path_is_moved`
1398 // 3. Move of `a.b.c`, use of `a.b.d`
1399 // 4. Uninitialized `a.x`, initialized `a.b`, use of `a.b`
1400 // 5. Copied `(a.b: &_)`, use of `*(a.b).c`; note that `a.b`
1401 // must have been initialized for the use to be sound.
1402 // 6. Move of `a.b.c` then reinit of `a.b.c.d`, use of `a.b.c.d`
1404 self.check_if_full_path_is_moved(context, desired_action, place_span, flow_state);
1406 // A move of any shallow suffix of `place` also interferes
1407 // with an attempt to use `place`. This is scenario 3 above.
1409 // (Distinct from handling of scenarios 1+2+4 above because
1410 // `place` does not interfere with suffixes of its prefixes,
1411 // e.g. `a.b.c` does not interfere with `a.b.d`)
1413 // This code covers scenario 1.
1415 debug!("check_if_path_or_subpath_is_moved place: {:?}", place);
1416 if let Some(mpi) = self.move_path_for_place(place) {
1417 if let Some(child_mpi) = maybe_uninits.has_any_child_of(mpi) {
1418 self.report_use_of_moved_or_uninitialized(
1425 return; // don't bother finding other problems.
1430 /// Currently MoveData does not store entries for all places in
1431 /// the input MIR. For example it will currently filter out
1432 /// places that are Copy; thus we do not track places of shared
1433 /// reference type. This routine will walk up a place along its
1434 /// prefixes, searching for a foundational place that *is*
1435 /// tracked in the MoveData.
1437 /// An Err result includes a tag indicated why the search failed.
1438 /// Currently this can only occur if the place is built off of a
1439 /// static variable, as we do not track those in the MoveData.
1440 fn move_path_closest_to(
1442 place: &Place<'tcx>,
1443 ) -> Result<MovePathIndex, NoMovePathFound> {
1444 let mut last_prefix = place;
1445 for prefix in self.prefixes(place, PrefixSet::All) {
1446 if let Some(mpi) = self.move_path_for_place(prefix) {
1449 last_prefix = prefix;
1451 match *last_prefix {
1452 Place::Local(_) => panic!("should have move path for every Local"),
1453 Place::Projection(_) => panic!("PrefixSet::All meant don't stop for Projection"),
1454 Place::Static(_) => return Err(NoMovePathFound::ReachedStatic),
1458 fn move_path_for_place(&mut self, place: &Place<'tcx>) -> Option<MovePathIndex> {
1459 // If returns None, then there is no move path corresponding
1460 // to a direct owner of `place` (which means there is nothing
1461 // that borrowck tracks for its analysis).
1463 match self.move_data.rev_lookup.find(place) {
1464 LookupResult::Parent(_) => None,
1465 LookupResult::Exact(mpi) => Some(mpi),
1469 fn check_if_assigned_path_is_moved(
1472 (place, span): (&Place<'tcx>, Span),
1473 flow_state: &Flows<'cx, 'gcx, 'tcx>,
1475 debug!("check_if_assigned_path_is_moved place: {:?}", place);
1476 // recur down place; dispatch to external checks when necessary
1477 let mut place = place;
1480 Place::Local(_) | Place::Static(_) => {
1481 // assigning to `x` does not require `x` be initialized.
1484 Place::Projection(ref proj) => {
1485 let Projection { ref base, ref elem } = **proj;
1487 ProjectionElem::Index(_/*operand*/) |
1488 ProjectionElem::ConstantIndex { .. } |
1489 // assigning to P[i] requires P to be valid.
1490 ProjectionElem::Downcast(_/*adt_def*/, _/*variant_idx*/) =>
1491 // assigning to (P->variant) is okay if assigning to `P` is okay
1493 // FIXME: is this true even if P is a adt with a dtor?
1496 // assigning to (*P) requires P to be initialized
1497 ProjectionElem::Deref => {
1498 self.check_if_full_path_is_moved(
1499 context, InitializationRequiringAction::Use,
1500 (base, span), flow_state);
1501 // (base initialized; no need to
1506 ProjectionElem::Subslice { .. } => {
1507 panic!("we don't allow assignments to subslices, context: {:?}",
1511 ProjectionElem::Field(..) => {
1512 // if type of `P` has a dtor, then
1513 // assigning to `P.f` requires `P` itself
1514 // be already initialized
1516 match base.ty(self.mir, tcx).to_ty(tcx).sty {
1517 ty::TyAdt(def, _) if def.has_dtor(tcx) => {
1519 // FIXME: analogous code in
1520 // check_loans.rs first maps
1521 // `base` to its base_path.
1523 self.check_if_path_or_subpath_is_moved(
1524 context, InitializationRequiringAction::Assignment,
1525 (base, span), flow_state);
1527 // (base initialized; no need to
1543 fn specialized_description(&self, place:&Place<'tcx>) -> Option<String>{
1544 if let Some(_name) = self.describe_place(place) {
1545 Some(format!("data in a `&` reference"))
1551 fn get_default_err_msg(&self, place:&Place<'tcx>) -> String{
1552 match self.describe_place(place) {
1553 Some(name) => format!("immutable item `{}`", name),
1554 None => "immutable item".to_owned(),
1558 fn get_secondary_err_msg(&self, place:&Place<'tcx>) -> String{
1559 match self.specialized_description(place) {
1560 Some(_) => format!("data in a `&` reference"),
1561 None => self.get_default_err_msg(place)
1565 fn get_primary_err_msg(&self, place:&Place<'tcx>) -> String{
1566 if let Some(name) = self.describe_place(place) {
1567 format!("`{}` is a `&` reference, so the data it refers to cannot be written", name)
1569 format!("cannot assign through `&`-reference")
1573 /// Check the permissions for the given place and read or write kind
1575 /// Returns true if an error is reported, false otherwise.
1576 fn check_access_permissions(
1578 (place, span): (&Place<'tcx>, Span),
1580 is_local_mutation_allowed: LocalMutationIsAllowed,
1583 "check_access_permissions({:?}, {:?}, {:?})",
1584 place, kind, is_local_mutation_allowed
1586 let mut error_reported = false;
1588 Reservation(WriteKind::MutableBorrow(BorrowKind::Unique))
1589 | Write(WriteKind::MutableBorrow(BorrowKind::Unique)) => {
1590 if let Err(_place_err) = self.is_mutable(place, LocalMutationIsAllowed::Yes) {
1591 span_bug!(span, "&unique borrow for {:?} should not fail", place);
1594 Reservation(WriteKind::MutableBorrow(BorrowKind::Mut { .. }))
1595 | Write(WriteKind::MutableBorrow(BorrowKind::Mut { .. })) => if let Err(place_err) =
1596 self.is_mutable(place, is_local_mutation_allowed)
1598 error_reported = true;
1599 let item_msg = self.get_default_err_msg(place);
1600 let mut err = self.tcx
1601 .cannot_borrow_path_as_mutable(span, &item_msg, Origin::Mir);
1602 err.span_label(span, "cannot borrow as mutable");
1604 if place != place_err {
1605 if let Some(name) = self.describe_place(place_err) {
1606 err.note(&format!("the value which is causing this path not to be mutable \
1607 is...: `{}`", name));
1613 Reservation(WriteKind::Mutate) | Write(WriteKind::Mutate) => {
1615 if let Err(place_err) = self.is_mutable(place, is_local_mutation_allowed) {
1616 error_reported = true;
1617 let mut err_info = None;
1620 Place::Projection(box Projection {
1621 ref base, elem:ProjectionElem::Deref}) => {
1623 Place::Local(local) => {
1624 let locations = self.mir.find_assignments(local);
1625 if locations.len() > 0 {
1626 let item_msg = if error_reported {
1627 self.get_secondary_err_msg(base)
1629 self.get_default_err_msg(place)
1631 let sp = self.mir.source_info(locations[0]).span;
1632 let mut to_suggest_span = String::new();
1634 self.tcx.sess.codemap().span_to_snippet(sp) {
1635 to_suggest_span = src[1..].to_string();
1639 "consider changing this to be a \
1643 self.get_primary_err_msg(base)));
1652 if let Some((err_help_span,
1656 sec_span)) = err_info {
1657 let mut err = self.tcx.cannot_assign(span, &item_msg, Origin::Mir);
1658 err.span_suggestion(err_help_span,
1660 format!("&mut {}", to_suggest_span));
1661 if place != place_err {
1662 err.span_label(span, sec_span);
1666 let item_msg_ = self.get_default_err_msg(place);
1667 let mut err = self.tcx.cannot_assign(span, &item_msg_, Origin::Mir);
1668 err.span_label(span, "cannot mutate");
1669 if place != place_err {
1670 if let Some(name) = self.describe_place(place_err) {
1671 err.note(&format!("the value which is causing this path not to be \
1672 mutable is...: `{}`", name));
1679 Reservation(WriteKind::Move)
1680 | Reservation(WriteKind::StorageDeadOrDrop)
1681 | Reservation(WriteKind::MutableBorrow(BorrowKind::Shared))
1682 | Write(WriteKind::Move)
1683 | Write(WriteKind::StorageDeadOrDrop)
1684 | Write(WriteKind::MutableBorrow(BorrowKind::Shared)) => {
1685 if let Err(_place_err) = self.is_mutable(place, is_local_mutation_allowed) {
1686 self.tcx.sess.delay_span_bug(
1689 "Accessing `{:?}` with the kind `{:?}` shouldn't be possible",
1695 Activation(..) => {} // permission checks are done at Reservation point.
1696 Read(ReadKind::Borrow(BorrowKind::Unique))
1697 | Read(ReadKind::Borrow(BorrowKind::Mut { .. }))
1698 | Read(ReadKind::Borrow(BorrowKind::Shared))
1699 | Read(ReadKind::Copy) => {} // Access authorized
1705 /// Can this value be written or borrowed mutably
1708 place: &'d Place<'tcx>,
1709 is_local_mutation_allowed: LocalMutationIsAllowed,
1710 ) -> Result<(), &'d Place<'tcx>> {
1712 Place::Local(local) => {
1713 let local = &self.mir.local_decls[local];
1714 match local.mutability {
1715 Mutability::Not => match is_local_mutation_allowed {
1716 LocalMutationIsAllowed::Yes | LocalMutationIsAllowed::ExceptUpvars => {
1719 LocalMutationIsAllowed::No => Err(place),
1721 Mutability::Mut => Ok(()),
1724 Place::Static(ref static_) =>
1725 if self.tcx.is_static(static_.def_id) != Some(hir::Mutability::MutMutable) {
1730 Place::Projection(ref proj) => {
1732 ProjectionElem::Deref => {
1733 let base_ty = proj.base.ty(self.mir, self.tcx).to_ty(self.tcx);
1735 // Check the kind of deref to decide
1737 ty::TyRef(_, tnm) => {
1739 // Shared borrowed data is never mutable
1740 hir::MutImmutable => Err(place),
1741 // Mutably borrowed data is mutable, but only if we have a
1742 // unique path to the `&mut`
1743 hir::MutMutable => {
1744 let mode = match self.is_upvar_field_projection(&proj.base)
1748 self.mir.upvar_decls[field.index()].by_ref
1751 is_local_mutation_allowed
1753 _ => LocalMutationIsAllowed::Yes,
1756 self.is_mutable(&proj.base, mode)
1760 ty::TyRawPtr(tnm) => {
1762 // `*const` raw pointers are not mutable
1763 hir::MutImmutable => return Err(place),
1764 // `*mut` raw pointers are always mutable, regardless of context
1765 // The users have to check by themselve.
1766 hir::MutMutable => return Ok(()),
1769 // `Box<T>` owns its content, so mutable if its location is mutable
1770 _ if base_ty.is_box() => {
1771 self.is_mutable(&proj.base, is_local_mutation_allowed)
1773 // Deref should only be for reference, pointers or boxes
1774 _ => bug!("Deref of unexpected type: {:?}", base_ty),
1777 // All other projections are owned by their base path, so mutable if
1778 // base path is mutable
1779 ProjectionElem::Field(..)
1780 | ProjectionElem::Index(..)
1781 | ProjectionElem::ConstantIndex { .. }
1782 | ProjectionElem::Subslice { .. }
1783 | ProjectionElem::Downcast(..) => {
1784 if let Some(field) = self.is_upvar_field_projection(place) {
1785 let decl = &self.mir.upvar_decls[field.index()];
1787 "decl.mutability={:?} local_mutation_is_allowed={:?} place={:?}",
1788 decl, is_local_mutation_allowed, place
1790 match (decl.mutability, is_local_mutation_allowed) {
1791 (Mutability::Not, LocalMutationIsAllowed::No)
1792 | (Mutability::Not, LocalMutationIsAllowed::ExceptUpvars) => {
1795 (Mutability::Not, LocalMutationIsAllowed::Yes)
1796 | (Mutability::Mut, _) => {
1797 self.is_mutable(&proj.base, is_local_mutation_allowed)
1801 self.is_mutable(&proj.base, is_local_mutation_allowed)
1809 /// If this is a field projection, and the field is being projected from a closure type,
1810 /// then returns the index of the field being projected. Note that this closure will always
1811 /// be `self` in the current MIR, because that is the only time we directly access the fields
1812 /// of a closure type.
1813 fn is_upvar_field_projection(&self, place: &Place<'tcx>) -> Option<Field> {
1815 Place::Projection(ref proj) => match proj.elem {
1816 ProjectionElem::Field(field, _ty) => {
1817 let is_projection_from_ty_closure = proj.base
1818 .ty(self.mir, self.tcx)
1822 if is_projection_from_ty_closure {
1835 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
1836 enum NoMovePathFound {
1840 /// The degree of overlap between 2 places for borrow-checking.
1842 /// The places might partially overlap - in this case, we give
1843 /// up and say that they might conflict. This occurs when
1844 /// different fields of a union are borrowed. For example,
1845 /// if `u` is a union, we have no way of telling how disjoint
1846 /// `u.a.x` and `a.b.y` are.
1848 /// The places have the same type, and are either completely disjoint
1849 /// or equal - i.e. they can't "partially" overlap as can occur with
1850 /// unions. This is the "base case" on which we recur for extensions
1853 /// The places are disjoint, so we know all extensions of them
1854 /// will also be disjoint.
1858 impl<'cx, 'gcx, 'tcx> MirBorrowckCtxt<'cx, 'gcx, 'tcx> {
1859 // Given that the bases of `elem1` and `elem2` are always either equal
1860 // or disjoint (and have the same type!), return the overlap situation
1861 // between `elem1` and `elem2`.
1862 fn place_element_conflict(&self, elem1: &Place<'tcx>, elem2: &Place<'tcx>) -> Overlap {
1863 match (elem1, elem2) {
1864 (Place::Local(l1), Place::Local(l2)) => {
1866 // the same local - base case, equal
1867 debug!("place_element_conflict: DISJOINT-OR-EQ-LOCAL");
1868 Overlap::EqualOrDisjoint
1870 // different locals - base case, disjoint
1871 debug!("place_element_conflict: DISJOINT-LOCAL");
1875 (Place::Static(static1), Place::Static(static2)) => {
1876 if static1.def_id != static2.def_id {
1877 debug!("place_element_conflict: DISJOINT-STATIC");
1879 } else if self.tcx.is_static(static1.def_id) == Some(hir::Mutability::MutMutable) {
1880 // We ignore mutable statics - they can only be unsafe code.
1881 debug!("place_element_conflict: IGNORE-STATIC-MUT");
1884 debug!("place_element_conflict: DISJOINT-OR-EQ-STATIC");
1885 Overlap::EqualOrDisjoint
1888 (Place::Local(_), Place::Static(_)) | (Place::Static(_), Place::Local(_)) => {
1889 debug!("place_element_conflict: DISJOINT-STATIC-LOCAL");
1892 (Place::Projection(pi1), Place::Projection(pi2)) => {
1893 match (&pi1.elem, &pi2.elem) {
1894 (ProjectionElem::Deref, ProjectionElem::Deref) => {
1895 // derefs (e.g. `*x` vs. `*x`) - recur.
1896 debug!("place_element_conflict: DISJOINT-OR-EQ-DEREF");
1897 Overlap::EqualOrDisjoint
1899 (ProjectionElem::Field(f1, _), ProjectionElem::Field(f2, _)) => {
1901 // same field (e.g. `a.y` vs. `a.y`) - recur.
1902 debug!("place_element_conflict: DISJOINT-OR-EQ-FIELD");
1903 Overlap::EqualOrDisjoint
1905 let ty = pi1.base.ty(self.mir, self.tcx).to_ty(self.tcx);
1907 ty::TyAdt(def, _) if def.is_union() => {
1908 // Different fields of a union, we are basically stuck.
1909 debug!("place_element_conflict: STUCK-UNION");
1913 // Different fields of a struct (`a.x` vs. `a.y`). Disjoint!
1914 debug!("place_element_conflict: DISJOINT-FIELD");
1920 (ProjectionElem::Downcast(_, v1), ProjectionElem::Downcast(_, v2)) => {
1921 // different variants are treated as having disjoint fields,
1922 // even if they occupy the same "space", because it's
1923 // impossible for 2 variants of the same enum to exist
1924 // (and therefore, to be borrowed) at the same time.
1926 // Note that this is different from unions - we *do* allow
1927 // this code to compile:
1930 // fn foo(x: &mut Result<i32, i32>) {
1931 // let mut v = None;
1932 // if let Ok(ref mut a) = *x {
1935 // // here, you would *think* that the
1936 // // *entirety* of `x` would be borrowed,
1937 // // but in fact only the `Ok` variant is,
1938 // // so the `Err` variant is *entirely free*:
1939 // if let Err(ref mut a) = *x {
1946 debug!("place_element_conflict: DISJOINT-OR-EQ-FIELD");
1947 Overlap::EqualOrDisjoint
1949 debug!("place_element_conflict: DISJOINT-FIELD");
1953 (ProjectionElem::Index(..), ProjectionElem::Index(..))
1954 | (ProjectionElem::Index(..), ProjectionElem::ConstantIndex { .. })
1955 | (ProjectionElem::Index(..), ProjectionElem::Subslice { .. })
1956 | (ProjectionElem::ConstantIndex { .. }, ProjectionElem::Index(..))
1958 ProjectionElem::ConstantIndex { .. },
1959 ProjectionElem::ConstantIndex { .. },
1961 | (ProjectionElem::ConstantIndex { .. }, ProjectionElem::Subslice { .. })
1962 | (ProjectionElem::Subslice { .. }, ProjectionElem::Index(..))
1963 | (ProjectionElem::Subslice { .. }, ProjectionElem::ConstantIndex { .. })
1964 | (ProjectionElem::Subslice { .. }, ProjectionElem::Subslice { .. }) => {
1965 // Array indexes (`a[0]` vs. `a[i]`). These can either be disjoint
1966 // (if the indexes differ) or equal (if they are the same), so this
1967 // is the recursive case that gives "equal *or* disjoint" its meaning.
1969 // Note that by construction, MIR at borrowck can't subdivide
1970 // `Subslice` accesses (e.g. `a[2..3][i]` will never be present) - they
1971 // are only present in slice patterns, and we "merge together" nested
1972 // slice patterns. That means we don't have to think about these. It's
1973 // probably a good idea to assert this somewhere, but I'm too lazy.
1975 // FIXME(#8636) we might want to return Disjoint if
1976 // both projections are constant and disjoint.
1977 debug!("place_element_conflict: DISJOINT-OR-EQ-ARRAY");
1978 Overlap::EqualOrDisjoint
1981 (ProjectionElem::Deref, _)
1982 | (ProjectionElem::Field(..), _)
1983 | (ProjectionElem::Index(..), _)
1984 | (ProjectionElem::ConstantIndex { .. }, _)
1985 | (ProjectionElem::Subslice { .. }, _)
1986 | (ProjectionElem::Downcast(..), _) => bug!(
1987 "mismatched projections in place_element_conflict: {:?} and {:?}",
1993 (Place::Projection(_), _) | (_, Place::Projection(_)) => bug!(
1994 "unexpected elements in place_element_conflict: {:?} and {:?}",
2001 /// Returns whether an access of kind `access` to `access_place` conflicts with
2002 /// a borrow/full access to `borrow_place` (for deep accesses to mutable
2003 /// locations, this function is symmetric between `borrow_place` & `access_place`).
2006 borrow_place: &Place<'tcx>,
2007 access_place: &Place<'tcx>,
2008 access: ShallowOrDeep,
2011 "places_conflict({:?},{:?},{:?})",
2012 borrow_place, access_place, access
2015 // Return all the prefixes of `place` in reverse order, including
2017 fn place_elements<'a, 'tcx>(place: &'a Place<'tcx>) -> Vec<&'a Place<'tcx>> {
2018 let mut result = vec![];
2019 let mut place = place;
2023 Place::Projection(interior) => {
2024 place = &interior.base;
2026 Place::Local(_) | Place::Static(_) => {
2034 let borrow_components = place_elements(borrow_place);
2035 let access_components = place_elements(access_place);
2037 "places_conflict: components {:?} / {:?}",
2038 borrow_components, access_components
2041 let borrow_components = borrow_components
2044 .chain(iter::repeat(None));
2045 let access_components = access_components
2048 .chain(iter::repeat(None));
2049 // The borrowck rules for proving disjointness are applied from the "root" of the
2050 // borrow forwards, iterating over "similar" projections in lockstep until
2051 // we can prove overlap one way or another. Essentially, we treat `Overlap` as
2052 // a monoid and report a conflict if the product ends up not being `Disjoint`.
2054 // At each step, if we didn't run out of borrow or place, we know that our elements
2055 // have the same type, and that they only overlap if they are the identical.
2057 // For example, if we are comparing these:
2058 // BORROW: (*x1[2].y).z.a
2059 // ACCESS: (*x1[i].y).w.b
2061 // Then our steps are:
2062 // x1 | x1 -- places are the same
2063 // x1[2] | x1[i] -- equal or disjoint (disjoint if indexes differ)
2064 // x1[2].y | x1[i].y -- equal or disjoint
2065 // *x1[2].y | *x1[i].y -- equal or disjoint
2066 // (*x1[2].y).z | (*x1[i].y).w -- we are disjoint and don't need to check more!
2068 // Because `zip` does potentially bad things to the iterator inside, this loop
2069 // also handles the case where the access might be a *prefix* of the borrow, e.g.
2071 // BORROW: (*x1[2].y).z.a
2074 // Then our steps are:
2075 // x1 | x1 -- places are the same
2076 // x1[2] | x1[i] -- equal or disjoint (disjoint if indexes differ)
2077 // x1[2].y | x1[i].y -- equal or disjoint
2079 // -- here we run out of access - the borrow can access a part of it. If this
2080 // is a full deep access, then we *know* the borrow conflicts with it. However,
2081 // if the access is shallow, then we can proceed:
2083 // x1[2].y | (*x1[i].y) -- a deref! the access can't get past this, so we
2086 // Our invariant is, that at each step of the iteration:
2087 // - If we didn't run out of access to match, our borrow and access are comparable
2088 // and either equal or disjoint.
2089 // - If we did run out of accesss, the borrow can access a part of it.
2090 for (borrow_c, access_c) in borrow_components.zip(access_components) {
2091 // loop invariant: borrow_c is always either equal to access_c or disjoint from it.
2092 debug!("places_conflict: {:?} vs. {:?}", borrow_c, access_c);
2093 match (borrow_c, access_c) {
2095 // If we didn't run out of access, the borrow can access all of our
2096 // place (e.g. a borrow of `a.b` with an access to `a.b.c`),
2097 // so we have a conflict.
2099 // If we did, then we still know that the borrow can access a *part*
2100 // of our place that our access cares about (a borrow of `a.b.c`
2101 // with an access to `a.b`), so we still have a conflict.
2103 // FIXME: Differs from AST-borrowck; includes drive-by fix
2104 // to #38899. Will probably need back-compat mode flag.
2105 debug!("places_conflict: full borrow, CONFLICT");
2108 (Some(borrow_c), None) => {
2109 // We know that the borrow can access a part of our place. This
2110 // is a conflict if that is a part our access cares about.
2112 let (base, elem) = match borrow_c {
2113 Place::Projection(box Projection { base, elem }) => (base, elem),
2114 _ => bug!("place has no base?"),
2116 let base_ty = base.ty(self.mir, self.tcx).to_ty(self.tcx);
2118 match (elem, &base_ty.sty, access) {
2119 (_, _, Shallow(Some(ArtificialField::Discriminant)))
2120 | (_, _, Shallow(Some(ArtificialField::ArrayLength))) => {
2121 // The discriminant and array length are like
2122 // additional fields on the type; they do not
2123 // overlap any existing data there. Furthermore,
2124 // they cannot actually be a prefix of any
2125 // borrowed place (at least in MIR as it is
2128 // e.g. a (mutable) borrow of `a[5]` while we read the
2129 // array length of `a`.
2130 debug!("places_conflict: implicit field");
2134 (ProjectionElem::Deref, _, Shallow(None)) => {
2135 // e.g. a borrow of `*x.y` while we shallowly access `x.y` or some
2136 // prefix thereof - the shallow access can't touch anything behind
2138 debug!("places_conflict: shallow access behind ptr");
2142 ProjectionElem::Deref,
2147 mutbl: hir::MutImmutable,
2152 // the borrow goes through a dereference of a shared reference.
2154 // I'm not sure why we are tracking these borrows - shared
2155 // references can *always* be aliased, which means the
2156 // permission check already account for this borrow.
2157 debug!("places_conflict: behind a shared ref");
2161 (ProjectionElem::Deref, _, Deep)
2162 | (ProjectionElem::Field { .. }, _, _)
2163 | (ProjectionElem::Index { .. }, _, _)
2164 | (ProjectionElem::ConstantIndex { .. }, _, _)
2165 | (ProjectionElem::Subslice { .. }, _, _)
2166 | (ProjectionElem::Downcast { .. }, _, _) => {
2167 // Recursive case. This can still be disjoint on a
2168 // further iteration if this a shallow access and
2169 // there's a deref later on, e.g. a borrow
2170 // of `*x.y` while accessing `x`.
2174 (Some(borrow_c), Some(access_c)) => {
2175 match self.place_element_conflict(&borrow_c, access_c) {
2176 Overlap::Arbitrary => {
2177 // We have encountered different fields of potentially
2178 // the same union - the borrow now partially overlaps.
2180 // There is no *easy* way of comparing the fields
2181 // further on, because they might have different types
2182 // (e.g. borrows of `u.a.0` and `u.b.y` where `.0` and
2183 // `.y` come from different structs).
2185 // We could try to do some things here - e.g. count
2186 // dereferences - but that's probably not a good
2187 // idea, at least for now, so just give up and
2188 // report a conflict. This is unsafe code anyway so
2189 // the user could always use raw pointers.
2190 debug!("places_conflict: arbitrary -> conflict");
2193 Overlap::EqualOrDisjoint => {
2194 // This is the recursive case - proceed to the next element.
2196 Overlap::Disjoint => {
2197 // We have proven the borrow disjoint - further
2198 // projections will remain disjoint.
2199 debug!("places_conflict: disjoint");
2206 unreachable!("iter::repeat returned None")
2209 /// This function iterates over all of the in-scope borrows that
2210 /// conflict with an access to a place, invoking the `op` callback
2213 /// "Current borrow" here means a borrow that reaches the point in
2214 /// the control-flow where the access occurs.
2216 /// The borrow's phase is represented by the IsActive parameter
2217 /// passed to the callback.
2218 fn each_borrow_involving_path<F>(
2221 access_place: (ShallowOrDeep, &Place<'tcx>),
2222 flow_state: &Flows<'cx, 'gcx, 'tcx>,
2225 F: FnMut(&mut Self, BorrowIndex, &BorrowData<'tcx>) -> Control,
2227 let (access, place) = access_place;
2229 // FIXME: analogous code in check_loans first maps `place` to
2232 // check for loan restricting path P being used. Accounts for
2233 // borrows of P, P.a.b, etc.
2234 let borrow_set = self.borrow_set.clone();
2235 for i in flow_state.borrows_in_scope() {
2236 let borrowed = &borrow_set[i];
2238 if self.places_conflict(&borrowed.borrowed_place, place, access) {
2240 "each_borrow_involving_path: {:?} @ {:?} vs. {:?}/{:?}",
2241 i, borrowed, place, access
2243 let ctrl = op(self, i, borrowed);
2244 if ctrl == Control::Break {
2253 borrow_data: &BorrowData<'tcx>,
2256 debug!("is_active(borrow_data={:?}, location={:?})", borrow_data, location);
2258 // If this is not a 2-phase borrow, it is always active.
2259 let activation_location = match borrow_data.activation_location {
2261 None => return true,
2264 // Otherwise, it is active for every location *except* in between
2265 // the reservation and the activation:
2269 // R <--+ Except for this
2276 // Note that we assume that:
2277 // - the reservation R dominates the activation A
2278 // - the activation A post-dominates the reservation R (ignoring unwinding edges).
2280 // This means that there can't be an edge that leaves A and
2281 // comes back into that diamond unless it passes through R.
2283 // Suboptimal: In some cases, this code walks the dominator
2284 // tree twice when it only has to be walked once. I am
2287 // If dominated by the activation A, then it is active. The
2288 // activation occurs upon entering the point A, so this is
2289 // also true if location == activation_location.
2290 if activation_location.dominates(location, &self.dominators) {
2294 // The reservation starts *on exiting* the reservation block,
2295 // so check if the location is dominated by R.successor. If so,
2296 // this point falls in between the reservation and location.
2297 let reserve_location = borrow_data.reserve_location.successor_within_block();
2298 if reserve_location.dominates(location, &self.dominators) {
2301 // Otherwise, this point is outside the diamond, so
2302 // consider the borrow active. This could happen for
2303 // example if the borrow remains active around a loop (in
2304 // which case it would be active also for the point R,
2305 // which would generate an error).
2311 impl<'cx, 'gcx, 'tcx> MirBorrowckCtxt<'cx, 'gcx, 'tcx> {
2312 // FIXME (#16118): function intended to allow the borrow checker
2313 // to be less precise in its handling of Box while still allowing
2314 // moves out of a Box. They should be removed when/if we stop
2315 // treating Box specially (e.g. when/if DerefMove is added...)
2317 fn base_path<'d>(&self, place: &'d Place<'tcx>) -> &'d Place<'tcx> {
2318 //! Returns the base of the leftmost (deepest) dereference of an
2319 //! Box in `place`. If there is no dereference of an Box
2320 //! in `place`, then it just returns `place` itself.
2322 let mut cursor = place;
2323 let mut deepest = place;
2325 let proj = match *cursor {
2326 Place::Local(..) | Place::Static(..) => return deepest,
2327 Place::Projection(ref proj) => proj,
2329 if proj.elem == ProjectionElem::Deref
2330 && place.ty(self.mir, self.tcx).to_ty(self.tcx).is_box()
2332 deepest = &proj.base;
2334 cursor = &proj.base;
2339 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
2345 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
2364 fn new(self, loc: Location) -> Context {
projects / rust.git / blob