]>
Commit | Line | Data |
---|---|---|
136023e0 | 1 | use crate::build::ExprCategory; |
c295e0f8 | 2 | use rustc_middle::thir::visit::{self, Visitor}; |
17df50a5 XL |
3 | |
4 | use rustc_errors::struct_span_err; | |
5 | use rustc_hir as hir; | |
136023e0 | 6 | use rustc_middle::mir::BorrowKind; |
17df50a5 | 7 | use rustc_middle::thir::*; |
94222f64 | 8 | use rustc_middle::ty::{self, ParamEnv, Ty, TyCtxt}; |
17df50a5 XL |
9 | use rustc_session::lint::builtin::{UNSAFE_OP_IN_UNSAFE_FN, UNUSED_UNSAFE}; |
10 | use rustc_session::lint::Level; | |
11 | use rustc_span::def_id::{DefId, LocalDefId}; | |
12 | use rustc_span::symbol::Symbol; | |
13 | use rustc_span::Span; | |
14 | ||
15 | use std::ops::Bound; | |
16 | ||
17 | struct UnsafetyVisitor<'a, 'tcx> { | |
18 | tcx: TyCtxt<'tcx>, | |
19 | thir: &'a Thir<'tcx>, | |
20 | /// The `HirId` of the current scope, which would be the `HirId` | |
21 | /// of the current HIR node, modulo adjustments. Used for lint levels. | |
22 | hir_context: hir::HirId, | |
23 | /// The current "safety context". This notably tracks whether we are in an | |
24 | /// `unsafe` block, and whether it has been used. | |
25 | safety_context: SafetyContext, | |
26 | body_unsafety: BodyUnsafety, | |
27 | /// The `#[target_feature]` attributes of the body. Used for checking | |
28 | /// calls to functions with `#[target_feature]` (RFC 2396). | |
29 | body_target_features: &'tcx Vec<Symbol>, | |
94222f64 XL |
30 | /// When inside the LHS of an assignment to a field, this is the type |
31 | /// of the LHS and the span of the assignment expression. | |
32 | assignment_info: Option<(Ty<'tcx>, Span)>, | |
136023e0 XL |
33 | in_union_destructure: bool, |
34 | param_env: ParamEnv<'tcx>, | |
35 | inside_adt: bool, | |
17df50a5 XL |
36 | } |
37 | ||
38 | impl<'tcx> UnsafetyVisitor<'_, 'tcx> { | |
136023e0 | 39 | fn in_safety_context(&mut self, safety_context: SafetyContext, f: impl FnOnce(&mut Self)) { |
17df50a5 XL |
40 | if let ( |
41 | SafetyContext::UnsafeBlock { span: enclosing_span, .. }, | |
42 | SafetyContext::UnsafeBlock { span: block_span, hir_id, .. }, | |
43 | ) = (self.safety_context, safety_context) | |
44 | { | |
45 | self.warn_unused_unsafe( | |
46 | hir_id, | |
47 | block_span, | |
48 | Some((self.tcx.sess.source_map().guess_head_span(enclosing_span), "block")), | |
49 | ); | |
50 | f(self); | |
51 | } else { | |
52 | let prev_context = self.safety_context; | |
53 | self.safety_context = safety_context; | |
54 | ||
55 | f(self); | |
56 | ||
57 | if let SafetyContext::UnsafeBlock { used: false, span, hir_id } = self.safety_context { | |
58 | self.warn_unused_unsafe( | |
59 | hir_id, | |
60 | span, | |
61 | if self.unsafe_op_in_unsafe_fn_allowed() { | |
62 | self.body_unsafety.unsafe_fn_sig_span().map(|span| (span, "fn")) | |
63 | } else { | |
64 | None | |
65 | }, | |
66 | ); | |
67 | } | |
68 | self.safety_context = prev_context; | |
17df50a5 XL |
69 | } |
70 | } | |
71 | ||
72 | fn requires_unsafe(&mut self, span: Span, kind: UnsafeOpKind) { | |
73 | let (description, note) = kind.description_and_note(); | |
74 | let unsafe_op_in_unsafe_fn_allowed = self.unsafe_op_in_unsafe_fn_allowed(); | |
75 | match self.safety_context { | |
136023e0 | 76 | SafetyContext::BuiltinUnsafeBlock => {} |
17df50a5 XL |
77 | SafetyContext::UnsafeBlock { ref mut used, .. } => { |
78 | if !self.body_unsafety.is_unsafe() || !unsafe_op_in_unsafe_fn_allowed { | |
79 | // Mark this block as useful | |
80 | *used = true; | |
81 | } | |
82 | } | |
83 | SafetyContext::UnsafeFn if unsafe_op_in_unsafe_fn_allowed => {} | |
84 | SafetyContext::UnsafeFn => { | |
85 | // unsafe_op_in_unsafe_fn is disallowed | |
86 | self.tcx.struct_span_lint_hir( | |
87 | UNSAFE_OP_IN_UNSAFE_FN, | |
88 | self.hir_context, | |
89 | span, | |
90 | |lint| { | |
91 | lint.build(&format!( | |
92 | "{} is unsafe and requires unsafe block (error E0133)", | |
93 | description, | |
94 | )) | |
95 | .span_label(span, description) | |
96 | .note(note) | |
97 | .emit(); | |
98 | }, | |
99 | ) | |
100 | } | |
101 | SafetyContext::Safe => { | |
102 | let fn_sugg = if unsafe_op_in_unsafe_fn_allowed { " function or" } else { "" }; | |
103 | struct_span_err!( | |
104 | self.tcx.sess, | |
105 | span, | |
106 | E0133, | |
107 | "{} is unsafe and requires unsafe{} block", | |
108 | description, | |
109 | fn_sugg, | |
110 | ) | |
111 | .span_label(span, description) | |
112 | .note(note) | |
113 | .emit(); | |
114 | } | |
115 | } | |
116 | } | |
117 | ||
118 | fn warn_unused_unsafe( | |
119 | &self, | |
120 | hir_id: hir::HirId, | |
121 | block_span: Span, | |
122 | enclosing_unsafe: Option<(Span, &'static str)>, | |
123 | ) { | |
124 | let block_span = self.tcx.sess.source_map().guess_head_span(block_span); | |
125 | self.tcx.struct_span_lint_hir(UNUSED_UNSAFE, hir_id, block_span, |lint| { | |
126 | let msg = "unnecessary `unsafe` block"; | |
127 | let mut db = lint.build(msg); | |
128 | db.span_label(block_span, msg); | |
129 | if let Some((span, kind)) = enclosing_unsafe { | |
130 | db.span_label(span, format!("because it's nested under this `unsafe` {}", kind)); | |
131 | } | |
132 | db.emit(); | |
133 | }); | |
134 | } | |
135 | ||
136 | /// Whether the `unsafe_op_in_unsafe_fn` lint is `allow`ed at the current HIR node. | |
137 | fn unsafe_op_in_unsafe_fn_allowed(&self) -> bool { | |
138 | self.tcx.lint_level_at_node(UNSAFE_OP_IN_UNSAFE_FN, self.hir_context).0 == Level::Allow | |
139 | } | |
140 | } | |
141 | ||
136023e0 XL |
142 | // Searches for accesses to layout constrained fields. |
143 | struct LayoutConstrainedPlaceVisitor<'a, 'tcx> { | |
144 | found: bool, | |
145 | thir: &'a Thir<'tcx>, | |
146 | tcx: TyCtxt<'tcx>, | |
147 | } | |
148 | ||
149 | impl<'a, 'tcx> LayoutConstrainedPlaceVisitor<'a, 'tcx> { | |
150 | fn new(thir: &'a Thir<'tcx>, tcx: TyCtxt<'tcx>) -> Self { | |
151 | Self { found: false, thir, tcx } | |
152 | } | |
153 | } | |
154 | ||
155 | impl<'a, 'tcx> Visitor<'a, 'tcx> for LayoutConstrainedPlaceVisitor<'a, 'tcx> { | |
156 | fn thir(&self) -> &'a Thir<'tcx> { | |
157 | self.thir | |
158 | } | |
159 | ||
160 | fn visit_expr(&mut self, expr: &Expr<'tcx>) { | |
161 | match expr.kind { | |
162 | ExprKind::Field { lhs, .. } => { | |
163 | if let ty::Adt(adt_def, _) = self.thir[lhs].ty.kind() { | |
164 | if (Bound::Unbounded, Bound::Unbounded) | |
5e7ed085 | 165 | != self.tcx.layout_scalar_valid_range(adt_def.did()) |
136023e0 XL |
166 | { |
167 | self.found = true; | |
168 | } | |
169 | } | |
170 | visit::walk_expr(self, expr); | |
171 | } | |
172 | ||
173 | // Keep walking through the expression as long as we stay in the same | |
174 | // place, i.e. the expression is a place expression and not a dereference | |
175 | // (since dereferencing something leads us to a different place). | |
176 | ExprKind::Deref { .. } => {} | |
177 | ref kind if ExprCategory::of(kind).map_or(true, |cat| cat == ExprCategory::Place) => { | |
178 | visit::walk_expr(self, expr); | |
179 | } | |
180 | ||
181 | _ => {} | |
182 | } | |
183 | } | |
184 | } | |
185 | ||
17df50a5 XL |
186 | impl<'a, 'tcx> Visitor<'a, 'tcx> for UnsafetyVisitor<'a, 'tcx> { |
187 | fn thir(&self) -> &'a Thir<'tcx> { | |
188 | &self.thir | |
189 | } | |
190 | ||
191 | fn visit_block(&mut self, block: &Block) { | |
136023e0 XL |
192 | match block.safety_mode { |
193 | // compiler-generated unsafe code should not count towards the usefulness of | |
194 | // an outer unsafe block | |
195 | BlockSafety::BuiltinUnsafe => { | |
196 | self.in_safety_context(SafetyContext::BuiltinUnsafeBlock, |this| { | |
197 | visit::walk_block(this, block) | |
198 | }); | |
199 | } | |
200 | BlockSafety::ExplicitUnsafe(hir_id) => { | |
201 | self.in_safety_context( | |
202 | SafetyContext::UnsafeBlock { span: block.span, hir_id, used: false }, | |
203 | |this| visit::walk_block(this, block), | |
204 | ); | |
205 | } | |
206 | BlockSafety::Safe => { | |
207 | visit::walk_block(self, block); | |
208 | } | |
209 | } | |
210 | } | |
211 | ||
212 | fn visit_pat(&mut self, pat: &Pat<'tcx>) { | |
213 | if self.in_union_destructure { | |
214 | match *pat.kind { | |
215 | // binding to a variable allows getting stuff out of variable | |
216 | PatKind::Binding { .. } | |
217 | // match is conditional on having this value | |
218 | | PatKind::Constant { .. } | |
219 | | PatKind::Variant { .. } | |
220 | | PatKind::Leaf { .. } | |
221 | | PatKind::Deref { .. } | |
222 | | PatKind::Range { .. } | |
223 | | PatKind::Slice { .. } | |
224 | | PatKind::Array { .. } => { | |
225 | self.requires_unsafe(pat.span, AccessToUnionField); | |
226 | return; // we can return here since this already requires unsafe | |
227 | } | |
228 | // wildcard doesn't take anything | |
229 | PatKind::Wild | | |
230 | // these just wrap other patterns | |
231 | PatKind::Or { .. } | | |
232 | PatKind::AscribeUserType { .. } => {} | |
233 | } | |
234 | }; | |
235 | ||
236 | match &*pat.kind { | |
237 | PatKind::Leaf { .. } => { | |
238 | if let ty::Adt(adt_def, ..) = pat.ty.kind() { | |
239 | if adt_def.is_union() { | |
240 | let old_in_union_destructure = | |
241 | std::mem::replace(&mut self.in_union_destructure, true); | |
242 | visit::walk_pat(self, pat); | |
243 | self.in_union_destructure = old_in_union_destructure; | |
244 | } else if (Bound::Unbounded, Bound::Unbounded) | |
5e7ed085 | 245 | != self.tcx.layout_scalar_valid_range(adt_def.did()) |
136023e0 XL |
246 | { |
247 | let old_inside_adt = std::mem::replace(&mut self.inside_adt, true); | |
248 | visit::walk_pat(self, pat); | |
249 | self.inside_adt = old_inside_adt; | |
250 | } else { | |
251 | visit::walk_pat(self, pat); | |
252 | } | |
253 | } else { | |
254 | visit::walk_pat(self, pat); | |
255 | } | |
256 | } | |
257 | PatKind::Binding { mode: BindingMode::ByRef(borrow_kind), ty, .. } => { | |
258 | if self.inside_adt { | |
3c0e092e | 259 | let ty::Ref(_, ty, _) = ty.kind() else { |
136023e0 XL |
260 | span_bug!( |
261 | pat.span, | |
262 | "BindingMode::ByRef in pattern, but found non-reference type {}", | |
263 | ty | |
264 | ); | |
3c0e092e XL |
265 | }; |
266 | match borrow_kind { | |
267 | BorrowKind::Shallow | BorrowKind::Shared | BorrowKind::Unique => { | |
268 | if !ty.is_freeze(self.tcx.at(pat.span), self.param_env) { | |
269 | self.requires_unsafe(pat.span, BorrowOfLayoutConstrainedField); | |
270 | } | |
271 | } | |
272 | BorrowKind::Mut { .. } => { | |
273 | self.requires_unsafe(pat.span, MutationOfLayoutConstrainedField); | |
274 | } | |
136023e0 XL |
275 | } |
276 | } | |
277 | visit::walk_pat(self, pat); | |
278 | } | |
279 | PatKind::Deref { .. } => { | |
280 | let old_inside_adt = std::mem::replace(&mut self.inside_adt, false); | |
281 | visit::walk_pat(self, pat); | |
282 | self.inside_adt = old_inside_adt; | |
283 | } | |
284 | _ => { | |
285 | visit::walk_pat(self, pat); | |
286 | } | |
17df50a5 XL |
287 | } |
288 | } | |
289 | ||
290 | fn visit_expr(&mut self, expr: &Expr<'tcx>) { | |
94222f64 | 291 | // could we be in the LHS of an assignment to a field? |
136023e0 XL |
292 | match expr.kind { |
293 | ExprKind::Field { .. } | |
294 | | ExprKind::VarRef { .. } | |
295 | | ExprKind::UpvarRef { .. } | |
296 | | ExprKind::Scope { .. } | |
297 | | ExprKind::Cast { .. } => {} | |
298 | ||
299 | ExprKind::AddressOf { .. } | |
300 | | ExprKind::Adt { .. } | |
301 | | ExprKind::Array { .. } | |
302 | | ExprKind::Binary { .. } | |
303 | | ExprKind::Block { .. } | |
304 | | ExprKind::Borrow { .. } | |
305 | | ExprKind::Literal { .. } | |
5e7ed085 FG |
306 | | ExprKind::NamedConst { .. } |
307 | | ExprKind::NonHirLiteral { .. } | |
308 | | ExprKind::ConstParam { .. } | |
136023e0 XL |
309 | | ExprKind::ConstBlock { .. } |
310 | | ExprKind::Deref { .. } | |
311 | | ExprKind::Index { .. } | |
312 | | ExprKind::NeverToAny { .. } | |
313 | | ExprKind::PlaceTypeAscription { .. } | |
314 | | ExprKind::ValueTypeAscription { .. } | |
315 | | ExprKind::Pointer { .. } | |
316 | | ExprKind::Repeat { .. } | |
317 | | ExprKind::StaticRef { .. } | |
318 | | ExprKind::ThreadLocalRef { .. } | |
319 | | ExprKind::Tuple { .. } | |
320 | | ExprKind::Unary { .. } | |
321 | | ExprKind::Call { .. } | |
322 | | ExprKind::Assign { .. } | |
323 | | ExprKind::AssignOp { .. } | |
324 | | ExprKind::Break { .. } | |
325 | | ExprKind::Closure { .. } | |
326 | | ExprKind::Continue { .. } | |
327 | | ExprKind::Return { .. } | |
328 | | ExprKind::Yield { .. } | |
329 | | ExprKind::Loop { .. } | |
94222f64 | 330 | | ExprKind::Let { .. } |
136023e0 XL |
331 | | ExprKind::Match { .. } |
332 | | ExprKind::Box { .. } | |
333 | | ExprKind::If { .. } | |
334 | | ExprKind::InlineAsm { .. } | |
136023e0 | 335 | | ExprKind::LogicalOp { .. } |
94222f64 XL |
336 | | ExprKind::Use { .. } => { |
337 | // We don't need to save the old value and restore it | |
338 | // because all the place expressions can't have more | |
339 | // than one child. | |
340 | self.assignment_info = None; | |
341 | } | |
136023e0 | 342 | }; |
17df50a5 XL |
343 | match expr.kind { |
344 | ExprKind::Scope { value, lint_level: LintLevel::Explicit(hir_id), region_scope: _ } => { | |
345 | let prev_id = self.hir_context; | |
346 | self.hir_context = hir_id; | |
347 | self.visit_expr(&self.thir[value]); | |
348 | self.hir_context = prev_id; | |
136023e0 | 349 | return; // don't visit the whole expression |
17df50a5 XL |
350 | } |
351 | ExprKind::Call { fun, ty: _, args: _, from_hir_call: _, fn_span: _ } => { | |
352 | if self.thir[fun].ty.fn_sig(self.tcx).unsafety() == hir::Unsafety::Unsafe { | |
353 | self.requires_unsafe(expr.span, CallToUnsafeFunction); | |
354 | } else if let &ty::FnDef(func_did, _) = self.thir[fun].ty.kind() { | |
355 | // If the called function has target features the calling function hasn't, | |
356 | // the call requires `unsafe`. Don't check this on wasm | |
357 | // targets, though. For more information on wasm see the | |
358 | // is_like_wasm check in typeck/src/collect.rs | |
359 | if !self.tcx.sess.target.options.is_like_wasm | |
360 | && !self | |
361 | .tcx | |
362 | .codegen_fn_attrs(func_did) | |
363 | .target_features | |
364 | .iter() | |
365 | .all(|feature| self.body_target_features.contains(feature)) | |
366 | { | |
367 | self.requires_unsafe(expr.span, CallToFunctionWith); | |
368 | } | |
369 | } | |
370 | } | |
371 | ExprKind::Deref { arg } => { | |
372 | if let ExprKind::StaticRef { def_id, .. } = self.thir[arg].kind { | |
373 | if self.tcx.is_mutable_static(def_id) { | |
374 | self.requires_unsafe(expr.span, UseOfMutableStatic); | |
375 | } else if self.tcx.is_foreign_item(def_id) { | |
376 | self.requires_unsafe(expr.span, UseOfExternStatic); | |
377 | } | |
378 | } else if self.thir[arg].ty.is_unsafe_ptr() { | |
379 | self.requires_unsafe(expr.span, DerefOfRawPointer); | |
380 | } | |
381 | } | |
5099ac24 | 382 | ExprKind::InlineAsm { .. } => { |
17df50a5 XL |
383 | self.requires_unsafe(expr.span, UseOfInlineAssembly); |
384 | } | |
136023e0 | 385 | ExprKind::Adt(box Adt { |
17df50a5 XL |
386 | adt_def, |
387 | variant_index: _, | |
388 | substs: _, | |
389 | user_ty: _, | |
390 | fields: _, | |
391 | base: _, | |
5e7ed085 | 392 | }) => match self.tcx.layout_scalar_valid_range(adt_def.did()) { |
17df50a5 XL |
393 | (Bound::Unbounded, Bound::Unbounded) => {} |
394 | _ => self.requires_unsafe(expr.span, InitializingTypeWith), | |
395 | }, | |
17df50a5 XL |
396 | ExprKind::Closure { |
397 | closure_id, | |
398 | substs: _, | |
399 | upvars: _, | |
400 | movability: _, | |
401 | fake_reads: _, | |
402 | } => { | |
403 | let closure_id = closure_id.expect_local(); | |
404 | let closure_def = if let Some((did, const_param_id)) = | |
405 | ty::WithOptConstParam::try_lookup(closure_id, self.tcx) | |
406 | { | |
407 | ty::WithOptConstParam { did, const_param_did: Some(const_param_id) } | |
408 | } else { | |
409 | ty::WithOptConstParam::unknown(closure_id) | |
410 | }; | |
5e7ed085 FG |
411 | let (closure_thir, expr) = self.tcx.thir_body(closure_def).unwrap_or_else(|_| { |
412 | (self.tcx.alloc_steal_thir(Thir::new()), ExprId::from_u32(0)) | |
413 | }); | |
17df50a5 XL |
414 | let closure_thir = &closure_thir.borrow(); |
415 | let hir_context = self.tcx.hir().local_def_id_to_hir_id(closure_id); | |
416 | let mut closure_visitor = | |
417 | UnsafetyVisitor { thir: closure_thir, hir_context, ..*self }; | |
418 | closure_visitor.visit_expr(&closure_thir[expr]); | |
419 | // Unsafe blocks can be used in closures, make sure to take it into account | |
420 | self.safety_context = closure_visitor.safety_context; | |
421 | } | |
136023e0 | 422 | ExprKind::Field { lhs, .. } => { |
94222f64 | 423 | let lhs = &self.thir[lhs]; |
5e7ed085 FG |
424 | if let ty::Adt(adt_def, _) = lhs.ty.kind() && adt_def.is_union() { |
425 | if let Some((assigned_ty, assignment_span)) = self.assignment_info { | |
426 | // To avoid semver hazard, we only consider `Copy` and `ManuallyDrop` non-dropping. | |
427 | if !(assigned_ty | |
428 | .ty_adt_def() | |
429 | .map_or(false, |adt| adt.is_manually_drop()) | |
430 | || assigned_ty | |
431 | .is_copy_modulo_regions(self.tcx.at(expr.span), self.param_env)) | |
432 | { | |
433 | self.requires_unsafe(assignment_span, AssignToDroppingUnionField); | |
136023e0 | 434 | } else { |
5e7ed085 | 435 | // write to non-drop union field, safe |
136023e0 | 436 | } |
5e7ed085 FG |
437 | } else { |
438 | self.requires_unsafe(expr.span, AccessToUnionField); | |
136023e0 XL |
439 | } |
440 | } | |
441 | } | |
442 | ExprKind::Assign { lhs, rhs } | ExprKind::AssignOp { lhs, rhs, .. } => { | |
94222f64 | 443 | let lhs = &self.thir[lhs]; |
136023e0 XL |
444 | // First, check whether we are mutating a layout constrained field |
445 | let mut visitor = LayoutConstrainedPlaceVisitor::new(self.thir, self.tcx); | |
94222f64 | 446 | visit::walk_expr(&mut visitor, lhs); |
136023e0 XL |
447 | if visitor.found { |
448 | self.requires_unsafe(expr.span, MutationOfLayoutConstrainedField); | |
449 | } | |
450 | ||
451 | // Second, check for accesses to union fields | |
452 | // don't have any special handling for AssignOp since it causes a read *and* write to lhs | |
453 | if matches!(expr.kind, ExprKind::Assign { .. }) { | |
94222f64 XL |
454 | self.assignment_info = Some((lhs.ty, expr.span)); |
455 | visit::walk_expr(self, lhs); | |
456 | self.assignment_info = None; | |
136023e0 XL |
457 | visit::walk_expr(self, &self.thir()[rhs]); |
458 | return; // we have already visited everything by now | |
459 | } | |
460 | } | |
94222f64 XL |
461 | ExprKind::Borrow { borrow_kind, arg } => { |
462 | let mut visitor = LayoutConstrainedPlaceVisitor::new(self.thir, self.tcx); | |
463 | visit::walk_expr(&mut visitor, expr); | |
464 | if visitor.found { | |
465 | match borrow_kind { | |
466 | BorrowKind::Shallow | BorrowKind::Shared | BorrowKind::Unique | |
467 | if !self.thir[arg] | |
468 | .ty | |
469 | .is_freeze(self.tcx.at(self.thir[arg].span), self.param_env) => | |
470 | { | |
471 | self.requires_unsafe(expr.span, BorrowOfLayoutConstrainedField) | |
472 | } | |
473 | BorrowKind::Mut { .. } => { | |
474 | self.requires_unsafe(expr.span, MutationOfLayoutConstrainedField) | |
136023e0 | 475 | } |
94222f64 | 476 | BorrowKind::Shallow | BorrowKind::Shared | BorrowKind::Unique => {} |
136023e0 XL |
477 | } |
478 | } | |
94222f64 XL |
479 | } |
480 | ExprKind::Let { expr: expr_id, .. } => { | |
481 | let let_expr = &self.thir[expr_id]; | |
5e7ed085 FG |
482 | if let ty::Adt(adt_def, _) = let_expr.ty.kind() && adt_def.is_union() { |
483 | self.requires_unsafe(expr.span, AccessToUnionField); | |
136023e0 | 484 | } |
94222f64 | 485 | } |
17df50a5 XL |
486 | _ => {} |
487 | } | |
17df50a5 XL |
488 | visit::walk_expr(self, expr); |
489 | } | |
490 | } | |
491 | ||
492 | #[derive(Clone, Copy)] | |
493 | enum SafetyContext { | |
494 | Safe, | |
136023e0 | 495 | BuiltinUnsafeBlock, |
17df50a5 XL |
496 | UnsafeFn, |
497 | UnsafeBlock { span: Span, hir_id: hir::HirId, used: bool }, | |
498 | } | |
499 | ||
500 | #[derive(Clone, Copy)] | |
501 | enum BodyUnsafety { | |
502 | /// The body is not unsafe. | |
503 | Safe, | |
504 | /// The body is an unsafe function. The span points to | |
505 | /// the signature of the function. | |
506 | Unsafe(Span), | |
507 | } | |
508 | ||
509 | impl BodyUnsafety { | |
510 | /// Returns whether the body is unsafe. | |
511 | fn is_unsafe(&self) -> bool { | |
512 | matches!(self, BodyUnsafety::Unsafe(_)) | |
513 | } | |
514 | ||
515 | /// If the body is unsafe, returns the `Span` of its signature. | |
516 | fn unsafe_fn_sig_span(self) -> Option<Span> { | |
517 | match self { | |
518 | BodyUnsafety::Unsafe(span) => Some(span), | |
519 | BodyUnsafety::Safe => None, | |
520 | } | |
521 | } | |
522 | } | |
523 | ||
524 | #[derive(Clone, Copy, PartialEq)] | |
525 | enum UnsafeOpKind { | |
526 | CallToUnsafeFunction, | |
527 | UseOfInlineAssembly, | |
528 | InitializingTypeWith, | |
17df50a5 XL |
529 | UseOfMutableStatic, |
530 | UseOfExternStatic, | |
531 | DerefOfRawPointer, | |
17df50a5 | 532 | AssignToDroppingUnionField, |
17df50a5 | 533 | AccessToUnionField, |
17df50a5 | 534 | MutationOfLayoutConstrainedField, |
17df50a5 XL |
535 | BorrowOfLayoutConstrainedField, |
536 | CallToFunctionWith, | |
537 | } | |
538 | ||
539 | use UnsafeOpKind::*; | |
540 | ||
541 | impl UnsafeOpKind { | |
542 | pub fn description_and_note(&self) -> (&'static str, &'static str) { | |
543 | match self { | |
544 | CallToUnsafeFunction => ( | |
545 | "call to unsafe function", | |
546 | "consult the function's documentation for information on how to avoid undefined \ | |
547 | behavior", | |
548 | ), | |
549 | UseOfInlineAssembly => ( | |
550 | "use of inline assembly", | |
551 | "inline assembly is entirely unchecked and can cause undefined behavior", | |
552 | ), | |
553 | InitializingTypeWith => ( | |
554 | "initializing type with `rustc_layout_scalar_valid_range` attr", | |
555 | "initializing a layout restricted type's field with a value outside the valid \ | |
556 | range is undefined behavior", | |
557 | ), | |
17df50a5 XL |
558 | UseOfMutableStatic => ( |
559 | "use of mutable static", | |
560 | "mutable statics can be mutated by multiple threads: aliasing violations or data \ | |
561 | races will cause undefined behavior", | |
562 | ), | |
563 | UseOfExternStatic => ( | |
564 | "use of extern static", | |
565 | "extern statics are not controlled by the Rust type system: invalid data, \ | |
566 | aliasing violations or data races will cause undefined behavior", | |
567 | ), | |
568 | DerefOfRawPointer => ( | |
569 | "dereference of raw pointer", | |
570 | "raw pointers may be null, dangling or unaligned; they can violate aliasing rules \ | |
571 | and cause data races: all of these are undefined behavior", | |
572 | ), | |
573 | AssignToDroppingUnionField => ( | |
574 | "assignment to union field that might need dropping", | |
575 | "the previous content of the field will be dropped, which causes undefined \ | |
576 | behavior if the field was not properly initialized", | |
577 | ), | |
578 | AccessToUnionField => ( | |
579 | "access to union field", | |
580 | "the field may not be properly initialized: using uninitialized data will cause \ | |
581 | undefined behavior", | |
582 | ), | |
583 | MutationOfLayoutConstrainedField => ( | |
584 | "mutation of layout constrained field", | |
585 | "mutating layout constrained fields cannot statically be checked for valid values", | |
586 | ), | |
587 | BorrowOfLayoutConstrainedField => ( | |
588 | "borrow of layout constrained field with interior mutability", | |
589 | "references to fields of layout constrained fields lose the constraints. Coupled \ | |
590 | with interior mutability, the field can be changed to invalid values", | |
591 | ), | |
592 | CallToFunctionWith => ( | |
593 | "call to function with `#[target_feature]`", | |
594 | "can only be called if the required target features are available", | |
595 | ), | |
596 | } | |
597 | } | |
598 | } | |
599 | ||
600 | pub fn check_unsafety<'tcx>(tcx: TyCtxt<'tcx>, def: ty::WithOptConstParam<LocalDefId>) { | |
601 | // THIR unsafeck is gated under `-Z thir-unsafeck` | |
602 | if !tcx.sess.opts.debugging_opts.thir_unsafeck { | |
603 | return; | |
604 | } | |
605 | ||
136023e0 | 606 | // Closures are handled by their owner, if it has a body |
17df50a5 | 607 | if tcx.is_closure(def.did.to_def_id()) { |
94222f64 XL |
608 | let hir = tcx.hir(); |
609 | let owner = hir.enclosing_body_owner(hir.local_def_id_to_hir_id(def.did)); | |
610 | tcx.ensure().thir_check_unsafety(hir.local_def_id(owner)); | |
611 | return; | |
17df50a5 XL |
612 | } |
613 | ||
5e7ed085 FG |
614 | let (thir, expr) = match tcx.thir_body(def) { |
615 | Ok(body) => body, | |
616 | Err(_) => return, | |
617 | }; | |
17df50a5 | 618 | let thir = &thir.borrow(); |
5e7ed085 | 619 | // If `thir` is empty, a type error occurred, skip this body. |
17df50a5 XL |
620 | if thir.exprs.is_empty() { |
621 | return; | |
622 | } | |
623 | ||
624 | let hir_id = tcx.hir().local_def_id_to_hir_id(def.did); | |
625 | let body_unsafety = tcx.hir().fn_sig_by_hir_id(hir_id).map_or(BodyUnsafety::Safe, |fn_sig| { | |
626 | if fn_sig.header.unsafety == hir::Unsafety::Unsafe { | |
627 | BodyUnsafety::Unsafe(fn_sig.span) | |
628 | } else { | |
629 | BodyUnsafety::Safe | |
630 | } | |
631 | }); | |
632 | let body_target_features = &tcx.codegen_fn_attrs(def.did).target_features; | |
633 | let safety_context = | |
634 | if body_unsafety.is_unsafe() { SafetyContext::UnsafeFn } else { SafetyContext::Safe }; | |
17df50a5 XL |
635 | let mut visitor = UnsafetyVisitor { |
636 | tcx, | |
637 | thir, | |
638 | safety_context, | |
639 | hir_context: hir_id, | |
640 | body_unsafety, | |
641 | body_target_features, | |
94222f64 | 642 | assignment_info: None, |
136023e0 XL |
643 | in_union_destructure: false, |
644 | param_env: tcx.param_env(def.did), | |
645 | inside_adt: false, | |
17df50a5 XL |
646 | }; |
647 | visitor.visit_expr(&thir[expr]); | |
648 | } | |
649 | ||
650 | crate fn thir_check_unsafety<'tcx>(tcx: TyCtxt<'tcx>, def_id: LocalDefId) { | |
651 | if let Some(def) = ty::WithOptConstParam::try_lookup(def_id, tcx) { | |
652 | tcx.thir_check_unsafety_for_const_arg(def) | |
653 | } else { | |
654 | check_unsafety(tcx, ty::WithOptConstParam::unknown(def_id)) | |
655 | } | |
656 | } | |
657 | ||
658 | crate fn thir_check_unsafety_for_const_arg<'tcx>( | |
659 | tcx: TyCtxt<'tcx>, | |
660 | (did, param_did): (LocalDefId, DefId), | |
661 | ) { | |
662 | check_unsafety(tcx, ty::WithOptConstParam { did, const_param_did: Some(param_did) }) | |
663 | } |