Trait upcasting coercion (part4)

[crlf0710]

This is a incomplete version of trait upcasting unsafety checking. I think it's working in principle, however i think i meet a problem here. How can i know Box<T> or Arc<T>'s internal pointer can be seen as "always-valid"?

cc @RalfJung

[rust-highfive]

r? @davidtwco

(rust-highfive has picked a reviewer for you, use r? to override)

[rust-log-analyzer]

The job mingw-check failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

configure: rust.channel         := nightly
configure: rust.debug-assertions := True
configure: llvm.assertions      := True
configure: dist.missing-tools   := True
configure: build.configure-args := ['--enable-sccache', '--disable-manage-submodu ...
configure: writing `config.toml` in current directory
configure: 
configure: run `python /checkout/x.py --help`
configure: 
---
skip untracked path cpu-usage.csv during rustfmt invocations
skip untracked path src/doc/book/ during rustfmt invocations
skip untracked path src/doc/rust-by-example/ during rustfmt invocations
skip untracked path src/llvm-project/ during rustfmt invocations
Diff in /checkout/compiler/rustc_mir/src/transform/mod.rs at line 5:
 use rustc_hir as hir;
 use rustc_hir::def_id::{DefId, LocalDefId};
 use rustc_hir::intravisit::{self, NestedVisitorMap, Visitor};
+use rustc_hir::lang_items::LangItem;
 use rustc_index::vec::IndexVec;
 use rustc_middle::mir::visit::Visitor as _;
 use rustc_middle::mir::{traversal, Body, ConstQualifs, MirPhase, Promoted};
Diff in /checkout/compiler/rustc_mir/src/transform/mod.rs at line 12:
 use rustc_middle::ty::query::Providers;
 use rustc_middle::ty::{self, Ty, TyCtxt, TypeFoldable};
 use rustc_span::{Span, Symbol};
-use rustc_hir::lang_items::LangItem;
 use std::borrow::Cow;
 
 
Running `"/checkout/obj/build/x86_64-unknown-linux-gnu/stage0/bin/rustfmt" "--config-path" "/checkout" "--edition" "2018" "--unstable-features" "--skip-children" "--check" "/checkout/compiler/rustc_mir/src/transform/simplify.rs" "/checkout/compiler/rustc_mir/src/transform/deduplicate_blocks.rs" "/checkout/compiler/rustc_mir/src/transform/mod.rs" "/checkout/compiler/rustc_mir/src/transform/multiple_return_terminators.rs" "/checkout/compiler/rustc_mir/src/transform/separate_const_switch.rs" "/checkout/compiler/rustc_mir/src/transform/check_packed_ref.rs" "/checkout/compiler/rustc_mir/src/transform/lower_intrinsics.rs" "/checkout/compiler/rustc_mir/src/transform/abort_unwinding_calls.rs"` failed.
If you're running `tidy`, try again with `--bless`. Or, if you just want to format code, run `./x.py fmt` instead.

[RalfJung]

Maybe this function would be better put somewhere in rustc_mir/src/util?

[crlf0710]

should i create a new module in util for this?

[RalfJung]

If none of the others seem to fit, yeah.

[RalfJung]

You should be able to use Operand::ty here, right?

[crlf0710]

I'm not totally sure, since this is earlier than codegen phase, if i'm not misunderstanding it. I'll take a look.

[RalfJung]

This has nothing to do with codegen. I think you basically inlined Operand::ty here.

[RalfJung]

Why is it okay to allow casts where data_a.principal_def_id() == data_b.principal_def_id()? Please add a comment.

[crlf0710]

Ok!

[RalfJung]

Why are these two separate files?

Please also add some casts that are okay.

Does this hit the last match arm in is_trait_upcasting_coercion_from_raw_pointer?

[crlf0710]

This is a separate file because the "mismatched types" error will prevent unsafety checker from running at all, it seems. I don't really know whether error recovery is possible at all in this case. This test case is just the status quo. I'll leave comments, when the unsafety checking implementation is ready.

Please also add some casts that are okay.

I will, thanks!

Does this hit the last match arm in is_trait_upcasting_coercion_from_raw_pointer?

No it doesn't, the unsafety checker is not yet running in this case.

[RalfJung]

No it doesn't, the unsafety checker is not yet running in this case.

Okay, then the other test should definitely do something to hit that arm.

[RalfJung]

however i think i meet a problem here. How can i know Box or Arc's internal pointer can be seen as "always-valid"?

Good question. Currently you seem to be doing some kind of recursion here, but I am not sure what this means in terms of the resulting behavior.

Is it correct that that Adt arm in is_trait_upcasting_coercion_from_raw_pointer can only be reached for types that implement CoerceUnsized?

Cc @rust-lang/lang

[crlf0710]

@RalfJung i think the answer is yes, according to CoerceUnsized documentation. It even covers all the Non-ADT cases, like the reference and raw pointer types.

On the other hand the reference says something unintuitive: It says TyCtor(T) to TyCtor(U). Not sure if whether this clause is intended to cover the CoerceUnsized cases.

I think my current problem is that, the CoerceUnsized trait doesn't say anything semantically about what's happening underhood. It is defined in a very structured typing approach.

[RalfJung]

Yeah, it sounds like for full expressivity we'd need CoerceUnsizedUnsafe -- for smart pointers that wrap a raw pointer and don't guarantee via a custom invariant that it is valid.

For now, I think assuming they are safe to cast (if the recursive check succeeds) makes sense. But this should be added to the list of unresolved questions for trait coercions, to be brought up in the stabilization report.

Also there should be tests for things like *const Cell<dyn T> to *const Cell<dyn U>, to ensure that this requires unsafe (if it works at all).

[crlf0710]

I'll let this PR wait on #88135 a little, and discuss more about CoerceUnsized during the review of that pr.

[crlf0710]

#88135 has landed, and i created #88239 for a less ad-hoc approach to gather feedback and discussions.

[RalfJung]

I'll be pretty busy for some time since I am moving, so I am probably not the best reviewer here.

[crlf0710]

That's ok, after some discussions i think this is not the prefered approach here. Closing for now, but might get back to this if necessary.