analyze: add NON_NULL rewrites #1095
Conversation
|
I realized while writing the PR that I never tested field projections ( |
spernsteiner
force-pushed
the
analyze-rewrite-non-null
branch
from
4776e2e
to
7b13770
Compare
We previously used the syntax `[[[var]] ..]`, which should expand to `[value ..]`, but FileCheck-7 parses the first part as `[[ [var ]]` and reports a syntax error.
|
Left a couple of comments. This is a large PR, it will take me a while to get through. |
| // `convert_cast_rewrite`. | ||
| match *rw { | ||
| mir_op::RewriteKind::OffsetSlice { mutbl } => { | ||
| // `p.offset(i)` -> `&p[i as usize ..]` |
There was a problem hiding this comment.
Should we add parentheses around the rewritten expression? Might avoid precedence issues, e.g., p.offset(i).foo() should be (&p[i as usize]).foo() not &p[i as usize].foo().
| for (i, mir_rw) in mir_rws.iter().enumerate() { | ||
| match mir_rw.rw { | ||
| // Bail out if we see nested delimiters. | ||
| mir_op::RewriteKind::OptionMapBegin => return None, |
There was a problem hiding this comment.
Should we log this, somewhere in the call chain? It might be useful for users to know that this case is not supported, and where it occurs.
There was a problem hiding this comment.
Added some clarification to the comment in ff20263. Bailing out here is not a hard error - it is legal, but suboptimal, to rewrite OptionMapBegin as p -> p.unwrap(). Also, currently mir_op should never generate rewrites that trigger this.
|
|
||
| mir_op::RewriteKind::OptionMapBegin => { | ||
| // `p` -> `p.unwrap()` | ||
| Rewrite::MethodCall("unwrap /*map_begin*/".to_string(), Box::new(hir_rw), vec![]) |
There was a problem hiding this comment.
I initially added the /*map_begin*/ comment for debugging, and I think it's actually useful to leave it in place to help us catch any cases where the Option::map rewrite is not working properly.
| from.own = Ownership::Mut; | ||
| } | ||
| _ => { | ||
| // Remaining cases are unsupported. |
| (self.emit)(RewriteKind::OptionUnwrap); | ||
| from.option = false; | ||
| } else if from.option && to.option { | ||
| eprintln!("try_build_cast_desc_desc: emit OptionMapBegin"); |
There was a problem hiding this comment.
Just a general comment: the analyzer should use a logger like log with e.g. env_logger as the back end, so all this debugging output can be silenced (2>/dev/null does technically work, but it's less configurable).
We don't need to fix all the existing lines in this PR, but maybe we could switch these? Or alternatively a follow-up PR that switches everything.
This branch implements rewriting of nullable pointers (those lacking
PermissionSet::NON_NULL) toOption. This includes the following kinds of rewrites:Option<&mut T>instead of&mut Tp.unwrap()andSome(p). For most permissions, we implement only one direction because the other is invalid/nonsensical, but here we implement both in order to support "unsound" rewrites involving overriddenNON_NULLflags (as in analyze: allow overriding dataflow for specific permissions #1088).p: Option<&mut T>, we usep.as_deref_mut().unwrap()instead ofp.unwrap()to avoid consuming the originalp. (In the code, this is called a "downgrade", since it allows borrowingOption<Box<T>>asOption<&T>and similar.)NON_NULLpointers would use&p[0], nullable ones usep.map(|ptr| &ptr[0]). Internally, this is represented similar toSome(&p.unwrap()[0]), but it's handled specially byrewrite::expr::convertto produce amapcall instead, which passes throughNonewithout a panic.unwrap()calls on derefs.*pis rewritten to*p.unwrap(), or to*p.as_deref().unwrap()if a downgrade/borrow is necessary to avoid movingp.ptr::null()and0 as *const _toNone, andp.is_null()top.is_none().The new
non_null_rewrites.rstest case passes, and the rewritten code compiles.This might be easier to review commit-by-commit.