1use std::assert_matches::assert_matches;
23use rustc_abi::{BackendRepr, FieldsShape, Scalar, Size, TagEncoding, Variants};
4use rustc_middle::bug;
5use rustc_middle::ty::layout::{HasTyCtxt, LayoutCx, TyAndLayout};
67/// Enforce some basic invariants on layouts.
8pub(super) fn layout_sanity_check<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
9let tcx = cx.tcx();
1011if !layout.size.bytes().is_multiple_of(layout.align.bytes()) {
12::rustc_middle::util::bug::bug_fmt(format_args!("size is not a multiple of align, in the following layout:\n{0:#?}",
layout));bug!("size is not a multiple of align, in the following layout:\n{layout:#?}");
13 }
14if layout.size.bytes() >= tcx.data_layout.obj_size_bound() {
15::rustc_middle::util::bug::bug_fmt(format_args!("size is too large, in the following layout:\n{0:#?}",
layout));bug!("size is too large, in the following layout:\n{layout:#?}");
16 }
17// FIXME(#124403): Once `repr_c_enums_larger_than_int` is a hard error, we could assert
18 // here that a repr(c) enum discriminant is never larger than a c_int.
1920if !truecfg!(debug_assertions) {
21// Stop here, the rest is kind of expensive.
22return;
23 }
2425// Type-level uninhabitedness should always imply ABI uninhabitedness. This can be expensive on
26 // big non-exhaustive types, and is [hard to
27 // fix](https://github.com/rust-lang/rust/issues/141006#issuecomment-2883415000) in general.
28 // Only doing this sanity check when debug assertions are turned on avoids the issue for the
29 // very specific case of #140944.
30if layout.ty.is_privately_uninhabited(tcx, cx.typing_env) {
31if !layout.is_uninhabited() {
{
::core::panicking::panic_fmt(format_args!("{0:?} is type-level uninhabited but not ABI-uninhabited?",
layout.ty));
}
};assert!(
32 layout.is_uninhabited(),
33"{:?} is type-level uninhabited but not ABI-uninhabited?",
34 layout.ty
35 );
36 }
3738/// Yields non-ZST fields of the type
39fn non_zst_fields<'tcx, 'a>(
40 cx: &'a LayoutCx<'tcx>,
41 layout: &'a TyAndLayout<'tcx>,
42 ) -> impl Iterator<Item = (Size, TyAndLayout<'tcx>)> {
43 (0..layout.layout.fields().count()).filter_map(|i| {
44let field = layout.field(cx, i);
45// Also checking `align == 1` here leads to test failures in
46 // `layout/zero-sized-array-union.rs`, where a type has a zero-size field with
47 // alignment 4 that still gets ignored during layout computation (which is okay
48 // since other fields already force alignment 4).
49let zst = field.is_zst();
50 (!zst).then(|| (layout.fields.offset(i), field))
51 })
52 }
5354fn skip_newtypes<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) -> TyAndLayout<'tcx> {
55if #[allow(non_exhaustive_omitted_patterns)] match layout.layout.variants() {
Variants::Multiple { .. } => true,
_ => false,
}matches!(layout.layout.variants(), Variants::Multiple { .. }) {
56// Definitely not a newtype of anything.
57return *layout;
58 }
59let mut fields = non_zst_fields(cx, layout);
60let Some(first) = fields.next() else {
61// No fields here, so this could be a primitive or enum -- either way it's not a newtype around a thing
62return *layout;
63 };
64if fields.next().is_none() {
65let (offset, first) = first;
66if offset == Size::ZERO && first.layout.size() == layout.size {
67// This is a newtype, so keep recursing.
68 // FIXME(RalfJung): I don't think it would be correct to do any checks for
69 // alignment here, so we don't. Is that correct?
70return skip_newtypes(cx, &first);
71 }
72 }
73// No more newtypes here.
74*layout75 }
7677fn check_layout_abi<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
78// Verify the ABI-mandated alignment and size for scalars.
79let align = layout.backend_repr.scalar_align(cx);
80let size = layout.backend_repr.scalar_size(cx);
81if let Some(align) = align {
82match (&layout.layout.align().abi, &align) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("alignment mismatch between ABI and layout in {0:#?}",
layout)));
}
}
};assert_eq!(
83 layout.layout.align().abi,
84 align,
85"alignment mismatch between ABI and layout in {layout:#?}"
86);
87 }
88if let Some(size) = size {
89match (&layout.layout.size(), &size) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("size mismatch between ABI and layout in {0:#?}",
layout)));
}
}
};assert_eq!(
90 layout.layout.size(),
91 size,
92"size mismatch between ABI and layout in {layout:#?}"
93);
94 }
9596// Verify per-ABI invariants
97match layout.layout.backend_repr() {
98 BackendRepr::Scalar(_) => {
99// These must always be present for `Scalar` types.
100let align = align.unwrap();
101let size = size.unwrap();
102// Check that this matches the underlying field.
103let inner = skip_newtypes(cx, layout);
104if !#[allow(non_exhaustive_omitted_patterns)] match inner.layout.backend_repr()
{
BackendRepr::Scalar(_) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`Scalar` type {0} is newtype around non-`Scalar` type {1}",
layout.ty, inner.ty));
}
};assert!(
105matches!(inner.layout.backend_repr(), BackendRepr::Scalar(_)),
106"`Scalar` type {} is newtype around non-`Scalar` type {}",
107 layout.ty,
108 inner.ty
109 );
110match inner.layout.fields() {
111 FieldsShape::Primitive => {
112// Fine.
113}
114 FieldsShape::Union(..) => {
115// FIXME: I guess we could also check something here? Like, look at all fields?
116return;
117 }
118 FieldsShape::Arbitrary { .. } => {
119// Should be an enum, the only field is the discriminant.
120if !inner.ty.is_enum() {
{
::core::panicking::panic_fmt(format_args!("`Scalar` layout for non-primitive non-enum type {0}",
inner.ty));
}
};assert!(
121 inner.ty.is_enum(),
122"`Scalar` layout for non-primitive non-enum type {}",
123 inner.ty
124 );
125match (&inner.layout.fields().count(), &1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` layout for multiple-field type in {0:#?}",
inner)));
}
}
};assert_eq!(
126 inner.layout.fields().count(),
1271,
128"`Scalar` layout for multiple-field type in {inner:#?}",
129 );
130let offset = inner.layout.fields().offset(0);
131let field = inner.field(cx, 0);
132// The field should be at the right offset, and match the `scalar` layout.
133match (&offset, &Size::ZERO) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field at non-0 offset in {0:#?}",
inner)));
}
}
};assert_eq!(
134 offset,
135 Size::ZERO,
136"`Scalar` field at non-0 offset in {inner:#?}",
137 );
138match (&field.size, &size) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(field.size, size, "`Scalar` field with bad size in {inner:#?}",);
139match (&field.align.abi, &align) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
140 field.align.abi, align,
141"`Scalar` field with bad align in {inner:#?}",
142 );
143if !#[allow(non_exhaustive_omitted_patterns)] match field.backend_repr {
BackendRepr::Scalar(_) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`Scalar` field with bad ABI in {0:#?}",
inner));
}
};assert!(
144matches!(field.backend_repr, BackendRepr::Scalar(_)),
145"`Scalar` field with bad ABI in {inner:#?}",
146 );
147 }
148_ => {
149{
::core::panicking::panic_fmt(format_args!("`Scalar` layout for non-primitive non-enum type {0}",
inner.ty));
};panic!("`Scalar` layout for non-primitive non-enum type {}", inner.ty);
150 }
151 }
152 }
153 BackendRepr::ScalarPair(scalar1, scalar2) => {
154// Check that the underlying pair of fields matches.
155let inner = skip_newtypes(cx, layout);
156if !#[allow(non_exhaustive_omitted_patterns)] match inner.layout.backend_repr()
{
BackendRepr::ScalarPair(..) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`ScalarPair` type {0} is newtype around non-`ScalarPair` type {1}",
layout.ty, inner.ty));
}
};assert!(
157matches!(inner.layout.backend_repr(), BackendRepr::ScalarPair(..)),
158"`ScalarPair` type {} is newtype around non-`ScalarPair` type {}",
159 layout.ty,
160 inner.ty
161 );
162if #[allow(non_exhaustive_omitted_patterns)] match inner.layout.variants() {
Variants::Multiple { .. } => true,
_ => false,
}matches!(inner.layout.variants(), Variants::Multiple { .. }) {
163// FIXME: ScalarPair for enums is enormously complicated and it is very hard
164 // to check anything about them.
165return;
166 }
167match inner.layout.fields() {
168 FieldsShape::Arbitrary { .. } => {
169// Checked below.
170}
171 FieldsShape::Union(..) => {
172// FIXME: I guess we could also check something here? Like, look at all fields?
173return;
174 }
175_ => {
176{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout with unexpected field shape in {0:#?}",
inner));
};panic!("`ScalarPair` layout with unexpected field shape in {inner:#?}");
177 }
178 }
179let mut fields = non_zst_fields(cx, &inner);
180let (offset1, field1) = fields.next().unwrap_or_else(|| {
181{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout for type with not even one non-ZST field: {0:#?}",
inner));
}panic!(
182"`ScalarPair` layout for type with not even one non-ZST field: {inner:#?}"
183)184 });
185let (offset2, field2) = fields.next().unwrap_or_else(|| {
186{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout for type with less than two non-ZST fields: {0:#?}",
inner));
}panic!(
187"`ScalarPair` layout for type with less than two non-ZST fields: {inner:#?}"
188)189 });
190match fields.next() {
None => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val, "None",
::core::option::Option::Some(format_args!("`ScalarPair` layout for type with at least three non-ZST fields: {0:#?}",
inner)));
}
};assert_matches!(
191 fields.next(),
192None,
193"`ScalarPair` layout for type with at least three non-ZST fields: {inner:#?}"
194);
195// The fields might be in opposite order.
196let (offset1, field1, offset2, field2) = if offset1 <= offset2 {
197 (offset1, field1, offset2, field2)
198 } else {
199 (offset2, field2, offset1, field1)
200 };
201// The fields should be at the right offset, and match the `scalar` layout.
202let size1 = scalar1.size(cx);
203let align1 = scalar1.align(cx).abi;
204let size2 = scalar2.size(cx);
205let align2 = scalar2.align(cx).abi;
206match (&offset1, &Size::ZERO) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field at non-0 offset in {0:#?}",
inner)));
}
}
};assert_eq!(
207 offset1,
208 Size::ZERO,
209"`ScalarPair` first field at non-0 offset in {inner:#?}",
210 );
211match (&field1.size, &size1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(
212 field1.size, size1,
213"`ScalarPair` first field with bad size in {inner:#?}",
214 );
215match (&field1.align.abi, &align1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
216 field1.align.abi, align1,
217"`ScalarPair` first field with bad align in {inner:#?}",
218 );
219match field1.backend_repr {
BackendRepr::Scalar(_) => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"BackendRepr::Scalar(_)",
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad ABI in {0:#?}",
inner)));
}
};assert_matches!(
220 field1.backend_repr,
221 BackendRepr::Scalar(_),
222"`ScalarPair` first field with bad ABI in {inner:#?}",
223 );
224let field2_offset = size1.align_to(align2);
225match (&offset2, &field2_offset) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field at bad offset in {0:#?}",
inner)));
}
}
};assert_eq!(
226 offset2, field2_offset,
227"`ScalarPair` second field at bad offset in {inner:#?}",
228 );
229match (&field2.size, &size2) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(
230 field2.size, size2,
231"`ScalarPair` second field with bad size in {inner:#?}",
232 );
233match (&field2.align.abi, &align2) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
234 field2.align.abi, align2,
235"`ScalarPair` second field with bad align in {inner:#?}",
236 );
237match field2.backend_repr {
BackendRepr::Scalar(_) => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"BackendRepr::Scalar(_)",
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad ABI in {0:#?}",
inner)));
}
};assert_matches!(
238 field2.backend_repr,
239 BackendRepr::Scalar(_),
240"`ScalarPair` second field with bad ABI in {inner:#?}",
241 );
242 }
243 BackendRepr::SimdVector { element, count } => {
244let align = layout.align.abi;
245let size = layout.size;
246let element_align = element.align(cx).abi;
247let element_size = element.size(cx);
248// Currently, vectors must always be aligned to at least their elements:
249if !(align >= element_align) {
::core::panicking::panic("assertion failed: align >= element_align")
};assert!(align >= element_align);
250// And the size has to be element * count plus alignment padding, of course
251if !(size == (element_size * count).align_to(align)) {
::core::panicking::panic("assertion failed: size == (element_size * count).align_to(align)")
};assert!(size == (element_size * count).align_to(align));
252 }
253 BackendRepr::Memory { .. } | BackendRepr::ScalableVector { .. } => {} // Nothing to check.
254}
255 }
256257check_layout_abi(cx, layout);
258259match &layout.variants {
260 Variants::Empty => {
261if !layout.is_uninhabited() {
::core::panicking::panic("assertion failed: layout.is_uninhabited()")
};assert!(layout.is_uninhabited());
262 }
263 Variants::Single { index } => {
264if let Some(variants) = layout.ty.variant_range(tcx) {
265if !variants.contains(index) {
::core::panicking::panic("assertion failed: variants.contains(index)")
};assert!(variants.contains(index));
266 } else {
267// Types without variants use `0` as dummy variant index.
268if !(index.as_u32() == 0) {
::core::panicking::panic("assertion failed: index.as_u32() == 0")
};assert!(index.as_u32() == 0);
269 }
270 }
271 Variants::Multiple { variants, tag, tag_encoding, .. } => {
272if let TagEncoding::Niche { niche_start, untagged_variant, niche_variants } =
273tag_encoding274 {
275let niche_size = tag.size(cx);
276if !(*niche_start <= niche_size.unsigned_int_max()) {
::core::panicking::panic("assertion failed: *niche_start <= niche_size.unsigned_int_max()")
};assert!(*niche_start <= niche_size.unsigned_int_max());
277for (idx, variant) in variants.iter_enumerated() {
278// Ensure all inhabited variants are accounted for.
279if !variant.is_uninhabited() {
280if !(idx == *untagged_variant || niche_variants.contains(&idx)) {
::core::panicking::panic("assertion failed: idx == *untagged_variant || niche_variants.contains(&idx)")
};assert!(idx == *untagged_variant || niche_variants.contains(&idx));
281 }
282283// Ensure that for niche encoded tags the discriminant coincides with the variant index.
284let val = layout.ty.discriminant_for_variant(tcx, idx).unwrap().val;
285if val != u128::from(idx.as_u32()) {
286let adt_def = layout.ty.ty_adt_def().unwrap();
287 cx.tcx().dcx().span_delayed_bug(
288 cx.tcx().def_span(adt_def.did()),
289::alloc::__export::must_use({
::alloc::fmt::format(format_args!("variant {0:?} has discriminant {1:?} in niche-encoded type",
idx, val))
})format!(
290"variant {idx:?} has discriminant {val:?} in niche-encoded type"
291),
292 );
293 }
294 }
295 }
296for variant in variants.iter() {
297// No nested "multiple".
298match variant.variants {
Variants::Single { .. } => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"Variants::Single { .. }", ::core::option::Option::None);
}
};assert_matches!(variant.variants, Variants::Single { .. });
299// Variants should have the same or a smaller size as the full thing,
300 // and same for alignment.
301if variant.size > layout.size {
302::rustc_middle::util::bug::bug_fmt(format_args!("Type with size {0} bytes has variant with size {1} bytes: {2:#?}",
layout.size.bytes(), variant.size.bytes(), layout))bug!(
303"Type with size {} bytes has variant with size {} bytes: {layout:#?}",
304 layout.size.bytes(),
305 variant.size.bytes(),
306 )307 }
308if variant.align.abi > layout.align.abi {
309::rustc_middle::util::bug::bug_fmt(format_args!("Type with alignment {0} bytes has variant with alignment {1} bytes: {2:#?}",
layout.align.bytes(), variant.align.bytes(), layout))bug!(
310"Type with alignment {} bytes has variant with alignment {} bytes: {layout:#?}",
311 layout.align.bytes(),
312 variant.align.bytes(),
313 )314 }
315// Skip empty variants.
316if variant.size == Size::ZERO
317 || variant.fields.count() == 0
318|| variant.is_uninhabited()
319 {
320// These are never actually accessed anyway, so we can skip the coherence check
321 // for them. They also fail that check, since they may have
322 // a different ABI even when the main type is
323 // `Scalar`/`ScalarPair`. (Note that sometimes, variants with fields have size
324 // 0, and sometimes, variants without fields have non-0 size.)
325continue;
326 }
327// The top-level ABI and the ABI of the variants should be coherent.
328let scalar_coherent = |s1: Scalar, s2: Scalar| {
329 s1.size(cx) == s2.size(cx) && s1.align(cx) == s2.align(cx)
330 };
331let abi_coherent = match (layout.backend_repr, variant.backend_repr) {
332 (BackendRepr::Scalar(s1), BackendRepr::Scalar(s2)) => scalar_coherent(s1, s2),
333 (BackendRepr::ScalarPair(a1, b1), BackendRepr::ScalarPair(a2, b2)) => {
334 scalar_coherent(a1, a2) && scalar_coherent(b1, b2)
335 }
336 (BackendRepr::Memory { .. }, _) => true,
337_ => false,
338 };
339if !abi_coherent {
340::rustc_middle::util::bug::bug_fmt(format_args!("Variant ABI is incompatible with top-level ABI:\nvariant={0:#?}\nTop-level: {1:#?}",
variant, layout));bug!(
341"Variant ABI is incompatible with top-level ABI:\nvariant={:#?}\nTop-level: {layout:#?}",
342 variant
343 );
344 }
345 }
346 }
347 }
348}