Skip to main content

rustc_borrowck/polonius/
mod.rs

1//! Polonius analysis and support code:
2//! - dedicated constraints
3//! - conversion from NLL constraints
4//! - debugging utilities
5//! - etc.
6//!
7//! The current implementation models the flow-sensitive borrow-checking concerns as a graph
8//! containing both information about regions and information about the control flow.
9//!
10//! Loan propagation is seen as a reachability problem (with some subtleties) between where the loan
11//! is introduced and a given point.
12//!
13//! Constraints arising from type-checking allow loans to flow from region to region at the same CFG
14//! point. Constraints arising from liveness allow loans to flow within from point to point, between
15//! live regions at these points.
16//!
17//! Edges can be bidirectional to encode invariant relationships, and loans can flow "back in time"
18//! to traverse these constraints arising earlier in the CFG.
19//!
20//! When incorporating kills in the traversal, the loans reaching a given point are considered live.
21//!
22//! After this, the usual NLL process happens. These live loans are fed into a dataflow analysis
23//! combining them with the points where loans go out of NLL scope (the frontier where they stop
24//! propagating to a live region), to yield the "loans in scope" or "active loans", at a given
25//! point.
26//!
27//! Illegal accesses are still computed by checking whether one of these resulting loans is
28//! invalidated.
29//!
30//! More information on this simple approach can be found in the following links, and in the future
31//! in the rustc dev guide:
32//! - <https://smallcultfollowing.com/babysteps/blog/2023/09/22/polonius-part-1/>
33//! - <https://smallcultfollowing.com/babysteps/blog/2023/09/29/polonius-part-2/>
34//!
35
36mod constraints;
37mod dump;
38pub(crate) mod legacy;
39mod liveness_constraints;
40
41use std::collections::BTreeMap;
42
43use rustc_data_structures::fx::FxHashSet;
44use rustc_index::bit_set::SparseBitMatrix;
45use rustc_middle::mir::{Body, Local};
46use rustc_middle::ty::RegionVid;
47use rustc_mir_dataflow::points::PointIndex;
48
49pub(self) use self::constraints::*;
50pub(crate) use self::dump::dump_polonius_mir;
51use crate::dataflow::BorrowIndex;
52use crate::region_infer::values::LivenessValues;
53use crate::{BorrowSet, RegionInferenceContext};
54
55pub(crate) type LiveLoans = SparseBitMatrix<PointIndex, BorrowIndex>;
56
57/// This struct holds the necessary
58///  - liveness data, created during MIR typeck, and which will be used to lazily compute the
59///    polonius localized constraints, during NLL region inference as well as MIR dumping,
60///  - data needed by the borrowck error computation and diagnostics.
61#[derive(#[automatically_derived]
impl ::core::default::Default for PoloniusContext {
    #[inline]
    fn default() -> PoloniusContext {
        PoloniusContext {
            graph: ::core::default::Default::default(),
            live_region_variances: ::core::default::Default::default(),
            boring_nll_locals: ::core::default::Default::default(),
        }
    }
}Default)]
62pub(crate) struct PoloniusContext {
63    /// The graph from which we extract the localized outlives constraints.
64    graph: Option<LocalizedConstraintGraph>,
65
66    /// The expected edge direction per live region: the kind of directed edge we'll create as
67    /// liveness constraints depends on the variance of types with respect to each contained region.
68    live_region_variances: BTreeMap<RegionVid, ConstraintDirection>,
69
70    /// The regions that outlive free regions are used to distinguish relevant live locals from
71    /// boring locals. A boring local is one whose type contains only such regions. Polonius
72    /// currently has more boring locals than NLLs so we record the latter to use in errors and
73    /// diagnostics, to focus on the locals we consider relevant and match NLL diagnostics.
74    pub(crate) boring_nll_locals: FxHashSet<Local>,
75}
76
77/// The direction a constraint can flow into. Used to create liveness constraints according to
78/// variance.
79#[derive(#[automatically_derived]
impl ::core::marker::Copy for ConstraintDirection { }Copy, #[automatically_derived]
impl ::core::clone::Clone for ConstraintDirection {
    #[inline]
    fn clone(&self) -> ConstraintDirection { *self }
}Clone, #[automatically_derived]
impl ::core::cmp::PartialEq for ConstraintDirection {
    #[inline]
    fn eq(&self, other: &ConstraintDirection) -> bool {
        let __self_discr = ::core::intrinsics::discriminant_value(self);
        let __arg1_discr = ::core::intrinsics::discriminant_value(other);
        __self_discr == __arg1_discr
    }
}PartialEq, #[automatically_derived]
impl ::core::cmp::Eq for ConstraintDirection {
    #[inline]
    #[doc(hidden)]
    #[coverage(off)]
    fn assert_receiver_is_total_eq(&self) {}
}Eq, #[automatically_derived]
impl ::core::fmt::Debug for ConstraintDirection {
    #[inline]
    fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
        ::core::fmt::Formatter::write_str(f,
            match self {
                ConstraintDirection::Forward => "Forward",
                ConstraintDirection::Backward => "Backward",
                ConstraintDirection::Bidirectional => "Bidirectional",
            })
    }
}Debug)]
80enum ConstraintDirection {
81    /// For covariant cases, we add a forward edge `O at P1 -> O at P2`.
82    Forward,
83
84    /// For contravariant cases, we add a backward edge `O at P2 -> O at P1`
85    Backward,
86
87    /// For invariant cases, we add both the forward and backward edges `O at P1 <-> O at P2`.
88    Bidirectional,
89}
90
91impl PoloniusContext {
92    /// Computes live loans using the set of loans model for `-Zpolonius=next`.
93    ///
94    /// First, creates a constraint graph combining regions and CFG points, by:
95    /// - converting NLL typeck constraints to be localized
96    /// - encoding liveness constraints
97    ///
98    /// Then, this graph is traversed, reachability is recorded as loan liveness, to be used by the
99    /// loan scope and active loans computations.
100    ///
101    /// The constraint data will be used to compute errors and diagnostics.
102    pub(crate) fn compute_loan_liveness<'tcx>(
103        &mut self,
104        regioncx: &mut RegionInferenceContext<'tcx>,
105        body: &Body<'tcx>,
106        borrow_set: &BorrowSet<'tcx>,
107    ) {
108        let liveness = regioncx.liveness_constraints();
109
110        // We don't need to prepare the graph (index NLL constraints, etc.) if we have no loans to
111        // trace throughout localized constraints.
112        if borrow_set.len() > 0 {
113            // From the outlives constraints, liveness, and variances, we can compute reachability
114            // on the lazy localized constraint graph to trace the liveness of loans, for the next
115            // step in the chain (the NLL loan scope and active loans computations).
116            let graph = LocalizedConstraintGraph::new(liveness, regioncx.outlives_constraints());
117
118            let mut live_loans = LiveLoans::new(borrow_set.len());
119            let mut visitor = LoanLivenessVisitor { liveness, live_loans: &mut live_loans };
120            graph.traverse(
121                body,
122                liveness,
123                &self.live_region_variances,
124                regioncx.universal_regions(),
125                borrow_set,
126                &mut visitor,
127            );
128            regioncx.record_live_loans(live_loans);
129
130            // The graph can be traversed again during MIR dumping, so we store it here.
131            self.graph = Some(graph);
132        }
133    }
134}
135
136/// Visitor to record loan liveness when traversing the localized constraint graph.
137struct LoanLivenessVisitor<'a> {
138    liveness: &'a LivenessValues,
139    live_loans: &'a mut LiveLoans,
140}
141
142impl LocalizedConstraintGraphVisitor for LoanLivenessVisitor<'_> {
143    fn on_node_traversed(&mut self, loan: BorrowIndex, node: LocalizedNode) {
144        // Record the loan as being live on entry to this point if it reaches a live region
145        // there.
146        //
147        // This is an approximation of liveness (which is the thing we want), in that we're
148        // using a single notion of reachability to represent what used to be _two_ different
149        // transitive closures. It didn't seem impactful when coming up with the single-graph
150        // and reachability through space (regions) + time (CFG) concepts, but in practice the
151        // combination of time-traveling with kills is more impactful than initially
152        // anticipated.
153        //
154        // Kills should prevent a loan from reaching its successor points in the CFG, but not
155        // while time-traveling: we're not actually at that CFG point, but looking for
156        // predecessor regions that contain the loan. One of the two TCs we had pushed the
157        // transitive subset edges to each point instead of having backward edges, and the
158        // problem didn't exist before. In the abstract, naive reachability is not enough to
159        // model this, we'd need a slightly different solution. For example, maybe with a
160        // two-step traversal:
161        // - at each point we first traverse the subgraph (and possibly time-travel) looking for
162        //   exit nodes while ignoring kills,
163        // - and then when we're back at the current point, we continue normally.
164        //
165        // Another (less annoying) subtlety is that kills and the loan use-map are
166        // flow-insensitive. Kills can actually appear in places before a loan is introduced, or
167        // at a location that is actually unreachable in the CFG from the introduction point,
168        // and these can also be encountered during time-traveling.
169        //
170        // The simplest change that made sense to "fix" the issues above is taking into account
171        // kills that are:
172        // - reachable from the introduction point
173        // - encountered during forward traversal. Note that this is not transitive like the
174        //   two-step traversal described above: only kills encountered on exit via a backward
175        //   edge are ignored.
176        //
177        // This version of the analysis, however, is enough in practice to pass the tests that
178        // we care about and NLLs reject, without regressions on crater, and is an actionable
179        // subset of the full analysis. It also naturally points to areas of improvement that we
180        // wish to explore later, namely handling kills appropriately during traversal, instead
181        // of continuing traversal to all the reachable nodes.
182        //
183        // FIXME: analyze potential unsoundness, possibly in concert with a borrowck
184        // implementation in a-mir-formality, fuzzing, or manually crafting counter-examples.
185        if self.liveness.is_live_at_point(node.region, node.point) {
186            self.live_loans.insert(node.point, loan);
187        }
188    }
189}