lint ImproperCTypes: refactor linting architecture (part 3) #146275
Conversation
rustbot
added
S-waiting-on-author
There was a problem hiding this comment.
Looked at the final commit here "add recursion limit"; I think the method should be adjusted, but this can land pretty easily.
I don't think "add architecture for layered reasoning in lints" can land yet, there is a lot added here that is dead code and untested for now. Can it be moved to just before a commit that makes use of it?
Edit: actually, no need to move it anywhere specific yet since I'm still going through the commits at #134697 one-by-one. Just dropping it from this PR is sufficient, so the recursion limit can merge without being blocked.
| let _depth_guard = match self.can_enter_type(ty) { | ||
| Ok(guard) => guard, | ||
| Err(ffi_res) => return ffi_res, | ||
| }; | ||
| let tcx = self.cx.tcx; | ||
|
|
||
| // Protect against infinite recursion, for example | ||
| // `struct S(*mut S);`. | ||
| // FIXME: A recursion limit is necessary as well, for irregular | ||
| // recursive types. | ||
| if !self.cache.insert(ty) { | ||
| return FfiSafe; | ||
| } |
There was a problem hiding this comment.
I don't follow the original implementation here. If you have
extern "C" fn foo(a: NotFfiSafe, b: NotFfiSafe)Why is it that the b doesn't get marked FfiSafe since the cache insert will fail?
There was a problem hiding this comment.
this is because the cache is set up per visitor.
One of those gets set up for each extern static variable, each extern non-fnptr-function argument, each extern non-fnptr-function return, and each extern fnptr in a non-extern context.
Here specifically, a and b each get a visitor.
| // borrows the refcell, outside of ImproperCTypesVisitorDepthGuard::drop() | ||
| let mut limiter_guard = self.recursion_limiter.borrow_mut(); | ||
| let (ref mut cache, ref mut depth) = *limiter_guard; | ||
| if (!cache.insert(ty)) || *depth >= 1024 { |
There was a problem hiding this comment.
Why is the cache still necessary if you have the depth?
There was a problem hiding this comment.
The cache allows to stop processing regular-recursive types (say, some LinkedListNode struct) after a single iteration rather than after 1024.
The depth limit is really needed for irregular recursive types, like in #130310.
| struct ImproperCTypesVisitor<'a, 'tcx> { | ||
| cx: &'a LateContext<'tcx>, | ||
| /// To prevent problems with recursive types, | ||
| /// add a types-in-check cache. | ||
| cache: FxHashSet<Ty<'tcx>>, | ||
| /// add a types-in-check cache and a depth counter. | ||
| recursion_limiter: RefCell<(FxHashSet<Ty<'tcx>>, usize)>, |
There was a problem hiding this comment.
It's probably cleaner to continue passing this around as &mut and avoiding the RefCell if possible, which will make it easier to store more in the visitor in the future if needed. Is it possible to just pass a depth argument to the needed functions? This also avoids the guard complexity, and makes it easy to avoid resetting the depth if you need to construct a new ImproperCTypesVisitor.
Alternatively you can make a type RecursionCount = Rc<()> and store it in the visitor and clone it for each guard, which allows Rc::strong_count(that_rc) to tell you the recursion count. But that's not quite as clean.
There was a problem hiding this comment.
I guess? I thought it would be annoying, performance-wise, to add 8 bytes to each method's stack. which... I end up half-doing anyway. huh.
Sure, I'll add a "depth" argument.
| // borrows the refcell, outside of ImproperCTypesVisitorDepthGuard::drop() | ||
| let mut limiter_guard = self.recursion_limiter.borrow_mut(); | ||
| let (ref mut cache, ref mut depth) = *limiter_guard; | ||
| if (!cache.insert(ty)) || *depth >= 1024 { |
There was a problem hiding this comment.
For the limit we may as well use the global recursion limit here, I think that's available via cx.tcx.recursion_limit(). Should give you a Limit, and you can use value_within_limit to check
rust/compiler/rustc_session/src/session.rs
Lines 65 to 87 in f4b2f68
|
☔ The latest upstream changes (presumably #146271) made this pull request unmergeable. Please resolve the merge conflicts. |
niacdoial
force-pushed
the
improperctypes-refactor3
branch
from
971f0ab to
1cc9c7e
Compare
|
I'm not sure I addressed everything you asked in reviews, but I figures I should push what I have so far (in both branches, (also I know there are be two commits that should be squashed together in the other PR, but I'll need to resolve a bunch of conflicts in the rest of the commit chain before doing this) |
This comment has been minimized.
This comment has been minimized.
niacdoial
force-pushed
the
improperctypes-refactor3
branch
from
1cc9c7e to
cf704cf
Compare
Another interal change that shouldn't impact rustc users. The goal is to break apart the gigantic visit_type function into more managable and easily-editable bits that focus on specific parts of FFI safety.
Another user-transparent change, unifying outer-type information and the existing VisitorState flags.
Simple change to stop irregular recursive types from causing infinitely-deep recursion in type checking.
niacdoial
force-pushed
the
improperctypes-refactor3
branch
from
cf704cf to
c74c323
Compare
rustbot
added
the
S-waiting-on-review
|
This PR changes a file inside |
rustbot
removed
the
S-waiting-on-author
This is the third PR in an effort to split #134697 (refactor plus overhaul of the ImproperCTypes family of lints) into individually-mergeable parts.
Contains:
Fixes: #130310
Superset of: #146271 and its superset #146273