analyze: add test case exercising updates_forbidden

Author: spernsteiner

c2rust-analyze/src/analyze.rs

@@ -1101,6 +1101,29 @@ fn run(tcx: TyCtxt) {
         );
     }
 
+    // For testing, putting #[c2rust_analyze_test::force_non_null_args] on a function marks its
+    // arguments as `NON_NULL` and also adds `NON_NULL` to the `updates_forbidden` mask.
+    for &ldid in &all_fn_ldids {
+        if !util::has_test_attr(tcx, ldid, TestAttr::ForceNonNullArgs) {
+            continue;
+        }
+
+        let info = func_info.get_mut(&ldid).unwrap();
+        let mut asn = gasn.and(&mut info.lasn);
+        let mut updates_forbidden = g_updates_forbidden.and_mut(&mut info.l_updates_forbidden);
+
+        let lsig = &gacx.fn_sigs[&ldid.to_def_id()];
+        for arg_lty in lsig.inputs.iter().copied() {
+            for lty in arg_lty.iter() {
+                let ptr = lty.label;
+                if !ptr.is_none() {
+                    asn.perms_mut()[ptr].insert(PermissionSet::NON_NULL);
+                    updates_forbidden[ptr].insert(PermissionSet::NON_NULL);
+                }
+            }
+        }
+    }
+
     eprintln!("=== ADT Metadata ===");
     eprintln!("{:?}", gacx.adt_metadata);
 

c2rust-analyze/src/util.rs

@@ -530,6 +530,9 @@ pub enum TestAttr {
     FailBeforeRewriting,
     /// `#[c2rust_analyze_test::skip_rewrite]`: Skip generating rewrites for the function.
     SkipRewrite,
+    /// `#[c2rust_analyze_test::force_non_null_args]`: Mark arguments as `NON_NULL` and don't allow
+    /// that flag to be changed during dataflow analysis.
+    ForceNonNullArgs,
 }
 
 impl TestAttr {
@@ -539,6 +542,7 @@ impl TestAttr {
             TestAttr::FailBeforeAnalysis => "fail_before_analysis",
             TestAttr::FailBeforeRewriting => "fail_before_rewriting",
             TestAttr::SkipRewrite => "skip_rewrite",
+            TestAttr::ForceNonNullArgs => "force_non_null_args",
         }
     }
 }

c2rust-analyze/tests/filecheck.rs

@@ -56,6 +56,7 @@ define_tests! {
     insertion_sort_rewrites,
     known_fn,
     non_null,
+    non_null_force,
     offset1,
     offset2,
     pointee,

c2rust-analyze/tests/filecheck/non_null_force.rs

@@ -0,0 +1,40 @@
+#![feature(register_tool)]
+#![register_tool(c2rust_analyze_test)]
+
+// TODO: All the pointers here are currently inferred to be non-`UNIQUE`, even though the access
+// patterns look fine.
+
+use std::ptr;
+
+// CHECK-LABEL: final labeling for "f"
+fn f(cond: bool) {
+    let x = 1_i32;
+    // CHECK: ([[@LINE+1]]: mut y): {{.*}}, type = (empty)#
+    let mut y = ptr::addr_of!(x);
+    if cond {
+        y = 0 as *const _;
+    }
+    // The expression `y` is considered nullable even though it's passed for argument `p` of `g`,
+    // which is forced to be `NON_NULL`.
+    // CHECK: ([[@LINE+1]]: y): {{.*}}, type = (empty)#
+    g(cond, y);
+}
+
+// CHECK-LABEL: final labeling for "g"
+// `p` should be non-null, as it's forced to be by the attribute.  This emulates the "unsound" PDG
+// case, where a variable is forced to stay `NON_NULL` even though a null possibly flows into it.
+// CHECK: ([[@LINE+2]]: p): {{.*}}, type = NON_NULL#
+#[c2rust_analyze_test::force_non_null_args]
+fn g(cond: bool, p: *const i32) {
+    // `q` is not forced to be `NON_NULL`, so it should be inferred nullable due to the null
+    // assignment below.
+    // CHECK: ([[@LINE+1]]: mut q): {{.*}}, type = (empty)#
+    let mut q = p;
+    if cond {
+        q = 0 as *const _;
+    }
+    // `r` is derived from `q` (and is not forced), so it should also be nullable.
+    // CHECK: ([[@LINE+1]]: r): {{.*}}, type = (empty)#
+    let r = q;
+}
+