implement function barriers

Author: RalfJung

src/stacked_borrows.rs

@@ -1,12 +1,17 @@
-// ignore-test validation_op is disabled
-
 #![allow(unused_variables)]
 
-mod safe {
-    pub fn safe(x: &mut i32, y: &mut i32) {} //~ ERROR: in conflict with lock WriteLock
-}
+use std::mem;
+
+pub fn safe(x: &mut i32, y: &mut i32) {} //~ ERROR barrier
 
 fn main() {
-    let x = &mut 0 as *mut _;
-    unsafe { safe::safe(&mut *x, &mut *x) };
+    let mut x = 0;
+    let xraw: *mut i32 = unsafe { mem::transmute(&mut x) };
+    // We need to apply some tricky to be able to call `safe` with two mutable references
+    // with the same tag: We transmute both the fn ptr (to take raw ptrs) and the argument
+    // (to be raw, but still have the unique tag).
+    let safe_raw: fn(x: *mut i32, y: *mut i32) = unsafe {
+        mem::transmute::<fn(&mut i32, &mut i32), _>(safe)
+    };
+    safe_raw(xraw, xraw);
 }

tests/compile-fail-fullmir/stacked_borrows/aliasing_mut1.rs

@@ -1,12 +1,17 @@
-// ignore-test validation_op is disabled
-
 #![allow(unused_variables)]
 
-mod safe {
-    pub fn safe(x: &i32, y: &mut i32) {} //~ ERROR: in conflict with lock ReadLock
-}
+use std::mem;
+
+pub fn safe(x: &i32, y: &mut i32) {} //~ ERROR barrier
 
 fn main() {
-    let x = &mut 0 as *mut _;
-    unsafe { safe::safe(&*x, &mut *x) };
+    let mut x = 0;
+    let xref = &mut x;
+    let xraw: *mut i32 = unsafe { mem::transmute_copy(&xref) };
+    let xshr = &*xref;
+    // transmute fn ptr around so that we can avoid retagging
+    let safe_raw: fn(x: *const i32, y: *mut i32) = unsafe {
+        mem::transmute::<fn(&i32, &mut i32), _>(safe)
+    };
+    safe_raw(xshr, xraw);
 }

tests/compile-fail-fullmir/stacked_borrows/aliasing_mut2.rs

@@ -1,12 +1,17 @@
-// ignore-test validation_op is disabled
-
 #![allow(unused_variables)]
 
-mod safe {
-    pub fn safe(x: &mut i32, y: &i32) {} //~ ERROR: in conflict with lock WriteLock
-}
+use std::mem;
+
+pub fn safe(x: &mut i32, y: &i32) {} //~ ERROR does not exist on the stack
 
 fn main() {
-    let x = &mut 0 as *mut _;
-    unsafe { safe::safe(&mut *x, &*x) };
+    let mut x = 0;
+    let xref = &mut x;
+    let xraw: *mut i32 = unsafe { mem::transmute_copy(&xref) };
+    let xshr = &*xref;
+    // transmute fn ptr around so that we can avoid retagging
+    let safe_raw: fn(x: *mut i32, y: *const i32) = unsafe {
+        mem::transmute::<fn(&mut i32, &i32), _>(safe)
+    };
+    safe_raw(xraw, xshr);
 }

tests/compile-fail-fullmir/stacked_borrows/aliasing_mut3.rs

@@ -1,15 +1,19 @@
-// ignore-test validation_op is disabled
-
 #![allow(unused_variables)]
 
-mod safe {
-    use std::cell::Cell;
+use std::mem;
+use std::cell::Cell;
 
-    // Make sure &mut UnsafeCell also has a lock to it
-    pub fn safe(x: &mut Cell<i32>, y: &i32) {} //~ ERROR: in conflict with lock WriteLock
-}
+// Make sure &mut UnsafeCell also is exclusive
+pub fn safe(x: &i32, y: &mut Cell<i32>) {} //~ ERROR barrier
 
 fn main() {
-    let x = &mut 0 as *mut _;
-    unsafe { safe::safe(&mut *(x as *mut _), &*x) };
+    let mut x = 0;
+    let xref = &mut x;
+    let xraw: *mut i32 = unsafe { mem::transmute_copy(&xref) };
+    let xshr = &*xref;
+    // transmute fn ptr around so that we can avoid retagging
+    let safe_raw: fn(x: *const i32, y: *mut Cell<i32>) = unsafe {
+        mem::transmute::<fn(&i32, &mut Cell<i32>), _>(safe)
+    };
+    safe_raw(xshr, xraw as *mut _);
 }

tests/compile-fail-fullmir/stacked_borrows/aliasing_mut4.rs

@@ -8,7 +8,7 @@ fn demo_mut_advanced_unique(mut our: Box<i32>) -> i32 {
   unknown_code_2();
 
   // We know this will return 5
-  *our //~ ERROR does not exist on the stack
+  *our
 }
 
 // Now comes the evil context
@@ -21,7 +21,7 @@ fn unknown_code_1(x: &i32) { unsafe {
 } }
 
 fn unknown_code_2() { unsafe {
-    *LEAK = 7;
+    *LEAK = 7; //~ ERROR barrier
 } }
 
 fn main() {

tests/compile-fail-fullmir/stacked_borrows/box_exclusive_violation1.rs

@@ -1,12 +1,9 @@
-fn evil(x: &u32) {
-    // mutating shared ref without `UnsafeCell`
-    let x : *mut u32 = x as *const _ as *mut _;
-    unsafe { *x = 42; }
-}
-
 fn main() {
     let target = Box::new(42); // has an implicit raw
-    let ref_ = &*target;
-    evil(ref_); // invalidates shared ref, activates raw
-    let _x = *ref_; //~ ERROR is not frozen
+    let xref = &*target;
+    {
+        let x : *mut u32 = xref as *const _ as *mut _;
+        unsafe { *x = 42; } // invalidates shared ref, activates raw
+    }
+    let _x = *xref; //~ ERROR is not frozen
 }

tests/compile-fail-fullmir/stacked_borrows/illegal_write1.rs

@@ -0,0 +1,13 @@
+fn inner(x: *mut i32, _y: &mut i32) {
+    // If `x` and `y` alias, retagging is fine with this... but we really
+    // shouldn't be allowed to use `x` at all because `y` was assumed to be
+    // unique for the duration of this call.
+    let _val = unsafe { *x }; //~ ERROR barrier
+}
+
+fn main() {
+    let mut x = 0;
+    let xraw = &mut x as *mut _;
+    let xref = unsafe { &mut *xraw };
+    inner(xraw, xref);
+}

tests/compile-fail-fullmir/stacked_borrows/invalidate_against_barrier1.rs

@@ -0,0 +1,13 @@
+fn inner(x: *mut i32, _y: &i32) {
+    // If `x` and `y` alias, retagging is fine with this... but we really
+    // shouldn't be allowed to write to `x` at all because `y` was assumed to be
+    // immutable for the duration of this call.
+    unsafe { *x = 0 }; //~ ERROR barrier
+}
+
+fn main() {
+    let mut x = 0;
+    let xraw = &mut x as *mut _;
+    let xref = unsafe { &*xraw };
+    inner(xraw, xref);
+}

tests/compile-fail-fullmir/stacked_borrows/invalidate_against_barrier2.rs

@@ -21,7 +21,7 @@ fn unknown_code_1(x: &i32) { unsafe {
 } }
 
 fn unknown_code_2() { unsafe {
-    *LEAK = 7; //~ ERROR does not exist on the stack
+    *LEAK = 7; //~ ERROR barrier
 } }
 
 fn main() {