1use std::assert_matches;
23use rustc_abi::{BackendRepr, FieldsShape, Scalar, Size, TagEncoding, Variants};
4use rustc_middle::ty::layout::{HasTyCtxt, LayoutCx, TyAndLayout};
5use rustc_middle::{bug, ty};
67/// Enforce some basic invariants on layouts.
8pub(super) fn layout_sanity_check<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
9let tcx = cx.tcx();
1011if !layout.size.bytes().is_multiple_of(layout.align.bytes()) {
12::rustc_middle::util::bug::bug_fmt(format_args!("size is not a multiple of align, in the following layout:\n{0:#?}",
layout));bug!("size is not a multiple of align, in the following layout:\n{layout:#?}");
13 }
14if layout.size.bytes() >= tcx.data_layout.obj_size_bound() {
15::rustc_middle::util::bug::bug_fmt(format_args!("size is too large, in the following layout:\n{0:#?}",
layout));bug!("size is too large, in the following layout:\n{layout:#?}");
16 }
17// FIXME(#124403): Once `repr_c_enums_larger_than_int` is a hard error, we could assert
18 // here that a repr(c) enum discriminant is never larger than a c_int.
1920if !truecfg!(debug_assertions) {
21// Stop here, the rest is kind of expensive.
22return;
23 }
2425// Type-level uninhabitedness should always imply ABI uninhabitedness. This can be expensive on
26 // big non-exhaustive types, and is [hard to
27 // fix](https://github.com/rust-lang/rust/issues/141006#issuecomment-2883415000) in general.
28 // Only doing this sanity check when debug assertions are turned on avoids the issue for the
29 // very specific case of #140944.
30if layout.ty.is_privately_uninhabited(tcx, cx.typing_env) {
31if !layout.is_uninhabited() {
{
::core::panicking::panic_fmt(format_args!("{0:?} is type-level uninhabited but not ABI-uninhabited?",
layout.ty));
}
};assert!(
32 layout.is_uninhabited(),
33"{:?} is type-level uninhabited but not ABI-uninhabited?",
34 layout.ty
35 );
36 }
3738/// Yields non-ZST fields of the type
39fn non_zst_fields<'tcx, 'a>(
40 cx: &'a LayoutCx<'tcx>,
41 layout: &'a TyAndLayout<'tcx>,
42 ) -> impl Iterator<Item = (Size, TyAndLayout<'tcx>)> {
43 (0..layout.layout.fields().count()).filter_map(|i| {
44let field = layout.field(cx, i);
45// Also checking `align == 1` here leads to test failures in
46 // `layout/zero-sized-array-union.rs`, where a type has a zero-size field with
47 // alignment 4 that still gets ignored during layout computation (which is okay
48 // since other fields already force alignment 4).
49let zst = field.is_zst();
50 (!zst).then(|| (layout.fields.offset(i), field))
51 })
52 }
5354fn skip_newtypes<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) -> TyAndLayout<'tcx> {
55match *layout.ty.kind() {
56 ty::UnsafeBinder(bound_ty) => {
57let ty = cx.tcx().instantiate_bound_regions_with_erased(bound_ty.into());
58return skip_newtypes(cx, &TyAndLayout { ty, ..*layout });
59 }
60_ => {}
61 }
6263if #[allow(non_exhaustive_omitted_patterns)] match layout.layout.variants() {
Variants::Multiple { .. } => true,
_ => false,
}matches!(layout.layout.variants(), Variants::Multiple { .. }) {
64// Definitely not a newtype of anything.
65return *layout;
66 }
67let mut fields = non_zst_fields(cx, layout);
68let Some(first) = fields.next() else {
69// No fields here, so this could be a primitive or enum -- either way it's not a newtype around a thing
70return *layout;
71 };
72if fields.next().is_none() {
73let (offset, first) = first;
74if offset == Size::ZERO && first.layout.size() == layout.size {
75// This is a newtype, so keep recursing.
76 // FIXME(RalfJung): I don't think it would be correct to do any checks for
77 // alignment here, so we don't. Is that correct?
78return skip_newtypes(cx, &first);
79 }
80 }
81// No more newtypes here.
82*layout83 }
8485fn check_layout_abi<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
86// Verify the ABI-mandated alignment and size for scalars.
87let align = layout.backend_repr.scalar_align(cx);
88let size = layout.backend_repr.scalar_size(cx);
89if let Some(align) = align {
90match (&layout.layout.align().abi, &align) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("alignment mismatch between ABI and layout in {0:#?}",
layout)));
}
}
};assert_eq!(
91 layout.layout.align().abi,
92 align,
93"alignment mismatch between ABI and layout in {layout:#?}"
94);
95 }
96if let Some(size) = size {
97match (&layout.layout.size(), &size) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("size mismatch between ABI and layout in {0:#?}",
layout)));
}
}
};assert_eq!(
98 layout.layout.size(),
99 size,
100"size mismatch between ABI and layout in {layout:#?}"
101);
102 }
103104// Verify per-ABI invariants
105match layout.layout.backend_repr() {
106 BackendRepr::Scalar(_) => {
107// These must always be present for `Scalar` types.
108let align = align.unwrap();
109let size = size.unwrap();
110// Check that this matches the underlying field.
111let inner = skip_newtypes(cx, layout);
112if !#[allow(non_exhaustive_omitted_patterns)] match inner.layout.backend_repr()
{
BackendRepr::Scalar(_) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`Scalar` type {0} is newtype around non-`Scalar` type {1}",
layout.ty, inner.ty));
}
};assert!(
113matches!(inner.layout.backend_repr(), BackendRepr::Scalar(_)),
114"`Scalar` type {} is newtype around non-`Scalar` type {}",
115 layout.ty,
116 inner.ty
117 );
118match inner.layout.fields() {
119 FieldsShape::Primitive => {
120// Fine.
121}
122 FieldsShape::Union(..) => {
123// FIXME: I guess we could also check something here? Like, look at all fields?
124return;
125 }
126 FieldsShape::Arbitrary { .. } => {
127// Should be an enum, the only field is the discriminant.
128if !inner.ty.is_enum() {
{
::core::panicking::panic_fmt(format_args!("`Scalar` layout for non-primitive non-enum type {0}",
inner.ty));
}
};assert!(
129 inner.ty.is_enum(),
130"`Scalar` layout for non-primitive non-enum type {}",
131 inner.ty
132 );
133match (&inner.layout.fields().count(), &1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` layout for multiple-field type in {0:#?}",
inner)));
}
}
};assert_eq!(
134 inner.layout.fields().count(),
1351,
136"`Scalar` layout for multiple-field type in {inner:#?}",
137 );
138let offset = inner.layout.fields().offset(0);
139let field = inner.field(cx, 0);
140// The field should be at the right offset, and match the `scalar` layout.
141match (&offset, &Size::ZERO) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field at non-0 offset in {0:#?}",
inner)));
}
}
};assert_eq!(
142 offset,
143 Size::ZERO,
144"`Scalar` field at non-0 offset in {inner:#?}",
145 );
146match (&field.size, &size) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(field.size, size, "`Scalar` field with bad size in {inner:#?}",);
147match (&field.align.abi, &align) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`Scalar` field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
148 field.align.abi, align,
149"`Scalar` field with bad align in {inner:#?}",
150 );
151if !#[allow(non_exhaustive_omitted_patterns)] match field.backend_repr {
BackendRepr::Scalar(_) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`Scalar` field with bad ABI in {0:#?}",
inner));
}
};assert!(
152matches!(field.backend_repr, BackendRepr::Scalar(_)),
153"`Scalar` field with bad ABI in {inner:#?}",
154 );
155 }
156_ => {
157{
::core::panicking::panic_fmt(format_args!("`Scalar` layout for non-primitive non-enum type {0}",
inner.ty));
};panic!("`Scalar` layout for non-primitive non-enum type {}", inner.ty);
158 }
159 }
160 }
161 BackendRepr::ScalarPair(scalar1, scalar2) => {
162// Check that the underlying pair of fields matches.
163let inner = skip_newtypes(cx, layout);
164if !#[allow(non_exhaustive_omitted_patterns)] match inner.layout.backend_repr()
{
BackendRepr::ScalarPair(..) => true,
_ => false,
} {
{
::core::panicking::panic_fmt(format_args!("`ScalarPair` type {0} is newtype around non-`ScalarPair` type {1}",
layout.ty, inner.ty));
}
};assert!(
165matches!(inner.layout.backend_repr(), BackendRepr::ScalarPair(..)),
166"`ScalarPair` type {} is newtype around non-`ScalarPair` type {}",
167 layout.ty,
168 inner.ty
169 );
170if #[allow(non_exhaustive_omitted_patterns)] match inner.layout.variants() {
Variants::Multiple { .. } => true,
_ => false,
}matches!(inner.layout.variants(), Variants::Multiple { .. }) {
171// FIXME: ScalarPair for enums is enormously complicated and it is very hard
172 // to check anything about them.
173return;
174 }
175match inner.layout.fields() {
176 FieldsShape::Arbitrary { .. } => {
177// Checked below.
178}
179 FieldsShape::Union(..) => {
180// FIXME: I guess we could also check something here? Like, look at all fields?
181return;
182 }
183_ => {
184{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout with unexpected field shape in {0:#?}",
inner));
};panic!("`ScalarPair` layout with unexpected field shape in {inner:#?}");
185 }
186 }
187let mut fields = non_zst_fields(cx, &inner);
188let (offset1, field1) = fields.next().unwrap_or_else(|| {
189{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout for type with not even one non-ZST field: {0:#?}",
inner));
}panic!(
190"`ScalarPair` layout for type with not even one non-ZST field: {inner:#?}"
191)192 });
193let (offset2, field2) = fields.next().unwrap_or_else(|| {
194{
::core::panicking::panic_fmt(format_args!("`ScalarPair` layout for type with less than two non-ZST fields: {0:#?}",
inner));
}panic!(
195"`ScalarPair` layout for type with less than two non-ZST fields: {inner:#?}"
196)197 });
198{
match fields.next() {
None => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val, "None",
::core::option::Option::Some(format_args!("`ScalarPair` layout for type with at least three non-ZST fields: {0:#?}",
inner)));
}
}
};assert_matches!(
199 fields.next(),
200None,
201"`ScalarPair` layout for type with at least three non-ZST fields: {inner:#?}"
202);
203// The fields might be in opposite order.
204let (offset1, field1, offset2, field2) = if offset1 <= offset2 {
205 (offset1, field1, offset2, field2)
206 } else {
207 (offset2, field2, offset1, field1)
208 };
209// The fields should be at the right offset, and match the `scalar` layout.
210let size1 = scalar1.size(cx);
211let align1 = scalar1.align(cx).abi;
212let size2 = scalar2.size(cx);
213let align2 = scalar2.align(cx).abi;
214match (&offset1, &Size::ZERO) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field at non-0 offset in {0:#?}",
inner)));
}
}
};assert_eq!(
215 offset1,
216 Size::ZERO,
217"`ScalarPair` first field at non-0 offset in {inner:#?}",
218 );
219match (&field1.size, &size1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(
220 field1.size, size1,
221"`ScalarPair` first field with bad size in {inner:#?}",
222 );
223match (&field1.align.abi, &align1) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
224 field1.align.abi, align1,
225"`ScalarPair` first field with bad align in {inner:#?}",
226 );
227{
match field1.backend_repr {
BackendRepr::Scalar(_) => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"BackendRepr::Scalar(_)",
::core::option::Option::Some(format_args!("`ScalarPair` first field with bad ABI in {0:#?}",
inner)));
}
}
};assert_matches!(
228 field1.backend_repr,
229 BackendRepr::Scalar(_),
230"`ScalarPair` first field with bad ABI in {inner:#?}",
231 );
232let field2_offset = size1.align_to(align2);
233match (&offset2, &field2_offset) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field at bad offset in {0:#?}",
inner)));
}
}
};assert_eq!(
234 offset2, field2_offset,
235"`ScalarPair` second field at bad offset in {inner:#?}",
236 );
237match (&field2.size, &size2) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad size in {0:#?}",
inner)));
}
}
};assert_eq!(
238 field2.size, size2,
239"`ScalarPair` second field with bad size in {inner:#?}",
240 );
241match (&field2.align.abi, &align2) {
(left_val, right_val) => {
if !(*left_val == *right_val) {
let kind = ::core::panicking::AssertKind::Eq;
::core::panicking::assert_failed(kind, &*left_val, &*right_val,
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad align in {0:#?}",
inner)));
}
}
};assert_eq!(
242 field2.align.abi, align2,
243"`ScalarPair` second field with bad align in {inner:#?}",
244 );
245{
match field2.backend_repr {
BackendRepr::Scalar(_) => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"BackendRepr::Scalar(_)",
::core::option::Option::Some(format_args!("`ScalarPair` second field with bad ABI in {0:#?}",
inner)));
}
}
};assert_matches!(
246 field2.backend_repr,
247 BackendRepr::Scalar(_),
248"`ScalarPair` second field with bad ABI in {inner:#?}",
249 );
250 }
251 BackendRepr::SimdVector { element, count } => {
252let align = layout.align.abi;
253let size = layout.size;
254let element_align = element.align(cx).abi;
255let element_size = element.size(cx);
256// Currently, vectors must always be aligned to at least their elements:
257if !(align >= element_align) {
::core::panicking::panic("assertion failed: align >= element_align")
};assert!(align >= element_align);
258// And the size has to be element * count plus alignment padding, of course
259if !(size == (element_size * count).align_to(align)) {
::core::panicking::panic("assertion failed: size == (element_size * count).align_to(align)")
};assert!(size == (element_size * count).align_to(align));
260 }
261 BackendRepr::Memory { .. } | BackendRepr::SimdScalableVector { .. } => {} // Nothing to check.
262}
263 }
264265check_layout_abi(cx, layout);
266267match &layout.variants {
268 Variants::Empty => {
269if !layout.is_uninhabited() {
::core::panicking::panic("assertion failed: layout.is_uninhabited()")
};assert!(layout.is_uninhabited());
270 }
271 Variants::Single { index } => {
272if let Some(variants) = layout.ty.variant_range(tcx) {
273if !variants.contains(index) {
::core::panicking::panic("assertion failed: variants.contains(index)")
};assert!(variants.contains(index));
274 } else {
275// Types without variants use `0` as dummy variant index.
276if !(index.as_u32() == 0) {
::core::panicking::panic("assertion failed: index.as_u32() == 0")
};assert!(index.as_u32() == 0);
277 }
278 }
279 Variants::Multiple { variants, tag, tag_encoding, .. } => {
280if let TagEncoding::Niche { niche_start, untagged_variant, niche_variants } =
281tag_encoding282 {
283let niche_size = tag.size(cx);
284if !(*niche_start <= niche_size.unsigned_int_max()) {
::core::panicking::panic("assertion failed: *niche_start <= niche_size.unsigned_int_max()")
};assert!(*niche_start <= niche_size.unsigned_int_max());
285for (idx, variant) in variants.iter_enumerated() {
286// Ensure all inhabited variants are accounted for.
287if !variant.is_uninhabited() {
288if !(idx == *untagged_variant || niche_variants.contains(&idx)) {
::core::panicking::panic("assertion failed: idx == *untagged_variant || niche_variants.contains(&idx)")
};assert!(idx == *untagged_variant || niche_variants.contains(&idx));
289 }
290291// Ensure that for niche encoded tags the discriminant coincides with the variant index.
292let val = layout.ty.discriminant_for_variant(tcx, idx).unwrap().val;
293if val != u128::from(idx.as_u32()) {
294let adt_def = layout.ty.ty_adt_def().unwrap();
295 cx.tcx().dcx().span_delayed_bug(
296 cx.tcx().def_span(adt_def.did()),
297::alloc::__export::must_use({
::alloc::fmt::format(format_args!("variant {0:?} has discriminant {1:?} in niche-encoded type",
idx, val))
})format!(
298"variant {idx:?} has discriminant {val:?} in niche-encoded type"
299),
300 );
301 }
302 }
303 }
304for variant in variants.iter() {
305// No nested "multiple".
306{
match variant.variants {
Variants::Single { .. } => {}
ref left_val => {
::core::panicking::assert_matches_failed(left_val,
"Variants::Single { .. }", ::core::option::Option::None);
}
}
};assert_matches!(variant.variants, Variants::Single { .. });
307// Variants should have the same or a smaller size as the full thing,
308 // and same for alignment.
309if variant.size > layout.size {
310::rustc_middle::util::bug::bug_fmt(format_args!("Type with size {0} bytes has variant with size {1} bytes: {2:#?}",
layout.size.bytes(), variant.size.bytes(), layout))bug!(
311"Type with size {} bytes has variant with size {} bytes: {layout:#?}",
312 layout.size.bytes(),
313 variant.size.bytes(),
314 )315 }
316if variant.align.abi > layout.align.abi {
317::rustc_middle::util::bug::bug_fmt(format_args!("Type with alignment {0} bytes has variant with alignment {1} bytes: {2:#?}",
layout.align.bytes(), variant.align.bytes(), layout))bug!(
318"Type with alignment {} bytes has variant with alignment {} bytes: {layout:#?}",
319 layout.align.bytes(),
320 variant.align.bytes(),
321 )322 }
323// Skip empty variants.
324if variant.size == Size::ZERO
325 || variant.fields.count() == 0
326|| variant.is_uninhabited()
327 {
328// These are never actually accessed anyway, so we can skip the coherence check
329 // for them. They also fail that check, since they may have
330 // a different ABI even when the main type is
331 // `Scalar`/`ScalarPair`. (Note that sometimes, variants with fields have size
332 // 0, and sometimes, variants without fields have non-0 size.)
333continue;
334 }
335// The top-level ABI and the ABI of the variants should be coherent.
336let scalar_coherent = |s1: Scalar, s2: Scalar| {
337 s1.size(cx) == s2.size(cx) && s1.align(cx) == s2.align(cx)
338 };
339let abi_coherent = match (layout.backend_repr, variant.backend_repr) {
340 (BackendRepr::Scalar(s1), BackendRepr::Scalar(s2)) => scalar_coherent(s1, s2),
341 (BackendRepr::ScalarPair(a1, b1), BackendRepr::ScalarPair(a2, b2)) => {
342 scalar_coherent(a1, a2) && scalar_coherent(b1, b2)
343 }
344 (BackendRepr::Memory { .. }, _) => true,
345_ => false,
346 };
347if !abi_coherent {
348::rustc_middle::util::bug::bug_fmt(format_args!("Variant ABI is incompatible with top-level ABI:\nvariant={0:#?}\nTop-level: {1:#?}",
variant, layout));bug!(
349"Variant ABI is incompatible with top-level ABI:\nvariant={:#?}\nTop-level: {layout:#?}",
350 variant
351 );
352 }
353 }
354 }
355 }
356}