rustc_ty_utils/layout/
invariant.rs

1use std::assert_matches::assert_matches;
2
3use rustc_abi::{BackendRepr, FieldsShape, Scalar, Size, TagEncoding, Variants};
4use rustc_middle::bug;
5use rustc_middle::ty::layout::{HasTyCtxt, LayoutCx, TyAndLayout};
6
7/// Enforce some basic invariants on layouts.
8pub(super) fn layout_sanity_check<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
9    let tcx = cx.tcx();
10
11    if layout.size.bytes() % layout.align.abi.bytes() != 0 {
12        bug!("size is not a multiple of align, in the following layout:\n{layout:#?}");
13    }
14    if layout.size.bytes() >= tcx.data_layout.obj_size_bound() {
15        bug!("size is too large, in the following layout:\n{layout:#?}");
16    }
17
18    if !cfg!(debug_assertions) {
19        // Stop here, the rest is kind of expensive.
20        return;
21    }
22
23    // Type-level uninhabitedness should always imply ABI uninhabitedness. This can be expensive on
24    // big non-exhaustive types, and is [hard to
25    // fix](https://github.com/rust-lang/rust/issues/141006#issuecomment-2883415000) in general.
26    // Only doing this sanity check when debug assertions are turned on avoids the issue for the
27    // very specific case of #140944.
28    if layout.ty.is_privately_uninhabited(tcx, cx.typing_env) {
29        assert!(
30            layout.is_uninhabited(),
31            "{:?} is type-level uninhabited but not ABI-uninhabited?",
32            layout.ty
33        );
34    }
35
36    /// Yields non-ZST fields of the type
37    fn non_zst_fields<'tcx, 'a>(
38        cx: &'a LayoutCx<'tcx>,
39        layout: &'a TyAndLayout<'tcx>,
40    ) -> impl Iterator<Item = (Size, TyAndLayout<'tcx>)> {
41        (0..layout.layout.fields().count()).filter_map(|i| {
42            let field = layout.field(cx, i);
43            // Also checking `align == 1` here leads to test failures in
44            // `layout/zero-sized-array-union.rs`, where a type has a zero-size field with
45            // alignment 4 that still gets ignored during layout computation (which is okay
46            // since other fields already force alignment 4).
47            let zst = field.is_zst();
48            (!zst).then(|| (layout.fields.offset(i), field))
49        })
50    }
51
52    fn skip_newtypes<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) -> TyAndLayout<'tcx> {
53        if matches!(layout.layout.variants(), Variants::Multiple { .. }) {
54            // Definitely not a newtype of anything.
55            return *layout;
56        }
57        let mut fields = non_zst_fields(cx, layout);
58        let Some(first) = fields.next() else {
59            // No fields here, so this could be a primitive or enum -- either way it's not a newtype around a thing
60            return *layout;
61        };
62        if fields.next().is_none() {
63            let (offset, first) = first;
64            if offset == Size::ZERO && first.layout.size() == layout.size {
65                // This is a newtype, so keep recursing.
66                // FIXME(RalfJung): I don't think it would be correct to do any checks for
67                // alignment here, so we don't. Is that correct?
68                return skip_newtypes(cx, &first);
69            }
70        }
71        // No more newtypes here.
72        *layout
73    }
74
75    fn check_layout_abi<'tcx>(cx: &LayoutCx<'tcx>, layout: &TyAndLayout<'tcx>) {
76        // Verify the ABI-mandated alignment and size for scalars.
77        let align = layout.backend_repr.scalar_align(cx);
78        let size = layout.backend_repr.scalar_size(cx);
79        if let Some(align) = align {
80            assert_eq!(
81                layout.layout.align().abi,
82                align,
83                "alignment mismatch between ABI and layout in {layout:#?}"
84            );
85        }
86        if let Some(size) = size {
87            assert_eq!(
88                layout.layout.size(),
89                size,
90                "size mismatch between ABI and layout in {layout:#?}"
91            );
92        }
93
94        // Verify per-ABI invariants
95        match layout.layout.backend_repr() {
96            BackendRepr::Scalar(_) => {
97                // These must always be present for `Scalar` types.
98                let align = align.unwrap();
99                let size = size.unwrap();
100                // Check that this matches the underlying field.
101                let inner = skip_newtypes(cx, layout);
102                assert!(
103                    matches!(inner.layout.backend_repr(), BackendRepr::Scalar(_)),
104                    "`Scalar` type {} is newtype around non-`Scalar` type {}",
105                    layout.ty,
106                    inner.ty
107                );
108                match inner.layout.fields() {
109                    FieldsShape::Primitive => {
110                        // Fine.
111                    }
112                    FieldsShape::Union(..) => {
113                        // FIXME: I guess we could also check something here? Like, look at all fields?
114                        return;
115                    }
116                    FieldsShape::Arbitrary { .. } => {
117                        // Should be an enum, the only field is the discriminant.
118                        assert!(
119                            inner.ty.is_enum(),
120                            "`Scalar` layout for non-primitive non-enum type {}",
121                            inner.ty
122                        );
123                        assert_eq!(
124                            inner.layout.fields().count(),
125                            1,
126                            "`Scalar` layout for multiple-field type in {inner:#?}",
127                        );
128                        let offset = inner.layout.fields().offset(0);
129                        let field = inner.field(cx, 0);
130                        // The field should be at the right offset, and match the `scalar` layout.
131                        assert_eq!(
132                            offset,
133                            Size::ZERO,
134                            "`Scalar` field at non-0 offset in {inner:#?}",
135                        );
136                        assert_eq!(field.size, size, "`Scalar` field with bad size in {inner:#?}",);
137                        assert_eq!(
138                            field.align.abi, align,
139                            "`Scalar` field with bad align in {inner:#?}",
140                        );
141                        assert!(
142                            matches!(field.backend_repr, BackendRepr::Scalar(_)),
143                            "`Scalar` field with bad ABI in {inner:#?}",
144                        );
145                    }
146                    _ => {
147                        panic!("`Scalar` layout for non-primitive non-enum type {}", inner.ty);
148                    }
149                }
150            }
151            BackendRepr::ScalarPair(scalar1, scalar2) => {
152                // Check that the underlying pair of fields matches.
153                let inner = skip_newtypes(cx, layout);
154                assert!(
155                    matches!(inner.layout.backend_repr(), BackendRepr::ScalarPair(..)),
156                    "`ScalarPair` type {} is newtype around non-`ScalarPair` type {}",
157                    layout.ty,
158                    inner.ty
159                );
160                if matches!(inner.layout.variants(), Variants::Multiple { .. }) {
161                    // FIXME: ScalarPair for enums is enormously complicated and it is very hard
162                    // to check anything about them.
163                    return;
164                }
165                match inner.layout.fields() {
166                    FieldsShape::Arbitrary { .. } => {
167                        // Checked below.
168                    }
169                    FieldsShape::Union(..) => {
170                        // FIXME: I guess we could also check something here? Like, look at all fields?
171                        return;
172                    }
173                    _ => {
174                        panic!("`ScalarPair` layout with unexpected field shape in {inner:#?}");
175                    }
176                }
177                let mut fields = non_zst_fields(cx, &inner);
178                let (offset1, field1) = fields.next().unwrap_or_else(|| {
179                    panic!(
180                        "`ScalarPair` layout for type with not even one non-ZST field: {inner:#?}"
181                    )
182                });
183                let (offset2, field2) = fields.next().unwrap_or_else(|| {
184                    panic!(
185                        "`ScalarPair` layout for type with less than two non-ZST fields: {inner:#?}"
186                    )
187                });
188                assert_matches!(
189                    fields.next(),
190                    None,
191                    "`ScalarPair` layout for type with at least three non-ZST fields: {inner:#?}"
192                );
193                // The fields might be in opposite order.
194                let (offset1, field1, offset2, field2) = if offset1 <= offset2 {
195                    (offset1, field1, offset2, field2)
196                } else {
197                    (offset2, field2, offset1, field1)
198                };
199                // The fields should be at the right offset, and match the `scalar` layout.
200                let size1 = scalar1.size(cx);
201                let align1 = scalar1.align(cx).abi;
202                let size2 = scalar2.size(cx);
203                let align2 = scalar2.align(cx).abi;
204                assert_eq!(
205                    offset1,
206                    Size::ZERO,
207                    "`ScalarPair` first field at non-0 offset in {inner:#?}",
208                );
209                assert_eq!(
210                    field1.size, size1,
211                    "`ScalarPair` first field with bad size in {inner:#?}",
212                );
213                assert_eq!(
214                    field1.align.abi, align1,
215                    "`ScalarPair` first field with bad align in {inner:#?}",
216                );
217                assert_matches!(
218                    field1.backend_repr,
219                    BackendRepr::Scalar(_),
220                    "`ScalarPair` first field with bad ABI in {inner:#?}",
221                );
222                let field2_offset = size1.align_to(align2);
223                assert_eq!(
224                    offset2, field2_offset,
225                    "`ScalarPair` second field at bad offset in {inner:#?}",
226                );
227                assert_eq!(
228                    field2.size, size2,
229                    "`ScalarPair` second field with bad size in {inner:#?}",
230                );
231                assert_eq!(
232                    field2.align.abi, align2,
233                    "`ScalarPair` second field with bad align in {inner:#?}",
234                );
235                assert_matches!(
236                    field2.backend_repr,
237                    BackendRepr::Scalar(_),
238                    "`ScalarPair` second field with bad ABI in {inner:#?}",
239                );
240            }
241            BackendRepr::SimdVector { element, count } => {
242                let align = layout.align.abi;
243                let size = layout.size;
244                let element_align = element.align(cx).abi;
245                let element_size = element.size(cx);
246                // Currently, vectors must always be aligned to at least their elements:
247                assert!(align >= element_align);
248                // And the size has to be element * count plus alignment padding, of course
249                assert!(size == (element_size * count).align_to(align));
250            }
251            BackendRepr::Memory { .. } => {} // Nothing to check.
252        }
253    }
254
255    check_layout_abi(cx, layout);
256
257    match &layout.variants {
258        Variants::Empty => {
259            assert!(layout.is_uninhabited());
260        }
261        Variants::Single { index } => {
262            if let Some(variants) = layout.ty.variant_range(tcx) {
263                assert!(variants.contains(index));
264            } else {
265                // Types without variants use `0` as dummy variant index.
266                assert!(index.as_u32() == 0);
267            }
268        }
269        Variants::Multiple { variants, tag, tag_encoding, .. } => {
270            if let TagEncoding::Niche { niche_start, untagged_variant, niche_variants } =
271                tag_encoding
272            {
273                let niche_size = tag.size(cx);
274                assert!(*niche_start <= niche_size.unsigned_int_max());
275                for (idx, variant) in variants.iter_enumerated() {
276                    // Ensure all inhabited variants are accounted for.
277                    if !variant.is_uninhabited() {
278                        assert!(idx == *untagged_variant || niche_variants.contains(&idx));
279                    }
280                }
281            }
282            for variant in variants.iter() {
283                // No nested "multiple".
284                assert_matches!(variant.variants, Variants::Single { .. });
285                // Variants should have the same or a smaller size as the full thing,
286                // and same for alignment.
287                if variant.size > layout.size {
288                    bug!(
289                        "Type with size {} bytes has variant with size {} bytes: {layout:#?}",
290                        layout.size.bytes(),
291                        variant.size.bytes(),
292                    )
293                }
294                if variant.align.abi > layout.align.abi {
295                    bug!(
296                        "Type with alignment {} bytes has variant with alignment {} bytes: {layout:#?}",
297                        layout.align.abi.bytes(),
298                        variant.align.abi.bytes(),
299                    )
300                }
301                // Skip empty variants.
302                if variant.size == Size::ZERO
303                    || variant.fields.count() == 0
304                    || variant.is_uninhabited()
305                {
306                    // These are never actually accessed anyway, so we can skip the coherence check
307                    // for them. They also fail that check, since they may have
308                    // a different ABI even when the main type is
309                    // `Scalar`/`ScalarPair`. (Note that sometimes, variants with fields have size
310                    // 0, and sometimes, variants without fields have non-0 size.)
311                    continue;
312                }
313                // The top-level ABI and the ABI of the variants should be coherent.
314                let scalar_coherent = |s1: Scalar, s2: Scalar| {
315                    s1.size(cx) == s2.size(cx) && s1.align(cx) == s2.align(cx)
316                };
317                let abi_coherent = match (layout.backend_repr, variant.backend_repr) {
318                    (BackendRepr::Scalar(s1), BackendRepr::Scalar(s2)) => scalar_coherent(s1, s2),
319                    (BackendRepr::ScalarPair(a1, b1), BackendRepr::ScalarPair(a2, b2)) => {
320                        scalar_coherent(a1, a2) && scalar_coherent(b1, b2)
321                    }
322                    (BackendRepr::Memory { .. }, _) => true,
323                    _ => false,
324                };
325                if !abi_coherent {
326                    bug!(
327                        "Variant ABI is incompatible with top-level ABI:\nvariant={:#?}\nTop-level: {layout:#?}",
328                        variant
329                    );
330                }
331            }
332        }
333    }
334}