rust/compiler/rustc_transmute/src/maybe_transmutable/tests.rs

use itertools::Itertools;

use super::query_context::test::{Def, UltraMinimal};
use crate::maybe_transmutable::MaybeTransmutableQuery;
use crate::{Reason, layout};

mod safety {
    use super::*;
    use crate::Answer;

    type Tree = layout::Tree<Def, !>;

    const DST_HAS_SAFETY_INVARIANTS: Answer<!> =
        Answer::No(crate::Reason::DstMayHaveSafetyInvariants);

    fn is_transmutable(src: &Tree, dst: &Tree, assume_safety: bool) -> crate::Answer<!> {
        let src = src.clone();
        let dst = dst.clone();
        // The only dimension of the transmutability analysis we want to test
        // here is the safety analysis. To ensure this, we disable all other
        // toggleable aspects of the transmutability analysis.
        let assume = crate::Assume {
            alignment: true,
            lifetimes: true,
            validity: true,
            safety: assume_safety,
        };
        crate::maybe_transmutable::MaybeTransmutableQuery::new(src, dst, assume, UltraMinimal)
            .answer()
    }

    #[test]
    fn src_safe_dst_safe() {
        let src = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());
        let dst = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());
        assert_eq!(is_transmutable(&src, &dst, false), Answer::Yes);
        assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);
    }

    #[test]
    fn src_safe_dst_unsafe() {
        let src = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());
        let dst = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());
        assert_eq!(is_transmutable(&src, &dst, false), DST_HAS_SAFETY_INVARIANTS);
        assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);
    }

    #[test]
    fn src_unsafe_dst_safe() {
        let src = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());
        let dst = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());
        assert_eq!(is_transmutable(&src, &dst, false), Answer::Yes);
        assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);
    }

    #[test]
    fn src_unsafe_dst_unsafe() {
        let src = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());
        let dst = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());
        assert_eq!(is_transmutable(&src, &dst, false), DST_HAS_SAFETY_INVARIANTS);
        assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);
    }
}

mod bool {
    use super::*;
    use crate::Answer;

    #[test]
    fn should_permit_identity_transmutation_tree() {
        let answer = crate::maybe_transmutable::MaybeTransmutableQuery::new(
            layout::Tree::<Def, !>::bool(),
            layout::Tree::<Def, !>::bool(),
            crate::Assume { alignment: false, lifetimes: false, validity: true, safety: false },
            UltraMinimal,
        )
        .answer();
        assert_eq!(answer, Answer::Yes);
    }

    #[test]
    fn should_permit_identity_transmutation_dfa() {
        let answer = crate::maybe_transmutable::MaybeTransmutableQuery::new(
            layout::Dfa::<!>::bool(),
            layout::Dfa::<!>::bool(),
            crate::Assume { alignment: false, lifetimes: false, validity: true, safety: false },
            UltraMinimal,
        )
        .answer();
        assert_eq!(answer, Answer::Yes);
    }

    #[test]
    fn should_permit_validity_expansion_and_reject_contraction() {
        let un = layout::Tree::<Def, !>::uninhabited();
        let b0 = layout::Tree::<Def, !>::from_bits(0);
        let b1 = layout::Tree::<Def, !>::from_bits(1);
        let b2 = layout::Tree::<Def, !>::from_bits(2);

        let alts = [b0, b1, b2];

        let into_layout = |alts: Vec<_>| {
            alts.into_iter().fold(layout::Tree::<Def, !>::uninhabited(), layout::Tree::<Def, !>::or)
        };

        let into_set = |alts: Vec<_>| {
            #[cfg(feature = "rustc")]
            let mut set = crate::Set::default();
            #[cfg(not(feature = "rustc"))]
            let mut set = std::collections::HashSet::new();
            set.extend(alts);
            set
        };

        for src_alts in alts.clone().into_iter().powerset() {
            let src_layout = into_layout(src_alts.clone());
            let src_set = into_set(src_alts.clone());

            for dst_alts in alts.clone().into_iter().powerset().filter(|alts| !alts.is_empty()) {
                let dst_layout = into_layout(dst_alts.clone());
                let dst_set = into_set(dst_alts.clone());

                if src_set.is_subset(&dst_set) {
                    assert_eq!(
                        Answer::Yes,
                        MaybeTransmutableQuery::new(
                            src_layout.clone(),
                            dst_layout.clone(),
                            crate::Assume { validity: false, ..crate::Assume::default() },
                            UltraMinimal,
                        )
                        .answer(),
                        "{:?} SHOULD be transmutable into {:?}",
                        src_layout,
                        dst_layout
                    );
                } else if !src_set.is_disjoint(&dst_set) {
                    assert_eq!(
                        Answer::Yes,
                        MaybeTransmutableQuery::new(
                            src_layout.clone(),
                            dst_layout.clone(),
                            crate::Assume { validity: true, ..crate::Assume::default() },
                            UltraMinimal,
                        )
                        .answer(),
                        "{:?} SHOULD be transmutable (assuming validity) into {:?}",
                        src_layout,
                        dst_layout
                    );
                } else {
                    assert_eq!(
                        Answer::No(Reason::DstIsBitIncompatible),
                        MaybeTransmutableQuery::new(
                            src_layout.clone(),
                            dst_layout.clone(),
                            crate::Assume { validity: false, ..crate::Assume::default() },
                            UltraMinimal,
                        )
                        .answer(),
                        "{:?} should NOT be transmutable into {:?}",
                        src_layout,
                        dst_layout
                    );
                }
            }
        }
    }
}
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`use itertools::Itertools;`
Reformat `use` declarations. The previous commit updated `rustfmt.toml` appropriately. This commit is the outcome of running `x fmt --all` with the new formatting options. 2024-07-29 08:13:50 +10:00
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`use super::query_context::test::{Def, UltraMinimal};`
			`use crate::maybe_transmutable::MaybeTransmutableQuery;`
Safe Transmute: Change Answer type to Result This patch updates the `Answer` type from `rustc_transmute` so that it just a type alias to `Result`. This makes it so that the standard methods for `Result` can be used to process the `Answer` tree, including being able to make use of the `?` operator on `Answer`s. Also, remove some unused functions 2023-04-27 14:38:32 -07:00			`use crate::{Reason, layout};`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00
safe transmute: revise safety analysis Migrate to a simplified safety analysis that does not use visibility. Closes https://github.com/rust-lang/project-safe-transmute/issues/15 2024-02-26 16:49:25 +00:00			`mod safety {`
			`use super::*;`
			`use crate::Answer;`

			`type Tree = layout::Tree<Def, !>;`

			`const DST_HAS_SAFETY_INVARIANTS: Answer<!> =`
			`Answer::No(crate::Reason::DstMayHaveSafetyInvariants);`

			`fn is_transmutable(src: &Tree, dst: &Tree, assume_safety: bool) -> crate::Answer<!> {`
			`let src = src.clone();`
			`let dst = dst.clone();`
			`// The only dimension of the transmutability analysis we want to test`
			`// here is the safety analysis. To ensure this, we disable all other`
			`// toggleable aspects of the transmutability analysis.`
			`let assume = crate::Assume {`
			`alignment: true,`
			`lifetimes: true,`
			`validity: true,`
			`safety: assume_safety,`
			`};`
			`crate::maybe_transmutable::MaybeTransmutableQuery::new(src, dst, assume, UltraMinimal)`
			`.answer()`
			`}`

			`#[test]`
			`fn src_safe_dst_safe() {`
			`let src = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());`
			`let dst = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());`
			`assert_eq!(is_transmutable(&src, &dst, false), Answer::Yes);`
			`assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);`
			`}`

			`#[test]`
			`fn src_safe_dst_unsafe() {`
			`let src = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());`
			`let dst = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());`
			`assert_eq!(is_transmutable(&src, &dst, false), DST_HAS_SAFETY_INVARIANTS);`
			`assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);`
			`}`

			`#[test]`
			`fn src_unsafe_dst_safe() {`
			`let src = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());`
			`let dst = Tree::Def(Def::NoSafetyInvariants).then(Tree::u8());`
			`assert_eq!(is_transmutable(&src, &dst, false), Answer::Yes);`
			`assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);`
			`}`

			`#[test]`
			`fn src_unsafe_dst_unsafe() {`
			`let src = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());`
			`let dst = Tree::Def(Def::HasSafetyInvariants).then(Tree::u8());`
			`assert_eq!(is_transmutable(&src, &dst, false), DST_HAS_SAFETY_INVARIANTS);`
			`assert_eq!(is_transmutable(&src, &dst, true), Answer::Yes);`
			`}`
			`}`

Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`mod bool {`
			`use super::*;`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`use crate::Answer;`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00
			`#[test]`
			`fn should_permit_identity_transmutation_tree() {`
			`let answer = crate::maybe_transmutable::MaybeTransmutableQuery::new(`
			`layout::Tree::<Def, !>::bool(),`
			`layout::Tree::<Def, !>::bool(),`
safe transmute: use `Assume` struct to provide analysis options This was left as a TODO in #92268, and brings the trait more in line with what was defined in MCP411. `Assume::visibility` has been renamed to `Assume::safety`, as library safety is what's actually being assumed; visibility is just the mechanism by which it is currently checked (this may change). ref: https://github.com/rust-lang/compiler-team/issues/411 ref: https://github.com/rust-lang/rust/issues/99571 2022-08-18 19:39:14 +00:00			`crate::Assume { alignment: false, lifetimes: false, validity: true, safety: false },`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`UltraMinimal,`
			`)`
			`.answer();`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`assert_eq!(answer, Answer::Yes);`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`}`

			`#[test]`
			`fn should_permit_identity_transmutation_dfa() {`
			`let answer = crate::maybe_transmutable::MaybeTransmutableQuery::new(`
			`layout::Dfa::<!>::bool(),`
			`layout::Dfa::<!>::bool(),`
safe transmute: use `Assume` struct to provide analysis options This was left as a TODO in #92268, and brings the trait more in line with what was defined in MCP411. `Assume::visibility` has been renamed to `Assume::safety`, as library safety is what's actually being assumed; visibility is just the mechanism by which it is currently checked (this may change). ref: https://github.com/rust-lang/compiler-team/issues/411 ref: https://github.com/rust-lang/rust/issues/99571 2022-08-18 19:39:14 +00:00			`crate::Assume { alignment: false, lifetimes: false, validity: true, safety: false },`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`UltraMinimal,`
			`)`
			`.answer();`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`assert_eq!(answer, Answer::Yes);`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`}`

			`#[test]`
			`fn should_permit_validity_expansion_and_reject_contraction() {`
			`let un = layout::Tree::<Def, !>::uninhabited();`
			`let b0 = layout::Tree::<Def, !>::from_bits(0);`
			`let b1 = layout::Tree::<Def, !>::from_bits(1);`
			`let b2 = layout::Tree::<Def, !>::from_bits(2);`

			`let alts = [b0, b1, b2];`

			`let into_layout = \|alts: Vec<_>\| {`
			`alts.into_iter().fold(layout::Tree::<Def, !>::uninhabited(), layout::Tree::<Def, !>::or)`
			`};`

			`let into_set = \|alts: Vec<_>\| {`
			`#[cfg(feature = "rustc")]`
Improve safe transmute error reporting This patch updates the error reporting when Safe Transmute is not possible between 2 types by including the reason. Also, fix some small bugs that occur when computing the `Answer` for transmutability. 2023-04-06 01:58:53 +00:00			`let mut set = crate::Set::default();`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`#[cfg(not(feature = "rustc"))]`
Improve safe transmute error reporting This patch updates the error reporting when Safe Transmute is not possible between 2 types by including the reason. Also, fix some small bugs that occur when computing the `Answer` for transmutability. 2023-04-06 01:58:53 +00:00			`let mut set = std::collections::HashSet::new();`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`set.extend(alts);`
			`set`
			`};`

			`for src_alts in alts.clone().into_iter().powerset() {`
			`let src_layout = into_layout(src_alts.clone());`
			`let src_set = into_set(src_alts.clone());`

			`for dst_alts in alts.clone().into_iter().powerset().filter(\|alts\| !alts.is_empty()) {`
			`let dst_layout = into_layout(dst_alts.clone());`
			`let dst_set = into_set(dst_alts.clone());`

			`if src_set.is_subset(&dst_set) {`
			`assert_eq!(`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`Answer::Yes,`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`MaybeTransmutableQuery::new(`
			`src_layout.clone(),`
			`dst_layout.clone(),`
			`crate::Assume { validity: false, ..crate::Assume::default() },`
			`UltraMinimal,`
			`)`
			`.answer(),`
			`"{:?} SHOULD be transmutable into {:?}",`
			`src_layout,`
			`dst_layout`
			`);`
			`} else if !src_set.is_disjoint(&dst_set) {`
			`assert_eq!(`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`Answer::Yes,`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`MaybeTransmutableQuery::new(`
			`src_layout.clone(),`
			`dst_layout.clone(),`
			`crate::Assume { validity: true, ..crate::Assume::default() },`
			`UltraMinimal,`
			`)`
			`.answer(),`
			`"{:?} SHOULD be transmutable (assuming validity) into {:?}",`
			`src_layout,`
			`dst_layout`
			`);`
			`} else {`
			`assert_eq!(`
Safe Transmute: Refactor error handling and Answer type - Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability 2023-06-12 16:35:23 -07:00			`Answer::No(Reason::DstIsBitIncompatible),`
Initial (incomplete) implementation of transmutability trait. This initial implementation handles transmutations between types with specified layouts, except when references are involved. Co-authored-by: Igor null <m1el.2027@gmail.com> 2021-07-03 12:18:13 -04:00			`MaybeTransmutableQuery::new(`
			`src_layout.clone(),`
			`dst_layout.clone(),`
			`crate::Assume { validity: false, ..crate::Assume::default() },`
			`UltraMinimal,`
			`)`
			`.answer(),`
			`"{:?} should NOT be transmutable into {:?}",`
			`src_layout,`
			`dst_layout`
			`);`
			`}`
			`}`
			`}`
			`}`
			`}`