Better type checks for compound types (rust-lang#1245)

* Better type checking for compound types

* Add checks for datatype fields.

Author: danielsn

cprover_bindings/src/goto_program/typ.rs

@@ -152,9 +152,46 @@ impl DatatypeComponent {
     }
 }
 
-//Constructors
+/// Constructors
 impl DatatypeComponent {
+    fn typecheck_datatype_field(typ: &Type) -> bool {
+        match typ.unwrap_typedef() {
+            Array { .. }
+            | Bool
+            | CBitField { .. }
+            | CInteger(_)
+            | Double
+            | FlexibleArray { .. }
+            | Float
+            | Pointer { .. }
+            | Signedbv { .. }
+            | Struct { .. }
+            | StructTag(_)
+            | Union { .. }
+            | UnionTag(_)
+            | Unsignedbv { .. }
+            | Vector { .. } => true,
+
+            Code { .. }
+            | Constructor
+            | Empty
+            | IncompleteStruct { .. }
+            | IncompleteUnion { .. }
+            | InfiniteArray { .. }
+            | VariadicCode { .. } => false,
+
+            TypeDef { .. } => unreachable!("typedefs should have been unwrapped"),
+        }
+    }
+
     pub fn field<T: Into<InternedString>>(name: T, typ: Type) -> Self {
+        // TODO https://github.com/model-checking/kani/issues/1243
+        // assert!(
+        //     Self::typecheck_datatype_field(&typ),
+        //     "Illegal field.\n\tName: {}\n\tType: {:?}",
+        //     name.into(),
+        //     typ
+        // );
         let name = name.into();
         Field { name, typ }
     }
@@ -831,12 +868,43 @@ impl Type {
 
 /// Constructors
 impl Type {
+    fn typecheck_array_elem(&self) -> bool {
+        match self.unwrap_typedef() {
+            Array { .. }
+            | Bool
+            | CBitField { .. }
+            | CInteger(_)
+            | Double
+            | Float
+            | Pointer { .. }
+            | Signedbv { .. }
+            | Struct { .. }
+            | StructTag(_)
+            | Union { .. }
+            | UnionTag(_)
+            | Unsignedbv { .. }
+            | Vector { .. } => true,
+
+            Code { .. }
+            | Constructor
+            | Empty
+            | FlexibleArray { .. }
+            | IncompleteStruct { .. }
+            | IncompleteUnion { .. }
+            | InfiniteArray { .. }
+            | VariadicCode { .. } => false,
+
+            TypeDef { .. } => unreachable!("typedefs should have been unwrapped"),
+        }
+    }
+
     /// elem_t[size]
     pub fn array_of<T>(self, size: T) -> Self
     where
         T: TryInto<u64>,
         T::Error: Debug,
     {
+        assert!(self.typecheck_array_elem(), "Can't make array of type {:?}", self);
         let size: u64 = size.try_into().unwrap();
         Array { typ: Box::new(self), size }
     }
@@ -908,19 +976,6 @@ impl Type {
         Constructor
     }
 
-    /// A component of a datatype (e.g. a field of a struct or union)
-    pub fn datatype_component<T: Into<InternedString>>(name: T, typ: Type) -> DatatypeComponent {
-        let name = name.into();
-        Field { name, typ }
-    }
-
-    // `__CPROVER_bitvector[bits] $pad<n>`
-    pub fn datatype_padding<T: Into<InternedString>>(name: T, bits: u64) -> DatatypeComponent {
-        let name = name.into();
-
-        Padding { name, bits }
-    }
-
     pub fn double() -> Self {
         Double
     }
@@ -965,6 +1020,7 @@ impl Type {
     }
 
     pub fn infinite_array_of(self) -> Self {
+        assert!(self.typecheck_array_elem(), "Can't make infinite array of type {:?}", self);
         InfiniteArray { typ: Box::new(self) }
     }
 
@@ -1013,13 +1069,27 @@ impl Type {
         StructTag(name)
     }
 
-    pub fn components_are_unique(components: &[DatatypeComponent]) -> bool {
+    fn components_are_unique(components: &[DatatypeComponent]) -> bool {
         let mut names: Vec<_> = components.iter().map(|x| x.name()).collect();
         names.sort();
         names.dedup();
         names.len() == components.len()
     }
 
+    fn components_are_not_flexible_array(components: &[DatatypeComponent]) -> bool {
+        components.iter().all(|x| !x.typ().is_flexible_array())
+    }
+
+    /// A struct can only contain a flexible array as its last element
+    /// Check this
+    fn components_in_valid_order_for_struct(components: &[DatatypeComponent]) -> bool {
+        if let Some((_, cs)) = components.split_last() {
+            Type::components_are_not_flexible_array(cs)
+        } else {
+            true
+        }
+    }
+
     /// struct name {
     ///     f1.typ f1.data; ...
     /// }
@@ -1032,6 +1102,12 @@ impl Type {
             "Components contain duplicates: {:?}",
             components
         );
+        assert!(
+            Type::components_in_valid_order_for_struct(&components),
+            "Components are not in valid order for struct: {:?}",
+            components
+        );
+
         let tag = tag.into();
         Struct { tag, components }
     }
@@ -1061,6 +1137,11 @@ impl Type {
             "Components contain duplicates: {:?}",
             components
         );
+        assert!(
+            Type::components_are_not_flexible_array(&components),
+            "Unions cannot contain flexible arrays: {:?}",
+            components
+        );
         Union { tag, components }
     }
 

kani-compiler/src/codegen_cprover_gotoc/codegen/operand.rs

@@ -3,7 +3,7 @@
 use crate::codegen_cprover_gotoc::utils::slice_fat_ptr;
 use crate::codegen_cprover_gotoc::GotocCtx;
 use crate::unwrap_or_return_codegen_unimplemented;
-use cbmc::goto_program::{Expr, Location, Stmt, Symbol, Type};
+use cbmc::goto_program::{DatatypeComponent, Expr, Location, Stmt, Symbol, Type};
 use cbmc::NO_PRETTY_NAME;
 use rustc_ast::ast::Mutability;
 use rustc_middle::mir::interpret::{
@@ -503,12 +503,12 @@ impl<'tcx> GotocCtx<'tcx> {
                     .iter()
                     .enumerate()
                     .map(|(i, d)| match d {
-                        AllocData::Bytes(bytes) => Type::datatype_component(
+                        AllocData::Bytes(bytes) => DatatypeComponent::field(
                             &i.to_string(),
                             Type::unsigned_int(8).array_of(bytes.len()),
                         ),
                         AllocData::Expr(e) => {
-                            Type::datatype_component(&i.to_string(), e.typ().clone())
+                            DatatypeComponent::field(&i.to_string(), e.typ().clone())
                         }
                     })
                     .collect()

kani-compiler/src/codegen_cprover_gotoc/codegen/typ.rs

@@ -308,7 +308,7 @@ impl<'tcx> GotocCtx<'tcx> {
         // vtable field name, i.e., 3_vol (idx_method)
         let vtable_field_name = self.vtable_field_name(instance.def_id(), idx);
 
-        Type::datatype_component(vtable_field_name, fn_ptr)
+        DatatypeComponent::field(vtable_field_name, fn_ptr)
     }
 
     /// Generates a vtable that looks like this:
@@ -382,8 +382,8 @@ impl<'tcx> GotocCtx<'tcx> {
             // See the comment on codegen_ty_ref.
             let vtable_name = ctx.vtable_name(trait_type);
             vec![
-                Type::datatype_component("data", data_type),
-                Type::datatype_component("vtable", Type::struct_tag(vtable_name).to_pointer()),
+                DatatypeComponent::field("data", data_type),
+                DatatypeComponent::field("vtable", Type::struct_tag(vtable_name).to_pointer()),
             ]
         })
     }
@@ -410,9 +410,9 @@ impl<'tcx> GotocCtx<'tcx> {
     /// `get_vtable`.
     fn trait_vtable_field_types(&mut self, t: ty::Ty<'tcx>) -> Vec<DatatypeComponent> {
         let mut vtable_base = vec![
-            Type::datatype_component("drop", self.trait_vtable_drop_type(t)),
-            Type::datatype_component("size", Type::size_t()),
-            Type::datatype_component("align", Type::size_t()),
+            DatatypeComponent::field("drop", self.trait_vtable_drop_type(t)),
+            DatatypeComponent::field("size", Type::size_t()),
+            DatatypeComponent::field("align", Type::size_t()),
         ];
         if let ty::Dynamic(binder, _region) = t.kind() {
             // The virtual methods on the trait ref. Some auto traits have no methods.
@@ -589,7 +589,7 @@ impl<'tcx> GotocCtx<'tcx> {
                         // we do not generate a struct with an array of units
                         vec![]
                     } else {
-                        vec![Type::datatype_component(
+                        vec![DatatypeComponent::field(
                             &0usize.to_string(),
                             ctx.codegen_ty_raw_array(ty),
                         )]
@@ -692,7 +692,7 @@ impl<'tcx> GotocCtx<'tcx> {
             // We need to pad to the next offset
             let bits = next_offset - current_offset;
             let name = format!("$pad{}", idx);
-            Some(Type::datatype_padding(&name, bits))
+            Some(DatatypeComponent::padding(&name, bits))
         } else {
             None
         }
@@ -729,7 +729,7 @@ impl<'tcx> GotocCtx<'tcx> {
                         final_fields.push(padding)
                     }
                     // we insert the actual field
-                    final_fields.push(Type::datatype_component(fld_name, self.codegen_ty(*fld_ty)));
+                    final_fields.push(DatatypeComponent::field(fld_name, self.codegen_ty(*fld_ty)));
                     let layout = self.layout_of(*fld_ty);
                     // we compute the overall offset of the end of the current struct
                     offset = fld_offset + layout.size.bits();
@@ -839,8 +839,8 @@ impl<'tcx> GotocCtx<'tcx> {
             };
             self.ensure_struct(pointer_name, NO_PRETTY_NAME, |_, _| {
                 vec![
-                    Type::datatype_component("data", element_type.to_pointer()),
-                    Type::datatype_component("len", Type::size_t()),
+                    DatatypeComponent::field("data", element_type.to_pointer()),
+                    DatatypeComponent::field("len", Type::size_t()),
                 ]
             })
         } else if self.use_vtable_fat_pointer(pointee_type) {
@@ -1016,7 +1016,7 @@ impl<'tcx> GotocCtx<'tcx> {
                 .fields
                 .iter()
                 .map(|f| {
-                    Type::datatype_component(
+                    DatatypeComponent::field(
                         &f.name.to_string(),
                         ctx.codegen_ty(f.ty(ctx.tcx, subst)),
                     )
@@ -1100,13 +1100,13 @@ impl<'tcx> GotocCtx<'tcx> {
                             let discr_offset = ctx.layout_of(discr_t).size.bits_usize();
                             let initial_offset =
                                 ctx.variant_min_offset(variants).unwrap_or(discr_offset);
-                            let mut fields = vec![Type::datatype_component("case", int)];
+                            let mut fields = vec![DatatypeComponent::field("case", int)];
                             if let Some(padding) =
                                 ctx.codegen_struct_padding(discr_offset, initial_offset, 0)
                             {
                                 fields.push(padding);
                             }
-                            fields.push(Type::datatype_component(
+                            fields.push(DatatypeComponent::field(
                                 "cases",
                                 ctx.ensure_union(
                                     &format!("{}-union", name.to_string()),
@@ -1256,7 +1256,7 @@ impl<'tcx> GotocCtx<'tcx> {
                     // Skip variant types that cannot be referenced.
                     None
                 } else {
-                    Some(Type::datatype_component(
+                    Some(DatatypeComponent::field(
                         &case.name.to_string(),
                         self.codegen_enum_case_struct(
                             name,