rustc_mir_transform/
check_null.rs

1use rustc_index::IndexVec;
2use rustc_middle::mir::visit::{MutatingUseContext, NonMutatingUseContext, PlaceContext};
3use rustc_middle::mir::*;
4use rustc_middle::ty::{Ty, TyCtxt};
5use rustc_session::Session;
6
7use crate::check_pointers::{BorrowedFieldProjectionMode, PointerCheck, check_pointers};
8
9pub(super) struct CheckNull;
10
11impl<'tcx> crate::MirPass<'tcx> for CheckNull {
12    fn is_enabled(&self, sess: &Session) -> bool {
13        sess.ub_checks()
14    }
15
16    fn run_pass(&self, tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) {
17        check_pointers(
18            tcx,
19            body,
20            &[],
21            insert_null_check,
22            BorrowedFieldProjectionMode::NoFollowProjections,
23        );
24    }
25
26    fn is_required(&self) -> bool {
27        true
28    }
29}
30
31fn insert_null_check<'tcx>(
32    tcx: TyCtxt<'tcx>,
33    pointer: Place<'tcx>,
34    pointee_ty: Ty<'tcx>,
35    context: PlaceContext,
36    local_decls: &mut IndexVec<Local, LocalDecl<'tcx>>,
37    stmts: &mut Vec<Statement<'tcx>>,
38    source_info: SourceInfo,
39) -> PointerCheck<'tcx> {
40    // Cast the pointer to a *const ().
41    let const_raw_ptr = Ty::new_imm_ptr(tcx, tcx.types.unit);
42    let rvalue = Rvalue::Cast(CastKind::PtrToPtr, Operand::Copy(pointer), const_raw_ptr);
43    let thin_ptr = local_decls.push(LocalDecl::with_source_info(const_raw_ptr, source_info)).into();
44    stmts
45        .push(Statement { source_info, kind: StatementKind::Assign(Box::new((thin_ptr, rvalue))) });
46
47    // Transmute the pointer to a usize (equivalent to `ptr.addr()`).
48    let rvalue = Rvalue::Cast(CastKind::Transmute, Operand::Copy(thin_ptr), tcx.types.usize);
49    let addr = local_decls.push(LocalDecl::with_source_info(tcx.types.usize, source_info)).into();
50    stmts.push(Statement { source_info, kind: StatementKind::Assign(Box::new((addr, rvalue))) });
51
52    let zero = Operand::Constant(Box::new(ConstOperand {
53        span: source_info.span,
54        user_ty: None,
55        const_: Const::Val(ConstValue::from_target_usize(0, &tcx), tcx.types.usize),
56    }));
57
58    let pointee_should_be_checked = match context {
59        // Borrows pointing to "null" are UB even if the pointee is a ZST.
60        PlaceContext::NonMutatingUse(NonMutatingUseContext::SharedBorrow)
61        | PlaceContext::MutatingUse(MutatingUseContext::Borrow) => {
62            // Pointer should be checked unconditionally.
63            Operand::Constant(Box::new(ConstOperand {
64                span: source_info.span,
65                user_ty: None,
66                const_: Const::Val(ConstValue::from_bool(true), tcx.types.bool),
67            }))
68        }
69        // Other usages of null pointers only are UB if the pointee is not a ZST.
70        _ => {
71            let rvalue = Rvalue::NullaryOp(NullOp::SizeOf, pointee_ty);
72            let sizeof_pointee =
73                local_decls.push(LocalDecl::with_source_info(tcx.types.usize, source_info)).into();
74            stmts.push(Statement {
75                source_info,
76                kind: StatementKind::Assign(Box::new((sizeof_pointee, rvalue))),
77            });
78
79            // Check that the pointee is not a ZST.
80            let is_pointee_not_zst =
81                local_decls.push(LocalDecl::with_source_info(tcx.types.bool, source_info)).into();
82            stmts.push(Statement {
83                source_info,
84                kind: StatementKind::Assign(Box::new((
85                    is_pointee_not_zst,
86                    Rvalue::BinaryOp(
87                        BinOp::Ne,
88                        Box::new((Operand::Copy(sizeof_pointee), zero.clone())),
89                    ),
90                ))),
91            });
92
93            // Pointer needs to be checked only if pointee is not a ZST.
94            Operand::Copy(is_pointee_not_zst)
95        }
96    };
97
98    // Check whether the pointer is null.
99    let is_null = local_decls.push(LocalDecl::with_source_info(tcx.types.bool, source_info)).into();
100    stmts.push(Statement {
101        source_info,
102        kind: StatementKind::Assign(Box::new((
103            is_null,
104            Rvalue::BinaryOp(BinOp::Eq, Box::new((Operand::Copy(addr), zero))),
105        ))),
106    });
107
108    // We want to throw an exception if the pointer is null and the pointee is not unconditionally
109    // allowed (which for all non-borrow place uses, is when the pointee is ZST).
110    let should_throw_exception =
111        local_decls.push(LocalDecl::with_source_info(tcx.types.bool, source_info)).into();
112    stmts.push(Statement {
113        source_info,
114        kind: StatementKind::Assign(Box::new((
115            should_throw_exception,
116            Rvalue::BinaryOp(
117                BinOp::BitAnd,
118                Box::new((Operand::Copy(is_null), pointee_should_be_checked)),
119            ),
120        ))),
121    });
122
123    // The final condition whether this pointer usage is ok or not.
124    let is_ok = local_decls.push(LocalDecl::with_source_info(tcx.types.bool, source_info)).into();
125    stmts.push(Statement {
126        source_info,
127        kind: StatementKind::Assign(Box::new((
128            is_ok,
129            Rvalue::UnaryOp(UnOp::Not, Operand::Copy(should_throw_exception)),
130        ))),
131    });
132
133    // Emit a PointerCheck that asserts on the condition and otherwise triggers
134    // a AssertKind::NullPointerDereference.
135    PointerCheck {
136        cond: Operand::Copy(is_ok),
137        assert_kind: Box::new(AssertKind::NullPointerDereference),
138    }
139}