Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tracking issue for indirect_structural_match compatibility lint #62411

Closed
3 of 5 tasks
pnkfelix opened this issue Jul 5, 2019 · 12 comments
Closed
3 of 5 tasks

Tracking issue for indirect_structural_match compatibility lint #62411

pnkfelix opened this issue Jul 5, 2019 · 12 comments
Labels
A-maybe-future-edition Something we may consider for a future edition. C-future-incompatibility Category: Future-incompatibility lints

Comments

@pnkfelix
Copy link
Member

pnkfelix commented Jul 5, 2019

This is the summary issue for the indirect_structural_match future-compatibility warning and other related errors. The goal of this page is describe why this change was made and how you can fix
code that is affected by it. It also provides a place to ask questions or register a complaint if you feel the change should not be made. For more information on the policy around future-compatibility warnings, see our breaking change policy guidelines.

What is this lint about

Uses of a const item in a pattern are currently supposed to not rely on whether the semantics of matching a pattern are based on "structural equality" (i.e. unfolding the value of the const item into the pattern) or "semantic equality" (calling PartialEq::eq). See RFC 1445 for more discussion on this point.

For example, we currently reject the following code, because it could be used to detect which of the two semantics are used for matching patterns (play):

// I am equal to anyone who shares my sum!
struct Plus(i32, i32);

impl PartialEq for Plus {
    fn eq(&self, other: &Self) -> bool {
        self.0 + self.1 == other.0 + other.1
    }
}

impl Eq for Plus { }

const ONE_PLUS_TWO: Plus = Plus(1, 2);

fn main() {
    if let ONE_PLUS_TWO = Plus(3, 0) {
        println!("semantic!");
    } else {
        println!("structural!");
    }
}

However, the code to enforce adherence to RFC 1445 missed some cases. The compiler incorrectly accepted the following variant of the above code (play):

const ONE_PLUS_TWO: & &Plus = & &Plus(1, 2);

fn main() {
    if let ONE_PLUS_TWO = & &Plus(3, 0) {
        println!("semantic!");
    } else {
        println!("structural!");
    }
}

Since we have not yet decided how to resolve this problem for the long term, it is best to alert users that they are using a corner of the language that was not completely specified. (To be clear: The compiler will use either semantic or structural equality, and its choice will not introduce unsoundness; but it may yield very surprising behavior for the user, depending on how they have implemented PartialEq.)

How to fix this warning/error

Here are three options:

1. Change const item itself

Change the const item referenced in the pattern to use only types that derive PartialEq and Eq.

In our running example, that would correspond to changing the code to use derive instead of explicit impl:

// I am equal to anyone who shares my sum!
struct Plus(i32, i32);

impl PartialEq for Plus {
    fn eq(&self, other: &Self) -> bool {
        self.0 + self.1 == other.0 + other.1
    }
}

impl Eq for Plus { }

becomes:

// I am no longer equal to all who share my sum!
#[derive(PartialEq, Eq)]
struct Plus(i32, i32);

Of course, in this particular example, this is a non-semantics preserving change for the program at large, since presumably the original designer wanted the previous semantics for PartialEq. The main reason we point it out (and in fact, point it out first) is that in many cases, switching to #[derive(PartialEq, Eq)] will be both correct and the simplest fix.

2. Change pattern to call == explicitly

If semantic equality is desired, change the pattern to bind the input to a variable and call the == operator (this may require switching from if let to match until let_chains are stabilized).

In our running example (adapted slightly to use match):

    match & &Plus(3, 0) {
        ONE_PLUS_TWO => println!("semantic!"),
        _ => println!("structural!"),
    }

becomes:

    match & &Plus(3, 0) {
        sum if sum == ONE_PLUS_TWO => println!("semantic!"),
        _ => println!("structural!"),
    }
3. Change pattern to inline structural form

If structural equality is desired, inline the right-hand side of the const as an explicit pattern.

In our running example (adapted slightly to use match):

    match & &Plus(3, 0) {
        ONE_PLUS_TWO => println!("semantic!"),
        _ => println!("structural!"),
    }

becomes:

    match & &Plus(3, 0) {
        & &Plus(1, 2) => println!("semantic!"),
        _ => println!("structural!"),
    }

When will this warning become a hard error?

At the beginning of each 6-week release cycle, the Rust compiler team will review the set of outstanding future compatibility warnings and nominate some of them for Final Comment Period. Toward the end of the cycle, we will review any comments and make a final determination whether to convert the warning into a hard error or remove it entirely.

Current status

@pnkfelix
Copy link
Member Author

pnkfelix commented Jul 5, 2019

spawned off of tracking issue #31434, compiler issue #62307, and compiler PR #62339

@pnkfelix pnkfelix added the C-future-incompatibility Category: Future-incompatibility lints label Jul 9, 2019
@pnkfelix pnkfelix changed the title Tracking issue for non_structural_match compatibility lint Tracking issue for indirect_structural_match compatibility lint Jul 10, 2019
@seanmonstar
Copy link
Contributor

I've noticed this warning suddenly being triggered on this code using the http crate:

let m = http::Method::GET;

match m {
    http::Method::GET => (),
    _ => ()
}

There is a derive(PartialEq, Eq) on the struct Method definition, so is that a false positive?

@pnkfelix
Copy link
Member Author

pnkfelix commented Jul 11, 2019

@seanmonstar is everything that is recursively teachable from that structure also a #[structural_match] ?

(I have been wondering if there may be subtle cases where this warning arises that are instances of there not being “turtles all the way down”)

@seanmonstar
Copy link
Contributor

I noticed the warning says Box isn't, and one of the variants is Box<[u8]>... That'd be the long-extension variant. I guess a structural match would almost never be true as the pointers would differ... Though, we don't have any constants of that variant and any parsing will always use the constant if it's a match.

So while I guess technically in correct, in this case a structural match would be fine since you can't make a constant of that variant anyway.

@pnkfelix
Copy link
Member Author

Hmm yes. This may be an unfortunate artifact of how this implementation is trying to detect instances of ADT's missing structural match: It traverses the structure of the type itself, which means it visits every variant of an enum type, including variants that are unused by the const item in question.

I suspect we can fix this. I don't think I'm going to be able to do so before I go on leave, but I'll file a bug about it in any case.

@pnkfelix
Copy link
Member Author

@seanmonstar filed as #62614

@pnkfelix
Copy link
Member Author

pnkfelix commented Jul 12, 2019

... and filed PR #62623 as a way to address the problem in the short-term.

@ecstatic-morse ecstatic-morse added the A-maybe-future-edition Something we may consider for a future edition. label Apr 22, 2020
bors added a commit to rust-lang-ci/rust that referenced this issue Apr 29, 2020
…h, r=pnkfelix

Const qualification for `StructuralEq`

Furthers rust-lang#62411. Resolves rust-lang#62614.

The goal of this PR is to implement the logic in rust-lang#67088 on the MIR instead of the HIR. It uses the `Qualif` trait to track `StructuralPartialEq`/`StructuralEq` in the final value of a `const`. Then, if we encounter a constant during HAIR lowering whose value may not be structurally matchable, we emit the `indirect_structural_match` lint.

This PR contains all the tests present in rust-lang#67088 and emits the proper warnings for the corner cases. This PR does not handle rust-lang#65466, which would require that we be [more aggressive](https://github.com/rust-lang/rust/blob/42abbd8878d3b67238f3611b0587c704ba94f39c/src/librustc_mir_build/hair/pattern/const_to_pat.rs#L126-L130) when checking matched types for `PartialEq`. I think that should be done separately.

Because this works on MIR and uses dataflow, this PR should accept more cases than rust-lang#67088. Notably, the qualifs in the final value of a const are encoded cross-crate, so matching on a constant whose value is defined in another crate to be `Option::<TyWithCustomEqImpl>::None` should work. Additionally, if a `const` has branching/looping, we will only emit the warning if any possible control flow path could result in a type with a custom `PartialEq` impl ending up as the final value of a `const`. I'm not sure how rust-lang#67088 handled this.

AFAIK, it's not settled that these are the semantics we actually want: it's just how the `Qualif` framework happens to work. If the cross-crate part is undesirable, it would be quite easy to change the result of `mir_const_qualif().custom_eq` to `true` before encoding it in the crate metadata. This way, other crates would have to assume that all publicly exported constants may not be safe for matching.

r? @pnkfelix
cc @eddyb
@pnkfelix
Copy link
Member Author

I wonder if we can make indirect_structural_match warn-by-default again now that PR #67343 has landed and issue #62614 is closed.

github-actions bot pushed a commit to rust-lang/glacier that referenced this issue Aug 11, 2022
=== stdout ===
=== stderr ===
warning: to use a constant of type `Eek` in a pattern, `Eek` must be annotated with `#[derive(PartialEq, Eq)]`
  --> /home/runner/work/glacier/glacier/ices/82909.rs:15:11
   |
15 |         &&EEK_ONE => {}
   |           ^^^^^^^
   |
   = note: `#[warn(indirect_structural_match)]` on by default
   = warning: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release!
   = note: for more information, see issue #62411 <rust-lang/rust#62411>

error[E0004]: non-exhaustive patterns: `&&&_` not covered
  --> /home/runner/work/glacier/glacier/ices/82909.rs:14:11
   |
14 |     match &&&[][..] {
   |           ^^^^^^^^^ pattern `&&&_` not covered
   |
   = note: the matched value is of type `&&&[Eek]`
help: ensure that all possible cases are being handled by adding a match arm with a wildcard pattern or an explicit pattern as shown
   |
15 ~         &&EEK_ONE => {}
16 +         &&&_ => todo!()
   |

warning: unused variable: `other`
 --> /home/runner/work/glacier/glacier/ices/82909.rs:3:18
  |
3 |     fn eq(&self, other: &Self) -> bool {
  |                  ^^^^^ help: if this is intentional, prefix it with an underscore: `_other`
  |
  = note: `#[warn(unused_variables)]` on by default

error: aborting due to previous error; 2 warnings emitted

For more information about this error, try `rustc --explain E0004`.
==============
@RalfJung
Copy link
Member

RalfJung commented Sep 15, 2023

What is the current status here? This has been a future-incompat lint for a long time now, can we move towards making it a hard error? Should we at least take a step towards that by having it show up in cargo's future-incompat reports?

I am not sure if our vision for structural-match restrictions is still the same as 4 years ago though. #74446 is still unresolved. My immediate goal would be to move pattern matching away from a "fallback" logic: currently it works by "trying a valtree" and then "falling back to an opaque const with PartialEq"; such fallbacks are typically fragile and hard to reason about. What would it take to decide between "construct transparent pattern via valtree" vs "opaque pattern" up-front (and ICEing if building a valtree fails after we decided that that is the strategy we want to use)? Is it something like self.tcx.mir_const_qualif(instance.def_id()).custom_eq, based on #67343? There are a whole bunch of lints around structural equality (indirect_structural_match, nontrivial_structural_match, pointer_structural_match, illegal_floating_point_literal_pattern) and I don't know which of these have to become hard errors before we can do anything like that. (If #110166 is right then pointer_structural_match might actually not be relevant for this?)

@oli-obk or anyone else who knows the current status here, would be great to get a summary. :)

@RalfJung
Copy link
Member

RalfJung commented Sep 15, 2023

In fact I think I'm uncertain about what the endgame here really is. Is it the fallback plan above? But which code would that even break? With fn ptrs now having PartialEq, I think we don't accept any constants any more that are not PartialEq?

Or is the point that in case we detect custom equality, we're not just falling back to PartialEq, we actually want to reject this outright? IIRC we concluded this would break too much code. So do we have a short list of types that are allowed anyway (raw ptr, fn ptr, float)? That wouldn't work, this gets accepted after all. It doesn't even show a future-incompat warning.

What are examples of code that we still plan to break? Maybe the breaking has nothing at all to do with valtrees or other internals.

@RalfJung
Copy link
Member

I laid down some of my thoughts on where we might want to go with all this over here.

@RalfJung
Copy link
Member

This is pretty much superseded by #120362.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-maybe-future-edition Something we may consider for a future edition. C-future-incompatibility Category: Future-incompatibility lints
Projects
Status: Idea
Development

No branches or pull requests

5 participants