transpile: expand --translate-const-macros conservative to a lot more CExprKinds (#1306)

* Fixes #803.
* Supersedes #810.

We do this by recursively checking whether an expression is `const`.
This is generally done in a conservative manner, modulo the
`ExplicitCast` bug (#853), non-`const` `sizeof(VLA)`s, and `f128`'s
non-`const` methods (#1262). For #853, this does generate incorrect code
even on `conservative`, but I'll work on fixing that next.

Also, because we now allow certain operations that are `unsafe`, like
ptr arithmetic, we wrap all `const`s in an `unsafe` block. This is
similar to how all `fn`s we generate are marked `unsafe fn`s even if
they don't contain any `unsafe` operations within them. We can improve
this, but for now, this works and is correct.

Also, the output was being non-deterministic due to the usage of
`HashMap`s for macro maps like `macro_invocations`, so I changed these
to `IndexMap`s that are order-preserving.

Author: kkysen

c2rust-transpile/src/c_ast/mod.rs

@@ -624,6 +624,78 @@ impl TypedAstContext {
         }
     }
 
+    /// Pessimistically try to check if an expression is `const`.
+    /// If it's not, or we can't tell if it is, return `false`.
+    ///
+    /// This should be a top-down, pessimistic/conservative analysis.
+    pub fn is_const_expr(&self, expr: CExprId) -> bool {
+        let is_const = |expr| self.is_const_expr(expr);
+
+        use CExprKind::*;
+        match self[expr].kind {
+            // A literal is always `const`.
+            Literal(_, _) => true,
+            // Unary ops should be `const`.
+            // TODO handle `f128` or use the primitive type.
+            Unary(_, _, expr, _) => is_const(expr),
+            UnaryType(_, _, _, _) => false, // TODO disabled for now as tests are broken
+            // Not sure what a `None` `CExprId` means here
+            // or how to detect a `sizeof` of a VLA, which is non-`const`,
+            // although it seems we don't handle `sizeof(VLAs)`
+            // correctly in macros elsewhere already.
+            #[allow(unreachable_patterns)]
+            UnaryType(_, _, expr, _) => expr.map_or(true, is_const),
+            // Not sure what a `OffsetOfKind::Variable` means.
+            OffsetOf(_, _) => true,
+            // `ptr::offset` (ptr `BinOp::Add`) was `const` stabilized in `1.61.0`.
+            // `ptr::offset_from` (ptr `BinOp::Subtract`) was `const` stabilized in `1.65.0`.
+            // TODO `f128` is not yet handled, as we should eventually
+            // switch to the (currently unstable) `f128` primitive type (#1262).
+            Binary(_, _, lhs, rhs, _, _) => is_const(lhs) && is_const(rhs),
+            ImplicitCast(_, _, CastKind::ArrayToPointerDecay, _, _) => false, // TODO disabled for now as tests are broken
+            // `as` casts are always `const`.
+            ImplicitCast(_, expr, _, _, _) => is_const(expr),
+            // `as` casts are always `const`.
+            // TODO This is `const`, although there's a bug #853.
+            ExplicitCast(_, expr, _, _, _) => is_const(expr),
+            // This is used in `const` locations like `match` patterns and array lengths, so it must be `const`.
+            ConstantExpr(_, _, _) => true,
+            // A reference in an already otherwise `const` context should be `const` itself.
+            DeclRef(_, _, _) => true,
+            Call(_, fn_expr, ref args) => {
+                let is_const_fn = false; // TODO detect which `fn`s are `const`.
+                is_const(fn_expr) && args.iter().copied().all(is_const) && is_const_fn
+            }
+            Member(_, expr, _, _, _) => is_const(expr),
+            ArraySubscript(_, array, index, _) => is_const(array) && is_const(index),
+            Conditional(_, cond, if_true, if_false) => {
+                is_const(cond) && is_const(if_true) && is_const(if_false)
+            }
+            BinaryConditional(_, cond, if_false) => is_const(cond) && is_const(if_false),
+            InitList(_, ref inits, _, _) => inits.iter().copied().all(is_const),
+            ImplicitValueInit(_) => true,
+            Paren(_, expr) => is_const(expr),
+            CompoundLiteral(_, expr) => is_const(expr),
+            Predefined(_, expr) => is_const(expr),
+            Statements(_, stmt) => self.is_const_stmt(stmt),
+            VAArg(_, expr) => is_const(expr),
+            // SIMD is not yet `const` in Rust.
+            ShuffleVector(_, _) | ConvertVector(_, _) => false,
+            DesignatedInitExpr(_, _, expr) => is_const(expr),
+            Choose(_, cond, if_true, if_false, _) => {
+                is_const(cond) && is_const(if_true) && is_const(if_false)
+            }
+            // Atomics are not yet `const` in Rust.
+            Atomic { .. } => false,
+            BadExpr => false,
+        }
+    }
+
+    pub fn is_const_stmt(&self, _stmt: CStmtId) -> bool {
+        // TODO
+        false
+    }
+
     pub fn prune_unwanted_decls(&mut self, want_unused_functions: bool) {
         // Starting from a set of root declarations, walk each one to find declarations it
         // depends on. Then walk each of those, recursively.

c2rust-transpile/src/translator/mod.rs

@@ -2123,15 +2123,28 @@ impl<'c> Translation<'c> {
 
     /// Determine if we're able to convert this const macro expansion.
     fn can_convert_const_macro_expansion(&self, expr_id: CExprId) -> TranslationResult<()> {
-        let kind = &self.ast_context[expr_id].kind;
         match self.tcfg.translate_const_macros {
             TranslateMacros::None => Err(format_err!("translate_const_macros is None"))?,
-            TranslateMacros::Conservative => match *kind {
-                CExprKind::Literal(..) => Ok(()), // Literals are leaf expressions, so they should always be const-compatible.
-                _ => Err(format_err!(
-                    "conservative const macros don't yet allow {kind:?}"
-                ))?,
-            },
+            TranslateMacros::Conservative => {
+                // TODO We still allow `CExprKind::ExplicitCast`s
+                // even though they're broken (see #853).
+
+                // This is a top-down, pessimistic/conservative analysis.
+                // This is somewhat duplicative of `fn convert_expr` simply checking
+                // `ExprContext::is_const` and returning errors where the expr is not `const`,
+                // which is an non-conservative analysis scattered across all of the `fn convert_*`s.
+                // That's what's done for `TranslateMacros::Experimental`,
+                // as opposed to the conservative analysis done here for `TranslateMacros::Conservative`.
+                // When the conservative analysis is incomplete,
+                // it won't translate the macro, but the result will compile.
+                // But when the non-conservative analysis is incomplete,
+                // the resulting code may not transpile,
+                // which is why the conservative analysis is used for `TranslateMacros::Conservative`.
+                if !self.ast_context.is_const_expr(expr_id) {
+                    Err(format_err!("non-const expr {expr_id:?}"))?;
+                }
+                Ok(())
+            }
             TranslateMacros::Experimental => Ok(()),
         }
     }

c2rust-transpile/tests/snapshots/macros.c

@@ -289,7 +289,9 @@ struct fn_ptrs {
 
 typedef int (*fn_ptr_ty)(char);
 
-const struct fn_ptrs fns = {NULL, NULL, NULL};
+// TODO Skip for now since it uses `libc`, which we don't test in snapshots.
+// const struct fn_ptrs fns = {NULL, NULL, NULL};
+const struct fn_ptrs fns = {};
 
 // Make sure we can't refer to globals in a const macro
 #define GLOBAL_REF &fns
@@ -366,6 +368,4 @@ int local_fn(void) { return 1234; }
 
 int use_local_value(void) { return LOCAL_VALUE; }
 
-bool use_portable_type(uintptr_t len) {
-  return len <= UINTPTR_MAX / 2;
-}
+bool use_portable_type(uintptr_t len) { return len <= UINTPTR_MAX / 2; }

c2rust-transpile/tests/snapshots/os-specific/macros.c

@@ -0,0 +1,30 @@
+#include <errno.h>
+#include <stdbool.h>
+#include <string.h>
+
+bool errno_is_error() { return errno != 0; }
+
+int size_of_const() {
+  int a[10];
+#define SIZE sizeof(a)
+  return SIZE;
+}
+
+#if 0
+// TODO VLA error
+int size_of_dynamic(int n) {
+  int a[n];
+#define SIZE sizeof(a)
+  return SIZE;
+}
+#endif
+
+// From Lua's `lobject.c`.
+
+#define POS "\"]"
+/* number of chars of a literal string without the ending \0 */
+#define LL(x) (sizeof(x) / sizeof(char) - 1)
+
+void memcpy_str_literal(char *out) {
+  memcpy(out, POS, (LL(POS) + 1) * sizeof(char));
+}

c2rust-transpile/tests/snapshots/[email protected]

@@ -0,0 +1,44 @@
+---
+source: c2rust-transpile/tests/snapshots.rs
+expression: cat tests/snapshots/os-specific/macros.linux.rs
+input_file: c2rust-transpile/tests/snapshots/os-specific/macros.c
+---
+#![allow(
+    dead_code,
+    mutable_transmutes,
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    unused_assignments,
+    unused_mut
+)]
+extern "C" {
+    fn __errno_location() -> *mut std::ffi::c_int;
+    fn memcpy(
+        __dest: *mut std::ffi::c_void,
+        __src: *const std::ffi::c_void,
+        __n: size_t,
+    ) -> *mut std::ffi::c_void;
+}
+pub type size_t = usize;
+#[no_mangle]
+pub unsafe extern "C" fn errno_is_error() -> bool {
+    return *__errno_location() != 0 as std::ffi::c_int;
+}
+#[no_mangle]
+pub unsafe extern "C" fn size_of_const() -> std::ffi::c_int {
+    let mut a: [std::ffi::c_int; 10] = [0; 10];
+    return ::core::mem::size_of::<[std::ffi::c_int; 10]>() as std::ffi::c_int;
+}
+#[no_mangle]
+pub unsafe extern "C" fn memcpy_str_literal(mut out: *mut std::ffi::c_char) {
+    memcpy(
+        out as *mut std::ffi::c_void,
+        b"\"]\0" as *const u8 as *const std::ffi::c_char as *const std::ffi::c_void,
+        (::core::mem::size_of::<[std::ffi::c_char; 3]>() as size_t)
+            .wrapping_div(::core::mem::size_of::<std::ffi::c_char>() as size_t)
+            .wrapping_sub(1 as size_t)
+            .wrapping_add(1 as size_t)
+            .wrapping_mul(::core::mem::size_of::<std::ffi::c_char>() as size_t),
+    );
+}

c2rust-transpile/tests/snapshots/[email protected]

@@ -0,0 +1,45 @@
+---
+source: c2rust-transpile/tests/snapshots.rs
+expression: cat tests/snapshots/os-specific/macros.macos.rs
+input_file: c2rust-transpile/tests/snapshots/os-specific/macros.c
+---
+#![allow(
+    dead_code,
+    mutable_transmutes,
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    unused_assignments,
+    unused_mut
+)]
+extern "C" {
+    fn __error() -> *mut std::ffi::c_int;
+    fn memcpy(
+        __dst: *mut std::ffi::c_void,
+        __src: *const std::ffi::c_void,
+        __n: size_t,
+    ) -> *mut std::ffi::c_void;
+}
+pub type __darwin_size_t = usize;
+pub type size_t = __darwin_size_t;
+#[no_mangle]
+pub unsafe extern "C" fn errno_is_error() -> bool {
+    return *__error() != 0 as std::ffi::c_int;
+}
+#[no_mangle]
+pub unsafe extern "C" fn size_of_const() -> std::ffi::c_int {
+    let mut a: [std::ffi::c_int; 10] = [0; 10];
+    return ::core::mem::size_of::<[std::ffi::c_int; 10]>() as std::ffi::c_int;
+}
+#[no_mangle]
+pub unsafe extern "C" fn memcpy_str_literal(mut out: *mut std::ffi::c_char) {
+    memcpy(
+        out as *mut std::ffi::c_void,
+        b"\"]\0" as *const u8 as *const std::ffi::c_char as *const std::ffi::c_void,
+        (::core::mem::size_of::<[std::ffi::c_char; 3]>() as size_t)
+            .wrapping_div(::core::mem::size_of::<std::ffi::c_char>() as size_t)
+            .wrapping_sub(1 as size_t)
+            .wrapping_add(1 as size_t)
+            .wrapping_mul(::core::mem::size_of::<std::ffi::c_char>() as size_t),
+    );
+}