Diagnose uses of @unchecked Sendable conformances, not declarations

Under strict concurrency and memory safety, uses of `@unchecked
Sendable` conformances are considered unsafe. Diagnose the use sites,
not the declaration site.

Author: DougGregor

include/swift/AST/UnsafeUse.h

@@ -143,6 +143,7 @@ class UnsafeUse {
                                   ProtocolConformanceRef conformance,
                                   SourceLoc location,
                                   DeclContext *dc) {
+    assert(subjectType);
     UnsafeUse result(UnsafeConformance);
     result.storage.conformance.type = subjectType.getPointer();
     result.storage.conformance.conformanceRef = conformance.getOpaqueValue();

lib/Sema/TypeCheckAvailability.cpp

@@ -4109,11 +4109,12 @@ bool ExprAvailabilityWalker::diagnoseDeclRefAvailability(
   // If the declaration itself is "safe" but we don't disallow unsafe uses,
   // check whether it traffics in unsafe types.
   ASTContext &ctx = D->getASTContext();
-  if (ctx.LangOpts.hasFeature(Feature::WarnUnsafe) && !D->isUnsafe()) {
+  if (ctx.LangOpts.hasFeature(Feature::WarnUnsafe) && !D->isUnsafe() &&
+      !Where.getAvailability().allowsUnsafe()) {
     auto type = D->getInterfaceType();
     if (auto subs = declRef.getSubstitutions())
       type = type.subst(subs);
-    if (type->isUnsafe() && !Where.getAvailability().allowsUnsafe()) {
+    if (type->isUnsafe()) {
       diagnoseUnsafeUse(
           UnsafeUse::forReferenceToUnsafe(
             D, call != nullptr && !isa<ParamDecl>(D), Where.getDeclContext(),
@@ -4767,6 +4768,23 @@ swift::diagnoseConformanceAvailability(SourceLoc loc,
     }
   }
 
+  // Strict memory safety checking.
+  if (!where.getAvailability().allowsUnsafe()) {
+    if (auto normalConf = dyn_cast<NormalProtocolConformance>(rootConf)) {
+      // @unchecked Sendable conformances are considered unsafe when complete
+      // checking is enabled.
+      if (normalConf->isUnchecked() &&
+          normalConf->getProtocol()->isSpecificProtocol(KnownProtocolKind::Sendable) &&
+          normalConf->getProtocol()->getASTContext()
+            .LangOpts.StrictConcurrencyLevel == StrictConcurrency::Complete) {
+        diagnoseUnsafeUse(
+            UnsafeUse::forConformance(
+              concreteConf->getType(), conformance, loc,
+              where.getDeclContext()));
+      }
+    }
+  }
+
   auto maybeEmitAssociatedTypeNote = [&]() {
     if (!depTy && !replacementTy)
       return;

lib/Sema/TypeCheckProtocol.cpp

@@ -2462,20 +2462,6 @@ checkIndividualConformance(NormalProtocolConformance *conformance) {
       ComplainLoc, diag::unchecked_conformance_not_special, ProtoType);
   }
 
-  // @unchecked conformances are considered unsafe in strict concurrency mode.
-  if (conformance->isUnchecked() &&
-      Context.LangOpts.hasFeature(Feature::WarnUnsafe) &&
-      Context.LangOpts.StrictConcurrencyLevel == StrictConcurrency::Complete) {
-
-    if (!conformance->getDeclContext()->allowsUnsafe()) {
-      diagnoseUnsafeUse(
-          UnsafeUse::forConformance(conformance->getType(),
-                                    ProtocolConformanceRef(conformance),
-                                    ComplainLoc,
-                                    conformance->getDeclContext()));
-    }
-  }
-
   bool allowImpliedConditionalConformance = false;
   if (Proto->isSpecificProtocol(KnownProtocolKind::Sendable)) {
     // In -swift-version 5 mode, a conditional conformance to a protocol can imply

lib/Sema/TypeCheckUnsafe.cpp

@@ -17,6 +17,7 @@
 #include "swift/AST/ASTContext.h"
 #include "swift/AST/UnsafeUse.h"
 #include "swift/AST/DiagnosticsSema.h"
+#include "swift/AST/PackConformance.h"
 #include "swift/AST/SourceFile.h"
 #include "swift/AST/SourceFileExtras.h"
 #include "TypeCheckAvailability.h"
@@ -87,6 +88,48 @@ static void suggestUnsafeMarkerOnConformance(
   ).fixItInsert(decl->getAttributeInsertionLoc(false), "@unsafe ");
 }
 
+/// Enumerate all of the unsafe conformances within this conformance,
+/// returning `true` and aborting the search if any callback returns `true`.
+static bool forEachUnsafeConformance(
+    ProtocolConformanceRef conformance,
+    llvm::function_ref<bool(ProtocolConformance *conformance)> fn) {
+  if (conformance.isInvalid() || conformance.isAbstract())
+    return false;
+
+  if (conformance.isPack()) {
+    for (auto packedConformance :
+             conformance.getPack()->getPatternConformances()) {
+      if (forEachUnsafeConformance(packedConformance, fn))
+        return true;
+    }
+
+    return false;
+  }
+
+  // Is this an unsafe conformance?
+  ProtocolConformance *concreteConf = conformance.getConcrete();
+  RootProtocolConformance *rootConf = concreteConf->getRootConformance();
+  if (auto normalConf = dyn_cast<NormalProtocolConformance>(rootConf)) {
+    // @unchecked Sendable conformances are considered unsafe when complete
+    // checking is enabled.
+    if (normalConf->isUnchecked() &&
+        normalConf->getProtocol()->isSpecificProtocol(KnownProtocolKind::Sendable) &&
+        normalConf->getProtocol()->getASTContext()
+          .LangOpts.StrictConcurrencyLevel == StrictConcurrency::Complete)
+      if (fn(concreteConf))
+        return true;
+  }
+
+  // Check conformances that are part of this conformance.
+  auto subMap = concreteConf->getSubstitutionMap();
+  for (auto conformance : subMap.getConformances()) {
+    if (forEachUnsafeConformance(conformance, fn))
+      return true;
+  }
+
+  return false;
+}
+
 /// Retrieve the extra information
 static SourceFileExtras *getSourceFileExtrasFor(const Decl *decl) {
   auto dc = decl->getDeclContext();

stdlib/public/core/CMakeLists.txt

@@ -318,6 +318,7 @@ list(APPEND swift_stdlib_compile_flags "-enable-experimental-feature" "Macros")
 list(APPEND swift_stdlib_compile_flags "-enable-experimental-feature" "FreestandingMacros")
 list(APPEND swift_stdlib_compile_flags "-enable-experimental-feature" "Extern")
 list(APPEND swift_stdlib_compile_flags "-enable-experimental-feature" "BitwiseCopyable")
+list(APPEND swift_stdlib_compile_flags "-enable-experimental-feature" "WarnUnsafe")
 
 if("${SWIFT_NATIVE_SWIFT_TOOLS_PATH}" STREQUAL "")
   set(swift_bin_dir "${CMAKE_BINARY_DIR}/bin")

test/Unsafe/unsafe_concurrency.swift

@@ -4,14 +4,16 @@
 // REQUIRES: swift_feature_StrictConcurrency
 // REQUIRES: swift_feature_WarnUnsafe
 
-// expected-note@+2{{@unchecked conformance of 'C' to protocol 'Sendable' involves unsafe code}}
-// expected-warning@+1{{class 'C' involves unsafe code; use '@unsafe' to indicate that its use is not memory-safe}}{{1-1=@unsafe }}
 class C: @unchecked Sendable {
   var counter: Int = 0
 }
 
 nonisolated(unsafe) var globalCounter = 0
 
+func acceptSendable<T: Sendable>(_: T) { }
+
+typealias RequiresSendable<T> = T where T: Sendable
+
 @available(SwiftStdlib 5.1, *)
 func f() async { // expected-warning{{global function 'f' involves unsafe code; use '@safe(unchecked)' to assert that the code is memory-safe}}
   nonisolated(unsafe) var counter = 0
@@ -21,4 +23,9 @@ func f() async { // expected-warning{{global function 'f' involves unsafe code;
   counter += 1 // expected-note{{reference to nonisolated(unsafe) var 'counter' is unsafe in concurrently-executing code}}
   print(counter) // expected-note{{reference to nonisolated(unsafe) var 'counter' is unsafe in concurrently-executing code}}
   print(globalCounter) // expected-note{{reference to nonisolated(unsafe) var 'globalCounter' is unsafe in concurrently-executing code}}
+
+  acceptSendable(C()) // expected-note{{@unchecked conformance of 'C' to protocol 'Sendable' involves unsafe code}}
 }
+
+// expected-warning@+1{{type alias 'WeirdC' involves unsafe code; use '@unsafe' to indicate that its use is not memory-safe}}
+typealias WeirdC = RequiresSendable<C> // expected-note{{@unchecked conformance of 'C' to protocol 'Sendable' involves unsafe code}}