Auto merge of #84039 - jyn514:uplift-atomic-ordering, r=wesleywiser

Uplift the invalid_atomic_ordering lint from clippy to rustc

This is mostly just a rebase of #79654; I've copy/pasted the text from that PR below.

r? `@lcnr` since you reviewed the last one, but feel free to reassign.

---

This is an implementation of rust-lang/compiler-team#390.

As mentioned, in general this turns an unconditional runtime panic into a (compile time) lint failure. It has no false positives, and the only false negatives I'm aware of are if `Ordering` isn't specified directly and is comes from an argument/constant/whatever.

As a result of it having no false positives, and the alternative always being strictly wrong, it's on as deny by default. This seems right.

In the [zulip stream](https://rust-lang.zulipchat.com/#narrow/stream/233931-t-compiler.2Fmajor-changes/topic/Uplift.20the.20.60invalid_atomic_ordering.60.20lint.20from.20clippy/near/218483957) `@joshtriplett` suggested that lang team should FCP this before landing it. Perhaps libs team cares too?

---

Some notes on the code for reviewers / others below

## Changes from clippy

The code is changed from [the implementation in clippy](https://github.com/rust-lang/rust-clippy/blob/68cf94f6a66e47234e3adefc6dfbe806cd6ad164/clippy_lints/src/atomic_ordering.rs) in the following ways:

1. Uses `Symbols` and `rustc_diagnostic_item`s instead of string literals.
    - It's possible I should have just invoked Symbol::intern for some of these instead? Seems better to use symbol, but it did require adding several.
2. The functions are moved to static methods inside the lint struct, as a way to namespace them.
    - There's a lot of other code in that file — which I picked as the location for this lint because `@jyn514` told me that seemed reasonable.
3. Supports unstable AtomicU128/AtomicI128.
    - I did this because it was almost easier to support them than not — not supporting them would have (ideally) required finding a way not to give them a `rustc_diagnostic_item`, which would have complicated an already big macro.
    - These don't have tests since I wasn't sure if/how I should make tests conditional on whether or not the target has the atomic... This is to a certain extent an issue of 64bit atomics too, but 128-bit atomics are much less common. Regardless, the existing tests should be *more* than thorough enough here.
4. Minor changes like:
    - grammar tweaks ("loads cannot have `Release` **and** `AcqRel` ordering" => "loads cannot have `Release` **or** `AcqRel` ordering")
    - function renames (`match_ordering_def_path` => `matches_ordering_def_path`),
    - avoiding clippy-specific helper methods that don't exist in rustc_lint and didn't seem worth adding for this case (for example `cx.struct_span_lint` vs clippy's `span_lint_and_help` helper).

## Potential issues

(This is just about the code in this PR, not conceptual issues with the lint or anything)

1. I'm not sure if I should have used a diagnostic item for `Ordering` and its variants (I couldn't figure out how really, so if I should do this some pointers would be appreciated).
    - It seems possible that failing to do this might possibly mean there are more cases this lint would miss, but I don't really know how `match_def_path` works and if it has any pitfalls like that, so maybe not.

2. I *think* I deprecated the lint in clippy (CC `@flip1995` who asked to be notified about clippy changes in the future in [this comment](#75671 (comment))) but I'm not sure if I need to do anything else there.
    - I'm kind of hoping CI will catch if I missed anything, since `x.py test src/tools/clippy` fails with a lot of errors with and without my changes (and is probably a nonsense command regardless). Running `cargo test` from src/tools/clippy also fails with unrelated errors that seem like refactorings that didnt update clippy? So, honestly no clue.

3. I wasn't sure if the description/example I gave good. Hopefully it is. The example is less thorough than the one from clippy here: https://rust-lang.github.io/rust-clippy/master/index.html#invalid_atomic_ordering. Let me know if/how I should change it if it needs changing.

4. It pulls in the `if_chain` crate. This crate was already used in clippy, and seems like it's used elsewhere in rustc, but I'm willing to rewrite it to not use this if needed (I'd prefer not to, all things being equal).

Cargo.lock

@@ -3924,6 +3924,7 @@ dependencies = [
 name = "rustc_lint"
 version = "0.0.0"
 dependencies = [
+ "if_chain",
  "rustc_ast",
  "rustc_ast_pretty",
  "rustc_attr",

compiler/rustc_lint/Cargo.toml

@@ -4,6 +4,7 @@ version = "0.0.0"
 edition = "2018"
 
 [dependencies]
+if_chain = "1.0"
 tracing = "0.1"
 unicode-security = "0.0.5"
 rustc_middle = { path = "../rustc_middle" }

compiler/rustc_lint/src/lib.rs

@@ -170,6 +170,7 @@ macro_rules! late_lint_passes {
                 TemporaryCStringAsPtr: TemporaryCStringAsPtr,
                 NonPanicFmt: NonPanicFmt,
                 NoopMethodCall: NoopMethodCall,
+                InvalidAtomicOrdering: InvalidAtomicOrdering,
             ]
         );
     };

compiler/rustc_lint/src/types.rs

@@ -4,17 +4,19 @@ use rustc_attr as attr;
 use rustc_data_structures::fx::FxHashSet;
 use rustc_errors::Applicability;
 use rustc_hir as hir;
-use rustc_hir::{is_range_literal, ExprKind, Node};
+use rustc_hir::def_id::DefId;
+use rustc_hir::{is_range_literal, Expr, ExprKind, Node};
 use rustc_middle::ty::layout::{IntegerExt, SizeSkeleton};
 use rustc_middle::ty::subst::SubstsRef;
-use rustc_middle::ty::{self, AdtKind, Ty, TyCtxt, TypeFoldable};
+use rustc_middle::ty::{self, AdtKind, DefIdTree, Ty, TyCtxt, TypeFoldable};
 use rustc_span::source_map;
 use rustc_span::symbol::sym;
-use rustc_span::{Span, DUMMY_SP};
+use rustc_span::{Span, Symbol, DUMMY_SP};
 use rustc_target::abi::Abi;
 use rustc_target::abi::{Integer, LayoutOf, TagEncoding, Variants};
 use rustc_target::spec::abi::Abi as SpecAbi;
 
+use if_chain::if_chain;
 use std::cmp;
 use std::iter;
 use std::ops::ControlFlow;
@@ -1379,3 +1381,236 @@ impl<'tcx> LateLintPass<'tcx> for VariantSizeDifferences {
         }
     }
 }
+
+declare_lint! {
+    /// The `invalid_atomic_ordering` lint detects passing an `Ordering`
+    /// to an atomic operation that does not support that ordering.
+    ///
+    /// ### Example
+    ///
+    /// ```rust,compile_fail
+    /// # use core::sync::atomic::{AtomicU8, Ordering};
+    /// let atom = AtomicU8::new(0);
+    /// let value = atom.load(Ordering::Release);
+    /// # let _ = value;
+    /// ```
+    ///
+    /// {{produces}}
+    ///
+    /// ### Explanation
+    ///
+    /// Some atomic operations are only supported for a subset of the
+    /// `atomic::Ordering` variants. Passing an unsupported variant will cause
+    /// an unconditional panic at runtime, which is detected by this lint.
+    ///
+    /// This lint will trigger in the following cases: (where `AtomicType` is an
+    /// atomic type from `core::sync::atomic`, such as `AtomicBool`,
+    /// `AtomicPtr`, `AtomicUsize`, or any of the other integer atomics).
+    ///
+    /// - Passing `Ordering::Acquire` or `Ordering::AcqRel` to
+    ///   `AtomicType::store`.
+    ///
+    /// - Passing `Ordering::Release` or `Ordering::AcqRel` to
+    ///   `AtomicType::load`.
+    ///
+    /// - Passing `Ordering::Relaxed` to `core::sync::atomic::fence` or
+    ///   `core::sync::atomic::compiler_fence`.
+    ///
+    /// - Passing `Ordering::Release` or `Ordering::AcqRel` as the failure
+    ///   ordering for any of `AtomicType::compare_exchange`,
+    ///   `AtomicType::compare_exchange_weak`, or `AtomicType::fetch_update`.
+    ///
+    /// - Passing in a pair of orderings to `AtomicType::compare_exchange`,
+    ///   `AtomicType::compare_exchange_weak`, or `AtomicType::fetch_update`
+    ///   where the failure ordering is stronger than the success ordering.
+    INVALID_ATOMIC_ORDERING,
+    Deny,
+    "usage of invalid atomic ordering in atomic operations and memory fences"
+}
+
+declare_lint_pass!(InvalidAtomicOrdering => [INVALID_ATOMIC_ORDERING]);
+
+impl InvalidAtomicOrdering {
+    fn inherent_atomic_method_call<'hir>(
+        cx: &LateContext<'_>,
+        expr: &Expr<'hir>,
+        recognized_names: &[Symbol], // used for fast path calculation
+    ) -> Option<(Symbol, &'hir [Expr<'hir>])> {
+        const ATOMIC_TYPES: &[Symbol] = &[
+            sym::AtomicBool,
+            sym::AtomicPtr,
+            sym::AtomicUsize,
+            sym::AtomicU8,
+            sym::AtomicU16,
+            sym::AtomicU32,
+            sym::AtomicU64,
+            sym::AtomicU128,
+            sym::AtomicIsize,
+            sym::AtomicI8,
+            sym::AtomicI16,
+            sym::AtomicI32,
+            sym::AtomicI64,
+            sym::AtomicI128,
+        ];
+        if_chain! {
+            if let ExprKind::MethodCall(ref method_path, _, args, _) = &expr.kind;
+            if recognized_names.contains(&method_path.ident.name);
+            if let Some(m_def_id) = cx.typeck_results().type_dependent_def_id(expr.hir_id);
+            if let Some(impl_did) = cx.tcx.impl_of_method(m_def_id);
+            if let Some(adt) = cx.tcx.type_of(impl_did).ty_adt_def();
+            // skip extension traits, only lint functions from the standard library
+            if cx.tcx.trait_id_of_impl(impl_did).is_none();
+
+            if let Some(parent) = cx.tcx.parent(adt.did);
+            if cx.tcx.is_diagnostic_item(sym::atomic_mod, parent);
+            if ATOMIC_TYPES.contains(&cx.tcx.item_name(adt.did));
+            then {
+                return Some((method_path.ident.name, args));
+            }
+        }
+        None
+    }
+
+    fn matches_ordering(cx: &LateContext<'_>, did: DefId, orderings: &[Symbol]) -> bool {
+        let tcx = cx.tcx;
+        let atomic_ordering = tcx.get_diagnostic_item(sym::Ordering);
+        orderings.iter().any(|ordering| {
+            tcx.item_name(did) == *ordering && {
+                let parent = tcx.parent(did);
+                parent == atomic_ordering
+                    // needed in case this is a ctor, not a variant
+                    || parent.map_or(false, |parent| tcx.parent(parent) == atomic_ordering)
+            }
+        })
+    }
+
+    fn opt_ordering_defid(cx: &LateContext<'_>, ord_arg: &Expr<'_>) -> Option<DefId> {
+        if let ExprKind::Path(ref ord_qpath) = ord_arg.kind {
+            cx.qpath_res(ord_qpath, ord_arg.hir_id).opt_def_id()
+        } else {
+            None
+        }
+    }
+
+    fn check_atomic_load_store(cx: &LateContext<'_>, expr: &Expr<'_>) {
+        use rustc_hir::def::{DefKind, Res};
+        use rustc_hir::QPath;
+        if_chain! {
+            if let Some((method, args)) = Self::inherent_atomic_method_call(cx, expr, &[sym::load, sym::store]);
+            if let Some((ordering_arg, invalid_ordering)) = match method {
+                sym::load => Some((&args[1], sym::Release)),
+                sym::store => Some((&args[2], sym::Acquire)),
+                _ => None,
+            };
+
+            if let ExprKind::Path(QPath::Resolved(_, path)) = ordering_arg.kind;
+            if let Res::Def(DefKind::Ctor(..), ctor_id) = path.res;
+            if Self::matches_ordering(cx, ctor_id, &[invalid_ordering, sym::AcqRel]);
+            then {
+                cx.struct_span_lint(INVALID_ATOMIC_ORDERING, ordering_arg.span, |diag| {
+                    if method == sym::load {
+                        diag.build("atomic loads cannot have `Release` or `AcqRel` ordering")
+                            .help("consider using ordering modes `Acquire`, `SeqCst` or `Relaxed`")
+                            .emit()
+                    } else {
+                        debug_assert_eq!(method, sym::store);
+                        diag.build("atomic stores cannot have `Acquire` or `AcqRel` ordering")
+                            .help("consider using ordering modes `Release`, `SeqCst` or `Relaxed`")
+                            .emit();
+                    }
+                });
+            }
+        }
+    }
+
+    fn check_memory_fence(cx: &LateContext<'_>, expr: &Expr<'_>) {
+        if_chain! {
+            if let ExprKind::Call(ref func, ref args) = expr.kind;
+            if let ExprKind::Path(ref func_qpath) = func.kind;
+            if let Some(def_id) = cx.qpath_res(func_qpath, func.hir_id).opt_def_id();
+            if cx.tcx.is_diagnostic_item(sym::fence, def_id) ||
+                cx.tcx.is_diagnostic_item(sym::compiler_fence, def_id);
+            if let ExprKind::Path(ref ordering_qpath) = &args[0].kind;
+            if let Some(ordering_def_id) = cx.qpath_res(ordering_qpath, args[0].hir_id).opt_def_id();
+            if Self::matches_ordering(cx, ordering_def_id, &[sym::Relaxed]);
+            then {
+                cx.struct_span_lint(INVALID_ATOMIC_ORDERING, args[0].span, |diag| {
+                    diag.build("memory fences cannot have `Relaxed` ordering")
+                        .help("consider using ordering modes `Acquire`, `Release`, `AcqRel` or `SeqCst`")
+                        .emit();
+                });
+            }
+        }
+    }
+
+    fn check_atomic_compare_exchange(cx: &LateContext<'_>, expr: &Expr<'_>) {
+        if_chain! {
+            if let Some((method, args)) = Self::inherent_atomic_method_call(cx, expr, &[sym::fetch_update, sym::compare_exchange, sym::compare_exchange_weak]);
+            if let Some((success_order_arg, failure_order_arg)) = match method {
+                sym::fetch_update => Some((&args[1], &args[2])),
+                sym::compare_exchange | sym::compare_exchange_weak => Some((&args[3], &args[4])),
+                _ => None,
+            };
+
+            if let Some(fail_ordering_def_id) = Self::opt_ordering_defid(cx, failure_order_arg);
+            then {
+                // Helper type holding on to some checking and error reporting data. Has
+                // - (success ordering,
+                // - list of failure orderings forbidden by the success order,
+                // - suggestion message)
+                type OrdLintInfo = (Symbol, &'static [Symbol], &'static str);
+                const RELAXED: OrdLintInfo = (sym::Relaxed, &[sym::SeqCst, sym::Acquire], "ordering mode `Relaxed`");
+                const ACQUIRE: OrdLintInfo = (sym::Acquire, &[sym::SeqCst], "ordering modes `Acquire` or `Relaxed`");
+                const SEQ_CST: OrdLintInfo = (sym::SeqCst, &[], "ordering modes `Acquire`, `SeqCst` or `Relaxed`");
+                const RELEASE: OrdLintInfo = (sym::Release, RELAXED.1, RELAXED.2);
+                const ACQREL: OrdLintInfo = (sym::AcqRel, ACQUIRE.1, ACQUIRE.2);
+                const SEARCH: [OrdLintInfo; 5] = [RELAXED, ACQUIRE, SEQ_CST, RELEASE, ACQREL];
+
+                let success_lint_info = Self::opt_ordering_defid(cx, success_order_arg)
+                    .and_then(|success_ord_def_id| -> Option<OrdLintInfo> {
+                        SEARCH
+                            .iter()
+                            .copied()
+                            .find(|(ordering, ..)| {
+                                Self::matches_ordering(cx, success_ord_def_id, &[*ordering])
+                            })
+                    });
+                if Self::matches_ordering(cx, fail_ordering_def_id, &[sym::Release, sym::AcqRel]) {
+                    // If we don't know the success order is, use what we'd suggest
+                    // if it were maximally permissive.
+                    let suggested = success_lint_info.unwrap_or(SEQ_CST).2;
+                    cx.struct_span_lint(INVALID_ATOMIC_ORDERING, failure_order_arg.span, |diag| {
+                        let msg = format!(
+                            "{}'s failure ordering may not be `Release` or `AcqRel`",
+                            method,
+                        );
+                        diag.build(&msg)
+                            .help(&format!("consider using {} instead", suggested))
+                            .emit();
+                    });
+                } else if let Some((success_ord, bad_ords_given_success, suggested)) = success_lint_info {
+                    if Self::matches_ordering(cx, fail_ordering_def_id, bad_ords_given_success) {
+                        cx.struct_span_lint(INVALID_ATOMIC_ORDERING, failure_order_arg.span, |diag| {
+                            let msg = format!(
+                                "{}'s failure ordering may not be stronger than the success ordering of `{}`",
+                                method,
+                                success_ord,
+                            );
+                            diag.build(&msg)
+                                .help(&format!("consider using {} instead", suggested))
+                                .emit();
+                        });
+                    }
+                }
+            }
+        }
+    }
+}
+
+impl<'tcx> LateLintPass<'tcx> for InvalidAtomicOrdering {
+    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
+        Self::check_atomic_load_store(cx, expr);
+        Self::check_memory_fence(cx, expr);
+        Self::check_atomic_compare_exchange(cx, expr);
+    }
+}

compiler/rustc_span/src/symbol.rs

@@ -121,6 +121,8 @@ symbols! {
     // There is currently no checking that all symbols are used; that would be
     // nice to have.
     Symbols {
+        AcqRel,
+        Acquire,
         Alignment,
         Any,
         Arc,
@@ -129,6 +131,20 @@ symbols! {
         Arguments,
         AsMut,
         AsRef,
+        AtomicBool,
+        AtomicI128,
+        AtomicI16,
+        AtomicI32,
+        AtomicI64,
+        AtomicI8,
+        AtomicIsize,
+        AtomicPtr,
+        AtomicU128,
+        AtomicU16,
+        AtomicU32,
+        AtomicU64,
+        AtomicU8,
+        AtomicUsize,
         BTreeEntry,
         BTreeMap,
         BTreeSet,
@@ -215,12 +231,15 @@ symbols! {
         Rc,
         Ready,
         Receiver,
+        Relaxed,
+        Release,
         Result,
         Return,
         Right,
         RustcDecodable,
         RustcEncodable,
         Send,
+        SeqCst,
         Some,
         StructuralEq,
         StructuralPartialEq,
@@ -311,6 +330,8 @@ symbols! {
         assume_init,
         async_await,
         async_closure,
+        atomic,
+        atomic_mod,
         atomics,
         att_syntax,
         attr,
@@ -392,8 +413,12 @@ symbols! {
         coerce_unsized,
         cold,
         column,
+        compare_and_swap,
+        compare_exchange,
+        compare_exchange_weak,
         compile_error,
         compiler_builtins,
+        compiler_fence,
         concat,
         concat_idents,
         conservative_impl_trait,
@@ -578,6 +603,8 @@ symbols! {
         fadd_fast,
         fdiv_fast,
         feature,
+        fence,
+        fetch_update,
         ffi,
         ffi_const,
         ffi_pure,
@@ -731,6 +758,7 @@ symbols! {
         lint_reasons,
         literal,
         llvm_asm,
+        load,
         local,
         local_inner_macros,
         log10f32,
@@ -1220,6 +1248,7 @@ symbols! {
         stmt,
         stmt_expr_attributes,
         stop_after_dataflow,
+        store,
         str,
         str_alloc,
         string_type,