attribute-based contract syntax that desugars into the internal AST extensions added earlier.

Author: pnkfelix

compiler/rustc_ast_lowering/src/item.rs

@@ -215,7 +215,7 @@ impl<'hir> LoweringContext<'_, 'hir> {
                     if let Some(contract) = contract {
                         let requires = contract.requires.clone();
                         let ensures = contract.ensures.clone();
-                        let ensures = if let Some(ens) = ensures {
+                        let ensures = ensures.map(|ens| {
                             // FIXME: this needs to be a fresh (or illegal) identifier to prevent
                             // accidental capture of a parameter or global variable.
                             let checker_ident: Ident =
@@ -226,13 +226,11 @@ impl<'hir> LoweringContext<'_, 'hir> {
                                 hir::BindingMode::NONE,
                             );
 
-                            Some(crate::FnContractLoweringEnsures {
+                            crate::FnContractLoweringEnsures {
                                 expr: ens,
                                 fresh_ident: (checker_ident, checker_pat, checker_hir_id),
-                            })
-                        } else {
-                            None
-                        };
+                            }
+                        });
 
                         // Note: `with_new_scopes` will reinstall the outer
                         // item's contract (if any) after its callback finishes.
@@ -1096,72 +1094,64 @@ impl<'hir> LoweringContext<'_, 'hir> {
             // { body }
             // ==>
             // { rustc_contract_requires(PRECOND); { body } }
-            let result: hir::Expr<'hir> = if let Some(contract) = opt_contract {
-                let lit_unit = |this: &mut LoweringContext<'_, 'hir>| {
-                    this.expr(contract.span, hir::ExprKind::Tup(&[]))
-                };
+            let Some(contract) = opt_contract else { return (params, result) };
 
-                let precond: hir::Stmt<'hir> = if let Some(req) = contract.requires {
-                    let lowered_req = this.lower_expr_mut(&req);
-                    let precond = this.expr_call_lang_item_fn_mut(
-                        req.span,
-                        hir::LangItem::ContractCheckRequires,
-                        &*arena_vec![this; lowered_req],
-                    );
-                    this.stmt_expr(req.span, precond)
-                } else {
-                    let u = lit_unit(this);
-                    this.stmt_expr(contract.span, u)
-                };
+            let lit_unit = |this: &mut LoweringContext<'_, 'hir>| {
+                this.expr(contract.span, hir::ExprKind::Tup(&[]))
+            };
 
-                let (postcond_checker, result) = if let Some(ens) = contract.ensures {
-                    let crate::FnContractLoweringEnsures { expr: ens, fresh_ident } = ens;
-                    let lowered_ens: hir::Expr<'hir> = this.lower_expr_mut(&ens);
-                    let postcond_checker = this.expr_call_lang_item_fn(
-                        ens.span,
-                        hir::LangItem::ContractBuildCheckEnsures,
-                        &*arena_vec![this; lowered_ens],
-                    );
-                    let checker_binding_pat = fresh_ident.1;
-                    (
-                        this.stmt_let_pat(
-                            None,
-                            ens.span,
-                            Some(postcond_checker),
-                            this.arena.alloc(checker_binding_pat),
-                            hir::LocalSource::Contract,
-                        ),
-                        {
-                            let checker_fn =
-                                this.expr_ident(ens.span, fresh_ident.0, fresh_ident.2);
-                            let span = this.mark_span_with_reason(
-                                DesugaringKind::Contract,
-                                ens.span,
-                                None,
-                            );
-                            this.expr_call_mut(
-                                span,
-                                checker_fn,
-                                std::slice::from_ref(this.arena.alloc(result)),
-                            )
-                        },
-                    )
-                } else {
-                    let u = lit_unit(this);
-                    (this.stmt_expr(contract.span, u), result)
-                };
+            let precond: hir::Stmt<'hir> = if let Some(req) = contract.requires {
+                let lowered_req = this.lower_expr_mut(&req);
+                let precond = this.expr_call_lang_item_fn_mut(
+                    req.span,
+                    hir::LangItem::ContractCheckRequires,
+                    &*arena_vec![this; lowered_req],
+                );
+                this.stmt_expr(req.span, precond)
+            } else {
+                let u = lit_unit(this);
+                this.stmt_expr(contract.span, u)
+            };
 
-                let block = this.block_all(
-                    contract.span,
-                    arena_vec![this; precond, postcond_checker],
-                    Some(this.arena.alloc(result)),
+            let (postcond_checker, result) = if let Some(ens) = contract.ensures {
+                let crate::FnContractLoweringEnsures { expr: ens, fresh_ident } = ens;
+                let lowered_ens: hir::Expr<'hir> = this.lower_expr_mut(&ens);
+                let postcond_checker = this.expr_call_lang_item_fn(
+                    ens.span,
+                    hir::LangItem::ContractBuildCheckEnsures,
+                    &*arena_vec![this; lowered_ens],
                 );
-                this.expr_block(block)
+                let checker_binding_pat = fresh_ident.1;
+                (
+                    this.stmt_let_pat(
+                        None,
+                        ens.span,
+                        Some(postcond_checker),
+                        this.arena.alloc(checker_binding_pat),
+                        hir::LocalSource::Contract,
+                    ),
+                    {
+                        let checker_fn = this.expr_ident(ens.span, fresh_ident.0, fresh_ident.2);
+                        let span =
+                            this.mark_span_with_reason(DesugaringKind::Contract, ens.span, None);
+                        this.expr_call_mut(
+                            span,
+                            checker_fn,
+                            std::slice::from_ref(this.arena.alloc(result)),
+                        )
+                    },
+                )
             } else {
-                result
+                let u = lit_unit(this);
+                (this.stmt_expr(contract.span, u), result)
             };
 
-            (params, result)
+            let block = this.block_all(
+                contract.span,
+                arena_vec![this; precond, postcond_checker],
+                Some(this.arena.alloc(result)),
+            );
+            (params, this.expr_block(block))
         })
     }
 

compiler/rustc_builtin_macros/src/contracts.rs

@@ -0,0 +1,172 @@
+#![allow(unused_imports, unused_variables)]
+
+use rustc_ast::token;
+use rustc_ast::tokenstream::{DelimSpacing, DelimSpan, Spacing, TokenStream, TokenTree};
+use rustc_errors::ErrorGuaranteed;
+use rustc_expand::base::{AttrProcMacro, ExtCtxt};
+use rustc_span::Span;
+use rustc_span::symbol::{Ident, Symbol, kw, sym};
+
+pub(crate) struct ExpandRequires;
+
+pub(crate) struct ExpandEnsures;
+
+impl AttrProcMacro for ExpandRequires {
+    fn expand<'cx>(
+        &self,
+        ecx: &'cx mut ExtCtxt<'_>,
+        span: Span,
+        annotation: TokenStream,
+        annotated: TokenStream,
+    ) -> Result<TokenStream, ErrorGuaranteed> {
+        expand_requires_tts(ecx, span, annotation, annotated)
+    }
+}
+
+impl AttrProcMacro for ExpandEnsures {
+    fn expand<'cx>(
+        &self,
+        ecx: &'cx mut ExtCtxt<'_>,
+        span: Span,
+        annotation: TokenStream,
+        annotated: TokenStream,
+    ) -> Result<TokenStream, ErrorGuaranteed> {
+        expand_ensures_tts(ecx, span, annotation, annotated)
+    }
+}
+
+fn expand_injecting_circa_where_clause(
+    _ecx: &mut ExtCtxt<'_>,
+    attr_span: Span,
+    annotated: TokenStream,
+    inject: impl FnOnce(&mut Vec<TokenTree>) -> Result<(), ErrorGuaranteed>,
+) -> Result<TokenStream, ErrorGuaranteed> {
+    let mut new_tts = Vec::with_capacity(annotated.len());
+    let mut cursor = annotated.into_trees();
+
+    // Find the `fn name<G,...>(x:X,...)` and inject the AST contract forms right after
+    // the formal parameters (and return type if any).
+    while let Some(tt) = cursor.next_ref() {
+        new_tts.push(tt.clone());
+        if let TokenTree::Token(tok, _) = tt
+            && tok.is_ident_named(kw::Fn)
+        {
+            break;
+        }
+    }
+
+    // Found the `fn` keyword, now find the formal parameters.
+    //
+    // FIXME: can this fail if you have parentheticals in a generics list, like `fn foo<F: Fn(X) -> Y>` ?
+    while let Some(tt) = cursor.next_ref() {
+        new_tts.push(tt.clone());
+
+        if let TokenTree::Delimited(_, _, token::Delimiter::Parenthesis, _) = tt {
+            break;
+        }
+        if let TokenTree::Token(token::Token { kind: token::TokenKind::Semi, .. }, _) = tt {
+            panic!("contract attribute applied to fn without parameter list.");
+        }
+    }
+
+    // There *might* be a return type declaration (and figuring out where that ends would require
+    // parsing an arbitrary type expression, e.g. `-> Foo<args ...>`
+    //
+    // Instead of trying to figure that out, scan ahead and look for the first occurence of a
+    // `where`, a `{ ... }`, or a `;`.
+    //
+    // FIXME: this might still fall into a trap for something like `-> Ctor<T, const { 0 }>`. I
+    // *think* such cases must be under a Delimited (e.g. `[T; { N }]` or have the braced form
+    // prefixed by e.g. `const`, so we should still be able to filter them out without having to
+    // parse the type expression itself. But rather than try to fix things with hacks like that,
+    // time might be better spent extending the attribute expander to suport tt-annotation atop
+    // ast-annotated, which would be an elegant way to sidestep all of this.
+    let mut opt_next_tt = cursor.next_ref();
+    while let Some(next_tt) = opt_next_tt {
+        if let TokenTree::Token(tok, _) = next_tt
+            && tok.is_ident_named(kw::Where)
+        {
+            break;
+        }
+        if let TokenTree::Delimited(_, _, token::Delimiter::Brace, _) = next_tt {
+            break;
+        }
+        if let TokenTree::Token(token::Token { kind: token::TokenKind::Semi, .. }, _) = next_tt {
+            break;
+        }
+
+        // for anything else, transcribe the tt and keep looking.
+        new_tts.push(next_tt.clone());
+        opt_next_tt = cursor.next_ref();
+        continue;
+    }
+
+    // At this point, we've transcribed everything from the `fn` through the formal parameter list
+    // and return type declaration, (if any), but `tt` itself has *not* been transcribed.
+    //
+    // Now inject the AST contract form.
+    //
+    // FIXME: this kind of manual token tree munging does not have significant precedent among
+    // rustc builtin macros, probably because most builtin macros use direct AST manipulation to
+    // accomplish similar goals. But since our attributes need to take arbitrary expressions, and
+    // our attribute infrastructure does not yet support mixing a token-tree annotation with an AST
+    // annotated, we end up doing token tree manipulation.
+    inject(&mut new_tts)?;
+
+    // Above we injected the internal AST requires/ensures contruct. Now copy over all the other
+    // token trees.
+    if let Some(tt) = opt_next_tt {
+        new_tts.push(tt.clone());
+    }
+    while let Some(tt) = cursor.next_ref() {
+        new_tts.push(tt.clone());
+    }
+
+    Ok(TokenStream::new(new_tts))
+}
+
+fn expand_requires_tts(
+    _ecx: &mut ExtCtxt<'_>,
+    attr_span: Span,
+    annotation: TokenStream,
+    annotated: TokenStream,
+) -> Result<TokenStream, ErrorGuaranteed> {
+    expand_injecting_circa_where_clause(_ecx, attr_span, annotated, |new_tts| {
+        new_tts.push(TokenTree::Token(
+            token::Token::from_ast_ident(Ident::new(kw::RustcContractRequires, attr_span)),
+            Spacing::Joint,
+        ));
+        new_tts.push(TokenTree::Token(
+            token::Token::new(token::TokenKind::OrOr, attr_span),
+            Spacing::Alone,
+        ));
+        new_tts.push(TokenTree::Delimited(
+            DelimSpan::from_single(attr_span),
+            DelimSpacing::new(Spacing::JointHidden, Spacing::JointHidden),
+            token::Delimiter::Parenthesis,
+            annotation,
+        ));
+        Ok(())
+    })
+}
+
+fn expand_ensures_tts(
+    _ecx: &mut ExtCtxt<'_>,
+    attr_span: Span,
+    annotation: TokenStream,
+    annotated: TokenStream,
+) -> Result<TokenStream, ErrorGuaranteed> {
+    expand_injecting_circa_where_clause(_ecx, attr_span, annotated, |new_tts| {
+        new_tts.push(TokenTree::Token(
+            token::Token::from_ast_ident(Ident::new(kw::RustcContractEnsures, attr_span)),
+            Spacing::Joint,
+        ));
+        new_tts.push(TokenTree::Delimited(
+            DelimSpan::from_single(attr_span),
+            DelimSpacing::new(Spacing::JointHidden, Spacing::JointHidden),
+            token::Delimiter::Parenthesis,
+            annotation,
+        ));
+        Ok(())
+    })
+}

compiler/rustc_builtin_macros/src/lib.rs

@@ -55,6 +55,7 @@ mod trace_macros;
 
 pub mod asm;
 pub mod cmdline_attrs;
+pub mod contracts;
 pub mod proc_macro_harness;
 pub mod standard_library_imports;
 pub mod test_harness;
@@ -137,4 +138,8 @@ pub fn register_builtin_macros(resolver: &mut dyn ResolverExpand) {
 
     let client = proc_macro::bridge::client::Client::expand1(proc_macro::quote);
     register(sym::quote, SyntaxExtensionKind::Bang(Box::new(BangProcMacro { client })));
+    let requires = SyntaxExtensionKind::Attr(Box::new(contracts::ExpandRequires));
+    register(sym::contracts_requires, requires);
+    let ensures = SyntaxExtensionKind::Attr(Box::new(contracts::ExpandEnsures));
+    register(sym::contracts_ensures, ensures);
 }

compiler/rustc_span/src/symbol.rs

@@ -682,6 +682,8 @@ symbols! {
         contract_check_ensures,
         contract_check_requires,
         contract_checks,
+        contracts_ensures,
+        contracts_requires,
         convert_identity,
         copy,
         copy_closures,

library/core/src/contracts.rs

@@ -1,5 +1,10 @@
 //! Unstable module containing the unstable contracts lang items and attribute macros.
 
+#[cfg(not(bootstrap))]
+pub use crate::macros::builtin::contracts_ensures as ensures;
+#[cfg(not(bootstrap))]
+pub use crate::macros::builtin::contracts_requires as requires;
+
 /// Emitted by rustc as a desugaring of `#[requires(PRED)] fn foo(x: X) { ... }`
 /// into: `fn foo(x: X) { check_requires(|| PRED) ... }`
 #[cfg(not(bootstrap))]

library/core/src/macros/mod.rs

@@ -1777,6 +1777,32 @@ pub(crate) mod builtin {
         /* compiler built-in */
     }
 
+    /// Attribute macro applied to a function to give it a post-condition.
+    ///
+    /// The attribute carries an argument token-tree which is
+    /// eventually parsed as a unary closure expression that is
+    /// invoked on a reference to the return value.
+    #[cfg(not(bootstrap))]
+    #[unstable(feature = "rustc_contracts", issue = "none")]
+    #[allow_internal_unstable(core_intrinsics)]
+    #[rustc_builtin_macro]
+    pub macro contracts_ensures($item:item) {
+        /* compiler built-in */
+    }
+
+    /// Attribute macro applied to a function to give it a precondition.
+    ///
+    /// The attribute carries an argument token-tree which is
+    /// eventually parsed as an boolean expression with access to the
+    /// function's formal parameters
+    #[cfg(not(bootstrap))]
+    #[unstable(feature = "rustc_contracts", issue = "none")]
+    #[allow_internal_unstable(core_intrinsics)]
+    #[rustc_builtin_macro]
+    pub macro contracts_requires($item:item) {
+        /* compiler built-in */
+    }
+
     /// Attribute macro applied to a function to register it as a handler for allocation failure.
     ///
     /// See also [`std::alloc::handle_alloc_error`](../../../std/alloc/fn.handle_alloc_error.html).