Fix #99684 through autoref in write! macro with a two-phased borrows retrocompat workaround

[danielhenrymantilla]

Fixes #99684, using the idea suggested over #99684 (comment) by @eddyb, and implemented by @dtolnay to test its viability.

On top of that, it does use a two phased borrows retrocompat workaround (imho, the write! family of macros supporting two-phased borrows to begin with is quite surprising —could we have a FCW against it?).

• For those currently really wanting two-phased borrows semantics, it's easy to rewrite the code so that it fits the special rule (use a new binding for the target of write!);

EDIT: as it is implemented now, it should be quite robust and tackle the expected semantics 🙂

[danielhenrymantilla]

I think it could be interesting to have a crater run for this approach, seems it seems better than reverting dtolnay's drop-temporaries improvements

[eddyb]

It does use a two phased borrows retrocompat "hack", which may not be pretty, but the write! family of macros supporting two-phased borrows to begin with is quite surprising (could we have a FCW against it?).

Is there a typo here? I'm pretty sure my approach doesn't handle two-phased borrows, just the autoref semantics of not needing &mut references to be held in mutable places.

Also, for the record, there are possible variations on both the names of any of the helper definitions, and whether the generic parameter "seal" hack uses a const or a type (bound by a sealed trait), so don't take the initial demo I posted as fixed in stone.

Since some macro shenanigans are involved, cc @petrochenkov.

[danielhenrymantilla]

I had phrased it ambiguously, I've edited to clarify:

1. this PR features your suggestion, which fixes the regression
2. But, in turn, it introduces a regression with 2-phased-borrows, as dtolnay pointed out (think write!(f, "{}", f.count)), since we are no longer inlining the receiver for the method;
3. I tackle that aspect, partially¹, by using a syntatical rule/heuristic that detects places, which replaces the match autoref behavior with the initial $dst.write... implementation

Footnotes

1. I haven't been able to handle .0 / tuple indexing yet, which is the part that bothers me. But I may have a follow-up commit to handle that ↩

[dtolnay]

This looks promising to me.

Some edge cases where this would still cause breakage— unclear how widespread these would be.

---

1. write_fmt that takes self by value. The autoref thing indiscriminately turns everything into a reference.

use std::fmt;

struct Out;

impl Out {
    fn write_fmt(self, _args: fmt::Arguments) {
        unimplemented!()
    }
}

fn main() {
    let out = || Out;
    write!(out(), "...");
}

error[E0507]: cannot move out of `*_dst` which is behind a mutable reference
  --> src/main.rs:13:5
   |
13 |     write!(out(), "...");
   |     ^^^^^^^^^^^^^^^^^^^^ move occurs because `*_dst` has type `Out`, which does not implement the `Copy` trait
   |
   = note: this error originates in the macro `write` (in Nightly builds, run with -Z macro-backtrace for more info)

---

2. 2φ borrows within a tuple struct (as you already called out).

use std::fmt;

struct Out {
    val: usize,
}

impl Out {
    fn write_fmt(&mut self, _args: fmt::Arguments) {
        unimplemented!()
    }
}

struct Thing(Out);

fn main() {
    let mut thing = Thing(Out { val: 0 });

    write!(thing.0, "{}", {thing.0.val});
}

error[E0503]: cannot use `thing.0.val` because it was mutably borrowed
  --> src/main.rs:18:28
   |
18 |     write!(thing.0, "{}", {thing.0.val});
   |     -----------------------^^^^^^^^^^^--
   |     |                      |
   |     |                      use of borrowed `thing.0`
   |     borrow of `thing.0` occurs here
   |     borrow later used by call

---

3. 2φ borrows which are not of the form $($dst_place:tt).+.

use std::fmt;

struct Out {
    val: usize,
}

impl Out {
    fn write_fmt(&mut self, _args: fmt::Arguments) {
        unimplemented!()
    }
}

fn main() {
    let mut out = [Out { val: 0 }];

    write!(out[0], "{}", {out[0].val});
}

error[E0503]: cannot use `out[_].val` because it was mutably borrowed
  --> src/main.rs:16:27
   |
16 |     write!(out[0], "{}", {out[0].val});
   |     ----------------------^^^^^^^^^^--
   |     |                     |
   |     |                     use of borrowed `out[_]`
   |     borrow of `out[_]` occurs here
   |     borrow later used by call

[rustbot]

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

• Stabilizing library features
• Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
• Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
• Changing public documentation in ways that create new stability guarantees
• Changing observable runtime behavior of library APIs

[danielhenrymantilla]

Now that tuple indexing is covered as well, I feel more confident about this PR 🙂.

Regarding commit history, I was thinking of squashing all the intermediary commits together, to end up with something along the lines of:

1. dtolnay & eddyb autoref idea (maybe with the stability annotations fix squashed onto it)
2. my value expr heuristic extra rule
3. tweaking the test case accordingly

Thoughts?

[danielhenrymantilla]

(cleaned up the commit history; the original one is available at b3bdbef)

[eddyb]

_dst is guaranteed to be &mut _, doesn't that mean the mut here is redundant?
(Also, is that why you had to add a _ prefix? Doesn't really seem needed otherwise AFAICT)

[JohnCSimon]

triage:
@danielhenrymantilla ☝️ - can you address this? thanks

[danielhenrymantilla]

Ah, yes, sorry, I had completely forgotten about this comment 😅. So the thing is that sometimes you do need a nested &mut, such as for the [u8] :! Write-but-&'_ mut [u8] : Write case:

let mut buf: &mut [u8] = ...;
buf.write_fmt(...) // resolves to `<&mut [u8] as io::Write>::write_fmt(&mut buf : &mut &mut [u8], ...)`
// vs
match buf.autoref() { // here, the identity function: `match identity::<&mut [u8]>(buf) {`
    _buf: &mut [u8] => _buf.write_fmt(...), // we need the *nested* `&mut` => `_buf` needs to be `mut`
                    // <&mut [u8] as io::Write>::write_fmt(&mut _buf, ...)

• Demo

So the mut is necessary here, but since it's very often unnecessary as well, we need to use either #[allow(unused_mut)] or a _-prefixed binding name (ideally this macro-generated stuff would not lint altogether, although I guess it's not possible for core / the crate where the macro is defined).
I went for _-prefixed as a personal choice since it yields slightly more lightweight code, but I can very well change it to the allow

[rust-log-analyzer]

The job mingw-check failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

    Checking hir-expand v0.0.0 (/checkout/src/tools/rust-analyzer/crates/hir-expand)
   Compiling proc-macro-test v0.0.0 (/checkout/src/tools/rust-analyzer/crates/proc-macro-test)
    Checking hir-def v0.0.0 (/checkout/src/tools/rust-analyzer/crates/hir-def)
    Checking proc-macro-srv-cli v0.0.0 (/checkout/src/tools/rust-analyzer/crates/proc-macro-srv-cli)
error[E0502]: cannot borrow `*self.body` as immutable because it is also borrowed as mutable
   --> crates/hir-def/src/body/pretty.rs:135:38
    |
135 |                     w!(self, "{}: ", self.body[*lbl].name);
    |                                      ^^^^^^^^^ immutable borrow occurs here
   ::: /checkout/library/core/src/ops/autoref.rs:45:5
    |
    |
45  |     $x.__rustc_unstable_auto_ref_mut_helper::<{ $crate::ops::autoref::UnstableMethodSeal }>()
    |     ----------------------------------------------------------------------------------------- mutable borrow occurs here
   ::: /checkout/library/core/src/macros/mod.rs:547:35
    |
    |
547 |                 let result = _dst.write_fmt($crate::format_args!($($arg)*));
    |                                   --------- mutable borrow later used by call

error[E0502]: cannot borrow `*self.body` as immutable because it is also borrowed as mutable
   --> crates/hir-def/src/body/pretty.rs:142:38
    |
142 |                     w!(self, "{}: ", self.body[*lbl].name);
    |                                      ^^^^^^^^^ immutable borrow occurs here
   ::: /checkout/library/core/src/ops/autoref.rs:45:5
    |
    |
45  |     $x.__rustc_unstable_auto_ref_mut_helper::<{ $crate::ops::autoref::UnstableMethodSeal }>()
    |     ----------------------------------------------------------------------------------------- mutable borrow occurs here
   ::: /checkout/library/core/src/macros/mod.rs:547:35
    |
    |
547 |                 let result = _dst.write_fmt($crate::format_args!($($arg)*));
    |                                   --------- mutable borrow later used by call

error[E0502]: cannot borrow `*self.body` as immutable because it is also borrowed as mutable
   --> crates/hir-def/src/body/pretty.rs:150:38
    |
150 |                     w!(self, "{}: ", self.body[*lbl].name);
    |                                      ^^^^^^^^^ immutable borrow occurs here
   ::: /checkout/library/core/src/ops/autoref.rs:45:5
    |
    |
45  |     $x.__rustc_unstable_auto_ref_mut_helper::<{ $crate::ops::autoref::UnstableMethodSeal }>()
    |     ----------------------------------------------------------------------------------------- mutable borrow occurs here
   ::: /checkout/library/core/src/macros/mod.rs:547:35
    |
    |
547 |                 let result = _dst.write_fmt($crate::format_args!($($arg)*));
    |                                   --------- mutable borrow later used by call

error[E0502]: cannot borrow `*self.body` as immutable because it is also borrowed as mutable
   --> crates/hir-def/src/body/pretty.rs:409:38
    |
409 |                     w!(self, "{}: ", self.body[*lbl].name);
    |                                      ^^^^^^^^^ immutable borrow occurs here
   ::: /checkout/library/core/src/ops/autoref.rs:45:5
    |
    |
45  |     $x.__rustc_unstable_auto_ref_mut_helper::<{ $crate::ops::autoref::UnstableMethodSeal }>()
    |     ----------------------------------------------------------------------------------------- mutable borrow occurs here
   ::: /checkout/library/core/src/macros/mod.rs:547:35
    |
    |
547 |                 let result = _dst.write_fmt($crate::format_args!($($arg)*));
    |                                   --------- mutable borrow later used by call
For more information about this error, try `rustc --explain E0502`.
For more information about this error, try `rustc --explain E0502`.
error: could not compile `hir-def` due to 4 previous errors
warning: build failed, waiting for other jobs to finish...
error: could not compile `hir-def` due to 4 previous errors

[bors]

☔ The latest upstream changes (presumably #105667) made this pull request unmergeable. Please resolve the merge conflicts.

[pnkfelix]

r? @pnkfelix

[pnkfelix]

I've started doing some review of this PR.

My current slight concern is that there seems like there was a broad set of behaviors presented in the tables on the descriptions of PR #96455 and PR #99689, but this specific PR shows only one existing test changing its behavior, namely:
src/test/ui/macros/format-args-temporaries-in-write.rs. Furthermore, the comment thread on this PR implies there may be corner cases that were once unhandled (but now are handled), and others that remain unhandled, but it is not yet clear to me if those corner cases are encoded via unit tests.

Also, this PR rewrites that existing test rather than adding a new case to it. I'm not sure whether the change to the existing test is a pure generalization, or is meant to make the overall behavior clearer, or is a fundamental change to what cases are covered by the test (which would be bad if the new set of cases is not a superset of the old set of cases).

I'm still digging in, since I haven't fully grokked how to map the tables from PR #96455 and PR #99689 into the actual test code that landed in PR #99689; I'm hoping the fact that the single changed test in this PR (PR #100202) is one of the tests added in PR #99689 is actually a good sign in terms of overall coverage here. So, I will keep digging and establish how to map the tables to the tests, and then work my way up from there.

[pnkfelix]

Instead of rewriting the test in this manner (which I believe was intended to show a generalization of the desired behavior), I recommend keeping the existing test structure (i.e. have fn lock return MutexGuard (where the <'a> is elided in the return type signature), and then add your variant (that instead returns impl '_ + Display) as a second separate structure in this same single test file. That way, you get the coverage you're looking for, but people who are looking through the history of this issue will be able to more immediately map the original discussions to the MutexGuard test that will remain encoded in the test.

[pnkfelix]

I think it would be good to encode the concrete demo demonstrating the change in order that this PR causes to happen.

You can see an explanation of it for print! in dtolnay's comment over here: #96455 (comment)

(I'd recommend adapting that code into a test on its own, and then generalizing it to cover write! and print!, etc.)

But, since I'm not involved on T-libs, I'm not certain whether they were making a deliberate choice to not encode this as a test, so I opened up a zulip topic asking if this was a choice to leave it unencoded as a test, or just considered not important to test directly; see here: https://rust-lang.zulipchat.com/#narrow/stream/219381-t-libs/topic/drop.20timing.20for.20write.2Fprint.20macros.20.2396455/near/327621973

[pnkfelix]

Also, the build is failing, as described in the CI comment above

Moving this back to S-waiting-on-author

@rustbot label: +S-waiting-on-author -S-waiting-on-review

[danielhenrymantilla]

Hmm, I'm a bit out of bandwidth to go back to this, especially given how the initial motivation of the PR (avoiding a revert which afterwards ended up happening anyways) is no longer there: at that point the "hack" in this PR may no longer be worth it. Thanks for the review @pnkfelix, and I apologize for having made you spend time on it 🙇 (in hindsight I should have closed this earlier, but it just totally fell off my radar)