Add helper trait that restricts lifetimes and extra predicates to ensure soundness

Author: oli-obk

compiler/rustc_hir/src/lang_items.rs

@@ -189,6 +189,8 @@ language_item_table! {
     CoerceUnsized,           sym::coerce_unsized,      coerce_unsized_trait,       Target::Trait,          GenericRequirement::Minimum(1);
     DispatchFromDyn,         sym::dispatch_from_dyn,   dispatch_from_dyn_trait,    Target::Trait,          GenericRequirement::Minimum(1);
 
+    TryAsDyn,                sym::try_as_dyn,          try_as_dyn,                 Target::Trait,          GenericRequirement::Exact(1);
+
     // lang items relating to transmutability
     TransmuteOpts,           sym::transmute_opts,      transmute_opts,             Target::Struct,         GenericRequirement::Exact(0);
     TransmuteTrait,          sym::transmute_trait,     transmute_trait,            Target::Trait,          GenericRequirement::Exact(2);

compiler/rustc_middle/src/traits/select.rs

@@ -180,6 +180,8 @@ pub enum SelectionCandidate<'tcx> {
     BuiltinUnsizeCandidate,
 
     BikeshedGuaranteedNoDropCandidate,
+
+    TryAsDynCandidate,
 }
 
 /// The result of trait evaluation. The order is important

compiler/rustc_middle/src/ty/context/impl_interner.rs

@@ -875,6 +875,7 @@ bidirectional_lang_item_map! {
     Sized,
     TransmuteTrait,
     TrivialClone,
+    TryAsDyn,
     Tuple,
     Unpin,
     Unsize,

compiler/rustc_middle/src/ty/mod.rs

@@ -299,8 +299,9 @@ pub struct ImplTraitHeader<'tcx> {
 impl<'tcx> ImplTraitHeader<'tcx> {
     /// For trait impls, checks whether
     /// * the type and trait only use generic lifetime arguments (and no concrete ones like `'static`), and
-    /// * uses each generic param (lifetime or type) only once.
-    /// Pessimistic analysis, so it will reject alias types
+    /// * uses any generic param (lifetime or type) only once.
+    ///
+    /// This is a pessimistic analysis, so it will reject alias types
     /// and other types that may be actually ok. We can allow more in the future.
     ///
     /// Constants (associated or generic) are irrelevant for this analysis, as their value is neither
@@ -322,14 +323,12 @@ impl<'tcx> ImplTraitHeader<'tcx> {
                             ControlFlow::Break(())
                         }
                     }
-                    RegionKind::ReBound(..) | RegionKind::ReLateParam(_) => {
-                        ControlFlow::Continue(())
-                    }
-                    RegionKind::ReStatic
-                    | RegionKind::ReVar(_)
+                    RegionKind::ReBound(..) => ControlFlow::Continue(()),
+                    RegionKind::ReStatic | RegionKind::ReError(_) => ControlFlow::Break(()),
+                    RegionKind::ReVar(_)
                     | RegionKind::RePlaceholder(_)
                     | RegionKind::ReErased
-                    | RegionKind::ReError(_) => ControlFlow::Break(()),
+                    | RegionKind::ReLateParam(_) => bug!("unexpected lifetime in impl: {r:?}"),
                 }
             }
 

compiler/rustc_next_trait_solver/src/solve/assembly/mod.rs

@@ -365,6 +365,11 @@ where
         goal: Goal<I, Self>,
     ) -> Result<Candidate<I>, NoSolutionOrRerunNonErased>;
 
+    fn consider_builtin_try_as_dyn_candidate(
+        ecx: &mut EvalCtxt<'_, D>,
+        goal: Goal<I, Self>,
+    ) -> Result<Candidate<I>, NoSolutionOrRerunNonErased>;
+
     /// Consider (possibly several) candidates to upcast or unsize a type to another
     /// type, excluding the coercion of a sized type into a `dyn Trait`.
     ///
@@ -573,6 +578,14 @@ where
         let cx = self.cx();
         let trait_def_id = goal.predicate.trait_def_id(cx);
 
+        // Builtin impls regularly are not `is_fully_generic_for_reflection`, so instead
+        // of trying to handle these manually, we just reject all builtin impls in reflection
+        // mode. We can probably lift this restriction for specific cases, but this is safer.
+        // See `try_as_dyn_builtin_impl` for how just allowing all builtin impls is unsound.
+        if self.typing_mode().is_reflection() {
+            return Ok(());
+        }
+
         // N.B. When assembling built-in candidates for lang items that are also
         // `auto` traits, then the auto trait candidate that is assembled in
         // `consider_auto_trait_candidate` MUST be disqualified to remain sound.
@@ -665,6 +678,9 @@ where
                 Some(SolverTraitLangItem::BikeshedGuaranteedNoDrop) => {
                     G::consider_builtin_bikeshed_guaranteed_no_drop_candidate(self, goal)
                 }
+                Some(SolverTraitLangItem::TryAsDyn) => {
+                    G::consider_builtin_try_as_dyn_candidate(self, goal)
+                }
                 Some(SolverTraitLangItem::Field) => G::consider_builtin_field_candidate(self, goal),
                 _ => Err(NoSolution.into()),
             }
@@ -869,6 +885,14 @@ where
             return;
         }
 
+        // Builtin impls regularly are not `is_fully_generic_for_reflection`, so instead
+        // of trying to handle these manually, we just reject all builtin impls in reflection
+        // mode. We can probably lift this restriction for specific cases, but this is safer.
+        // See `try_as_dyn_builtin_impl` for how just allowing all builtin impls is unsound.
+        if self.typing_mode().is_reflection() {
+            return;
+        }
+
         let self_ty = goal.predicate.self_ty();
         let bounds = match self_ty.kind() {
             ty::Bool

compiler/rustc_next_trait_solver/src/solve/effect_goals.rs

@@ -451,6 +451,13 @@ where
         unreachable!("BikeshedGuaranteedNoDrop is not const");
     }
 
+    fn consider_builtin_try_as_dyn_candidate(
+        _ecx: &mut EvalCtxt<'_, D>,
+        goal: Goal<I, Self>,
+    ) -> Result<Candidate<I>, NoSolutionOrRerunNonErased> {
+        unreachable!("`TryAsDynCompat` is not const: {:?}", goal)
+    }
+
     fn consider_structural_builtin_unsize_candidates(
         _ecx: &mut EvalCtxt<'_, D>,
         _goal: Goal<I, Self>,

compiler/rustc_next_trait_solver/src/solve/normalizes_to.rs

@@ -1076,6 +1076,13 @@ where
             ecx.evaluate_added_goals_and_make_canonical_response(Certainty::Yes)
         })
     }
+
+    fn consider_builtin_try_as_dyn_candidate(
+        _ecx: &mut EvalCtxt<'_, D>,
+        _goal: Goal<I, Self>,
+    ) -> Result<Candidate<I>, NoSolutionOrRerunNonErased> {
+        unreachable!("try_as_dyn helper trait doesn't have assoc types")
+    }
 }
 
 impl<D, I> EvalCtxt<'_, D>

compiler/rustc_next_trait_solver/src/solve/trait_goals.rs

@@ -10,8 +10,9 @@ use rustc_type_ir::solve::{
     RerunReason, RerunResultExt, SizedTraitKind,
 };
 use rustc_type_ir::{
-    self as ty, FieldInfo, Interner, MayBeErased, Movability, PredicatePolarity, TraitPredicate,
-    TraitRef, TypeVisitableExt as _, TypingMode, Unnormalized, Upcast as _, elaborate,
+    self as ty, ExistentialPredicate, FieldInfo, Interner, MayBeErased, Movability,
+    PredicatePolarity, TraitPredicate, TraitRef, TypeVisitableExt as _, TypingMode, Unnormalized,
+    Upcast as _, elaborate,
 };
 use tracing::{debug, instrument, trace, warn};
 
@@ -874,6 +875,49 @@ where
         }
     }
 
+    fn consider_builtin_try_as_dyn_candidate(
+        ecx: &mut EvalCtxt<'_, D>,
+        goal: Goal<I, Self>,
+    ) -> Result<Candidate<I>, NoSolutionOrRerunNonErased> {
+        if goal.predicate.polarity != ty::PredicatePolarity::Positive {
+            return Err(NoSolution.into());
+        }
+        let cx = ecx.cx();
+
+        ecx.probe_builtin_trait_candidate(BuiltinImplSource::Misc).enter(|ecx| {
+            let self_ty = goal.predicate.self_ty();
+            let ty_lifetime = goal.predicate.trait_ref.args.region_at(1);
+            match self_ty.kind() {
+                ty::Dynamic(bounds, lifetime) => {
+                    for bound in bounds.iter() {
+                        match bound.skip_binder() {
+                            ExistentialPredicate::Trait(_) => {}
+                            // FIXME(try_as_dyn): check what kind of projections we can allow
+                            ExistentialPredicate::Projection(_) => return Err(NoSolution.into()),
+                            // Auto traits do not affect lifetimes outside of specialization,
+                            // which is disabled in reflection.
+                            ExistentialPredicate::AutoTrait(_) => {}
+                        }
+                    }
+                    ecx.add_goal(
+                        GoalSource::Misc,
+                        goal.with(cx, ty::OutlivesPredicate(ty_lifetime, lifetime)),
+                    );
+                    ecx.evaluate_added_goals_and_make_canonical_response(Certainty::Yes)
+                }
+
+                ty::Bound(..)
+                | ty::Infer(
+                    ty::TyVar(_) | ty::FreshTy(_) | ty::FreshIntTy(_) | ty::FreshFloatTy(_),
+                ) => {
+                    panic!("unexpected type `{self_ty:?}`")
+                }
+
+                _ => Err(NoSolution.into()),
+            }
+        })
+    }
+
     fn consider_builtin_field_candidate(
         ecx: &mut EvalCtxt<'_, D>,
         goal: Goal<I, Self>,

compiler/rustc_span/src/symbol.rs

@@ -2122,6 +2122,7 @@ symbols! {
         truncf32,
         truncf64,
         truncf128,
+        try_as_dyn,
         try_blocks,
         try_blocks_heterogeneous,
         try_capture,

compiler/rustc_trait_selection/src/traits/select/candidate_assembly.rs

@@ -15,7 +15,8 @@ use rustc_hir::{self as hir, CoroutineDesugaring, CoroutineKind};
 use rustc_infer::traits::{Obligation, PolyTraitObligation, PredicateObligation, SelectionError};
 use rustc_middle::ty::fast_reject::DeepRejectCtxt;
 use rustc_middle::ty::{
-    self, FieldInfo, SizedTraitKind, TraitRef, Ty, TypeVisitableExt, elaborate,
+    self, ExistentialPredicate, FieldInfo, SizedTraitKind, TraitRef, Ty, TypeVisitableExt,
+    elaborate,
 };
 use rustc_middle::{bug, span_bug};
 use rustc_span::DUMMY_SP;
@@ -132,6 +133,9 @@ impl<'cx, 'tcx> SelectionContext<'cx, 'tcx> {
                         &mut candidates,
                     );
                 }
+                Some(LangItem::TryAsDyn) => {
+                    self.assemble_candidates_for_try_as_dyn(obligation, &mut candidates);
+                }
                 Some(LangItem::Field) => {
                     self.assemble_candidates_for_field_trait(obligation, &mut candidates);
                 }
@@ -1450,6 +1454,34 @@ impl<'cx, 'tcx> SelectionContext<'cx, 'tcx> {
         }
     }
 
+    fn assemble_candidates_for_try_as_dyn(
+        &mut self,
+        obligation: &PolyTraitObligation<'tcx>,
+        candidates: &mut SelectionCandidateSet<'tcx>,
+    ) {
+        match *obligation.predicate.self_ty().skip_binder().kind() {
+            ty::Dynamic(bounds, _lifetime) => {
+                for bound in bounds {
+                    match bound.skip_binder() {
+                        ExistentialPredicate::Trait(_) => {}
+                        // FIXME(try_as_dyn): check what kind of projections we can allow
+                        ExistentialPredicate::Projection(_) => return,
+                        // Auto traits do not affect lifetimes outside of specialization,
+                        // which is disabled in reflection.
+                        ExistentialPredicate::AutoTrait(_) => {}
+                    }
+                }
+                candidates.vec.push(TryAsDynCandidate);
+            }
+
+            ty::Infer(ty::TyVar(_) | ty::FreshTy(_) | ty::FreshIntTy(_) | ty::FreshFloatTy(_)) => {
+                candidates.ambiguous = true;
+            }
+
+            _ => {}
+        }
+    }
+
     fn assemble_candidates_for_field_trait(
         &mut self,
         obligation: &PolyTraitObligation<'tcx>,