From e9d7a3582dceb9e981de3fa9afdb4c92c91c4544 Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Tue, 3 Dec 2024 17:32:16 +0100 Subject: [PATCH 1/8] Check ref safety of arg mixing in collection initializers --- .../Portable/Binder/Binder.ValueChecks.cs | 137 +++++++++++--- .../Portable/Binder/Binder_Expressions.cs | 1 + .../Portable/Binder/RefSafetyAnalysis.cs | 13 +- .../CSharp/Portable/BoundTree/BoundNodes.xml | 2 + .../Generated/BoundNodes.xml.Generated.cs | 17 +- ...ObjectOrCollectionInitializerExpression.cs | 2 +- .../Semantic/Semantics/RefEscapingTests.cs | 174 ++++++++++++++++++ 7 files changed, 305 insertions(+), 41 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index a69dfe3c04d33..de0185354dd8f 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4454,12 +4454,52 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo return GetValEscapeOfObjectInitializer(initExpr, scopeOfTheContainingExpression); case BoundKind.CollectionInitializerExpression: - var colExpr = (BoundCollectionInitializerExpression)expr; - return GetValEscape(colExpr.Initializers, scopeOfTheContainingExpression); + { + var colExpr = (BoundCollectionInitializerExpression)expr; + + // var c = new C() { element }; + // + // is equivalent to + // + // var c = new C(); + // c.Add(element); + // + // So we check arg mixing of `(receiverPlaceholder).Add(element)` calls, + // and make the result "scoped" if any call could cause the elements to escape. + + using var _ = new PlaceholderRegion(this, [(colExpr.Placeholder, SafeContext.CallingMethod)]) { ForceRemoveOnDispose = true }; + foreach (var initializer in colExpr.Initializers) + { + switch (initializer) + { + case BoundCollectionElementInitializer init: + if (!CheckInvocationArgMixing( + init.Syntax, + MethodInfo.Create(init.AddMethod), + receiverOpt: colExpr.Placeholder, + receiverIsSubjectToCloning: init.InitialBindingReceiverIsSubjectToCloning, + parameters: init.AddMethod.Parameters, + argsOpt: init.Arguments, + argRefKindsOpt: default, + argsToParamsOpt: init.ArgsToParamsOpt, + scopeOfTheContainingExpression: scopeOfTheContainingExpression, + BindingDiagnosticBag.Discarded)) + { + return scopeOfTheContainingExpression; + } + break; + + case BoundDynamicCollectionElementInitializer dynamicInit: + break; + + default: + Debug.Fail($"{initializer.Kind} expression of {initializer.Type} type"); + break; + } + } - case BoundKind.CollectionElementInitializer: - var colElement = (BoundCollectionElementInitializer)expr; - return GetValEscape(colElement.Arguments, scopeOfTheContainingExpression); + return SafeContext.CallingMethod; + } case BoundKind.ObjectInitializerMember: // this node generally makes no sense outside of the context of containing initializer @@ -4468,11 +4508,18 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo return scopeOfTheContainingExpression; case BoundKind.ImplicitReceiver: - case BoundKind.ObjectOrCollectionValuePlaceholder: // binder uses this as a placeholder when binding members inside an object initializer // just say it does not escape anywhere, so that we do not get false errors. return scopeOfTheContainingExpression; + case BoundKind.ObjectOrCollectionValuePlaceholder: + if (_placeholderScopes?.TryGetValue((BoundObjectOrCollectionValuePlaceholder)expr, out var scope) == true) + { + return scope; + } + + return scopeOfTheContainingExpression; + case BoundKind.InterpolatedStringHandlerPlaceholder: // The handler placeholder cannot escape out of the current expression, as it's a compiler-synthesized // location. @@ -4774,6 +4821,18 @@ internal bool CheckValEscape(SyntaxNode node, BoundExpression expr, SafeContext } return true; + case BoundKind.ObjectOrCollectionValuePlaceholder: + if (_placeholderScopes?.TryGetValue((BoundObjectOrCollectionValuePlaceholder)expr, out var scope) == true) + { + if (!scope.IsConvertibleTo(escapeTo)) + { + Error(diagnostics, inUnsafeRegion ? ErrorCode.WRN_EscapeVariable : ErrorCode.ERR_EscapeVariable, node, expr.Syntax); + return inUnsafeRegion; + } + return true; + } + goto default; + case BoundKind.Local: var localSymbol = ((BoundLocal)expr).LocalSymbol; if (!GetLocalScopes(localSymbol).ValEscapeScope.IsConvertibleTo(escapeTo)) @@ -5257,17 +5316,52 @@ internal bool CheckValEscape(SyntaxNode node, BoundExpression expr, SafeContext var initExpr = (BoundObjectInitializerExpression)expr; return CheckValEscapeOfObjectInitializer(initExpr, escapeFrom, escapeTo, diagnostics); - // this would be correct implementation for CollectionInitializerExpression - // however it is unclear if it is reachable since the initialized type must implement IEnumerable case BoundKind.CollectionInitializerExpression: - var colExpr = (BoundCollectionInitializerExpression)expr; - return CheckValEscape(colExpr.Initializers, escapeFrom, escapeTo, diagnostics); + { + var colExpr = (BoundCollectionInitializerExpression)expr; + + // return new C() { element }; + // + // is equivalent to + // + // var c = new C(); + // c.Add(element); + // return c; + // + // So we check arg mixing of `(receiverPlaceholder).Add(element)` calls + // where the placeholder has `escapeTo` scope and the call has `escapeFrom` scope. + + bool result = true; + using var _ = new PlaceholderRegion(this, [(colExpr.Placeholder, escapeTo)]) { ForceRemoveOnDispose = true }; + foreach (var initializer in colExpr.Initializers) + { + switch (initializer) + { + case BoundCollectionElementInitializer init: + result |= CheckInvocationArgMixing( + init.Syntax, + MethodInfo.Create(init.AddMethod), + receiverOpt: colExpr.Placeholder, + receiverIsSubjectToCloning: init.InitialBindingReceiverIsSubjectToCloning, + parameters: init.AddMethod.Parameters, + argsOpt: init.Arguments, + argRefKindsOpt: default, + argsToParamsOpt: init.ArgsToParamsOpt, + scopeOfTheContainingExpression: escapeFrom, + diagnostics); + break; + + case BoundDynamicCollectionElementInitializer dynamicInit: + break; + + default: + Debug.Fail($"{initializer.Kind} expression of {initializer.Type} type"); + break; + } + } - // this would be correct implementation for CollectionElementInitializer - // however it is unclear if it is reachable since the initialized type must implement IEnumerable - case BoundKind.CollectionElementInitializer: - var colElement = (BoundCollectionElementInitializer)expr; - return CheckValEscape(colElement.Arguments, escapeFrom, escapeTo, diagnostics); + return result; + } case BoundKind.PointerElementAccess: var accessedExpression = ((BoundPointerElementAccess)expr).Expression; @@ -5563,19 +5657,6 @@ private bool CheckValEscapeOfObjectInitializer(BoundObjectInitializerExpression #nullable disable - private bool CheckValEscape(ImmutableArray expressions, SafeContext escapeFrom, SafeContext escapeTo, BindingDiagnosticBag diagnostics) - { - foreach (var expression in expressions) - { - if (!CheckValEscape(expression.Syntax, expression, escapeFrom, escapeTo, checkingReceiver: false, diagnostics: diagnostics)) - { - return false; - } - } - - return true; - } - private bool CheckInterpolatedStringHandlerConversionEscape(BoundExpression expression, SafeContext escapeFrom, SafeContext escapeTo, BindingDiagnosticBag diagnostics) { var data = expression.GetInterpolatedStringHandlerData(); diff --git a/src/Compilers/CSharp/Portable/Binder/Binder_Expressions.cs b/src/Compilers/CSharp/Portable/Binder/Binder_Expressions.cs index 248134bfb8d59..2ae74735159b8 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder_Expressions.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder_Expressions.cs @@ -6473,6 +6473,7 @@ BoundExpression bindCollectionInitializerElementAddMethod( boundCall.Method, boundCall.Arguments, boundCall.ReceiverOpt, + boundCall.InitialBindingReceiverIsSubjectToCloning, boundCall.Expanded, boundCall.ArgsToParamsOpt, boundCall.DefaultArguments, diff --git a/src/Compilers/CSharp/Portable/Binder/RefSafetyAnalysis.cs b/src/Compilers/CSharp/Portable/Binder/RefSafetyAnalysis.cs index 9e7ff5ea2f103..039de4928298d 100644 --- a/src/Compilers/CSharp/Portable/Binder/RefSafetyAnalysis.cs +++ b/src/Compilers/CSharp/Portable/Binder/RefSafetyAnalysis.cs @@ -153,6 +153,8 @@ private ref struct PlaceholderRegion private readonly RefSafetyAnalysis _analysis; private readonly ArrayBuilder<(BoundValuePlaceholderBase, SafeContext)> _placeholders; + public bool ForceRemoveOnDispose { get; init; } + public PlaceholderRegion(RefSafetyAnalysis analysis, ArrayBuilder<(BoundValuePlaceholderBase, SafeContext)> placeholders) { _analysis = analysis; @@ -167,7 +169,7 @@ public void Dispose() { foreach (var (placeholder, _) in _placeholders) { - _analysis.RemovePlaceholderScope(placeholder); + _analysis.RemovePlaceholderScope(placeholder, forceRemove: ForceRemoveOnDispose); } _placeholders.Free(); } @@ -200,16 +202,17 @@ private void AddPlaceholderScope(BoundValuePlaceholderBase placeholder, SafeCont _placeholderScopes[placeholder] = valEscapeScope; } -#pragma warning disable IDE0060 - private void RemovePlaceholderScope(BoundValuePlaceholderBase placeholder) + private void RemovePlaceholderScope(BoundValuePlaceholderBase placeholder, bool forceRemove) { Debug.Assert(_placeholderScopes?.ContainsKey(placeholder) == true); // https://github.com/dotnet/roslyn/issues/65961: Currently, analysis may require subsequent calls // to GetRefEscape(), etc. for the same expression so we cannot remove placeholders eagerly. - //_placeholderScopes.Remove(placeholder); + if (forceRemove) + { + _placeholderScopes?.Remove(placeholder); + } } -#pragma warning restore IDE0060 private SafeContext GetPlaceholderScope(BoundValuePlaceholderBase placeholder) { diff --git a/src/Compilers/CSharp/Portable/BoundTree/BoundNodes.xml b/src/Compilers/CSharp/Portable/BoundTree/BoundNodes.xml index b68f25b9d7efe..c64c1cd98ab64 100644 --- a/src/Compilers/CSharp/Portable/BoundTree/BoundNodes.xml +++ b/src/Compilers/CSharp/Portable/BoundTree/BoundNodes.xml @@ -2057,6 +2057,8 @@ + + diff --git a/src/Compilers/CSharp/Portable/Generated/BoundNodes.xml.Generated.cs b/src/Compilers/CSharp/Portable/Generated/BoundNodes.xml.Generated.cs index 595e5105ae73c..e688571a087b4 100644 --- a/src/Compilers/CSharp/Portable/Generated/BoundNodes.xml.Generated.cs +++ b/src/Compilers/CSharp/Portable/Generated/BoundNodes.xml.Generated.cs @@ -6863,7 +6863,7 @@ public BoundCollectionInitializerExpression Update(BoundObjectOrCollectionValueP internal sealed partial class BoundCollectionElementInitializer : BoundExpression { - public BoundCollectionElementInitializer(SyntaxNode syntax, MethodSymbol addMethod, ImmutableArray arguments, BoundExpression? implicitReceiverOpt, bool expanded, ImmutableArray argsToParamsOpt, BitVector defaultArguments, bool invokedAsExtensionMethod, LookupResultKind resultKind, TypeSymbol type, bool hasErrors = false) + public BoundCollectionElementInitializer(SyntaxNode syntax, MethodSymbol addMethod, ImmutableArray arguments, BoundExpression? implicitReceiverOpt, ThreeState initialBindingReceiverIsSubjectToCloning, bool expanded, ImmutableArray argsToParamsOpt, BitVector defaultArguments, bool invokedAsExtensionMethod, LookupResultKind resultKind, TypeSymbol type, bool hasErrors = false) : base(BoundKind.CollectionElementInitializer, syntax, type, hasErrors || arguments.HasErrors() || implicitReceiverOpt.HasErrors()) { @@ -6874,6 +6874,7 @@ public BoundCollectionElementInitializer(SyntaxNode syntax, MethodSymbol addMeth this.AddMethod = addMethod; this.Arguments = arguments; this.ImplicitReceiverOpt = implicitReceiverOpt; + this.InitialBindingReceiverIsSubjectToCloning = initialBindingReceiverIsSubjectToCloning; this.Expanded = expanded; this.ArgsToParamsOpt = argsToParamsOpt; this.DefaultArguments = defaultArguments; @@ -6885,6 +6886,7 @@ public BoundCollectionElementInitializer(SyntaxNode syntax, MethodSymbol addMeth public MethodSymbol AddMethod { get; } public ImmutableArray Arguments { get; } public BoundExpression? ImplicitReceiverOpt { get; } + public ThreeState InitialBindingReceiverIsSubjectToCloning { get; } public bool Expanded { get; } public ImmutableArray ArgsToParamsOpt { get; } public BitVector DefaultArguments { get; } @@ -6894,11 +6896,11 @@ public BoundCollectionElementInitializer(SyntaxNode syntax, MethodSymbol addMeth [DebuggerStepThrough] public override BoundNode? Accept(BoundTreeVisitor visitor) => visitor.VisitCollectionElementInitializer(this); - public BoundCollectionElementInitializer Update(MethodSymbol addMethod, ImmutableArray arguments, BoundExpression? implicitReceiverOpt, bool expanded, ImmutableArray argsToParamsOpt, BitVector defaultArguments, bool invokedAsExtensionMethod, LookupResultKind resultKind, TypeSymbol type) + public BoundCollectionElementInitializer Update(MethodSymbol addMethod, ImmutableArray arguments, BoundExpression? implicitReceiverOpt, ThreeState initialBindingReceiverIsSubjectToCloning, bool expanded, ImmutableArray argsToParamsOpt, BitVector defaultArguments, bool invokedAsExtensionMethod, LookupResultKind resultKind, TypeSymbol type) { - if (!Symbols.SymbolEqualityComparer.ConsiderEverything.Equals(addMethod, this.AddMethod) || arguments != this.Arguments || implicitReceiverOpt != this.ImplicitReceiverOpt || expanded != this.Expanded || argsToParamsOpt != this.ArgsToParamsOpt || defaultArguments != this.DefaultArguments || invokedAsExtensionMethod != this.InvokedAsExtensionMethod || resultKind != this.ResultKind || !TypeSymbol.Equals(type, this.Type, TypeCompareKind.ConsiderEverything)) + if (!Symbols.SymbolEqualityComparer.ConsiderEverything.Equals(addMethod, this.AddMethod) || arguments != this.Arguments || implicitReceiverOpt != this.ImplicitReceiverOpt || initialBindingReceiverIsSubjectToCloning != this.InitialBindingReceiverIsSubjectToCloning || expanded != this.Expanded || argsToParamsOpt != this.ArgsToParamsOpt || defaultArguments != this.DefaultArguments || invokedAsExtensionMethod != this.InvokedAsExtensionMethod || resultKind != this.ResultKind || !TypeSymbol.Equals(type, this.Type, TypeCompareKind.ConsiderEverything)) { - var result = new BoundCollectionElementInitializer(this.Syntax, addMethod, arguments, implicitReceiverOpt, expanded, argsToParamsOpt, defaultArguments, invokedAsExtensionMethod, resultKind, type, this.HasErrors); + var result = new BoundCollectionElementInitializer(this.Syntax, addMethod, arguments, implicitReceiverOpt, initialBindingReceiverIsSubjectToCloning, expanded, argsToParamsOpt, defaultArguments, invokedAsExtensionMethod, resultKind, type, this.HasErrors); result.CopyAttributes(this); return result; } @@ -11859,7 +11861,7 @@ internal abstract partial class BoundTreeRewriter : BoundTreeVisitor ImmutableArray arguments = this.VisitList(node.Arguments); BoundExpression? implicitReceiverOpt = (BoundExpression?)this.Visit(node.ImplicitReceiverOpt); TypeSymbol? type = this.VisitType(node.Type); - return node.Update(node.AddMethod, arguments, implicitReceiverOpt, node.Expanded, node.ArgsToParamsOpt, node.DefaultArguments, node.InvokedAsExtensionMethod, node.ResultKind, type); + return node.Update(node.AddMethod, arguments, implicitReceiverOpt, node.InitialBindingReceiverIsSubjectToCloning, node.Expanded, node.ArgsToParamsOpt, node.DefaultArguments, node.InvokedAsExtensionMethod, node.ResultKind, type); } public override BoundNode? VisitDynamicCollectionElementInitializer(BoundDynamicCollectionElementInitializer node) { @@ -14225,12 +14227,12 @@ public NullabilityRewriter(ImmutableDictionary throw null; + } + """; + CreateCompilation([source, UnscopedRefAttributeDefinition]).VerifyDiagnostics( + // (9,26): error CS8168: Cannot return local 'local' by reference because it is not a ref local + // return new R() { local }; + Diagnostic(ErrorCode.ERR_RefReturnLocal, "local").WithArguments("local").WithLocation(9, 26), + // (9,26): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope + // return new R() { local }; + Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(9, 26)); + } + + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + public void CollectionInitializer_UnscopedRef_Assignment() + { + var source = """ + using System.Collections; + using System.Diagnostics.CodeAnalysis; + + class C + { + R M() + { + var local = 1; + var r = new R() { local }; + return r; + } + } + + ref struct R : IEnumerable + { + public void Add([UnscopedRef] in int x) { } + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + """; + CreateCompilation([source, UnscopedRefAttributeDefinition]).VerifyDiagnostics( + // (10,16): error CS8352: Cannot use variable 'r' in this context because it may expose referenced variables outside of their declaration scope + // return r; + Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(10, 16)); + } + + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + public void CollectionInitializer_ScopedRef_Return() + { + var source = """ + using System.Collections; + + class C + { + R M() + { + var local = 1; + return new R() { local }; + } + } + + ref struct R : IEnumerable + { + public void Add(in int x) { } + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + """; + CreateCompilation(source).VerifyDiagnostics(); + } + + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + public void CollectionInitializer_ScopedRef_Assignment() + { + var source = """ + using System.Collections; + + class C + { + R M() + { + var local = 1; + var r = new R() { local }; + return r; + } + } + + ref struct R : IEnumerable + { + public void Add(in int x) { } + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + """; + CreateCompilation(source).VerifyDiagnostics(); + } + + [Theory, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + [InlineData("[System.Diagnostics.CodeAnalysis.UnscopedRef]")] + [InlineData("")] + public void CollectionExpression_AddMethod(string attr) + { + var source = $$""" + using System.Collections; + + class C + { + R M() + { + var local = 1; + return [local]; + } + } + + ref struct R : IEnumerable + { + public void Add({{attr}} in int x) { } + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + """; + CreateCompilation([source, UnscopedRefAttributeDefinition]).VerifyDiagnostics( + // (8,16): error CS9203: A collection expression of type 'R' cannot be used in this context because it may be exposed outside of the current scope. + // return [local]; + Diagnostic(ErrorCode.ERR_CollectionExpressionEscape, "[local]").WithArguments("R").WithLocation(8, 16)); + } + + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + public void CollectionExpression_Builder() + { + var source = """ + using System; + using System.Collections; + using System.Collections.Generic; + using System.Runtime.CompilerServices; + + class C + { + R M() + { + var local = 1; + return [local]; + } + } + + [CollectionBuilder(typeof(Builder), nameof(Builder.Create))] + ref struct R : IEnumerable + { + public IEnumerator GetEnumerator() => throw null; + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + + static class Builder + { + public static R Create(ReadOnlySpan x) => throw null; + } + """; + CreateCompilationWithSpan([source, CollectionBuilderAttributeDefinition]).VerifyDiagnostics( + // (11,16): error CS9203: A collection expression of type 'R' cannot be used in this context because it may be exposed outside of the current scope. + // return [local]; + Diagnostic(ErrorCode.ERR_CollectionExpressionEscape, "[local]").WithArguments("R").WithLocation(11, 16)); + } + [Fact] public void RefLikeEscapeMixingDelegate() { From 333529cef03647fa052d439f4224b0670db30095 Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Wed, 4 Dec 2024 15:29:35 +0100 Subject: [PATCH 2/8] Simplify the implementation --- .../Portable/Binder/Binder.ValueChecks.cs | 145 +++++++----------- 1 file changed, 54 insertions(+), 91 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index de0185354dd8f..bfcb8b7d638e7 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4454,52 +4454,13 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo return GetValEscapeOfObjectInitializer(initExpr, scopeOfTheContainingExpression); case BoundKind.CollectionInitializerExpression: - { - var colExpr = (BoundCollectionInitializerExpression)expr; - - // var c = new C() { element }; - // - // is equivalent to - // - // var c = new C(); - // c.Add(element); - // - // So we check arg mixing of `(receiverPlaceholder).Add(element)` calls, - // and make the result "scoped" if any call could cause the elements to escape. - - using var _ = new PlaceholderRegion(this, [(colExpr.Placeholder, SafeContext.CallingMethod)]) { ForceRemoveOnDispose = true }; - foreach (var initializer in colExpr.Initializers) - { - switch (initializer) - { - case BoundCollectionElementInitializer init: - if (!CheckInvocationArgMixing( - init.Syntax, - MethodInfo.Create(init.AddMethod), - receiverOpt: colExpr.Placeholder, - receiverIsSubjectToCloning: init.InitialBindingReceiverIsSubjectToCloning, - parameters: init.AddMethod.Parameters, - argsOpt: init.Arguments, - argRefKindsOpt: default, - argsToParamsOpt: init.ArgsToParamsOpt, - scopeOfTheContainingExpression: scopeOfTheContainingExpression, - BindingDiagnosticBag.Discarded)) - { - return scopeOfTheContainingExpression; - } - break; - - case BoundDynamicCollectionElementInitializer dynamicInit: - break; - - default: - Debug.Fail($"{initializer.Kind} expression of {initializer.Type} type"); - break; - } - } - - return SafeContext.CallingMethod; - } + var colExpr = (BoundCollectionInitializerExpression)expr; + // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the value scoped. + return + !scopeOfTheContainingExpression.IsConvertibleTo(SafeContext.CallingMethod) && + !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) + ? scopeOfTheContainingExpression + : SafeContext.CallingMethod; case BoundKind.ObjectInitializerMember: // this node generally makes no sense outside of the context of containing initializer @@ -5317,51 +5278,8 @@ internal bool CheckValEscape(SyntaxNode node, BoundExpression expr, SafeContext return CheckValEscapeOfObjectInitializer(initExpr, escapeFrom, escapeTo, diagnostics); case BoundKind.CollectionInitializerExpression: - { - var colExpr = (BoundCollectionInitializerExpression)expr; - - // return new C() { element }; - // - // is equivalent to - // - // var c = new C(); - // c.Add(element); - // return c; - // - // So we check arg mixing of `(receiverPlaceholder).Add(element)` calls - // where the placeholder has `escapeTo` scope and the call has `escapeFrom` scope. - - bool result = true; - using var _ = new PlaceholderRegion(this, [(colExpr.Placeholder, escapeTo)]) { ForceRemoveOnDispose = true }; - foreach (var initializer in colExpr.Initializers) - { - switch (initializer) - { - case BoundCollectionElementInitializer init: - result |= CheckInvocationArgMixing( - init.Syntax, - MethodInfo.Create(init.AddMethod), - receiverOpt: colExpr.Placeholder, - receiverIsSubjectToCloning: init.InitialBindingReceiverIsSubjectToCloning, - parameters: init.AddMethod.Parameters, - argsOpt: init.Arguments, - argRefKindsOpt: default, - argsToParamsOpt: init.ArgsToParamsOpt, - scopeOfTheContainingExpression: escapeFrom, - diagnostics); - break; - - case BoundDynamicCollectionElementInitializer dynamicInit: - break; - - default: - Debug.Fail($"{initializer.Kind} expression of {initializer.Type} type"); - break; - } - } - - return result; - } + var colExpr = (BoundCollectionInitializerExpression)expr; + return CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom, escapeTo, diagnostics); case BoundKind.PointerElementAccess: var accessedExpression = ((BoundPointerElementAccess)expr).Expression; @@ -5655,6 +5573,51 @@ private bool CheckValEscapeOfObjectInitializer(BoundObjectInitializerExpression return true; } + private bool CheckValEscapeOfCollectionInitializer(BoundCollectionInitializerExpression colExpr, SafeContext escapeFrom, SafeContext escapeTo, BindingDiagnosticBag diagnostics) + { + // return new C() { element }; + // + // is equivalent to + // + // var c = new C(); + // c.Add(element); + // return c; + // + // So we check arg mixing of `(receiverPlaceholder).Add(element)` calls + // where the placeholder has `escapeTo` scope and the call has `escapeFrom` scope. + + bool result = true; + using var _ = new PlaceholderRegion(this, [(colExpr.Placeholder, escapeTo)]) { ForceRemoveOnDispose = true }; + foreach (var initializer in colExpr.Initializers) + { + switch (initializer) + { + case BoundCollectionElementInitializer init: + result &= CheckInvocationArgMixing( + init.Syntax, + MethodInfo.Create(init.AddMethod), + receiverOpt: colExpr.Placeholder, + receiverIsSubjectToCloning: init.InitialBindingReceiverIsSubjectToCloning, + parameters: init.AddMethod.Parameters, + argsOpt: init.Arguments, + argRefKindsOpt: default, + argsToParamsOpt: init.ArgsToParamsOpt, + scopeOfTheContainingExpression: escapeFrom, + diagnostics); + break; + + case BoundDynamicCollectionElementInitializer dynamicInit: + break; + + default: + Debug.Fail($"{initializer.Kind} expression of {initializer.Type} type"); + break; + } + } + + return result; + } + #nullable disable private bool CheckInterpolatedStringHandlerConversionEscape(BoundExpression expression, SafeContext escapeFrom, SafeContext escapeTo, BindingDiagnosticBag diagnostics) From 55fb093f769f36216cf19a9a1f27a259068ff096 Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Tue, 10 Dec 2024 15:12:11 +0100 Subject: [PATCH 3/8] Extend tests --- .../Portable/Binder/Binder.ValueChecks.cs | 2 +- .../Semantic/Semantics/RefEscapingTests.cs | 89 ++++++++++++++++--- 2 files changed, 79 insertions(+), 12 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index bfcb8b7d638e7..b07ac2d02c73c 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -5606,7 +5606,7 @@ private bool CheckValEscapeOfCollectionInitializer(BoundCollectionInitializerExp diagnostics); break; - case BoundDynamicCollectionElementInitializer dynamicInit: + case BoundDynamicCollectionElementInitializer: break; default: diff --git a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs index 2e0e4d54b920a..6d52a305ab6d5 100644 --- a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs +++ b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs @@ -4322,10 +4322,16 @@ public void CollectionInitializer_UnscopedRef_Return() class C { - R M() + R M1() { var local = 1; - return new R() { local }; + return new R() { local }; // 1 + } + + unsafe R M2() + { + var local = 1; + return new R() { local }; // 2 } } @@ -4335,13 +4341,16 @@ public void Add([UnscopedRef] in int x) { } IEnumerator IEnumerable.GetEnumerator() => throw null; } """; - CreateCompilation([source, UnscopedRefAttributeDefinition]).VerifyDiagnostics( + CreateCompilation([source, UnscopedRefAttributeDefinition], options: TestOptions.UnsafeReleaseDll).VerifyDiagnostics( // (9,26): error CS8168: Cannot return local 'local' by reference because it is not a ref local - // return new R() { local }; + // return new R() { local }; // 1 Diagnostic(ErrorCode.ERR_RefReturnLocal, "local").WithArguments("local").WithLocation(9, 26), // (9,26): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope - // return new R() { local }; - Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(9, 26)); + // return new R() { local }; // 1 + Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(9, 26), + // (15,26): warning CS9091: This returns local 'local' by reference but it is not a ref local + // return new R() { local }; // 2 + Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(15, 26)); } [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] @@ -4353,12 +4362,47 @@ public void CollectionInitializer_UnscopedRef_Assignment() class C { - R M() + R M1() + { + var local = 1; + var r = new R() { local }; + return r; // 1 + } + + void M2() + { + var local = 1; + scoped R r; + r = new R() { local }; + } + + void M3() + { + var local = 1; + R r; + r = new R() { local }; // 2 + } + + unsafe R M4() { var local = 1; var r = new R() { local }; return r; } + + unsafe void M5() + { + var local = 1; + scoped R r; + r = new R() { local }; + } + + unsafe void M6() + { + var local = 1; + R r; + r = new R() { local }; // 3 + } } ref struct R : IEnumerable @@ -4367,10 +4411,19 @@ public void Add([UnscopedRef] in int x) { } IEnumerator IEnumerable.GetEnumerator() => throw null; } """; - CreateCompilation([source, UnscopedRefAttributeDefinition]).VerifyDiagnostics( + CreateCompilation([source, UnscopedRefAttributeDefinition], options: TestOptions.UnsafeReleaseDll).VerifyDiagnostics( // (10,16): error CS8352: Cannot use variable 'r' in this context because it may expose referenced variables outside of their declaration scope - // return r; - Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(10, 16)); + // return r; // 1 + Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(10, 16), + // (24,23): error CS8168: Cannot return local 'local' by reference because it is not a ref local + // r = new R() { local }; // 2 + Diagnostic(ErrorCode.ERR_RefReturnLocal, "local").WithArguments("local").WithLocation(24, 23), + // (24,23): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope + // r = new R() { local }; // 2 + Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(24, 23), + // (45,23): warning CS9091: This returns local 'local' by reference but it is not a ref local + // r = new R() { local }; // 3 + Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(45, 23)); } [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] @@ -4405,12 +4458,26 @@ public void CollectionInitializer_ScopedRef_Assignment() class C { - R M() + R M1() { var local = 1; var r = new R() { local }; return r; } + + void M2() + { + var local = 1; + scoped R r; + r = new R() { local }; + } + + void M3() + { + var local = 1; + R r; + r = new R() { local }; + } } ref struct R : IEnumerable From a80efd930181cd764ba5c8ce75e550de3386fb7a Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Wed, 11 Dec 2024 14:42:26 +0100 Subject: [PATCH 4/8] Fix missed warning --- .../Portable/Binder/Binder.ValueChecks.cs | 20 ++++++++++++------- .../Semantic/Semantics/RefEscapingTests.cs | 9 ++++++--- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index b07ac2d02c73c..08399c4848993 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4454,13 +4454,19 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo return GetValEscapeOfObjectInitializer(initExpr, scopeOfTheContainingExpression); case BoundKind.CollectionInitializerExpression: - var colExpr = (BoundCollectionInitializerExpression)expr; - // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the value scoped. - return - !scopeOfTheContainingExpression.IsConvertibleTo(SafeContext.CallingMethod) && - !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) - ? scopeOfTheContainingExpression - : SafeContext.CallingMethod; + { + var colExpr = (BoundCollectionInitializerExpression)expr; + // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the value scoped. + + // We are interested in the CheckValEscape's return value, but it can be false only if not in an unsafe region. + using var _ = new UnsafeRegion(this, inUnsafeRegion: false); + + return + !scopeOfTheContainingExpression.IsConvertibleTo(SafeContext.CallingMethod) && + !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) + ? scopeOfTheContainingExpression + : SafeContext.CallingMethod; + } case BoundKind.ObjectInitializerMember: // this node generally makes no sense outside of the context of containing initializer diff --git a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs index 6d52a305ab6d5..ed2025251ec0c 100644 --- a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs +++ b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs @@ -4387,7 +4387,7 @@ unsafe R M4() { var local = 1; var r = new R() { local }; - return r; + return r; // 3 } unsafe void M5() @@ -4401,7 +4401,7 @@ unsafe void M6() { var local = 1; R r; - r = new R() { local }; // 3 + r = new R() { local }; // 4 } } @@ -4421,8 +4421,11 @@ public void Add([UnscopedRef] in int x) { } // (24,23): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope // r = new R() { local }; // 2 Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(24, 23), + // (31,16): warning CS9080: Use of variable 'r' in this context may expose referenced variables outside of their declaration scope + // return r; // 3 + Diagnostic(ErrorCode.WRN_EscapeVariable, "r").WithArguments("r").WithLocation(31, 16), // (45,23): warning CS9091: This returns local 'local' by reference but it is not a ref local - // r = new R() { local }; // 3 + // r = new R() { local }; // 4 Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(45, 23)); } From 461ab15c4ab72fbe523f0870c8e7a17dff1a16d5 Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Wed, 11 Dec 2024 14:49:43 +0100 Subject: [PATCH 5/8] Extend tests --- .../Semantic/Semantics/RefEscapingTests.cs | 28 +++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs index ed2025251ec0c..78f7051e03bf8 100644 --- a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs +++ b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs @@ -4333,6 +4333,16 @@ unsafe R M2() var local = 1; return new R() { local }; // 2 } + + R M3() + { + return new R() { 1 }; // 3 + } + + unsafe R M4() + { + return new R() { 1 }; // 4 + } } ref struct R : IEnumerable @@ -4350,7 +4360,19 @@ public void Add([UnscopedRef] in int x) { } Diagnostic(ErrorCode.ERR_CallArgMixing, "local").WithArguments("R.Add(in int)", "x").WithLocation(9, 26), // (15,26): warning CS9091: This returns local 'local' by reference but it is not a ref local // return new R() { local }; // 2 - Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(15, 26)); + Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(15, 26), + // (20,26): error CS8156: An expression cannot be used in this context because it may not be passed or returned by reference + // return new R() { 1 }; // 3 + Diagnostic(ErrorCode.ERR_RefReturnLvalueExpected, "1").WithLocation(20, 26), + // (20,26): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope + // return new R() { 1 }; // 3 + Diagnostic(ErrorCode.ERR_CallArgMixing, "1").WithArguments("R.Add(in int)", "x").WithLocation(20, 26), + // (25,26): error CS8156: An expression cannot be used in this context because it may not be passed or returned by reference + // return new R() { 1 }; // 4 + Diagnostic(ErrorCode.ERR_RefReturnLvalueExpected, "1").WithLocation(25, 26), + // (25,26): error CS8350: This combination of arguments to 'R.Add(in int)' is disallowed because it may expose variables referenced by parameter 'x' outside of their declaration scope + // return new R() { 1 }; // 4 + Diagnostic(ErrorCode.ERR_CallArgMixing, "1").WithArguments("R.Add(in int)", "x").WithLocation(25, 26)); } [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] @@ -4492,7 +4514,9 @@ public void Add(in int x) { } CreateCompilation(source).VerifyDiagnostics(); } - [Theory, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + [Theory] + [WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + [WorkItem("https://github.com/dotnet/roslyn/issues/76374")] [InlineData("[System.Diagnostics.CodeAnalysis.UnscopedRef]")] [InlineData("")] public void CollectionExpression_AddMethod(string attr) From f350350e9a2efaf10ff32dd3c3f3d6192bf786bb Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Wed, 11 Dec 2024 15:13:01 +0100 Subject: [PATCH 6/8] Clarify a condition --- .../CSharp/Portable/Binder/Binder.ValueChecks.cs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index 08399c4848993..8d470ecccd026 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4455,17 +4455,20 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo case BoundKind.CollectionInitializerExpression: { + if (scopeOfTheContainingExpression == SafeContext.CallingMethod) + { + return SafeContext.CallingMethod; + } + var colExpr = (BoundCollectionInitializerExpression)expr; // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the value scoped. // We are interested in the CheckValEscape's return value, but it can be false only if not in an unsafe region. using var _ = new UnsafeRegion(this, inUnsafeRegion: false); - return - !scopeOfTheContainingExpression.IsConvertibleTo(SafeContext.CallingMethod) && - !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) - ? scopeOfTheContainingExpression - : SafeContext.CallingMethod; + return !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) + ? scopeOfTheContainingExpression + : SafeContext.CallingMethod; } case BoundKind.ObjectInitializerMember: From 7dbbe9785fd5fc862e2cc849a7b5c4a331c987b6 Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Thu, 12 Dec 2024 10:48:46 +0100 Subject: [PATCH 7/8] Simplify implementation --- .../CSharp/Portable/Binder/Binder.ValueChecks.cs | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index 8d470ecccd026..401b590e33c36 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4455,20 +4455,15 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo case BoundKind.CollectionInitializerExpression: { - if (scopeOfTheContainingExpression == SafeContext.CallingMethod) - { - return SafeContext.CallingMethod; - } - var colExpr = (BoundCollectionInitializerExpression)expr; - // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the value scoped. // We are interested in the CheckValEscape's return value, but it can be false only if not in an unsafe region. using var _ = new UnsafeRegion(this, inUnsafeRegion: false); - return !CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) - ? scopeOfTheContainingExpression - : SafeContext.CallingMethod; + // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the result scoped. + return CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) + ? SafeContext.CallingMethod + : scopeOfTheContainingExpression; } case BoundKind.ObjectInitializerMember: From 601b822c7bfebc9ead082e9e59f9c43ee107f96f Mon Sep 17 00:00:00 2001 From: Jan Jones Date: Thu, 12 Dec 2024 11:45:10 +0100 Subject: [PATCH 8/8] Allow the receiver to affect the scope --- .../Portable/Binder/Binder.ValueChecks.cs | 29 ++++---- .../Semantic/Semantics/RefEscapingTests.cs | 67 +++++++++++++++++++ 2 files changed, 84 insertions(+), 12 deletions(-) diff --git a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs index 401b590e33c36..35b861c97a320 100644 --- a/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs +++ b/src/Compilers/CSharp/Portable/Binder/Binder.ValueChecks.cs @@ -4272,7 +4272,10 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo var initializerOpt = objectCreation.InitializerExpressionOpt; if (initializerOpt != null) { - escape = escape.Intersect(GetValEscape(initializerOpt, scopeOfTheContainingExpression)); + escape = escape.Intersect( + initializerOpt is BoundCollectionInitializerExpression colInitExpr + ? GetValEscapeOfCollectionInitializer(colInitExpr, scopeOfTheContainingExpression, receiverScope: escape) + : GetValEscape(initializerOpt, scopeOfTheContainingExpression)); } return escape; @@ -4454,17 +4457,8 @@ internal SafeContext GetValEscape(BoundExpression expr, SafeContext scopeOfTheCo return GetValEscapeOfObjectInitializer(initExpr, scopeOfTheContainingExpression); case BoundKind.CollectionInitializerExpression: - { - var colExpr = (BoundCollectionInitializerExpression)expr; - - // We are interested in the CheckValEscape's return value, but it can be false only if not in an unsafe region. - using var _ = new UnsafeRegion(this, inUnsafeRegion: false); - - // If arg mixing fails when the receiver has calling-method scope (i.e., some arguments could escape into the receiver), make the result scoped. - return CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: SafeContext.CallingMethod, BindingDiagnosticBag.Discarded) - ? SafeContext.CallingMethod - : scopeOfTheContainingExpression; - } + var colExpr = (BoundCollectionInitializerExpression)expr; + return GetValEscapeOfCollectionInitializer(colExpr, scopeOfTheContainingExpression, receiverScope: SafeContext.CallingMethod); case BoundKind.ObjectInitializerMember: // this node generally makes no sense outside of the context of containing initializer @@ -4601,6 +4595,17 @@ private SafeContext GetValEscapeOfObjectInitializer(BoundObjectInitializerExpres return result; } + private SafeContext GetValEscapeOfCollectionInitializer(BoundCollectionInitializerExpression colExpr, SafeContext scopeOfTheContainingExpression, SafeContext receiverScope) + { + // We are interested in the CheckValEscape's return value, but it can be false only if not in an unsafe region. + using var _ = new UnsafeRegion(this, inUnsafeRegion: false); + + // If arg mixing fails (i.e., some arguments could escape into the receiver), make the result scoped. + return CheckValEscapeOfCollectionInitializer(colExpr, escapeFrom: scopeOfTheContainingExpression, escapeTo: receiverScope, BindingDiagnosticBag.Discarded) + ? receiverScope + : scopeOfTheContainingExpression; + } + private SafeContext GetValEscapeOfObjectMemberInitializer(BoundExpression expr, SafeContext scopeOfTheContainingExpression) { SafeContext result; diff --git a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs index 78f7051e03bf8..0630e443173c4 100644 --- a/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs +++ b/src/Compilers/CSharp/Test/Semantic/Semantics/RefEscapingTests.cs @@ -4451,6 +4451,73 @@ public void Add([UnscopedRef] in int x) { } Diagnostic(ErrorCode.WRN_RefReturnLocal, "local").WithArguments("local").WithLocation(45, 23)); } + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] + public void CollectionInitializer_UnscopedRef_OtherScopes() + { + var source = """ + using System.Collections; + using System.Diagnostics.CodeAnalysis; + + class C + { + R M1(ref int param) + { + var r = new R() { param }; + return r; // 1 + } + + R M2(ref int param) + { + var r = new R(param) { param }; + return r; + } + + R M3([UnscopedRef] ref int param) + { + var r = new R() { param }; + return r; + } + + R M4([UnscopedRef] ref int x, ref int y) + { + var r = new R(x) { y }; + return r; // 2 + } + + R M5([UnscopedRef] ref int x, ref int y) + { + var r = new R() { x, y }; + return r; // 3 + } + } + + ref struct R : IEnumerable + { + public R() { } + public R(in int p) : this() { } + + public void Add([UnscopedRef] in int x) { } + IEnumerator IEnumerable.GetEnumerator() => throw null; + } + """; + + // The `new R() { param }` expression could be inferred to have ReturnOnly scope in M1 (then there would be no errors), + // however the ref safety analysis is currently more conservative and only infers either CallingMethod or local scope for the expression. + // It is equivalent to what would happen for `var r = new R(); r.Add(param);` where the scope of `r` is also either CallingMethod or local (if `scoped` keyword is used). + // Similarly `new R(param) { param }` in M2 is equivalent to `var r = new R(param); r.Add(param);` so the scope of `r` is ReturnOnly. + + CreateCompilation([source, UnscopedRefAttributeDefinition], options: TestOptions.UnsafeReleaseDll).VerifyDiagnostics( + // (9,16): error CS8352: Cannot use variable 'r' in this context because it may expose referenced variables outside of their declaration scope + // return r; // 1 + Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(9, 16), + // (27,16): error CS8352: Cannot use variable 'r' in this context because it may expose referenced variables outside of their declaration scope + // return r; // 2 + Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(27, 16), + // (33,16): error CS8352: Cannot use variable 'r' in this context because it may expose referenced variables outside of their declaration scope + // return r; // 3 + Diagnostic(ErrorCode.ERR_EscapeVariable, "r").WithArguments("r").WithLocation(33, 16)); + } + [Fact, WorkItem("https://github.com/dotnet/roslyn/issues/75802")] public void CollectionInitializer_ScopedRef_Return() {