Add support for function pointers in PtrKind

Previously function pointers were modeled as Option<fn>, but this is
problematic for function pointer casts. Option<fn> works well in unsafe
with std::mem::transmute, however there is no safe way to achieve the
same operation in refcount.

This is solved using the new Ptr<fn>. To allow casting between different
function types, use type erased Rc<dyn Any> inside the new PtrKind::Fn.
Equality of function pointers is achieved through implementing the
OriginalAlloc::address method.

The C standard allows converting function pointers between incompatible
function types. UB is triggered only when the incompatible pointer is
called. For this reason the new FnState implements 2 new concepts:
  1. casting adaptors (to allow argument casting between ABI compatible
    types)
  2. provenance stack (to allow round-trip function pointer casts)

For 1., consider the following cast:

        int fn_taking_int_ptr(int *p);
        int (*fn_taking_void_ptr)(void*) = (int (*)(void*))fn_taking_int_ptr;

Calling fn_taking_int_ptr with an int* argument works because both int*
and void* have the same size. To support this in Rust we need to create
an int* -> void* adapter when casting from fn_taking_int_ptr to
fn_taking_void_ptr:

        fn_taking_int_ptr.cast_fn::<fn(AnyPtr) -> i32>(Some(
          (|a0: AnyPtr| -> i32 {
              fn_taking_int_ptr(a0.cast::<i32>().unwrap())
          }) as fn(AnyPtr) -> i32
        ))

The job of the adapter is to convert from AnyPtr to Ptr<i32>.
Ptr::cast_fn is a new function that takes as type argument the type of
the target function pointer and an optional adaptor. If cast_fn receives
None, then there is no valid adaptor from source to target, matching the
UB semantics of calling a function through an incompatible function
pointer:

        int add(int a, int b) { return a + b; }
        void (*wrong)(void) = (void (*)(void))add;
        wrong()

For 2., the provenance stack contains all casts performed on the pointer
in the past. Compared to PtrKind::Reinterpreted, PtrKind::Fn has no
backing byte storage through OriginalAlloc, so each cast must know its
history in order to allow round-trip casts, such as:

        int (*)(int, int) -> void (*)(void) -> int (*)(int, int)
                          (1)               (2)

For this specific case, where both (1) and (2) create non-compatible
adaptors (because of non-compatible arguments), we cannot recover a call
to the original function after (1) is performed. For this to work, save
a stack of provenance, and when (2) is perfomed, cast_fn recovers the
original function pointer. See test_roundtrip in fn_ptr_cast.cpp.

A current limitation of this approach is that it only allows function
pointer casts where the source is a direct declaration of a function.
Accessing a function pointer through a member field for example, would
create a capturing adapter which does not coerce in a fn inside Ptr<fn>.

Author: lucic71

cpp2rust/converter/converter.cpp

@@ -1375,6 +1375,12 @@ bool Converter::VisitCallExpr(clang::CallExpr *expr) {
   return false;
 }
 
+void Converter::EmitFnPtrCall(clang::Expr *callee) {
+  StrCat(token::kOpenParen);
+  Convert(callee);
+  StrCat(").unwrap()");
+}
+
 void Converter::ConvertGenericCallExpr(clang::CallExpr *expr) {
   clang::Expr *callee = expr->getCallee();
   auto convert_param_ty = [&](clang::QualType param_type, clang::Expr *expr) {
@@ -1447,9 +1453,7 @@ void Converter::ConvertGenericCallExpr(clang::CallExpr *expr) {
   }
 
   if (proto && !function) {
-    StrCat(token::kOpenParen);
-    Convert(callee);
-    StrCat(").unwrap()");
+    EmitFnPtrCall(callee);
   } else {
     PushExprKind push(*this, ExprKind::RValue);
     Convert(StripFunctionPointerDecay(callee));

cpp2rust/converter/converter.h

@@ -199,6 +199,8 @@ class Converter : public clang::RecursiveASTVisitor<Converter> {
 
   void ConvertGenericCallExpr(clang::CallExpr *expr);
 
+  virtual void EmitFnPtrCall(clang::Expr *callee);
+
   virtual void ConvertPrintf(clang::CallExpr *expr);
 
   void ConvertVAArgCall(clang::CallExpr *expr);
@@ -332,7 +334,8 @@ class Converter : public clang::RecursiveASTVisitor<Converter> {
   virtual bool Convert(clang::Stmt *stmt);
   virtual bool Convert(clang::Expr *expr);
 
-  std::string GetFunctionPointerDefaultAsString(clang::QualType qual_type);
+  virtual std::string
+  GetFunctionPointerDefaultAsString(clang::QualType qual_type);
 
   virtual std::string GetDefaultAsString(clang::QualType qual_type);
 

cpp2rust/converter/models/converter_refcount.cpp

@@ -165,10 +165,72 @@ bool ConverterRefCount::VisitLValueReferenceType(
   return false;
 }
 
+std::string ConverterRefCount::BuildFnAdapter(
+    const clang::FunctionDecl *src_fn,
+    const clang::FunctionProtoType *src_proto,
+    const clang::FunctionProtoType *target_proto) {
+
+  // UB: Incompatible arity
+  if (src_proto->getNumParams() != target_proto->getNumParams()) {
+    return "None";
+  }
+
+  PushConversionKind push(*this, ConversionKind::Unboxed);
+
+  // Build adapter signature: |a0: T0, a1: T1, ...| -> Tr
+  std::string closure = "(|";
+  for (unsigned i = 0; i < target_proto->getNumParams(); ++i) {
+    if (i > 0)
+      closure += ", ";
+    closure +=
+        std::format("a{}: {}", i, ToString(target_proto->getParamType(i)));
+  }
+  closure += "|";
+  if (!target_proto->getReturnType()->isVoidType()) {
+    closure += std::format(" -> {} ", ToString(target_proto->getReturnType()));
+  }
+  closure += "{ ";
+
+  // Build adapter body: src_fn(convert(a0), convert(a1), ...)
+  closure += GetNamedDeclAsString(src_fn->getCanonicalDecl()) + "(";
+  for (unsigned i = 0; i < src_proto->getNumParams(); ++i) {
+    auto src_pty = src_proto->getParamType(i);
+    auto tgt_pty = target_proto->getParamType(i);
+    if (ToString(src_pty) == ToString(tgt_pty)) {
+      closure += std::format("a{}", i);
+    } else if (src_pty->isPointerType() && tgt_pty->isVoidPointerType()) {
+      closure += std::format("a{}.cast::<{}>().unwrap()", i,
+                             ToString(src_pty->getPointeeType()));
+    } else if (src_pty->isVoidPointerType() && tgt_pty->isPointerType()) {
+      closure += std::format("a{}.to_any()", i);
+    } else {
+      // UB: Incompatible types
+      return "None";
+    }
+    closure += ", ";
+  }
+  closure += ") })";
+
+  return std::format("Some({} as {})", closure, GetFnTypeString(target_proto));
+}
+
+std::string
+ConverterRefCount::GetFnTypeString(const clang::FunctionProtoType *proto) {
+  PushConversionKind push(*this, ConversionKind::Unboxed);
+  std::string result = "fn(";
+  for (auto p_ty : proto->param_types()) {
+    result += ToString(p_ty) + ",";
+  }
+  result += ")";
+  if (!proto->getReturnType()->isVoidType()) {
+    result += std::format(" -> {}", ToString(proto->getReturnType()));
+  }
+  return result;
+}
+
 bool ConverterRefCount::VisitPointerType(clang::PointerType *type) {
-  if (type->getPointeeType()->getAs<clang::FunctionProtoType>()) {
-    PushConversionKind push(*this, ConversionKind::Unboxed);
-    ConvertFunctionPointerType(type);
+  if (auto proto = type->getPointeeType()->getAs<clang::FunctionProtoType>()) {
+    StrCat(std::format("Ptr<{}>", GetFnTypeString(proto)));
     return false;
   }
 
@@ -570,7 +632,9 @@ bool ConverterRefCount::VisitDeclRefExpr(clang::DeclRefExpr *expr) {
 
   if (clang::isa<clang::FunctionDecl>(decl)) {
     if (isAddrOf()) {
-      StrCat(std::format("Some({} as _)", str));
+      auto proto = decl->getType()->getAs<clang::FunctionProtoType>();
+      auto fn_type = GetFnTypeString(proto);
+      StrCat(std::format("fn_ptr!({}, {})", str, fn_type));
     } else {
       StrCat(str);
     }
@@ -951,9 +1015,79 @@ bool ConverterRefCount::VisitImplicitCastExpr(clang::ImplicitCastExpr *expr) {
     }
   }
 
+  if (expr->getCastKind() == clang::CastKind::CK_NullToPointer &&
+      expr->getType()->isFunctionPointerType()) {
+    StrCat("Ptr::null()");
+    computed_expr_type_ = ComputedExprType::FreshPointer;
+    return false;
+  }
+
   return Converter::VisitImplicitCastExpr(expr);
 }
 
+void ConverterRefCount::EmitFnPtrCall(clang::Expr *callee) {
+  Convert(callee);
+  StrCat(".call_fn()");
+}
+
+std::string ConverterRefCount::GetFunctionPointerDefaultAsString(
+    clang::QualType qual_type) {
+  return "Ptr::null()";
+}
+
+void ConverterRefCount::ConvertEqualsNullPtr(clang::Expr *expr) {
+  StrCat("(");
+  Convert(expr);
+  StrCat(").is_null()");
+}
+
+bool ConverterRefCount::VisitFunctionPointerCast(
+    clang::ExplicitCastExpr *expr) {
+  if (expr->getType()->isFunctionPointerType() ||
+      expr->getSubExpr()->getType()->isFunctionPointerType()) {
+    if (expr->getSubExpr()->getType()->isFunctionPointerType() &&
+        expr->getType()->isFunctionPointerType()) {
+      auto target_proto =
+          expr->getType()->getPointeeType()->getAs<clang::FunctionProtoType>();
+      auto src_proto = expr->getSubExpr()
+                           ->getType()
+                           ->getPointeeType()
+                           ->getAs<clang::FunctionProtoType>();
+      auto fn_type = GetFnTypeString(target_proto);
+
+      std::string adapter = "None";
+      // Only accept direct references to the casted function. Otherwise the
+      // closure would be capturing and would not coerce into a fn pointer.
+      if (auto *decl_ref = clang::dyn_cast<clang::DeclRefExpr>(
+              expr->getSubExpr()->IgnoreImplicit())) {
+        if (auto *fn_decl =
+                clang::dyn_cast<clang::FunctionDecl>(decl_ref->getDecl())) {
+          adapter = BuildFnAdapter(fn_decl, src_proto, target_proto);
+        }
+      }
+
+      StrCat(std::format("{}.cast_fn::<{}>({})", ToString(expr->getSubExpr()),
+                         fn_type, adapter));
+    } else if (expr->getSubExpr()->getType()->isFunctionPointerType() ||
+               expr->getType()->isVoidPointerType()) {
+      Convert(expr->getSubExpr());
+      StrCat(".to_any()");
+    } else if (expr->getSubExpr()->getType()->isVoidPointerType() ||
+               expr->getType()->isFunctionPointerType()) {
+      auto target_proto =
+          expr->getType()->getPointeeType()->getAs<clang::FunctionProtoType>();
+      auto fn_type = GetFnTypeString(target_proto);
+      StrCat(std::format("{}.cast::<{}>().expect(\"ub:wrong fn type\")",
+                         ToString(expr->getSubExpr()), fn_type));
+    } else {
+      assert(0 && "Unhandled function pointer cast");
+    }
+    return false;
+  }
+
+  return true;
+}
+
 bool ConverterRefCount::VisitExplicitCastExpr(clang::ExplicitCastExpr *expr) {
   if (expr->getTypeAsWritten()->isVoidType()) {
     return false;
@@ -968,7 +1102,9 @@ bool ConverterRefCount::VisitExplicitCastExpr(clang::ExplicitCastExpr *expr) {
     return false;
   case clang::Stmt::CStyleCastExprClass:
   case clang::Stmt::CXXStaticCastExprClass:
-    if (expr->getSubExpr()->getType()->isVoidPointerType()) {
+    if (!VisitFunctionPointerCast(expr)) {
+      return false;
+    } else if (expr->getSubExpr()->getType()->isVoidPointerType()) {
       Convert(expr->getSubExpr());
       PushConversionKind push(*this, ConversionKind::Unboxed);
       StrCat(std::format(".cast::<{}>().expect(\"ub:wrong type\")",
@@ -1478,8 +1614,12 @@ void ConverterRefCount::ConvertVarInit(clang::QualType qual_type,
       Buffer buf(*this);
       PushConversionKind push(*this, ConversionKind::Unboxed);
       if (qual_type->isFunctionPointerType() && lambda->capture_size() == 0) {
-        PushExprKind addr_of(*this, ExprKind::AddrOf);
+        StrCat(std::format("Ptr::from_fn(("));
         VisitLambdaExpr(lambda);
+        StrCat(std::format(
+            ") as {}, 0)",
+            GetFnTypeString(qual_type->getPointeeType()
+                                ->getAs<clang::FunctionProtoType>())));
       } else {
         VisitLambdaExpr(lambda);
       }

cpp2rust/converter/models/converter_refcount.h

@@ -59,12 +59,16 @@ class ConverterRefCount final : public Converter {
 
   void ConvertPrintf(clang::CallExpr *expr) override;
 
+  void EmitFnPtrCall(clang::Expr *callee) override;
+
   bool VisitCallExpr(clang::CallExpr *expr) override;
 
   bool VisitStringLiteral(clang::StringLiteral *expr) override;
 
   bool VisitImplicitCastExpr(clang::ImplicitCastExpr *expr) override;
 
+  bool VisitFunctionPointerCast(clang::ExplicitCastExpr *expr);
+
   bool VisitExplicitCastExpr(clang::ExplicitCastExpr *expr) override;
 
   bool VisitBinaryOperator(clang::BinaryOperator *expr) override;
@@ -103,6 +107,11 @@ class ConverterRefCount final : public Converter {
 
   std::string GetDefaultAsString(clang::QualType qual_type) override;
 
+  std::string
+  GetFunctionPointerDefaultAsString(clang::QualType qual_type) override;
+
+  void ConvertEqualsNullPtr(clang::Expr *expr) override;
+
   std::string GetDefaultAsStringFallback(clang::QualType qual_type) override;
 
   std::string ConvertVarDefaultInit(clang::QualType qual_type) override;
@@ -171,6 +180,11 @@ class ConverterRefCount final : public Converter {
   const char *GetPointerDerefSuffix(clang::QualType pointee_type);
   const char *GetPointerDerefPrefix(clang::QualType pointee_type) override;
 
+  std::string GetFnTypeString(const clang::FunctionProtoType *proto);
+  std::string BuildFnAdapter(const clang::FunctionDecl *src_fn,
+                             const clang::FunctionProtoType *src_proto,
+                             const clang::FunctionProtoType *target_proto);
+
   void EmitSetOrAssign(clang::Expr *lhs, std::string_view rhs);
 
   // Wraps a pointer expression with deref prefix/suffix: e.g.

libcc2rs/src/lib.rs

@@ -4,6 +4,13 @@
 mod reinterpret;
 pub use reinterpret::ByteRepr;
 
+#[macro_export]
+macro_rules! fn_ptr {
+    ($f:expr, $ty:ty) => {
+        $crate::Ptr::from_fn($f as $ty, $f as *const () as usize)
+    };
+}
+
 mod rc;
 pub use rc::*;