Tree Borrows: improve protector end access child skipping

[royAmmerschuber]

Currently, if we do a protector release access we assume that any other subtree (including the main subtree) could be a child of the accessed node, meaning we conservatively don't update them based on the access.

This PR determines as accurately as possible (under the current model), which other subtrees could be children of the accessed tag.
This means we now accurately reflect:

• the main subtree is never a child of the accessed tag
• if the accessed tag doesn't have exposed children, then no other subtree is a child of it
• a subtree can only be a child of the accessed tag, if there exists an exposed child of the accessed tag with a tag less than the root of the subtree

[rustbot]

Thank you for contributing to Miri! A reviewer will take a look at your PR, typically within a week or two.
Please remember to not force-push to the PR branch except when you need to rebase due to a conflict or when the reviewer asks you for it.

[RalfJung]

Mostly comments about comments, as usual. :)

View changes since this review

[RalfJung]

Suggested change

	None, // min_exposed_child only matters for protector end access,
	/* min_exposed_child */ None, // only matters for protector end access,

[RalfJung]

Shouldn't this condition check visit_children?

[RalfJung]

Suggested change

	// On a protector release access we skip the children of the accessed tag so that
	// we can correctly return references from functions. However, if the tag has
	// On a protector release access we have to skip the children of the accessed tag.
	// However, if the tag has

[RalfJung]

What does "transitions a foreign reference on a reference" mean?

[RalfJung]

Suggested change

	/// For this version we know the tag is not a child, because its wildcard root has
	/// For this version we know the tag is not a child because its wildcard root has

[RalfJung]

Does the horizontal alignment of ref6 mean anything?

[royAmmerschuber]

ref6 was created as a reference to the second element of the array. arg4 to the first element

[RalfJung]

Ah :) Maybe extend the vertical line upwards to make that more clear?

[RalfJung]

The comment doesn't match the name. What about something like this?

Suggested change

	/// * `min_exposed_child`: any subtree that could be a child of `access_source` must
	/// have a root with a larger tag than this. If None then no other subtree can be
	/// a child of `access_source`.
	/// This only gets read if `visit_children==SkipChildrenOfAccessed`.
	/// * `min_exposed_child`: The tag of the smallest exposed (transitive) child of the accessed node.
	/// This is useful with `visit_children == SkipChildrenOfAccessed`, where we need to skip children
	/// of the accessed.

[rustbot]

Reminder, once the PR becomes ready for a review, use @rustbot ready.

[royAmmerschuber]

@rustbot ready

[RalfJung]

@rustbot author

[royAmmerschuber]

@rustbot ready

[RalfJung]

This looks great, thanks! Please squash the commits. You can squash manually if there are multiple independent commits you want to preserve, or use ./miri squash (make sure to pick a suitable commit message). Then write @rustbot ready after you force-pushed the squashed PR.

@rustbot author