Use a trait to enforce field validity for union fields + unsafe fields + unsafe<> binder types

[compiler-errors]

This PR introduces a new, internal-only trait called BikeshedGuaranteedNoDrop¹ to faithfully model the field check that used to be implemented manually by allowed_union_or_unsafe_field.

rust/compiler/rustc_hir_analysis/src/check/check.rs

Lines 84 to 115 in 942db67

	fn allowed_union_or_unsafe_field<'tcx>(
	tcx: TyCtxt<'tcx>,
	ty: Ty<'tcx>,
	typing_env: ty::TypingEnv<'tcx>,
	span: Span,
	) -> bool {
	// We don't just accept all !needs_drop fields, due to semver concerns.
	let allowed = match ty.kind() {
	ty::Ref(..) => true, // references never drop (even mutable refs, which are non-Copy and hence fail the later check)
	ty::Tuple(tys) => {
	// allow tuples of allowed types
	tys.iter().all(|ty| allowed_union_or_unsafe_field(tcx, ty, typing_env, span))
	}
	ty::Array(elem, _len) => {
	// Like `Copy`, we do *not* special-case length 0.
	allowed_union_or_unsafe_field(tcx, *elem, typing_env, span)
	}
	_ => {
	// Fallback case: allow `ManuallyDrop` and things that are `Copy`,
	// also no need to report an error if the type is unresolved.
	ty.ty_adt_def().is_some_and(|adt_def| adt_def.is_manually_drop())
	|| tcx.type_is_copy_modulo_regions(typing_env, ty)
	|| ty.references_error()
	}
	};
	if allowed && ty.needs_drop(tcx, typing_env) {
	// This should never happen. But we can get here e.g. in case of name resolution errors.
	tcx.dcx()
	.span_delayed_bug(span, "we should never accept maybe-dropping union or unsafe fields");
	}
	allowed
	}

Copying over the doc comment from the trait:

/// Marker trait for the types that are allowed in union fields, unsafe fields,
/// and unsafe binder types.
///
/// Implemented for:
/// * `&T`, `&mut T` for all `T`,
/// * `ManuallyDrop<T>` for all `T`,
/// * tuples and arrays whose elements implement `BikeshedGuaranteedNoDrop`,
/// * or otherwise, all types that are `Copy`.
///
/// Notably, this doesn't include all trivially-destructible types for semver
/// reasons.
///
/// Bikeshed name for now.

As far as I am aware, there's no new behavior being guaranteed by this trait, since it operates the same as the manually implemented check. We could easily rip out this trait and go back to using the manually implemented check for union fields, however using a trait means that this code can be shared by WF for unsafe<> binders too. See the last commit.

The only diagnostic changes are that this now fires false-negatives for fields that are ill-formed. I don't consider that to be much of a problem though.

r? oli-obk

Footnotes

1. Please let's not bikeshed this name lol. There's no good name for ValidForUnsafeFieldsUnsafeBindersAndUnionFields. ↩