Feat: add tag-std and cargo-tag-std demo by driving rustc (#1)

* demo/rustc_driver: tag-std

+ tag_std=/home/zjp/rust/tag-std/demo/rustc_driver/target/debug/tag-std
+ cd ./tests/basic
+ /home/zjp/rust/tag-std/demo/rustc_driver/target/debug/tag-std src/lib.rs --crate-type=lib
["test"] "#[tag_std::unreachable]\n"

["MyStruct::get"] "#[tag_std::contract(!Null(self.ptr) && Align(self.ptr, u8) &&\nAllocated(self.ptr, u8, self.len, *) && Init(sel
f.ptr, u8, self.len, *) &&\nValidInt(self.len*sizeof(u8), [0,isize::MAX]) && Alias(self.ptr, *))]\n"

* demo/tag-std: Reachability analysis and cargo_tag_std wrapper

rustc_driver/tests/basic $ tag-std src/main.rs --extern demo -L target/debug/
(body) "main"
(body) "std::vec::Vec::<u8>::new"
(body) "std::vec::Vec::<u8>::into_raw_parts"
(body) "core::fmt::rt::Argument::<'_>::new_debug::<&mut [u8]>"
(body) "<&mut [u8] as std::fmt::Debug>::fmt"
(body) "<[u8] as std::fmt::Debug>::fmt"
(body) "std::fmt::DebugList::<'_, '_>::entries::<&u8, std::slice::Iter<'_, u8>>"
(body) "<std::slice::Iter<'_, u8> as std::iter::IntoIterator>::into_iter"
(body) "<std::slice::Iter<'_, u8> as std::iter::Iterator>::next"
(body) "core::num::<impl usize>::unchecked_sub::precondition_check"
(body) "core::fmt::rt::<impl std::fmt::Arguments<'_>>::new_v1::<2, 1>"
[src/main.rs:47:5] reachability.instances.len() = 18
[src/main.rs:47:5] reachability.cross_crates = false
(error) demo::MyStruct::from not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) core::panicking::panic_nounwind not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) std::io::_print not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) std::fmt::DebugList::<'_, '_>::finish not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) demo::MyStruct::get not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) std::fmt::DebugList::<'_, '_>::entry not converted to be an item: Error("Item kind `Item` cannot be converted")
(error) std::fmt::Formatter::<'_>::debug_list not converted to be an item: Error("Item kind `Item` cannot be converted")

* fix: resort to internal APIs for instances that StableMir doesn't support

+ /home/zjp/rust/tag-std/demo/rustc_driver/target/debug/cargo_tag_std
   Compiling demo v0.1.0 (/home/zjp/rust/tag-std/demo/rustc_driver/tests/basic)
[src/main.rs:53:5] reachability.instances.len() = 10

(stable mir) "test" ("src/lib.rs:8:1: 8:21") => "#[tag_std::unreachable]\n"

(stable mir) "MyStruct::get" ("src/lib.rs:27:5: 27:42") => "#[tag_std::contract(!Null(self.ptr) && Align(self.ptr, u8) &&\nAllocated(self.ptr,
 u8, self.len, *) && Init(self.ptr, u8, self.len, *) &&\nValidInt(self.len*sizeof(u8), [0,isize::MAX]) && Alias(self.ptr, *))]\n"
[src/main.rs:53:5] reachability.instances.len() = 18

(internal api) "demo::MyStruct::get" ("/home/zjp/rust/tag-std/demo/rustc_driver/tests/basic/src/lib.rs:27:5: 27:42") => "#[tag_std::contract(!
Null(self.ptr) && Align(self.ptr, u8) &&\nAllocated(self.ptr, u8, self.len, *) && Init(self.ptr, u8, self.len, *) &&\nValidInt(self.len*sizeof
(u8), [0,isize::MAX]) && Alias(self.ptr, *))]\n"
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.75s

* rename cargo_tag_std to cargo-tag-std; fix wrapper detection

* print local crate name and type; and minor cleanups

Author: zjp-CN

demo/rustc_driver/Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "tag-std"
+version = "0.1.0"
+edition = "2024"
+
+[[bin]]
+name = "cargo-tag-std"
+path = "src/bin/cargo_tag_std.rs"
+
+[dependencies]
+
+[package.metadata.rust-analyzer]
+rustc_private = true

demo/rustc_driver/run.sh

@@ -0,0 +1,17 @@
+set -ex
+
+# Set up toolchain: works under current folder.
+export LD_LIBRARY_PATH=$(rustc --print sysroot)/lib
+
+cargo build
+export TAG_STD=$PWD/target/debug/tag-std
+export CARGO_TAG_STD=$PWD/target/debug/cargo-tag-std
+
+# Test basic demo
+cd ./tests/basic
+
+cargo clean
+
+# Analyze the lib and bin crates.
+# Same as `cargo tag-std` when tag-std and cargo-tag-std are installed.
+$CARGO_TAG_STD

demo/rustc_driver/rust-toolchain.toml

@@ -0,0 +1,3 @@
+[toolchain]
+channel = "nightly-2025-05-08"
+components = ["llvm-tools", "rustc-dev", "rust-src", "rust-analyzer"]

demo/rustc_driver/rustfmt.toml

@@ -0,0 +1,4 @@
+edition = "2021"
+style_edition = "2024"
+use_small_heuristics = "Max"
+merge_derives = false

demo/rustc_driver/src/bin/cargo_tag_std.rs

@@ -0,0 +1,40 @@
+use std::{env::var, process::Command};
+
+fn main() {
+    // Search cargo-tag-std and tag-std CLI through environment variables,
+    // or just use the name if absent.
+    let cargo_tag_std = var("CARGO_TAG_STD").unwrap_or_else(|_| "cargo-tag-std".to_owned());
+    let tag_std = var("TAG_STD").unwrap_or_else(|_| "tag-std".to_owned());
+
+    let mut args = std::env::args().collect::<Vec<_>>();
+
+    if args.len() == 2 && args[1].as_str() == "-vV" {
+        // cargo invokes `rustc -vV` first
+        run("rustc", &["-vV".to_owned()], &[]);
+    } else if std::env::var("WRAPPER").as_deref() == Ok("1") {
+        // then cargo invokes `rustc - --crate-name ___ --print=file-names`
+        if args[1] == "-" {
+            // `rustc -` is a substitute file name from stdin
+            args[1] = "src/lib.rs".to_owned();
+        }
+
+        run(&tag_std, &args[1..], &[]);
+    } else {
+        run("cargo", &["build"].map(String::from), &[("RUSTC", &cargo_tag_std), ("WRAPPER", "1")]);
+    }
+}
+
+fn run(cmd: &str, args: &[String], vars: &[(&str, &str)]) {
+    let status = Command::new(cmd)
+        .args(args)
+        .envs(vars.iter().copied())
+        .stdout(std::io::stdout())
+        .stderr(std::io::stderr())
+        .spawn()
+        .unwrap()
+        .wait()
+        .unwrap();
+    if !status.success() {
+        eprintln!("[error] {cmd}: args={args:?} vars={vars:?}");
+    }
+}

demo/rustc_driver/src/main.rs

@@ -0,0 +1,133 @@
+#![feature(rustc_private)]
+
+extern crate rustc_data_structures;
+extern crate rustc_driver;
+extern crate rustc_hir;
+extern crate rustc_hir_pretty;
+extern crate rustc_interface;
+extern crate rustc_middle;
+#[macro_use]
+extern crate rustc_smir;
+extern crate stable_mir;
+
+use rustc_data_structures::fx::FxHashSet;
+use rustc_hir::Attribute;
+use rustc_middle::ty::TyCtxt;
+use stable_mir::{
+    CrateDef, CrateItem, ItemKind,
+    mir::{MirVisitor, mono::Instance, visit::Location},
+    rustc_internal::internal,
+    ty::Ty,
+};
+
+fn main() {
+    let rustc_args: Vec<_> = std::env::args().collect();
+    _ = run_with_tcx!(&rustc_args, |tcx| {
+        analyze(tcx);
+        ControlFlow::<(), ()>::Continue(())
+    });
+}
+
+const REGISTER_TOOL_ATTR: &str = "#[tag_std";
+const TAG_STD: &str = "tag_std";
+
+fn analyze(tcx: TyCtxt) {
+    let mut reachability = Reachability::default();
+    let local_items = stable_mir::all_local_items();
+    let functions = local_items.iter().filter(|item| matches!(item.kind(), ItemKind::Fn));
+
+    for fun in functions {
+        let instance = match Instance::try_from(*fun) {
+            Ok(instance) => instance,
+            Err(err) => {
+                eprintln!("Failed to get the instance for {fun:?}:\n{err:?}");
+                continue;
+            }
+        };
+        reachability.add_instance(instance);
+    }
+
+    let local_crate = stable_mir::local_crate();
+    println!(
+        "********* {name:?} {typ:?} has reached {len} instances *********",
+        name = local_crate.name,
+        typ = tcx.crate_types(),
+        len = reachability.instances.len()
+    );
+    reachability.print_tag_std_attrs(tcx);
+}
+
+#[derive(Debug, Default)]
+struct Reachability {
+    /// Collect monomorphized instances.
+    instances: FxHashSet<Instance>,
+}
+
+impl Reachability {
+    fn add_instance(&mut self, instance: Instance) {
+        if self.instances.insert(instance) {
+            // recurse if this is the first time of insertion
+            if let Some(body) = instance.body() {
+                self.visit_body(&body);
+            }
+        }
+    }
+
+    fn print_tag_std_attrs(&self, tcx: TyCtxt) {
+        for instance in &self.instances {
+            // Only user defined instances can be converted.
+            match CrateItem::try_from(*instance) {
+                Ok(item) => print_tag_std_attrs(instance, item),
+                Err(_) => {
+                    // Resort to internal API for unsupported StableMir conversions.
+                    print_tag_std_attrs_through_internal_apis(tcx, instance);
+                }
+            }
+        }
+    }
+}
+
+fn print_tag_std_attrs_through_internal_apis(tcx: TyCtxt<'_>, instance: &Instance) {
+    let def_id = internal(tcx, instance.def.def_id());
+    let tool_attrs = tcx.get_all_attrs(def_id).filter(|attr| {
+        if let Attribute::Unparsed(tool_attr) = attr {
+            if tool_attr.path.segments[0].as_str() == TAG_STD {
+                return true;
+            }
+        }
+        false
+    });
+    for attr in tool_attrs {
+        println!(
+            "(internal api) {fn_name:?} ({span:?}) => {attr:?}\n",
+            fn_name = instance.name(),
+            span = instance.def.span().diagnostic(),
+            attr = rustc_hir_pretty::attribute_to_string(&tcx, attr)
+        );
+    }
+}
+
+fn print_tag_std_attrs(instance: &Instance, item: CrateItem) {
+    let tool_attrs = item
+        .all_tool_attrs()
+        .into_iter()
+        .filter(|attr| attr.as_str().starts_with(REGISTER_TOOL_ATTR));
+    for tag_attr in tool_attrs {
+        println!(
+            "(stable mir) {fn_name:?} ({span:?}) => {attr:?}\n",
+            fn_name = instance.name(),
+            span = instance.def.span().diagnostic(),
+            attr = tag_attr.as_str()
+        );
+    }
+}
+
+impl MirVisitor for Reachability {
+    fn visit_ty(&mut self, ty: &Ty, _: Location) {
+        if let Some((fn_def, args)) = ty.kind().fn_def() {
+            // Add an instance.
+            let instance = Instance::resolve(fn_def, args).unwrap();
+            self.add_instance(instance);
+        }
+    }
+}

demo/rustc_driver/tests/basic/Cargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "demo"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]

demo/rustc_driver/tests/basic/src/lib.rs

@@ -0,0 +1,29 @@
+#![feature(register_tool)]
+#![register_tool(tag_std)]
+
+use std::slice;
+
+#[tag_std::unreachable]
+pub unsafe fn test() {
+    println!("unreachable!");
+}
+
+pub struct MyStruct {
+    ptr: *mut u8,
+    len: usize,
+}
+impl MyStruct {
+    pub fn from(p: *mut u8, l: usize) -> MyStruct {
+        MyStruct { ptr: p, len: l }
+    }
+    ///contract(!Null(self.ptr); Align(self.ptr, u8); Allocated(self.ptr, u8, self.len, *); Init(self.ptr, u8, self.len, *); ValidInt(self.len*sizeof(u8), [0,isize::MAX]); Alias(self.ptr, *);
+    #[tag_std::contract(
+        !Null(self.ptr) && Align(self.ptr, u8) &&
+        Allocated(self.ptr, u8, self.len, *) && Init(self.ptr, u8, self.len, *) &&
+        ValidInt(self.len*sizeof(u8), [0,isize::MAX]) && Alias(self.ptr, *)
+    )]
+    #[allow(clippy::mut_from_ref)]
+    pub unsafe fn get(&self) -> &mut [u8] {
+        unsafe { slice::from_raw_parts_mut(self.ptr, self.len) }
+    }
+}

demo/rustc_driver/tests/basic/src/main.rs

@@ -0,0 +1,10 @@
+#![feature(vec_into_raw_parts)]
+#![allow(unused_variables)]
+
+use demo::MyStruct;
+
+fn main() {
+    let (p, l, _c) = Vec::new().into_raw_parts();
+    let a = MyStruct::from(p, l);
+    println!("{:?}", unsafe { a.get() });
+}