Static analysis on Run-Time Lifetime Checking for Pr47 implementations

[chuigda]

Consider the following Rust function：

  fn foo(x: &mut S, y: &mut S) {
    /* ... */
  }

This function may be registered into Pr47 program, and then called by Pr47 code. Consider the following form, however:

  func call_foo() {
    var s S = new S();
    foo(s, s);
  }

s should be mutably shared to foo according to the share semantics of Pr47. Two mutable references to the same object may be introduced if the code above gets allowed, which is totally undefined behavior.

And then, consider the following Pr47 function:

  func bar(x Object) {
    x.y = 42;
  }

The function may be called by Rust, directly or indirectly:

  let object = Object::new();
  pr47_bar(&object);

The object passed in is not writable, while bar still modifies object. And this is also undefined hehavior.

In order to resolve the problem, Run-Time Lifetime Checker (RTLC) was introduced into Pr47. When performing some operation, Pr47 checks and updates lifetimes of related operands. However, if we always need check for any operations, program performance will suffer. Fortunately RTLC is somewhat cheaper than type checking in other languages, and we've optimized the bench_simple_call to 7.5ms/1M calls. Performance can still be improved with certain static analysis, however.