Migrate C code to Rust

Not having any luck because aarch64-apple-darwin doesn't exist for 2019-12-05.

$ rustup install nightly-2019-12-05
info: syncing channel updates for 'nightly-2019-12-05-aarch64-apple-darwin'
info: latest update on 2019-12-05, rust version 1.41.0-nightly (6d77e45f0 2019-12-04)
error: target 'aarch64-apple-darwin' not found in channel.  Perhaps check https://doc.rust-lang.org/nightly/rustc/platform-support.html for available targets

Attempting with a current nightly:

$ rustup component add --toolchain nightly rustfmt rustc-dev
info: component 'rustfmt' for target 'aarch64-apple-darwin' is up to date
info: component 'rustc-dev' for target 'aarch64-apple-darwin' is up to date
$ cargo +nightly install c2rust
...
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.asan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.lsan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.tsan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.asan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.lsan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.tsan.dylib'
error[E0463]: can't find crate for `rustc`

Unsurprisingly, same error trying to build locally:

$ git tag --sort=creatordate | tail -n 1
0.15.1
$ git checkout 0.15.1
HEAD is now at 63848a29 Update c2rust-asm-casts to 0.2.0
$ cargo +nightly build --release
   Compiling c2rust-ast-builder v0.15.0 (/Users/n8henrie/git/c2rust/c2rust-ast-builder)
   Compiling pathdiff v0.1.0
   Compiling json v0.12.0
   Compiling strum v0.16.0
   Compiling pulldown-cmark v0.6.1
   Compiling strum v0.15.0
   Compiling glob v0.2.11
   Compiling maplit v1.0.2
   Compiling is-match v0.1.0
   Compiling open v1.3.2
   Compiling c2rust-asm-casts v0.2.0 (/Users/n8henrie/git/c2rust/c2rust-asm-casts)
   Compiling libc v0.2.66
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.asan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.lsan.dylib'
   Compiling proc-macro2 v1.0.6
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.tsan.dylib'
   Compiling syn v1.0.11
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.asan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.lsan.dylib'
WARN rustc_metadata::locator no metadata found: incompatible metadata version found: '/Users/n8henrie/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.tsan.dylib'
error[E0463]: can't find crate for `rustc`
 --> c2rust-ast-builder/src/lib.rs:2:1
  |
2 | extern crate rustc;
  | ^^^^^^^^^^^^^^^^^^^ can't find crate

For more information about this error, try `rustc --explain E0463`.
error: could not compile `c2rust-ast-builder` due to previous error
warning: build failed, waiting for other jobs to finish...
error: build failed

Is there a toolchain available for aarch64-apple-darwin that I can use to build / install c2rust?

Supercedes #513.

I kept behavior identical (at least I meant to) during this update, even if it may make more sense to relax a match or avoid an .unwrap() now. We can fix those later if we determine it is correct to do so. These places I marked with TODOs.

I fixed almost all of the errors that came up with upgrading rustc; many were similar/the same to #513, but there are a few left in c2rust-analyze that I was unsure how to handle. Some enums got more variants, and I'm not sure how we should handle those in matches, as that's new behavior. @spernsteiner, if you can help with those, that'd be great!

There is no good way to perform syntax-directed translation of all possible C functions using va_list into a corresponding Rust function using std::ffi::VaList::copy. VaLists copy has the following signature:

pub unsafe fn copy<F, R>(&self, f: F) -> R
            where F: for<'copy> FnOnce(VaList<'copy>) -> R;

copy takes a closure whose input VaList cannot outlive the closure (e.g. it cannot be passed back as a result of the closure). This is so that va_end can be called on the input VaList once the closure returns.

Since copy takes an immutable reference to the original va_list and std::ffi::VaList::arg requires a mutable reference, it is not possible to call std::ffi::VaList::arg inside the closure passed to copy. Therefore, a C function that calls va_arg on two va_lists (with one being a va_copy of the other) in the same basic block, cannot be expressed using the current Rust variadic function API

Fixes https://github.com/immunant/c2rust/issues/448 and should fix https://github.com/immunant/c2rust/issues/488.

Overview

This reimplements c2rust-instrument by invoking cargo as a subcommand, overriding $RUSTC_WRAPPER.

Implementation

More specifically, instead of using cargo as a dependency, which is enormous (very long compile times) and causes some compilation issues (https://github.com/immunant/c2rust/issues/488), we invoke cargo as a subcommand. This also has the advantage of using the correct rustup cargo wrapper so that it resolves correctly. See https://github.com/immunant/c2rust/issues/448 for a more detailed explanation of why this is a better approach and why other tools like clippy and miri do it this way.

Then we set $RUSTC_WRAPPER to our own binary. We use $RUSTC_WRAPPER to detect if we're being invoked as a cargo or rustc wrapper.

If we're the cargo wrapper, we:

• parse args using clap derive (https://github.com/immunant/c2rust/issues/395)
• run cargo as a subcommand, passing:
  • the cargo args as is (so all normal cargo invocations all work)
  • our own executable as $RUSTC_WRAPPER
  • the metadata path in $C2RUST_INSTRUMENT_METADATA

If we're the rustc wrapper, we:

• determine if we should instrument the current rustc command if $CARGO_PRIMARY_PACKAGE is set
• run RunCompiler::new(...).run() with our MirTransformCallbacks, or TimePassesCallbacks::default() (rustc's default) if not instrumenting
• then save the metadata to the metadata file

Note that we have to pass the --sysroot to RunCompiler as normally rustc looks this up relative to its executable's location, which works when the rustup rustc wrapper resolves to the toolchain-specific rustc, but since we're using RunCompiler directly and being rustc, we need to explicitly set the sysroot.

Usage Changes

Instead of passing c2rust_analysis_rt as an --extern and running cargo separately to compile it, we just add it as a normal, optional dependency to the crate we're instrumenting. In this way, it's similar to libc, which can be externed as it's in the sysroot, but the preferred way is to specify it as a normal dependency. Thus, we can also drop the runtime argument that seemed odd to have to specify to c2rust instrument.

The existing c2rust-instrument binary in the c2rust package is now gone (along with its --features dynamic-instrumentation), replaced by the new c2rust-instrument binary in dynamic-instrumentation/src/bin.rs (the crate has also been renamed to c2rust-instrument). Now, c2rust_instrument no longer exposes a library crate, and is purely a binary crate. This is because there's no way to use c2rust-instrument not as a binary, as it invokes itself and thus needs control over main to function correctly.

This does cause a slight change in that c2rust no longer sees the instrument.yaml; only c2rust-instrument does. This could potentially hurt shell autocompletion in the future (not currently implemented), but the drawbacks seems slim. Instead, we don't need to remember --features dynamic-instrumentation as a simple cargo build builds everything. And we've upgraded to a superior clap 3 derive parser, not the deprecated YAML parser.

Fast!

Furthermore, now that we use cargo normally and include c2rust_analysis_rt as a normal dependency, we can delete only the main binary (with cargo clean --package), forcing it to be rebuilt and re-instrumented. Most of the time building used to be in building c2rust_analysis_rt, and on the fast donna, was ~15 seconds for c2rust instrument. Now it takes only ~0.5 seconds, 30x faster.

Also enabling this is using a separate $CARGO_TARGET_DIR: instrument.target instead of the default target. This allows builds not to conflict with normal, non-instrumented builds using cargo build, so we don't need to cargo clean everything every time.

Thus, we now also unconditionally instrument (in pdg.sh). Before, we only did when the c2rust-instrument binary changed, but this missed changes to the instrumented crate. Now that it's fast enough, we just always instrument.

Previously, I was working on getting incremental instrumentation to work, but that proved harder than I thought for the corner cases (which did pop up). With this change, we remove the largest block to fast iteration times, so I think we don't need incremental instrumentation at all until we get to iterating on small edits in large instrumented crates.

Fixes and Improvements

• https://github.com/immunant/c2rust/issues/448: the primary fix. Now we can specify any cargo args, such as build, run, test, --release, etc.
• https://github.com/immunant/c2rust/issues/488: should be fixed as the offending cargo dependency is removed, but needs to be tested by @boyland-pf.
• We can remove pretty-instrument-err.mjs and get-binary-names-from-cargo-metadata.mjs, the temporary node scripts.
  Thus, we can remove all node dependencies.
• With enough polishing, we may be able to entirely get rid of pdg.sh.
• The cargo dependency is dropped, saving a lot on compile time, as it is a huge dependency.
• The --features dynamic-instrumentation is removed, so a simple cargo build works for everything now.

Starts to f ix https://github.com/immunant/c2rust/issues/477.

This adds --all-features/--features dynamic-instrumentation, cargo fmt --check, cargo check, cargo test, cargo doc, and RUSTFLAGS=-Dwarnings to CI. Only cargo clippy is left.

This adds about 5 minutes to CI, going from 10-15 minutes to 15-25 minutes. This is mainly from:

• cargo check --all-features: ~5 minutes
• cargo test: ~3 minutes (mostly pdg snapshot and static analysis tests)

On the other hand, these take practically no time:

• cargo fmt --check: 1 second
• cargo doc --no-deps: 6 seconds

Previous we only had:

• [x] cargo build
• [x] ./scripts/test_translator.py tests/

Now we have added:

• [x] cargo fmt --check
• [x] RUSTFLAGS='-D warnings' cargo check --all-features
• [x] RUSTFLAGS='-D warnings' cargo build
• [x] RUSTFLAGS='-D warnings' cargo test
• [x] RUSTDOCFLAGS='-D warnings' cargo doc --all-features --document-private-items

We still have these to go:

• [ ] RUSTFLAGS='-D warnings' cargo clippy --tests --all --all-features (includes cargo check): https://github.com/immunant/c2rust/issues/474

For commands that check only and do not run (cargo check, cargo doc), we specify --all-features, which is equivalent to --features llvm-static. But for commands that do build/run (cargo build, cargo test), we don't specify --all-features as we don't want to test --features llvm-static by default, and it doesn't work on the Arch and Fedora docker images (see https://github.com/immunant/c2rust/issues/500).

Currently, cargo test -p c2rust-analyze is excluded as it fails on some OSes in CI (https://github.com/immunant/c2rust/issues/593). It will be re-enabled once that's fixed, but I want to get cargo test into CI as soon as possible.

example:

#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>

uintptr_t virt_to_phys(void* virt) {
	long pagesize = sysconf(_SC_PAGESIZE);
	int fd = open("/proc/self/pagemap", O_RDONLY);
	lseek(fd, (uintptr_t) virt / pagesize * sizeof(uintptr_t), SEEK_SET);
	uintptr_t phy = 0;
	read(fd, &phy, sizeof(phy));
	return (phy & 0x7fffffffffffffULL) * pagesize + ((uintptr_t) virt) % pagesize;
}

is translated to

#![allow(dead_code,
         mutable_transmutes,
         non_camel_case_types,
         non_snake_case,
         non_upper_case_globals,
         unused_assignments,
         unused_mut)]
extern crate libc;
extern "C" {
    #[no_mangle]
    fn read(__fd: libc::c_int, __buf: *mut libc::c_void, __nbytes: size_t)
     -> ssize_t;
    #[no_mangle]
    fn sysconf(__name: libc::c_int) -> libc::c_long;
    #[no_mangle]
    fn open(__file: *const libc::c_char, __oflag: libc::c_int, _: ...)
     -> libc::c_int;
}
(...)
#[no_mangle]
pub unsafe extern "C" fn virt_to_phys(mut virt: *mut libc::c_void)
 -> intptr_t {
    let mut pagesize: libc::c_long = sysconf(_SC_PAGESIZE as libc::c_int);
    let mut fd: libc::c_int =
        open(b"/proc/self/pagemap\x00" as *const u8 as *const libc::c_char,
             0i32);
    let mut phy: intptr_t = 0i32 as intptr_t;
    read(fd, &mut phy as *mut intptr_t as *mut libc::c_void,
         ::std::mem::size_of::<intptr_t>() as libc::c_ulong);
    panic!("Reached end of non-void function without returning");
}

Checks whether nodes flow to loads/stores/offsets, and whether they are unique.

Uniqueness of node X is determined based on whether there is a node Y which

• is X's ancestor through copies, fields, and offsets
• is a node Z's ancestor through copies, fields, offsets, where the fields are the same between X and Z
• Z is chronologically between X and X's last descendent

Fixes https://github.com/immunant/c2rust/issues/516.

Rustup is useful to install our dependencies at the versions we need, but we don't need to explicitly depend on it; users may install dependencies other ways, too.

This PR introduces the path! macro which can be used like

let p: syn::Path = path![::core::ptr::null_mut];
let e: syn::Expr = path![Vec::new];
let t: syn::Type = path![::libc::c_char];

It can output any type T which has impl Make<T> for Path. Currently this means Path, Type and Expr. Currently the macro supports only simple raw paths, i.e. no variable interpolation (only literal identifiers), no qualified self and no generic parameters. The restriction on simple interpolation of variables may be lifted in a later PR. The restriction on qualified self and generics will likely no be lifted, since they seem far beyond the capabilities of reasonable declarative macros.

This PR also adds impl Make<Path> for slices and arrays. This allows to avoid unnecessary allocations when creating paths (almost all paths created by the transpiler have a statically known size). As an extra benefit, switching from vec![..] to [..] construction looks more lightweight, and allows processing of the array by rustfmt (vec! calls are not formatted properly in general).

This PR also specializes the methods of Builder with respect to most generic parameters. Those generics were redundant since each position could be occupied only by a single specific type. E.g. Make<Box<Expr>> is implemented only by Box<Expr>, so that is always the type of impl Make<Box<Expr>> arguments.

Specializing those generic parameters has no restriction on the practical usability of the API, and it in fact makes it more flexible: generic parameters break type inference. If I have fn foo<T: Trait>(t: T) and fn bar<R>() -> R, then foo(bar()) will result in a compile error since the type of R is generally impossible to infer. The type inference is heavily used by the path! macro to overload on the return type.

As a bonus, specializing the parameters allows to remove a significant number of redundant explicit type casts. It also results in better compile speed (generics aren't fully compiled in the defining crate, and are instantiated separately in each codegen unit). The speed benefit is minor, but a nice touch.

I added a script, ./scripts/pdg.sh <test crate root> <args...>, that instruments and runs a test crate, such as analysis/test or lighttpd. This is a more generic version of @aneksteind's saved command.

• It only re-builds/instruments if the c2rust-instrument binary is newer than metadata.bc.
• It saves the c2rust instrument output to instrument.{out,err}.log and the pdg output to pdg.log.
• It supresses the many warnings from the test crate with RUSTFLAGS="-Awarnings".
• It uses ./scripts/get-get-binary-names-from-cargo-metadata.mjs to parse cargo metadata to know what default binary targets to run (because cargo run doesn't work with the instrumented binary).

Then I cleaned up a bunch of things:

• Removed unused imports.
• _-prefixed unused variables, functions, types, etc.
• Ran rustfmt. Now everything builds without warnings.

And then I refactored some things in c2rust_pdg:

• Switched to using the RAII c2rust_analysis_rt::Runtime instead of initialize and finalize calls.
• Added anyhow for error-handling instead of .unwrap()ing everywhere.
• Made EVENT_TRACE_FILE_PATH a normal variable in fn main instead of a lazy_static!, since it's only used once.
• Gave some variables more expressive names.
• Used new inline formatting strings (e.x. "{x:?}").
• Skipped some String allocs that were unneeded.
• Switched an Into impl to a From one.
• Fixed doc comments on newtype_index! types.
• #[derive(Default)]ed some structs that had similar new methods.
• Refactored read_event_log to use iter::from_fn, which is way cleaner.
• Added use EventKind::* wildcard imports right before large matches to reduce boilerplate.
• Added a trait EventKindExt impled for EventKind for all the functions that took an &EventKind that were method-like.
• Refactored has_parent out of parent (previously get_parent_object), since it only returned None or Some(obj).
• Replaced uses of usize that were really Pointer (c2rust_analysis_rt::Pointer) with Pointer for clarity.
• Removed some unnecessary .clone()s (as in they were no-ops).
• Switched &Vec<_> args to &[_].

We want to track usage of the memory of address-taken locals in dynamic analysis and in the pointer derivation graph for static analysis. This adds support for that. This also tracks operations on the local's memory even before the local becomes address-taken. Additionally, support for address-taken arguments have been added. Taking references of locals with & and &mut are also considered taking their address.

Support for address-taken locals is done in three stages: identifying where address-taken locals get their address taken, a rewriting stage, and post-processing. The first two stages are accomplished in dynamic analysis with the introduction of two new MIR visitors and the last occurs during construction of the pointer derivation graph.

The first traverses the AST and identifies where locals have their addresses taken and stores that information in a data structure for reference in the next stage. The next stage is another MIR visit that rewrites all address-taken locals in terms of their address. For example, if _x is an address-taken local and _y stores its address, _x is rewritten as *_y. These two stages are conducted before instrumentation points are collected in the third and final MIR visitor.

The final stage ensures that all duplicate instances of taking the address of a particular local are treated as copies of its address.

Below are a few examples of what is now supported:

pub fn test_addr_taken() {
    let x = 2;
    let y = 2 + x;
    let px = std::ptr::addr_of!(x);
    let z = x + y;
}

pub fn test_addr_taken_cond(cond: bool) {
    // let x = if cond { ... } else { ... }; ... &x ...
    let x = if cond { 1 } else { 2 };
    let y = &x;
    let a = x;
}

pub fn test_addr_taken_init_cond(cond: bool) {
    // let mut x; if cond { x = 1; ... &x ... }; x = 2; ... &x ...
    let mut x;
    let mut y;
    if cond {
        x = 1;
        y = &x;
    }
    x = 2;
    let z = x;
}

#[no_mangle]
pub fn test_addr_taken_loop() {
    // loop { let x = ...; ... &x ... }
    let mut count = 0;
    loop {
        let x = 2;
        let z = if count % 2 == 0 { &x } else { &1 };
        if count >= 3 {
            break;
        }
        count += *z;
    }
}

#[no_mangle]
pub fn test_addr_taken_arg(mut t: T) {
    t.field3 = 0 as *const S;
    let z = &t;
}

This adds support for generating concrete Origins to pass to polonius for each ADT lifetime parameter and resolving lifetime parameters to those origins when visiting the MIR body. It also adds support for ADT field pointer permissions.

There are three stages to making this possible:

1. gather hypothetical (i.e. pointer-based) and actual (reference-based) lifetimes
2. generating concrete origins
3. resolving lifetime parameters when visiting the MIR body

Stage 1 runs in a loop and gathers ADT metadata. The loop terminates when a fixed point is reached, as determined by changes in the ADT metadata. This approach is to handle ADTs that are recursive and/or mutually recursive.

Stage 2 generates one concrete Origin per ADT lifetime parameter, per MIR local. When grabbing the Origin of a given struct field, even nested ones, it is one of these concrete origins that will be returned.

Stage 3 traces the concrete Origins generated for each ADT lifetime parameter all the way to the last projection / field access. It does this by updating a mapping for each projection element visited.

TODO

• [ ] add snapshot testing to origin-labeled output

A request to add support or skip support for the functionality of casting regular types to a atomic type feature.

Error:

thread 'main' panicked at 'Unsupported implicit cast: NonAtomicToAtomic', /.../c2rust-transpile-0.16.0/src/c_ast/conversion.rs:167:14

Clang Version: Ubuntu clang version 14.0.0-1ubuntu1 Target: x86_64-pc-linux-gnu Thread model: posix

File Link: https://github.com/immunant/c2rust/blob/master/c2rust-transpile/src/c_ast/conversion.rs

When transpiled code contains C11's _Generic macros, this warns:

warning: c2rust: Encountered unsupported generic selection expression

Please consider adding support for this.

As I assume it's not easy to add, and RIOT-OS might be one of the few users (for many other use cases of C2Rust are about converting legacy code bases that don't use modern C features), I'll perfectly understand if this is a low priority issue -- in that case, the issue still serves tracking purposes (I can reference it in workarounds, and see that the workarounds can be removed when this is closed), and to collect any workaround pointers.

Tested with c2rust 0.16.0

#include <stdio.h>
#include <string.h>

int one = 1;

int main(void) {
  char *p;
  if (one) {
    p = __builtin_alloca(100);
  }
  strcpy(p, "Hello, world!");
  puts(p);
}

This is a program that has no memory errors. The if (one) is guaranteed to be entered, though the compiler cannot see that, and the result of __builtin_alloca persists until the function ends, even after the block has ended.

It is translated to the following Rust code:

#![allow(dead_code, mutable_transmutes, non_camel_case_types, non_snake_case, non_upper_case_globals, unused_assignments, unused_mut)]
#![register_tool(c2rust)]
#![feature(register_tool)]
use ::c2rust_out::*;
extern "C" {
    fn puts(__s: *const libc::c_char) -> libc::c_int;
    fn strcpy(_: *mut libc::c_char, _: *const libc::c_char) -> *mut libc::c_char;
}
#[no_mangle]
pub static mut one: libc::c_int = 1 as libc::c_int;
unsafe fn main_0() -> libc::c_int {
    let mut p: *mut libc::c_char = 0 as *mut libc::c_char;
    if one != 0 {
        let mut fresh0 = ::std::vec::from_elem(
            0,
            100 as libc::c_int as libc::c_uint as usize,
        );
        p = fresh0.as_mut_ptr() as *mut libc::c_char;
    }
    strcpy(p, b"Hello, world!\0" as *const u8 as *const libc::c_char);
    puts(p);
    return 0;
}
pub fn main() {
    unsafe { ::std::process::exit(main_0() as i32) }
}

Note here the let mut fresh0 = ::std::vec::from_elem(0, 100 as libc::c_int as libc::c_uint as usize); in block scope. Here, unlike in the C program, the vec will be dropped when the block is exited, and p is left a dangling pointer.

A possible corrected translation would be to make fresh0 a function-scope variable.

Tested using c2rust 0.16.0

struct S {
  int i : 4;
} s;

int main(void) {
  int x = s.i++;
  int y = --s.i;
  return x + y;
}

This program returns zero. It is translated to a Rust program that returns -1.

The generated Rust code is

#![allow(dead_code, mutable_transmutes, non_camel_case_types, non_snake_case, non_upper_case_globals, unused_assignments, unused_mut)]
#![register_tool(c2rust)]
#![feature(register_tool)]
#[macro_use]
extern crate c2rust_bitfields;
use ::c2rust_out::*;
#[derive(Copy, Clone, BitfieldStruct)]
#[repr(C)]
pub struct S {
    #[bitfield(name = "i", ty = "libc::c_int", bits = "0..=3")]
    pub i: [u8; 1],
    #[bitfield(padding)]
    pub c2rust_padding: [u8; 3],
}
#[no_mangle]
pub static mut s: S = S {
    i: [0; 1],
    c2rust_padding: [0; 3],
};
unsafe fn main_0() -> libc::c_int {
    let ref mut fresh0 = s.i();
    let fresh1 = *fresh0;
    *fresh0 = *fresh0 + 1;
    let mut x: libc::c_int = fresh1;
    s.set_i(s.i() - 1);
    let mut y: libc::c_int = s.i();
    return x + y;
}
pub fn main() {
    unsafe { ::std::process::exit(main_0() as i32) }
}

Note here the *fresh0 = *fresh0 + 1;. This does not have the desired effect of modifying s.i. Instead, it modifies the temporary returned by s.i(), a temporary which is never again used after being assigned to.

The pre-decrement, on the other hand, is correctly translated into a call to s.set_i.

One possible corrected translation would be

unsafe fn main_0() -> libc::c_int {
    let fresh0 = s.i();
    s.set_i(fresh0 + 1);
    let mut x: libc::c_int = fresh0;
    s.set_i(s.i() - 1);
    let mut y: libc::c_int = s.i();
    return x + y;
}