Lint against &T to &mut T and &T to &UnsafeCell<T> transmutes#118446
Closed
ChayimFriedman2 wants to merge 1 commit intorust-lang:masterfrom
Closed
Lint against &T to &mut T and &T to &UnsafeCell<T> transmutes#118446ChayimFriedman2 wants to merge 1 commit intorust-lang:masterfrom
&T to &mut T and &T to &UnsafeCell<T> transmutes#118446ChayimFriedman2 wants to merge 1 commit intorust-lang:masterfrom
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds the lint against
&T->&UnsafeCell<T>transmutes, and also check in struct fields.The code is quite complex; I've tried my best to simplify and comment it.
This is missing one parts: array transmutes. When transmuting an array, this only consider the first element. The reason for that is that the code is already quite complex, and I didn't want to complicate it more. This catches the most common pattern of transmuting an array into an array of the same length with type of the same size; more complex cases are likely not properly handled. We could take a bigger sample, for example the first and last elements to increase the chance that the lint will catch mistakes, but then the runtime complexity becomes exponential with the nesting of the arrays (
[[[[[T; 2]; 2]; 2]; 2]; 2]has complexity of O(2**5), for instance).Fixes #111229.
I've made this a deny-by-default and the wording says it's immediate UB, but from what I understand, under Tree Borrows this is not UB? CC rust-lang/unsafe-code-guidelines#303. So maybe we should make this warn-by-default and make the wording less strong. But #111229 says it causes miscompilations... So I'm not sure what is really the situation.
This also doesn't handle other ways of doing the transmute, such as via pointer casts. A fix for that should be quite simple, but I left it out for future PR.