Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a lint for implicit autoref of raw pointer dereference - take 2 #123239

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Implement a lint for implicit autoref of raw pointer dereference - take 2 #123239

wants to merge 3 commits into from
470 −3

Conversation

Urgau
Copy link
Member

@Urgau Urgau commented Mar 30, 2024
edited by fmease
Loading

This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on #103735 with suggestion and improvements from #103735 (comment).

The goal is to catch cases like this, where the user probably doesn't realise it just created a reference.

pub struct Test {
    data: [u8],
}

pub fn test_len(t: *const Test) -> usize {
    unsafe { (*t).data.len() }  // this calls <[T]>::len(&self)
}

Since #103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang.

Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be:

  1. A deref followed by any non-deref place projection (that intermediate deref will typically be auto-inserted)
  2. A method call annotated with #[rustc_no_implicit_refs].
  3. A deref followed by a addr_of! or addr_of_mut!. See bottom of post for details.

There are several points that are not 100% clear to me when implementing the modifications:

  • "4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?
  • Are "index" and "field" enough?

cc @JakobDegen @WaffleLapkin
r? @RalfJung

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Mar 30, 2024
@rustbot
Copy link
Collaborator

rustbot commented Mar 30, 2024

The Miri subtree was changed

cc @rust-lang/miri

@RalfJung
Copy link
Member

Sorry, I can't take on more reviews currently.
r? compiler
(or feel free to pick someone specific who's suited)

@rustbot rustbot assigned fmease and unassigned RalfJung Mar 30, 2024
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from bb6ab41 to 2b3fe45 Compare March 30, 2024 17:17
@WaffleLapkin WaffleLapkin mentioned this pull request Mar 31, 2024
Closed
@WaffleLapkin WaffleLapkin mentioned this pull request Apr 13, 2024
Open
@bors

This comment was marked as outdated.

Sign in to view
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from 2b3fe45 to 57f6416 Compare May 14, 2024 17:22
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from 57f6416 to 824c1f5 Compare May 14, 2024 18:04
fmease
fmease reviewed May 15, 2024
View reviewed changes
compiler/rustc_lint/src/autorefs.rs
/// When working with raw pointers it's usually undesirable to create references,
/// since they inflict a lot of safety requirement. Unfortunately, it's possible
/// to take a reference to a dereference of a raw pointer implicitly, which inflicts
/// the usual reference requirements without you even knowing that.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// the usual reference requirements without you even knowing that.
/// the usual reference requirements potentially without you realizing that.

More neutral, less “condescending” imo.

tests/ui/lint/implicit_autorefs.stderr
Comment on lines 9 to 12
help: try using a raw pointer method instead; or if this reference is intentional, make it explicit
|
LL | addr_of!((&(*ptr))[..16])
|
Copy link
Member

@fmease fmease May 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While catching up with the comments posted in the now closed PR, I thought the plan was to avoid suggesting explicit borrows and to instead suggest #[allow]'ing the lint: Sth. like if this reference is intentional make it explicit by adding #[allow(implicit_unsafe_autorefs)].

CC 1st paragraph of #103735 (comment); #103735 (comment); #103735 (comment)

Copy link
Member Author

@Urgau Urgau May 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There has been concern from T-lang member about having only #[allow] as an option for lint, cc #118833 (comment) (and maybe a bit #122759 (comment)).

I think it would make sense to ask T-lang about this in the nomination, to see what they want, worst case it's just removing some code.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, nothing in #122759 is meant to imply that we shouldn't have lints whose suggestion is #[allow].

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to know. Thanks.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would make sense to ask T-lang about this in the nomination, to see what they want, worst case it's just removing some code.

@Urgau how do you want to proceed here, should we ask for T-lang feedback?

Copy link
Member

@fmease fmease Aug 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to nominate this for T-lang in any case -- once I've reviewed this PR ^^' I'll really try to get to it tonight.

@bors

This comment was marked as outdated.

Sign in to view
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from 824c1f5 to c2d6e62 Compare May 23, 2024 18:49
@bors

This comment was marked as outdated.

Sign in to view
@Dylan-DPC
Copy link
Member

@Urgau if you can rebase the latest conflicts we can push this forward and maybe get it reviewed by another reviewer

@Dylan-DPC Dylan-DPC added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 12, 2024
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from c2d6e62 to 78288af Compare August 12, 2024 15:49
@Urgau
Copy link
Member Author

Urgau commented Aug 12, 2024

@Dylan-DPC rebased.

@rustbot review

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Aug 12, 2024
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from 78288af to d060615 Compare October 9, 2024 13:58
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@Urgau Urgau force-pushed the dangerous_implicit_autorefs branch from d060615 to afe6661 Compare October 9, 2024 14:14
@fmease fmease mentioned this pull request Oct 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jieyouxu jieyouxu jieyouxu left review comments

@fmease fmease fmease left review comments

@tmandry tmandry tmandry left review comments

Assignees

@fmease fmease

Labels
S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@Urgau @rustbot @RalfJung @rust-log-analyzer @bors @Dylan-DPC @tmandry @fmease @jieyouxu