diff options
| author | Michael Goulet <michael@errs.io> | 2025-05-25 15:57:10 +0000 |
|---|---|---|
| committer | Michael Goulet <michael@errs.io> | 2025-05-25 15:57:48 +0000 |
| commit | 295a8d56f5a7d200599d587fb52bf217b9aee363 (patch) | |
| tree | a27cea9b8aa90423d0b15615c41ad49371aec5fc /compiler/rustc_lint | |
| parent | 5370c5753f3f769d27832f81ceefd4141ba1ee0c (diff) | |
| download | rust-295a8d56f5a7d200599d587fb52bf217b9aee363.tar.gz rust-295a8d56f5a7d200599d587fb52bf217b9aee363.zip | |
Make UNNECESSARY_TRANSMUTES into a HIR lint
Diffstat (limited to 'compiler/rustc_lint')
| -rw-r--r-- | compiler/rustc_lint/src/transmute.rs | 232 |
1 files changed, 204 insertions, 28 deletions
diff --git a/compiler/rustc_lint/src/transmute.rs b/compiler/rustc_lint/src/transmute.rs index 8395bcf7cad..bc1d4587d07 100644 --- a/compiler/rustc_lint/src/transmute.rs +++ b/compiler/rustc_lint/src/transmute.rs @@ -1,6 +1,9 @@ +use rustc_errors::Applicability; use rustc_hir::def::{DefKind, Res}; +use rustc_hir::def_id::LocalDefId; use rustc_hir::{self as hir}; use rustc_macros::LintDiagnostic; +use rustc_middle::ty::{self, Ty}; use rustc_session::{declare_lint, impl_lint_pass}; use rustc_span::sym; @@ -40,13 +43,37 @@ declare_lint! { "detects pointer to integer transmutes in const functions and associated constants", } +declare_lint! { + /// The `unnecessary_transmutes` lint detects transmutations that have safer alternatives. + /// + /// ### Example + /// + /// ```rust + /// fn bytes_at_home(x: [u8; 4]) -> u32 { + /// unsafe { std::mem::transmute(x) } + /// } + /// ``` + /// + /// {{produces}} + /// + /// ### Explanation + /// + /// Using an explicit method is preferable over calls to + /// [`transmute`](https://doc.rust-lang.org/std/mem/fn.transmute.html) as + /// they more clearly communicate the intent, are easier to review, and + /// are less likely to accidentally result in unsoundness. + pub UNNECESSARY_TRANSMUTES, + Warn, + "detects transmutes that can also be achieved by other operations" +} + pub(crate) struct CheckTransmutes; -impl_lint_pass!(CheckTransmutes => [PTR_TO_INTEGER_TRANSMUTE_IN_CONSTS]); +impl_lint_pass!(CheckTransmutes => [PTR_TO_INTEGER_TRANSMUTE_IN_CONSTS, UNNECESSARY_TRANSMUTES]); impl<'tcx> LateLintPass<'tcx> for CheckTransmutes { fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx hir::Expr<'tcx>) { - let hir::ExprKind::Call(callee, _) = expr.kind else { + let hir::ExprKind::Call(callee, [arg]) = expr.kind else { return; }; let hir::ExprKind::Path(qpath) = callee.kind else { @@ -59,41 +86,190 @@ impl<'tcx> LateLintPass<'tcx> for CheckTransmutes { return; }; let body_owner_def_id = cx.tcx.hir_enclosing_body_owner(expr.hir_id); - let Some(context) = cx.tcx.hir_body_const_context(body_owner_def_id) else { - return; - }; + let const_context = cx.tcx.hir_body_const_context(body_owner_def_id); let args = cx.typeck_results().node_args(callee.hir_id); let src = args.type_at(0); let dst = args.type_at(1); - // Check for transmutes that exhibit undefined behavior. - // For example, transmuting pointers to integers in a const context. - // - // Why do we consider const functions and associated constants only? - // - // Generally, undefined behavior in const items are handled by the evaluator. - // But, const functions and associated constants are evaluated only when referenced. - // This can result in undefined behavior in a library going unnoticed until - // the function or constant is actually used. - // - // Therefore, we only consider const functions and associated constants here and leave - // other const items to be handled by the evaluator. - if matches!(context, hir::ConstContext::ConstFn) - || matches!(cx.tcx.def_kind(body_owner_def_id), DefKind::AssocConst) - { - if src.is_raw_ptr() && dst.is_integral() { - cx.tcx.emit_node_span_lint( - PTR_TO_INTEGER_TRANSMUTE_IN_CONSTS, - expr.hir_id, - expr.span, - UndefinedTransmuteLint, - ); - } + check_ptr_transmute_in_const(cx, expr, body_owner_def_id, const_context, src, dst); + check_unnecessary_transmute(cx, expr, callee, arg, const_context, src, dst); + } +} + +/// Check for transmutes that exhibit undefined behavior. +/// For example, transmuting pointers to integers in a const context. +/// +/// Why do we consider const functions and associated constants only? +/// +/// Generally, undefined behavior in const items are handled by the evaluator. +/// But, const functions and associated constants are evaluated only when referenced. +/// This can result in undefined behavior in a library going unnoticed until +/// the function or constant is actually used. +/// +/// Therefore, we only consider const functions and associated constants here and leave +/// other const items to be handled by the evaluator. +fn check_ptr_transmute_in_const<'tcx>( + cx: &LateContext<'tcx>, + expr: &'tcx hir::Expr<'tcx>, + body_owner_def_id: LocalDefId, + const_context: Option<hir::ConstContext>, + src: Ty<'tcx>, + dst: Ty<'tcx>, +) { + if matches!(const_context, Some(hir::ConstContext::ConstFn)) + || matches!(cx.tcx.def_kind(body_owner_def_id), DefKind::AssocConst) + { + if src.is_raw_ptr() && dst.is_integral() { + cx.tcx.emit_node_span_lint( + PTR_TO_INTEGER_TRANSMUTE_IN_CONSTS, + expr.hir_id, + expr.span, + UndefinedTransmuteLint, + ); } } } +/// Check for transmutes that overlap with stdlib methods. +/// For example, transmuting `[u8; 4]` to `u32`. +/// +/// We chose not to lint u8 -> bool transmutes, see #140431. +fn check_unnecessary_transmute<'tcx>( + cx: &LateContext<'tcx>, + expr: &'tcx hir::Expr<'tcx>, + callee: &'tcx hir::Expr<'tcx>, + arg: &'tcx hir::Expr<'tcx>, + const_context: Option<hir::ConstContext>, + src: Ty<'tcx>, + dst: Ty<'tcx>, +) { + let callee_span = callee.span.find_ancestor_inside(expr.span).unwrap_or(callee.span); + let (sugg, help) = match (src.kind(), dst.kind()) { + // dont check the length; transmute does that for us. + // [u8; _] => primitive + (ty::Array(t, _), ty::Uint(_) | ty::Float(_) | ty::Int(_)) + if *t.kind() == ty::Uint(ty::UintTy::U8) => + { + ( + Some(vec![(callee_span, format!("{dst}::from_ne_bytes"))]), + Some( + "there's also `from_le_bytes` and `from_be_bytes` if you expect a particular byte order", + ), + ) + } + // primitive => [u8; _] + (ty::Uint(_) | ty::Float(_) | ty::Int(_), ty::Array(t, _)) + if *t.kind() == ty::Uint(ty::UintTy::U8) => + { + ( + Some(vec![(callee_span, format!("{src}::to_ne_bytes"))]), + Some( + "there's also `to_le_bytes` and `to_be_bytes` if you expect a particular byte order", + ), + ) + } + // char → u32 + (ty::Char, ty::Uint(ty::UintTy::U32)) => { + (Some(vec![(callee_span, "u32::from".to_string())]), None) + } + // char (→ u32) → i32 + (ty::Char, ty::Int(ty::IntTy::I32)) => ( + Some(vec![ + (callee_span, "u32::from".to_string()), + (expr.span.shrink_to_hi(), ".cast_signed()".to_string()), + ]), + None, + ), + // u32 → char + (ty::Uint(ty::UintTy::U32), ty::Char) => ( + Some(vec![(callee_span, "char::from_u32_unchecked".to_string())]), + Some("consider using `char::from_u32(…).unwrap()`"), + ), + // i32 → char + (ty::Int(ty::IntTy::I32), ty::Char) => ( + Some(vec![ + (callee_span, "char::from_u32_unchecked(i32::cast_unsigned".to_string()), + (expr.span.shrink_to_hi(), ")".to_string()), + ]), + Some("consider using `char::from_u32(i32::cast_unsigned(…)).unwrap()`"), + ), + // uNN → iNN + (ty::Uint(_), ty::Int(_)) => { + (Some(vec![(callee_span, format!("{src}::cast_signed"))]), None) + } + // iNN → uNN + (ty::Int(_), ty::Uint(_)) => { + (Some(vec![(callee_span, format!("{src}::cast_unsigned"))]), None) + } + // fNN → usize, isize + (ty::Float(_), ty::Uint(ty::UintTy::Usize) | ty::Int(ty::IntTy::Isize)) => ( + Some(vec![ + (callee_span, format!("{src}::to_bits")), + (expr.span.shrink_to_hi(), format!(" as {dst}")), + ]), + None, + ), + // fNN (→ uNN) → iNN + (ty::Float(_), ty::Int(..)) => ( + Some(vec![ + (callee_span, format!("{src}::to_bits")), + (expr.span.shrink_to_hi(), ".cast_signed()".to_string()), + ]), + None, + ), + // fNN → uNN + (ty::Float(_), ty::Uint(..)) => { + (Some(vec![(callee_span, format!("{src}::to_bits"))]), None) + } + // xsize → fNN + (ty::Uint(ty::UintTy::Usize) | ty::Int(ty::IntTy::Isize), ty::Float(_)) => ( + Some(vec![ + (callee_span, format!("{dst}::from_bits")), + (arg.span.shrink_to_hi(), " as _".to_string()), + ]), + None, + ), + // iNN (→ uNN) → fNN + (ty::Int(_), ty::Float(_)) => ( + Some(vec![ + (callee_span, format!("{dst}::from_bits({src}::cast_unsigned")), + (expr.span.shrink_to_hi(), ")".to_string()), + ]), + None, + ), + // uNN → fNN + (ty::Uint(_), ty::Float(_)) => { + (Some(vec![(callee_span, format!("{dst}::from_bits"))]), None) + } + // bool → x8 in const context since `From::from` is not const yet + // FIXME: Consider arg expr's precedence to avoid parentheses. + // FIXME(const_traits): Remove this when `From::from` is constified. + (ty::Bool, ty::Int(..) | ty::Uint(..)) if const_context.is_some() => ( + Some(vec![ + (callee_span, "".to_string()), + (expr.span.shrink_to_hi(), format!(" as {dst}")), + ]), + None, + ), + // bool → x8 using `x8::from` + (ty::Bool, ty::Int(..) | ty::Uint(..)) => { + (Some(vec![(callee_span, format!("{dst}::from"))]), None) + } + _ => return, + }; + + cx.tcx.node_span_lint(UNNECESSARY_TRANSMUTES, expr.hir_id, expr.span, |diag| { + diag.primary_message("unnecessary transmute"); + if let Some(sugg) = sugg { + diag.multipart_suggestion("replace this with", sugg, Applicability::MachineApplicable); + } + if let Some(help) = help { + diag.help(help); + } + }); +} + #[derive(LintDiagnostic)] #[diag(lint_undefined_transmute)] #[note] |