diff options
| -rw-r--r-- | compiler/rustc_lint/messages.ftl | 2 | ||||
| -rw-r--r-- | compiler/rustc_lint/src/cast_ref_to_mut.rs | 72 | ||||
| -rw-r--r-- | compiler/rustc_lint/src/lib.rs | 3 | ||||
| -rw-r--r-- | compiler/rustc_lint/src/lints.rs | 5 | ||||
| -rw-r--r-- | tests/ui/lint/cast_ref_to_mut.rs | 50 | ||||
| -rw-r--r-- | tests/ui/lint/cast_ref_to_mut.stderr | 64 |
6 files changed, 196 insertions, 0 deletions
diff --git a/compiler/rustc_lint/messages.ftl b/compiler/rustc_lint/messages.ftl index e707ac41a05..98fe3821947 100644 --- a/compiler/rustc_lint/messages.ftl +++ b/compiler/rustc_lint/messages.ftl @@ -155,6 +155,8 @@ lint_builtin_unused_doc_comment = unused doc comment lint_builtin_while_true = denote infinite loops with `loop {"{"} ... {"}"}` .suggestion = use `loop` +lint_cast_ref_to_mut = casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + lint_check_name_deprecated = lint name `{$lint_name}` is deprecated and does not have an effect anymore. Use: {$new_name} lint_check_name_unknown = unknown lint: `{$lint_name}` diff --git a/compiler/rustc_lint/src/cast_ref_to_mut.rs b/compiler/rustc_lint/src/cast_ref_to_mut.rs new file mode 100644 index 00000000000..84308d48c10 --- /dev/null +++ b/compiler/rustc_lint/src/cast_ref_to_mut.rs @@ -0,0 +1,72 @@ +use rustc_ast::Mutability; +use rustc_hir::{Expr, ExprKind, MutTy, TyKind, UnOp}; +use rustc_middle::ty; +use rustc_span::sym; + +use crate::{lints::CastRefToMutDiag, LateContext, LateLintPass, LintContext}; + +declare_lint! { + /// The `cast_ref_to_mut` lint checks for casts of `&T` to `&mut T` + /// without using interior mutability. + /// + /// ### Example + /// + /// ```rust,compile_fail + /// fn x(r: &i32) { + /// unsafe { + /// *(r as *const i32 as *mut i32) += 1; + /// } + /// } + /// ``` + /// + /// {{produces}} + /// + /// ### Explanation + /// + /// Casting `&T` to `&mut T` without using interior mutability is undefined behavior, + /// as it's a violation of Rust reference aliasing requirements. + /// + /// `UnsafeCell` is the only way to obtain aliasable data that is considered + /// mutable. + CAST_REF_TO_MUT, + Deny, + "casts of `&T` to `&mut T` without interior mutability" +} + +declare_lint_pass!(CastRefToMut => [CAST_REF_TO_MUT]); + +impl<'tcx> LateLintPass<'tcx> for CastRefToMut { + fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'tcx>) { + let ExprKind::Unary(UnOp::Deref, e) = &expr.kind else { return; }; + + let e = e.peel_blocks(); + let e = if let ExprKind::Cast(e, t) = e.kind + && let TyKind::Ptr(MutTy { mutbl: Mutability::Mut, .. }) = t.kind { + e + } else if let ExprKind::MethodCall(_, expr, [], _) = e.kind + && let Some(def_id) = cx.typeck_results().type_dependent_def_id(e.hir_id) + && cx.tcx.is_diagnostic_item(sym::ptr_cast_mut, def_id) { + expr + } else { + return; + }; + + let e = e.peel_blocks(); + let e = if let ExprKind::Cast(e, t) = e.kind + && let TyKind::Ptr(MutTy { mutbl: Mutability::Not, .. }) = t.kind { + e + } else if let ExprKind::Call(path, [arg]) = e.kind + && let ExprKind::Path(ref qpath) = path.kind + && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id() + && cx.tcx.is_diagnostic_item(sym::ptr_from_ref, def_id) { + arg + } else { + return; + }; + + let e = e.peel_blocks(); + if let ty::Ref(..) = cx.typeck_results().node_type(e.hir_id).kind() { + cx.emit_spanned_lint(CAST_REF_TO_MUT, expr.span, CastRefToMutDiag); + } + } +} diff --git a/compiler/rustc_lint/src/lib.rs b/compiler/rustc_lint/src/lib.rs index c62109b2986..5e3f057d428 100644 --- a/compiler/rustc_lint/src/lib.rs +++ b/compiler/rustc_lint/src/lib.rs @@ -50,6 +50,7 @@ extern crate tracing; mod array_into_iter; pub mod builtin; +mod cast_ref_to_mut; mod context; mod deref_into_dyn_supertrait; mod drop_forget_useless; @@ -97,6 +98,7 @@ use rustc_span::Span; use array_into_iter::ArrayIntoIter; use builtin::*; +use cast_ref_to_mut::*; use deref_into_dyn_supertrait::*; use drop_forget_useless::*; use enum_intrinsics_non_enums::EnumIntrinsicsNonEnums; @@ -214,6 +216,7 @@ late_lint_methods!( BoxPointers: BoxPointers, PathStatements: PathStatements, LetUnderscore: LetUnderscore, + CastRefToMut: CastRefToMut, // Depends on referenced function signatures in expressions UnusedResults: UnusedResults, NonUpperCaseGlobals: NonUpperCaseGlobals, diff --git a/compiler/rustc_lint/src/lints.rs b/compiler/rustc_lint/src/lints.rs index 746abebeb37..fd15f795202 100644 --- a/compiler/rustc_lint/src/lints.rs +++ b/compiler/rustc_lint/src/lints.rs @@ -718,6 +718,11 @@ pub enum InvalidFromUtf8Diag { }, } +// cast_ref_to_mut.rs +#[derive(LintDiagnostic)] +#[diag(lint_cast_ref_to_mut)] +pub struct CastRefToMutDiag; + // hidden_unicode_codepoints.rs #[derive(LintDiagnostic)] #[diag(lint_hidden_unicode_codepoints)] diff --git a/tests/ui/lint/cast_ref_to_mut.rs b/tests/ui/lint/cast_ref_to_mut.rs new file mode 100644 index 00000000000..745d7070143 --- /dev/null +++ b/tests/ui/lint/cast_ref_to_mut.rs @@ -0,0 +1,50 @@ +// check-fail + +#![feature(ptr_from_ref)] + +extern "C" { + // N.B., mutability can be easily incorrect in FFI calls -- as + // in C, the default is mutable pointers. + fn ffi(c: *mut u8); + fn int_ffi(c: *mut i32); +} + +fn main() { + let s = String::from("Hello"); + let a = &s; + unsafe { + let num = &3i32; + let mut_num = &mut 3i32; + + (*(a as *const _ as *mut String)).push_str(" world"); + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *(a as *const _ as *mut _) = String::from("Replaced"); + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *(a as *const _ as *mut String) += " world"; + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + let _num = &mut *(num as *const i32 as *mut i32); + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + let _num = &mut *(num as *const i32).cast_mut(); + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + let _num = *{ num as *const i32 }.cast_mut(); + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *std::ptr::from_ref(num).cast_mut() += 1; + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *std::ptr::from_ref({ num }).cast_mut() += 1; + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *{ std::ptr::from_ref(num) }.cast_mut() += 1; + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + *(std::ptr::from_ref({ num }) as *mut i32) += 1; + //~^ ERROR casting `&T` to `&mut T` is undefined behavior + + // Shouldn't be warned against + println!("{}", *(num as *const _ as *const i16)); + println!("{}", *(mut_num as *mut _ as *mut i16)); + ffi(a.as_ptr() as *mut _); + int_ffi(num as *const _ as *mut _); + int_ffi(&3 as *const _ as *mut _); + let mut value = 3; + let value: *const i32 = &mut value; + *(value as *const i16 as *mut i16) = 42; + } +} diff --git a/tests/ui/lint/cast_ref_to_mut.stderr b/tests/ui/lint/cast_ref_to_mut.stderr new file mode 100644 index 00000000000..baff00d6c04 --- /dev/null +++ b/tests/ui/lint/cast_ref_to_mut.stderr @@ -0,0 +1,64 @@ +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:19:9 + | +LL | (*(a as *const _ as *mut String)).push_str(" world"); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: `#[deny(cast_ref_to_mut)]` on by default + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:21:9 + | +LL | *(a as *const _ as *mut _) = String::from("Replaced"); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:23:9 + | +LL | *(a as *const _ as *mut String) += " world"; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:25:25 + | +LL | let _num = &mut *(num as *const i32 as *mut i32); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:27:25 + | +LL | let _num = &mut *(num as *const i32).cast_mut(); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:29:20 + | +LL | let _num = *{ num as *const i32 }.cast_mut(); + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:31:9 + | +LL | *std::ptr::from_ref(num).cast_mut() += 1; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:33:9 + | +LL | *std::ptr::from_ref({ num }).cast_mut() += 1; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:35:9 + | +LL | *{ std::ptr::from_ref(num) }.cast_mut() += 1; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: casting `&T` to `&mut T` is undefined behavior, even if the reference is unused, consider instead using an `UnsafeCell` + --> $DIR/cast_ref_to_mut.rs:37:9 + | +LL | *(std::ptr::from_ref({ num }) as *mut i32) += 1; + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: aborting due to 10 previous errors + |