Implement a lint for implicit autoref of raw pointer dereference - take 2 #123239
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
|
The Miri subtree was changed cc @rust-lang/miri |
|
Sorry, I can't take on more reviews currently. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
bb6ab41 to
2b3fe45
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
2b3fe45 to
57f6416
Compare
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
57f6416 to
824c1f5
Compare
fmease
reviewed
May 15, 2024
This comment was marked as outdated.
This comment was marked as outdated.
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
824c1f5 to
c2d6e62
Compare
This comment was marked as outdated.
This comment was marked as outdated.
|
@Urgau if you can rebase the latest conflicts we can push this forward and maybe get it reviewed by another reviewer |
Dylan-DPC
added
S-waiting-on-author
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
c2d6e62 to
78288af
Compare
|
@Dylan-DPC rebased. @rustbot review |
rustbot
added
S-waiting-on-review
Urgau
force-pushed
the
dangerous_implicit_autorefs
branch
from
78288af to
d060615
Compare
This comment has been minimized.
This comment has been minimized.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 28, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Apr 29, 2025
…mann,traviscross Implement a lint for implicit autoref of raw pointer dereference - take 2 *[t-lang nomination comment](rust-lang/rust#123239 (comment) This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on #103735 with suggestion and improvements from rust-lang/rust#103735 (comment). The goal is to catch cases like this, where the user probably doesn't realise it just created a reference. ```rust pub struct Test { data: [u8], } pub fn test_len(t: *const Test) -> usize { unsafe { (*t).data.len() } // this calls <[T]>::len(&self) } ``` Since #103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang. ---- Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be: 1. A deref followed by any non-deref place projection (that intermediate deref will typically be auto-inserted) 2. A method call annotated with `#[rustc_no_implicit_refs]`. 3. A deref followed by a `addr_of!` or `addr_of_mut!`. See bottom of post for details. There are several points that are not 100% clear to me when implementing the modifications: - ~~"4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?~~ Fixed - Are "index" and "field" enough? ---- cc `@JakobDegen` `@WaffleLapkin` r? `@RalfJung` try-job: dist-various-1 try-job: dist-various-2
rustbot
added
the
perf-regression-triaged
github-merge-queue bot
pushed a commit
to bevyengine/bevy
that referenced
this pull request
Apr 30, 2025
# Objective - new nightly lint make CI fail ## Solution - Follow the lint: rust-lang/rust#123239
github-actions bot
pushed a commit
to rust-lang/rustc-dev-guide
that referenced
this pull request
May 1, 2025
…mann,traviscross Implement a lint for implicit autoref of raw pointer dereference - take 2 *[t-lang nomination comment](rust-lang/rust#123239 (comment) This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on #103735 with suggestion and improvements from rust-lang/rust#103735 (comment). The goal is to catch cases like this, where the user probably doesn't realise it just created a reference. ```rust pub struct Test { data: [u8], } pub fn test_len(t: *const Test) -> usize { unsafe { (*t).data.len() } // this calls <[T]>::len(&self) } ``` Since #103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang. ---- Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be: 1. A deref followed by any non-deref place projection (that intermediate deref will typically be auto-inserted) 2. A method call annotated with `#[rustc_no_implicit_refs]`. 3. A deref followed by a `addr_of!` or `addr_of_mut!`. See bottom of post for details. There are several points that are not 100% clear to me when implementing the modifications: - ~~"4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?~~ Fixed - Are "index" and "field" enough? ---- cc `@JakobDegen` `@WaffleLapkin` r? `@RalfJung` try-job: dist-various-1 try-job: dist-various-2
VlaDexa
added a commit
to VlaDexa/rust
that referenced
this pull request
May 2, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
May 2, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
May 3, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang/rust#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
github-actions bot
pushed a commit
to rust-lang/rustc-dev-guide
that referenced
this pull request
May 5, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang/rust#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
lnicola
pushed a commit
to lnicola/rust-analyzer
that referenced
this pull request
May 5, 2025
perf: delay checking of `#[rustc_no_implicit_autorefs]` in autoref lint Try to address the regression seen in rust-lang/rust#123239 (comment) by delaying the checking of `#[rustc_no_implicit_autorefs]` on method call.
github-actions bot
pushed a commit
to model-checking/verify-rust-std
that referenced
this pull request
May 9, 2025
…=jdonszelmann,traviscross Implement a lint for implicit autoref of raw pointer dereference - take 2 *[t-lang nomination comment](rust-lang#123239 (comment) This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on rust-lang#103735 with suggestion and improvements from rust-lang#103735 (comment). The goal is to catch cases like this, where the user probably doesn't realise it just created a reference. ```rust pub struct Test { data: [u8], } pub fn test_len(t: *const Test) -> usize { unsafe { (*t).data.len() } // this calls <[T]>::len(&self) } ``` Since rust-lang#103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang. ---- Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be: 1. A deref followed by any non-deref place projection (that intermediate deref will typically be auto-inserted) 2. A method call annotated with `#[rustc_no_implicit_refs]`. 3. A deref followed by a `addr_of!` or `addr_of_mut!`. See bottom of post for details. There are several points that are not 100% clear to me when implementing the modifications: - ~~"4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?~~ Fixed - Are "index" and "field" enough? ---- cc `@JakobDegen` `@WaffleLapkin` r? `@RalfJung` try-job: dist-various-1 try-job: dist-various-2
andrewzhurov
pushed a commit
to andrewzhurov/bevy
that referenced
this pull request
May 17, 2025
# Objective - new nightly lint make CI fail ## Solution - Follow the lint: rust-lang/rust#123239
jieyouxu
added
the
L-dangerous_implicit_autorefs
GuillaumeGomez
added a commit
to GuillaumeGomez/rust
that referenced
this pull request
Jun 7, 2025
…refs, r=traviscross Make the `dangerous_implicit_autorefs` lint deny-by-default I intended for the `dangerous_implicit_autorefs` lint to be deny-by-default, the [T-lang nomination comment](rust-lang#123239 (comment)) even clearly mentioned deny-by-default, but somehow I and other missed that it is only warn-by-default. I think the lint should still be deny-by-default as the implicit aliasing requirements can be quite dangerous. In any-case, opening this PR for T-lang awareness. `@rustbot` label +I-lang-nominated +T-lang r? `@traviscross`
rust-timer
added a commit
that referenced
this pull request
Jun 8, 2025
Rollup merge of #141661 - Urgau:deny-dangerous_implicit_autorefs, r=traviscross Make the `dangerous_implicit_autorefs` lint deny-by-default I intended for the `dangerous_implicit_autorefs` lint to be deny-by-default, the [T-lang nomination comment](#123239 (comment)) even clearly mentioned deny-by-default, but somehow I and other missed that it is only warn-by-default. I think the lint should still be deny-by-default as the implicit aliasing requirements can be quite dangerous. In any-case, opening this PR for T-lang awareness. `@rustbot` label +I-lang-nominated +T-lang r? `@traviscross`
lnicola
pushed a commit
to lnicola/rust-analyzer
that referenced
this pull request
Jun 9, 2025
…raviscross Make the `dangerous_implicit_autorefs` lint deny-by-default I intended for the `dangerous_implicit_autorefs` lint to be deny-by-default, the [T-lang nomination comment](rust-lang/rust#123239 (comment)) even clearly mentioned deny-by-default, but somehow I and other missed that it is only warn-by-default. I think the lint should still be deny-by-default as the implicit aliasing requirements can be quite dangerous. In any-case, opening this PR for T-lang awareness. `@rustbot` label +I-lang-nominated +T-lang r? `@traviscross`
Merged
github-merge-queue bot
pushed a commit
to getsentry/relay
that referenced
this pull request
Jun 27, 2025
Addresses: - [uninlined_format_args ](https://rust-lang.github.io/rust-clippy/master/index.html#uninlined_format_args) - [dangerous_implicit_autorefs](rust-lang/rust#123239) #skip-changelog
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Jun 29, 2025
Pkgsrc changes: * Adjust patches to adapt to upstream changes and new versions. * associated checksums Upstream changes relative to 1.87.0: Version 1.88.0 (2025-06-26) ========================== Language -------- - [Stabilize `#![feature(let_chains)]` in the 2024 edition.] (rust-lang/rust#132833) This feature allows `&&`-chaining `let` statements inside `if` and `while`, allowing intermixture with boolean expressions. The patterns inside the `let` sub-expressions can be irrefutable or refutable. - [Stabilize `#![feature(naked_functions)]`.] (rust-lang/rust#134213) Naked functions allow writing functions with no compiler-generated epilogue and prologue, allowing full control over the generated assembly for a particular function. - [Stabilize `#![feature(cfg_boolean_literals)]`.] (rust-lang/rust#138632) This allows using boolean literals as `cfg` predicates, e.g. `#[cfg(true)]` and `#[cfg(false)]`. - [Fully de-stabilize the `#[bench]` attribute] (rust-lang/rust#134273). Usage of `#[bench]` without `#![feature(custom_test_frameworks)]` already triggered a deny-by-default future-incompatibility lint since Rust 1.77, but will now become a hard error. - [Add warn-by-default `dangerous_implicit_autorefs` lint against implicit autoref of raw pointer dereference.] (rust-lang/rust#123239) The lint [will be bumped to deny-by-default] (rust-lang/rust#141661) in the next version of Rust. - [Add `invalid_null_arguments` lint to prevent invalid usage of null pointers.] (rust-lang/rust#119220) This lint is uplifted from `clippy::invalid_null_ptr_usage`. - [Change trait impl candidate preference for builtin impls and trivial where-clauses.] (rust-lang/rust#138176) - [Check types of generic const parameter defaults] (rust-lang/rust#139646) Compiler -------- - [Stabilize `-Cdwarf-version` for selecting the version of DWARF debug information to generate.] (rust-lang/rust#136926) Platform Support ---------------- - [Demote `i686-pc-windows-gnu` to Tier 2.] (https://blog.rust-lang.org/2025/05/26/demoting-i686-pc-windows-gnu/) Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html Libraries --------- - [Remove backticks from `#[should_panic]` test failure message.] (rust-lang/rust#136160) - [Guarantee that `[T; N]::from_fn` is generated in order of increasing indices.] (rust-lang/rust#139099), for those passing it a stateful closure. - [The libtest flag `--nocapture` is deprecated in favor of the more consistent `--no-capture` flag.] (rust-lang/rust#139224) - [Guarantee that `{float}::NAN` is a quiet NaN.] (rust-lang/rust#139483) Stabilized APIs --------------- - [`Cell::update`] (https://doc.rust-lang.org/stable/std/cell/struct.Cell.html#method.update) - [`impl Default for *const T`] (https://doc.rust-lang.org/nightly/std/primitive.pointer.html#impl-Default-for-*const+T) - [`impl Default for *mut T`] (https://doc.rust-lang.org/nightly/std/primitive.pointer.html#impl-Default-for-*mut+T) - [`HashMap::extract_if`] (https://doc.rust-lang.org/stable/std/collections/struct.HashMap.html#method.extract_if) - [`HashSet::extract_if`] (https://doc.rust-lang.org/stable/std/collections/struct.HashSet.html#method.extract_if) - [`proc_macro::Span::line`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.line) - [`proc_macro::Span::column`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.column) - [`proc_macro::Span::start`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.start) - [`proc_macro::Span::end`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.end) - [`proc_macro::Span::file`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.file) - [`proc_macro::Span::local_file`] (https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.local_file) These previously stable APIs are now stable in const contexts: - [`NonNull<T>::replace`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.replace) - [`<*mut T>::replace`] (https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.replace) - [`std::ptr::swap_nonoverlapping`] (rust-lang/rust#137280) - [`Cell::{replace, get, get_mut, from_mut, as_slice_of_cells}`] (rust-lang/rust#137928) Cargo ----- - [Stabilize automatic garbage collection.] (rust-lang/cargo#14287) - [use `zlib-rs` for gzip compression in rust code] (rust-lang/cargo#15417) Rustdoc ----- - [Doctests can be ignored based on target names using `ignore-*` attributes.] (rust-lang/rust#137096) - [Stabilize the `--test-runtool` and `--test-runtool-arg` CLI options to specify a program (like qemu) and its arguments to run a doctest.] (rust-lang/rust#137096) Compatibility Notes ------------------- - [Finish changing the internal representation of pasted tokens] (rust-lang/rust#124141). Certain invalid declarative macros that were previously accepted in obscure circumstances are now correctly rejected by the compiler. Use of a `tt` fragment specifier can often fix these macros. - [Fully de-stabilize the `#[bench]` attribute] (rust-lang/rust#134273). Usage of `#[bench]` without `#![feature(custom_test_frameworks)]` already triggered a deny-by-default future-incompatibility lint since Rust 1.77, but will now become a hard error. - [Fix borrow checking some always-true patterns.] (rust-lang/rust#139042) The borrow checker was overly permissive in some cases, allowing programs that shouldn't have compiled. - [Update the minimum external LLVM to 19.] (rust-lang/rust#139275) - [Make it a hard error to use a vector type with a non-Rust ABI without enabling the required target feature.] (rust-lang/rust#139309)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
t-lang nomination comment
This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on #103735 with suggestion and improvements from #103735 (comment).
The goal is to catch cases like this, where the user probably doesn't realise it just created a reference.
Since #103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang.
Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be:
#[rustc_no_implicit_refs].addr_of!oraddr_of_mut!. See bottom of post for details.There are several points that are not 100% clear to me when implementing the modifications:
"4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?Fixedcc @JakobDegen @WaffleLapkin
r? @RalfJung
try-job: dist-various-1
try-job: dist-various-2