forked from rust-lang/rust
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Rollup merge of rust-lang#95599 - niluxv:strict-provenance-lint, r=mi…
…chaelwoerister Strict provenance lints See rust-lang#95488. This PR introduces two unstable (allow by default) lints to which lint on int2ptr and ptr2int casts, as the former is not possible in the strict provenance model and the latter can be written nicer using the `.addr()` API. Based on an initial version of the lint by ```@Gankra``` in rust-lang#95199.
- Loading branch information
Showing
11 changed files
with
342 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
src/doc/unstable-book/src/language-features/strict-provenance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# `strict_provenance` | ||
|
||
The tracking issue for this feature is: [#95228] | ||
|
||
[#95228]: https://github.com/rust-lang/rust/issues/95228 | ||
----- | ||
|
||
The `strict_provenance` feature allows to enable the `fuzzy_provenance_casts` and `lossy_provenance_casts` lints. | ||
These lint on casts between integers and pointers, that are recommended against or invalid in the strict provenance model. | ||
The same feature gate is also used for the experimental strict provenance API in `std` (actually `core`). | ||
|
||
## Example | ||
|
||
```rust | ||
#![feature(strict_provenance)] | ||
#![warn(fuzzy_provenance_casts)] | ||
|
||
fn main() { | ||
let _dangling = 16_usize as *const u8; | ||
//~^ WARNING: strict provenance disallows casting integer `usize` to pointer `*const u8` | ||
} | ||
``` |
19 changes: 19 additions & 0 deletions
19
src/test/ui/feature-gates/feature-gate-strict_provenance.rs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// check-pass | ||
|
||
#![deny(fuzzy_provenance_casts)] | ||
//~^ WARNING unknown lint: `fuzzy_provenance_casts` | ||
//~| WARNING unknown lint: `fuzzy_provenance_casts` | ||
//~| WARNING unknown lint: `fuzzy_provenance_casts` | ||
#![deny(lossy_provenance_casts)] | ||
//~^ WARNING unknown lint: `lossy_provenance_casts` | ||
//~| WARNING unknown lint: `lossy_provenance_casts` | ||
//~| WARNING unknown lint: `lossy_provenance_casts` | ||
|
||
fn main() { | ||
// no warnings emitted since the lints are not activated | ||
|
||
let _dangling = 16_usize as *const u8; | ||
|
||
let x: u8 = 37; | ||
let _addr: usize = &x as *const u8 as usize; | ||
} |
63 changes: 63 additions & 0 deletions
63
src/test/ui/feature-gates/feature-gate-strict_provenance.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
warning: unknown lint: `fuzzy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:3:1 | ||
| | ||
LL | #![deny(fuzzy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: `#[warn(unknown_lints)]` on by default | ||
= note: the `fuzzy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: unknown lint: `lossy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:7:1 | ||
| | ||
LL | #![deny(lossy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: the `lossy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: unknown lint: `fuzzy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:3:1 | ||
| | ||
LL | #![deny(fuzzy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: the `fuzzy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: unknown lint: `lossy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:7:1 | ||
| | ||
LL | #![deny(lossy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: the `lossy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: unknown lint: `fuzzy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:3:1 | ||
| | ||
LL | #![deny(fuzzy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: the `fuzzy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: unknown lint: `lossy_provenance_casts` | ||
--> $DIR/feature-gate-strict_provenance.rs:7:1 | ||
| | ||
LL | #![deny(lossy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
= note: the `lossy_provenance_casts` lint is unstable | ||
= note: see issue #95228 <https://github.com/rust-lang/rust/issues/95228> for more information | ||
= help: add `#![feature(strict_provenance)]` to the crate attributes to enable | ||
|
||
warning: 6 warnings emitted | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#![feature(strict_provenance)] | ||
#![deny(fuzzy_provenance_casts)] | ||
|
||
fn main() { | ||
let dangling = 16_usize as *const u8; | ||
//~^ ERROR strict provenance disallows casting integer `usize` to pointer `*const u8` | ||
} |
19 changes: 19 additions & 0 deletions
19
src/test/ui/lint/lint-strict-provenance-fuzzy-casts.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
error: strict provenance disallows casting integer `usize` to pointer `*const u8` | ||
--> $DIR/lint-strict-provenance-fuzzy-casts.rs:5:20 | ||
| | ||
LL | let dangling = 16_usize as *const u8; | ||
| ^^^^^^^^^^^^^^^^^^^^^ | ||
| | ||
note: the lint level is defined here | ||
--> $DIR/lint-strict-provenance-fuzzy-casts.rs:2:9 | ||
| | ||
LL | #![deny(fuzzy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^ | ||
= help: if you can't comply with strict provenance and don't have a pointer with the correct provenance you can use `std::ptr::from_exposed_addr()` instead | ||
help: use `.with_addr()` to adjust a valid pointer in the same allocation, to this address | ||
| | ||
LL | let dangling = (...).with_addr(16_usize); | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
||
error: aborting due to previous error | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#![feature(strict_provenance)] | ||
#![deny(lossy_provenance_casts)] | ||
|
||
fn main() { | ||
let x: u8 = 37; | ||
let addr: usize = &x as *const u8 as usize; | ||
//~^ ERROR under strict provenance it is considered bad style to cast pointer `*const u8` to integer `usize` | ||
|
||
let addr_32bit = &x as *const u8 as u32; | ||
//~^ ERROR under strict provenance it is considered bad style to cast pointer `*const u8` to integer `u32` | ||
} |
23 changes: 23 additions & 0 deletions
23
src/test/ui/lint/lint-strict-provenance-lossy-casts.stderr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
error: under strict provenance it is considered bad style to cast pointer `*const u8` to integer `usize` | ||
--> $DIR/lint-strict-provenance-lossy-casts.rs:6:23 | ||
| | ||
LL | let addr: usize = &x as *const u8 as usize; | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^ help: use `.addr()` to obtain the address of a pointer: `(&x as *const u8).addr()` | ||
| | ||
note: the lint level is defined here | ||
--> $DIR/lint-strict-provenance-lossy-casts.rs:2:9 | ||
| | ||
LL | #![deny(lossy_provenance_casts)] | ||
| ^^^^^^^^^^^^^^^^^^^^^^ | ||
= help: if you can't comply with strict provenance and need to expose the pointerprovenance you can use `.expose_addr()` instead | ||
|
||
error: under strict provenance it is considered bad style to cast pointer `*const u8` to integer `u32` | ||
--> $DIR/lint-strict-provenance-lossy-casts.rs:9:22 | ||
| | ||
LL | let addr_32bit = &x as *const u8 as u32; | ||
| ^^^^^^^^^^^^^^^^^^^^^^ help: use `.addr()` to obtain the address of a pointer: `(&x as *const u8).addr() as u32` | ||
| | ||
= help: if you can't comply with strict provenance and need to expose the pointerprovenance you can use `.expose_addr()` instead | ||
|
||
error: aborting due to 2 previous errors | ||
|