Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

patterns: reject raw pointers that are not just integers #116930

Merged
merged 5 commits into from
Nov 8, 2023

Conversation

RalfJung
Copy link
Member

@RalfJung RalfJung commented Oct 19, 2023

Matching against 0 as *const i32 is fine, matching against &42 as *const i32 is not.

This extends the existing check against function pointers and wide pointers: we now uniformly reject all these pointer types during valtree construction, and then later lint because of that. See here for some more explanation and context.

Also fixes #116929.

Cc @oli-obk @lcnr

@rustbot
Copy link
Collaborator

rustbot commented Oct 19, 2023

r? @davidtwco

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Oct 19, 2023
pub POINTER_STRUCTURAL_MATCH,
Allow,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't realize this lint is still allow-by-default oO. Seems high time we make it warn-by-default?

@RalfJung
Copy link
Member Author

The 2nd commit makes this forbid-by-default so we can crater it.
@bors try

@bors
Copy link
Contributor

bors commented Oct 19, 2023

⌛ Trying commit 0787e62 with merge ebb1189...

bors added a commit to rust-lang-ci/rust that referenced this pull request Oct 19, 2023
patterns: reject raw pointers that are not just integers

Matching against `0 as *const i32` is fine, matching against `&42 as *const i32` is not.

Cc `@oli-obk` `@lcnr`
@RalfJung
Copy link
Member Author

Due to #116929 this lint still has a big gap, it'll only find bad raw pointers "at the root".

I wonder if with this change to valtree construction, we can make it so that some lint always fires when a const is used as a pattern and valtree construction fails? I do think those cases should all become hard errors eventually...

@rust-log-analyzer

This comment has been minimized.

@bors
Copy link
Contributor

bors commented Oct 19, 2023

☀️ Try build successful - checks-actions
Build commit: ebb1189 (ebb118907fa893a392c699ddf120848fa0a8d6c2)

@RalfJung
Copy link
Member Author

Let's see how much fallout we're getting from this weak form of the lint.
@craterbot check

@craterbot
Copy link
Collaborator

👌 Experiment pr-116930 created and queued.
🤖 Automatically detected try build ebb1189
🔍 You can check out the queue and this experiment's details.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

@craterbot craterbot added S-waiting-on-crater Status: Waiting on a crater run to be completed. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 19, 2023
@rustbot
Copy link
Collaborator

rustbot commented Oct 19, 2023

Some changes might have occurred in exhaustiveness checking

cc @Nadrieril

@rust-log-analyzer

This comment has been minimized.

@RalfJung
Copy link
Member Author

Lol, the doctest for StructuralEq uses a function pointer as a bad example.^^

@@ -247,6 +247,7 @@ marker_impls! {
///
/// const CFN: Wrap<fn(&())> = Wrap(higher_order);
///
/// #[allow(pointer_structural_match)]
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW these entire trait docs are outdated; that's tracked in #115881.

@craterbot
Copy link
Collaborator

🚧 Experiment pr-116930 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

@craterbot
Copy link
Collaborator

🎉 Experiment pr-116930 is completed!
📊 876 regressed and 3 fixed (379825 total)
📰 Open the full report.

⚠️ If you notice any spurious failure please add them to the blacklist!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

@craterbot craterbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-crater Status: Waiting on a crater run to be completed. labels Oct 22, 2023
@RalfJung
Copy link
Member Author

@craterbot

This comment was marked as outdated.

@craterbot craterbot removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Oct 22, 2023
@RalfJung
Copy link
Member Author

Those seem to be 3 legit regressions:

  • this matched on a fn ptr (so already triggered the lint before this PR, but the lint was allow-by-default)
  • same here
  • and same here

In particular, none of them is matching on a raw pointer that was not derived from an integer. So IMO we should land this PR to make sure people don't start doing that.

@RalfJung RalfJung added the I-lang-nominated Nominated for discussion during a lang team meeting. label Oct 30, 2023
@RalfJung
Copy link
Member Author

RalfJung commented Oct 30, 2023

@rust-lang/lang this PR does three things:

  • it fixes our old lint that detects match on function pointers and wide pointers to also catch cases where those pointers are hidden inside other types
  • it makes that lint warn-by-default (but doesn't yet make it show up in dependencies)
  • it makes the lint also trigger when encountering a raw pointer that was not constructed via int as *const/mut T, but e.g. via &something as *const T -- those allocations don't have guarantees on their ptr equality just like function pointers and vtables, so we should reject them for the same reason.

We haven't reached a proper conclusion in the recent "match on const" meeting, but the general direction seems to have been towards "it should still work like a pattern" (and not like sugar for ==), and this PR is a crucial step towards ensuring that they do indeed behave like a pattern, with structural properties and all that. Even if the goal is just to future-proof against both options (as has been the strategy so far), we want this warning.

Crater found only 3 cases where the warning triggers, in the entire ecosystem. All of them would already warn on stable if they enabled the lint; the new cases covered by this PR were not detected at all by crater.

@RalfJung RalfJung added the S-waiting-on-team Status: Awaiting decision from the relevant subteam (see the T-<team> label). label Oct 30, 2023
Copy link
Member

@davidtwco davidtwco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation changes look good to me, r=me after decisions from t-lang.

);
}
_ => {}
if !have_valtree {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could be part of the condition on the previous line

@nikomatsakis
Copy link
Contributor

nikomatsakis commented Nov 8, 2023

I'm in favor of this. (I also have thoughts on the semantics of matching on constants -- tl;dr I think I'm ready to accept "match is not an extensible mechanism" and hence will not act the same as == so we can stop talking about it -- but those are best discussed elsewhere, I assume)

@WaffleLapkin
Copy link
Member

T-lang meeting consensus: let's do this, no FCP needed.

@RalfJung
Copy link
Member Author

RalfJung commented Nov 8, 2023

@bors r=davidtwco

@bors
Copy link
Contributor

bors commented Nov 8, 2023

📌 Commit 3058865 has been approved by davidtwco

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. S-waiting-on-team Status: Awaiting decision from the relevant subteam (see the T-<team> label). labels Nov 8, 2023
@bors
Copy link
Contributor

bors commented Nov 8, 2023

⌛ Testing commit 3058865 with merge fdaaaf9...

@bors
Copy link
Contributor

bors commented Nov 8, 2023

☀️ Test successful - checks-actions
Approved by: davidtwco
Pushing fdaaaf9 to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Nov 8, 2023
@bors bors merged commit fdaaaf9 into rust-lang:master Nov 8, 2023
12 checks passed
@rustbot rustbot added this to the 1.75.0 milestone Nov 8, 2023
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (fdaaaf9): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
0.6% [0.4%, 1.4%] 5
Regressions ❌
(secondary)
3.6% [3.6%, 3.6%] 1
Improvements ✅
(primary)
-0.7% [-1.1%, -0.5%] 7
Improvements ✅
(secondary)
- - 0
All ❌✅ (primary) -0.1% [-1.1%, 1.4%] 12

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
0.4% [0.4%, 0.5%] 2
Regressions ❌
(secondary)
- - 0
Improvements ✅
(primary)
-0.4% [-0.4%, -0.4%] 1
Improvements ✅
(secondary)
- - 0
All ❌✅ (primary) 0.1% [-0.4%, 0.5%] 3

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 662.394s -> 663.159s (0.12%)
Artifact size: 308.74 MiB -> 308.75 MiB (0.00%)

@RalfJung RalfJung deleted the raw-ptr-match branch November 11, 2023 09:58
github-actions bot pushed a commit to rust-lang/miri that referenced this pull request Nov 15, 2023
patterns: reject raw pointers that are not just integers

Matching against `0 as *const i32` is fine, matching against `&42 as *const i32` is not.

This extends the existing check against function pointers and wide pointers: we now uniformly reject all these pointer types during valtree construction, and then later lint because of that. See [here](rust-lang/rust#116930 (comment)) for some more explanation and context.

Also fixes rust-lang/rust#116929.

Cc `@oli-obk` `@lcnr`
lnicola pushed a commit to lnicola/rust-analyzer that referenced this pull request Apr 7, 2024
patterns: reject raw pointers that are not just integers

Matching against `0 as *const i32` is fine, matching against `&42 as *const i32` is not.

This extends the existing check against function pointers and wide pointers: we now uniformly reject all these pointer types during valtree construction, and then later lint because of that. See [here](rust-lang/rust#116930 (comment)) for some more explanation and context.

Also fixes rust-lang/rust#116929.

Cc `@oli-obk` `@lcnr`
RalfJung pushed a commit to RalfJung/rust-analyzer that referenced this pull request Apr 27, 2024
patterns: reject raw pointers that are not just integers

Matching against `0 as *const i32` is fine, matching against `&42 as *const i32` is not.

This extends the existing check against function pointers and wide pointers: we now uniformly reject all these pointer types during valtree construction, and then later lint because of that. See [here](rust-lang/rust#116930 (comment)) for some more explanation and context.

Also fixes rust-lang/rust#116929.

Cc `@oli-obk` `@lcnr`
celinval added a commit to celinval/rust-dev that referenced this pull request Jun 4, 2024
Update Rust toolchain from nightly-2023-11-08 to nightly-2023-11-09
without any other source changes.
This is an automatically generated pull request. If any of the CI checks
fail, manual intervention is required. In such a case, review the
changes at https://github.com/rust-lang/rust from
rust-lang@7adc89b
up to
rust-lang@fdaaaf9.
The log for this commit range is:
rust-lang@fdaaaf9f92 Auto merge of
rust-lang#116930 - RalfJung:raw-ptr-match, r=davidtwco
rust-lang@30588657b7 avoid unnecessary
nested conditionals
rust-lang@90fdc1fc27 Auto merge of
rust-lang#117716 - GuillaumeGomez:rollup-83gnhll, r=GuillaumeGomez
rust-lang@9d3c80248b Rollup merge of
rust-lang#117713 - GuillaumeGomez:document-hidden-json, r=notriddle
rust-lang@d8c52b378d Rollup merge of
rust-lang#117702 - davidtwco:target-tier-refactors, r=petrochenkov
rust-lang@5d00a5d936 Rollup merge of
rust-lang#117679 - aDotInTheVoid:yes-core, r=GuillaumeGomez
rust-lang@c828371179 Rollup merge of
rust-lang#117282 - clubby789:recover-wrong-function-header, r=TaKO8Ki
rust-lang@e05e4f38b5 Rollup merge of
rust-lang#117263 - onur-ozkan:change-id-fix, r=saethlin
rust-lang@341efb1017 Auto merge of
rust-lang#117560 - lqd:issue-117146, r=matthewjasper
rust-lang@33edea60f0 Add test for
reexported hidden item with `--document-hidden-items`
rust-lang@28acba3c61 Auto merge of
rust-lang#115460 - zachs18:borrowedcursor_write_no_panic, r=dtolnay
rust-lang@755629fe59 Auto merge of
rust-lang#117706 - matthiaskrgr:rollup-lscx7dg, r=matthiaskrgr
rust-lang@e0cb1cc296 bootstrap: add more
detail on change-id comments
rust-lang@e878100386 bootstrap: improve
`fn check_version`
rust-lang@ae4d18b2da handle the case when
the change-id isn't found
rust-lang@7e4ffa98b5 Rollup merge of
rust-lang#117700 - Zalathar:rename-run-coverage, r=onur-ozkan
rust-lang@55306535dd Rollup merge of
rust-lang#117698 - nnethercote:space_between-2, r=petrochenkov
rust-lang@b1b5a8ea9d Rollup merge of
rust-lang#117667 - Alexendoo:doc-clippy-config, r=albertlarsan68
rust-lang@adf4981969 Rollup merge of
rust-lang#117663 - klensy:bump-deps, r=davidtwco
rust-lang@8198864377 Rollup merge of
rust-lang#117650 - saethlin:inline-me-please, r=davidtwco
rust-lang@ba7ec56639 Rollup merge of
rust-lang#117531 - fmease:rustdoc-effects-properly-elide-x-crate-host-args,
r=GuillaumeGomez
rust-lang@b74a84c0bc Rollup merge of
rust-lang#114316 - ecnelises:aix_doc, r=workingjubilee
rust-lang@fab1054e17 Auto merge of
rust-lang#117542 - compiler-errors:only-normalize-predicate, r=lcnr
rust-lang@750c2ecd15 Auto merge of
rust-lang#116881 - LuuuXXX:issue-110087, r=onur-ozkan
rust-lang@b9b7982f72 Add AIX
platform-support doc
rust-lang@ef7ebaa788 rustc_target: move
file for uniformity
rust-lang@1af256fe8a targets: move target
specs to spec/targets
rust-lang@76aa83e3e1 target: move base
specs to spec/base
rust-lang@a573880373 coverage: Rename the
`run-coverage` test mode to `coverage-run`
rust-lang@7cc997d373 Auto merge of
rust-lang#117699 - weihanglo:update-cargo, r=weihanglo
rust-lang@0670466e2c Update cargo
rust-lang@438b9a6e82 More tests for token
stream pretty-printing with adjacent punctuation.
rust-lang@783d4b8b26 Clarify
`space_between`.
rust-lang@91cfcb0219 Auto merge of
rust-lang#117484 - Zalathar:tests, r=cjgillot
rust-lang@97c9d8f405 Only use
normalize_param_env when normalizing predicate in check_item_bounds
rust-lang@1b8dee19e8 Fix issue rust-lang#110087
rust-lang@0d5ec963bb Auto merge of
rust-lang#117692 - matthiaskrgr:rollup-umaf5pr, r=matthiaskrgr
rust-lang@f72e974e3f Rollup merge of
rust-lang#117655 - compiler-errors:method-tweaks, r=estebank
rust-lang@7552dd19ad Rollup merge of
rust-lang#117625 - nnethercote:clippy-perf, r=cuviper
rust-lang@3c6307240c Rollup merge of
rust-lang#116399 - WaffleLapkin:erase_small_things, r=cjgillot
rust-lang@b724d9c90e Rollup merge of
rust-lang#113925 - clubby789:const-ctor-repeat, r=estebank
rust-lang@fcdd99edca Add
-Zcross-crate-inline-threshold=yes
rust-lang@e8cf29b584 rustdoc: minor
changes suggested by clippy perf lints.
rust-lang@ff0b4b6091 Auto merge of
rust-lang#117672 - lqd:ci-gcc-lld, r=Kobzol
rust-lang@1b3733e5a4 rustc: minor changes
suggested by clippy perf lints.
rust-lang@eca9a1533f Add an explanation
for `transmute_unchecked`
rust-lang@1d1fe9a205 add note to remember
to update a url when bumping to gcc 10.1.0
rust-lang@434b69a1d6 tests/rustdoc-json:
Rewrite tests no not use `#![no_core]`.
rust-lang@0875f456f1 tests/rustdoc-json:
Remove more needless uses of `#![no_core]`.
rust-lang@f784fa7bd9 tests/rustdoc-json:
Remove some needless uses of `#![no_core]`.
rust-lang@d73eaaac5f ci: bump gcc on dist
x64 linux builder to 9.5
rust-lang@f2fd8ad788 Document
clippy_config in nightly-rustc docs
rust-lang@eed89185bb bump some deps
rust-lang@0add056dee Rework
print_disambiguation_help
rust-lang@88a37acb26 Yeet
MethodCallComponents
rust-lang@4e6f438d2a coverage: Register
`test::Coverage` as the test suite for `tests/coverage`
rust-lang@49127c64d6 coverage: Migrate
`tests/coverage-map` into `tests/coverage`
rust-lang@e9d04c5e24 coverage: Migrate
`tests/run-coverage` into `tests/coverage`
rust-lang@aea7c27eae coverage: Set up a
macro for declaring unified coverage test suites
rust-lang@3509aed632 coverage: Add
`./x.py test coverage`, an alias for `coverage-map` and `run-coverage`
rust-lang@e585a99230 coverage: Give each
coverage test mode a separate output directory
rust-lang@211d4cee8e coverage: Copy all
remaining run-coverage tests into coverage-map
rust-lang@4b76b97bc8 coverage: Copy all
remaining coverage-map tests into run-coverage
rust-lang@f5df56b26b coverage: Flatten
`coverage-map/status-quo/` into its parent directory
rust-lang@8eef39f082 coverage: Remove
`tests/coverage-map/if.rs`
rust-lang@7f8a6de72c coverage: Use
`-Copt-level=2` by default in run-coverage tests
rust-lang@1dcdf83927 rustdoc: properly
elide cross-crate host effect args
rust-lang@2dff90dc23 add test for issue
117146
rust-lang@de7a8305ae traverse region
graph instead of SCCs to compute polonius loan scopes
rust-lang@03b24f2756 remove some dead
code
rust-lang@70a8e157ab make
pointer_structural_match warn-by-default
rust-lang@af6c7e0ca1 also lint against fn
ptr and raw ptr nested inside the const
rust-lang@bec88ad4aa patterns: reject raw
pointers that are not just integers
rust-lang@be0b42fabe Recover from
incorrectly ordered/duplicated function keywords
rust-lang@b3d50255d9 Use consisntent
style of `size_of` in query type erasure
rust-lang@61361bb212 Use
`transmute_unchecked` and make the types explicit in query type erasure
rust-lang@11a64a1834 don't panic in
BorrowedCursor::write
rust-lang@86b112204a Improve diagnostic
for const ctors in array repeat expressions

Co-authored-by: celinval <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
I-lang-nominated Nominated for discussion during a lang team meeting. merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

We're not warning against fn ptr and wide raw ptr nested inside ADTs
9 participants