lint against MaybeUninit::uninit().assume_init()

CHANGELOG.md

@@ -1176,6 +1176,7 @@ Released 2018-09-13
 [`type_repetition_in_bounds`]: https://rust-lang.github.io/rust-clippy/master/index.html#type_repetition_in_bounds
 [`unicode_not_nfc`]: https://rust-lang.github.io/rust-clippy/master/index.html#unicode_not_nfc
 [`unimplemented`]: https://rust-lang.github.io/rust-clippy/master/index.html#unimplemented
+[`uninit_assumed_init`]: https://rust-lang.github.io/rust-clippy/master/index.html#uninit_assumed_init
 [`unit_arg`]: https://rust-lang.github.io/rust-clippy/master/index.html#unit_arg
 [`unit_cmp`]: https://rust-lang.github.io/rust-clippy/master/index.html#unit_cmp
 [`unknown_clippy_lints`]: https://rust-lang.github.io/rust-clippy/master/index.html#unknown_clippy_lints

README.md

@@ -6,7 +6,7 @@
 
 A collection of lints to catch common mistakes and improve your [Rust](https://github.com/rust-lang/rust) code.
 
-[There are 311 lints included in this crate!](https://rust-lang.github.io/rust-clippy/master/index.html)
+[There are 312 lints included in this crate!](https://rust-lang.github.io/rust-clippy/master/index.html)
 
 We have a bunch of lint categories to allow you to choose how much Clippy is supposed to ~~annoy~~ help you:
 

clippy_lints/src/lib.rs

@@ -804,6 +804,7 @@ pub fn register_plugins(reg: &mut rustc_driver::plugin::Registry<'_>, conf: &Con
  methods::STRING_EXTEND_CHARS,
  methods::SUSPICIOUS_MAP,
  methods::TEMPORARY_CSTRING_AS_PTR,
+ methods::UNINIT_ASSUMED_INIT,
  methods::UNNECESSARY_FILTER_MAP,
  methods::UNNECESSARY_FOLD,
  methods::USELESS_ASREF,
@@ -1116,6 +1117,7 @@ pub fn register_plugins(reg: &mut rustc_driver::plugin::Registry<'_>, conf: &Con
  methods::CLONE_DOUBLE_REF,
  methods::INTO_ITER_ON_ARRAY,
  methods::TEMPORARY_CSTRING_AS_PTR,
+ methods::UNINIT_ASSUMED_INIT,
  minmax::MIN_MAX,
  misc::CMP_NAN,
  misc::FLOAT_CMP,

clippy_lints/src/methods/mod.rs

@@ -951,6 +951,38 @@ declare_clippy_lint! {
  "suspicious usage of map"
 }
 
+declare_clippy_lint! {
+ /// **What it does:** Checks for `MaybeUninit::uninit().assume_init()`.
+ ///
+ /// **Why is this bad?** For most types, this is undefined behavior.
+ ///
+ /// **Known problems:** For now, we accept empty tuples and tuples / arrays
+ /// of `MaybeUninit`. There may be other types that allow uninitialized
+ /// data, but those are not yet rigorously defined.
+ ///
+ /// **Example:**
+ ///
+ /// ```rust
+ /// // Beware the UB
+ /// use std::mem::MaybeUninit;
+ ///
+ /// let _: usize = unsafe { MaybeUninit::uninit().assume_init() };
+ /// ```
+ ///
+ /// Note that the following is OK:
+ ///
+ /// ```rust
+ /// use std::mem::MaybeUninit;
+ ///
+ /// let _: [MaybeUninit<bool>; 5] = unsafe {
+ /// MaybeUninit::uninit().assume_init()
+ /// };
+ /// ```
+ pub UNINIT_ASSUMED_INIT,
+ correctness,
+ "`MaybeUninit::uninit().assume_init()`"
+}
+
 declare_lint_pass!(Methods => [
  OPTION_UNWRAP_USED,
  RESULT_UNWRAP_USED,
@@ -991,6 +1023,7 @@ declare_lint_pass!(Methods => [
  INTO_ITER_ON_ARRAY,
  INTO_ITER_ON_REF,
  SUSPICIOUS_MAP,
+ UNINIT_ASSUMED_INIT,
 ]);
 
 impl<'a, 'tcx> LateLintPass<'a, 'tcx> for Methods {
@@ -1038,6 +1071,7 @@ impl<'a, 'tcx> LateLintPass<'a, 'tcx> for Methods {
  ["fold", ..] => lint_unnecessary_fold(cx, expr, arg_lists[0]),
  ["filter_map", ..] => unnecessary_filter_map::lint(cx, expr, arg_lists[0]),
  ["count", "map"] => lint_suspicious_map(cx, expr),
+ ["assume_init"] => lint_maybe_uninit(cx, &arg_lists[0][0], expr),
  _ => {},
  }
 
@@ -2662,6 +2696,37 @@ fn lint_into_iter(cx: &LateContext<'_, '_>, expr: &hir::Expr, self_ref_ty: Ty<'_
  }
 }
 
+/// lint for `MaybeUninit::uninit().assume_init()` (we already have the latter)
+fn lint_maybe_uninit(cx: &LateContext<'_, '_>, expr: &hir::Expr, outer: &hir::Expr) {
+ if_chain! {
+ if let hir::ExprKind::Call(ref callee, ref args) = expr.node;
+ if args.is_empty();
+ if let hir::ExprKind::Path(ref path) = callee.node;
+ if match_qpath(path, &paths::MEM_MAYBEUNINIT_UNINIT);
+ if !is_maybe_uninit_ty_valid(cx, cx.tables.expr_ty_adjusted(outer));
+ then {
+ span_lint(
+ cx,
+ UNINIT_ASSUMED_INIT,
+ outer.span,
+ "this call for this type may be undefined behavior"
+ );
+ }
+ }
+}
+
+fn is_maybe_uninit_ty_valid(cx: &LateContext<'_, '_>, ty: Ty<'_>) -> bool {
+ match ty.sty {
+ ty::Array(ref component, _) => is_maybe_uninit_ty_valid(cx, component),
+ ty::Tuple(ref types) => types.types().all(|ty| is_maybe_uninit_ty_valid(cx, ty)),
+ ty::Adt(ref adt, _) => {
+ // needs to be a MaybeUninit
+ match_def_path(cx, adt.did, &paths::MEM_MAYBEUNINIT)
+ },
+ _ => false,
+ }
+}
+
 fn lint_suspicious_map(cx: &LateContext<'_, '_>, expr: &hir::Expr) {
  span_help_and_lint(
  cx,

clippy_lints/src/utils/paths.rs

@@ -49,6 +49,8 @@ pub const LINT: [&str; 3] = ["rustc", "lint", "Lint"];
 pub const LINT_PASS: [&str; 3] = ["rustc", "lint", "LintPass"];
 pub const MEM_DISCRIMINANT: [&str; 3] = ["core", "mem", "discriminant"];
 pub const MEM_FORGET: [&str; 3] = ["core", "mem", "forget"];
+pub const MEM_MAYBEUNINIT: [&str; 4] = ["core", "mem", "maybe_uninit", "MaybeUninit"];
+pub const MEM_MAYBEUNINIT_UNINIT: [&str; 5] = ["core", "mem", "maybe_uninit", "MaybeUninit", "uninit"];
 pub const MEM_REPLACE: [&str; 3] = ["core", "mem", "replace"];
 pub const MUTEX: [&str; 4] = ["std", "sync", "mutex", "Mutex"];
 pub const OPEN_OPTIONS: [&str; 3] = ["std", "fs", "OpenOptions"];

src/lintlist/mod.rs

@@ -6,7 +6,7 @@ pub use lint::Lint;
 pub use lint::LINT_LEVELS;
 
 // begin lint list, do not remove this comment, it’s used in `update_lints`
-pub const ALL_LINTS: [Lint; 311] = [
+pub const ALL_LINTS: [Lint; 312] = [
  Lint {
  name: "absurd_extreme_comparisons",
  group: "correctness",
@@ -1890,6 +1890,13 @@ pub const ALL_LINTS: [Lint; 311] = [
  deprecation: None,
  module: "panic_unimplemented",
  },
+ Lint {
+ name: "uninit_assumed_init",
+ group: "correctness",
+ desc: "`MaybeUninit::uninit().assume_init()`",
+ deprecation: None,
+ module: "methods",
+ },
  Lint {
  name: "unit_arg",
  group: "complexity",

tests/ui/uninit.rs

@@ -0,0 +1,23 @@
+#![feature(stmt_expr_attributes)]
+
+use std::mem::MaybeUninit;
+
+#[allow(clippy::let_unit_value)]
+fn main() {
+ let _: usize = unsafe { MaybeUninit::uninit().assume_init() };
+
+ // edge case: For now we lint on empty arrays
+ let _: [u8; 0] = unsafe { MaybeUninit::uninit().assume_init() };
+
+ // edge case: For now we accept unit tuples
+ let _: () = unsafe { MaybeUninit::uninit().assume_init() };
+
+ // This is OK, because `MaybeUninit` allows uninitialized data.
+ let _: MaybeUninit<usize> = unsafe { MaybeUninit::uninit().assume_init() };
+
+ // This is OK, because all constitutent types are uninit-compatible.
+ let _: (MaybeUninit<usize>, MaybeUninit<bool>) = unsafe { MaybeUninit::uninit().assume_init() };
+
+ // This is OK, because all constitutent types are uninit-compatible.
+ let _: (MaybeUninit<usize>, [MaybeUninit<bool>; 2]) = unsafe { MaybeUninit::uninit().assume_init() };
+}

tests/ui/uninit.stderr

@@ -0,0 +1,16 @@
+error: this call for this type may be undefined behavior
+ --> $DIR/uninit.rs:7:29
+ |
+LL | let _: usize = unsafe { MaybeUninit::uninit().assume_init() };
+ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ |
+ = note: `#[deny(clippy::uninit_assumed_init)]` on by default
+
+error: this call for this type may be undefined behavior
+ --> $DIR/uninit.rs:10:31
+ |
+LL | let _: [u8; 0] = unsafe { MaybeUninit::uninit().assume_init() };
+ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+error: aborting due to 2 previous errors
+