Suggest {to,from}_ne_bytes when people use transmute between arrays and integers
#136067
Comments
scottmcm
added
A-diagnostics
|
Some other byte-reinterpretations that could be linted against on the same premise, that don’t involve arrays:
|
|
@rustbot claim |
|
FWIW, clippy already has a bunch of warn-by-default lints for transmutes that can be done with safe constructors or need extra checks to be sound (including some already mentioned in this thread, but also int<->float, &str <-> &[u8], NonZeroT <-> T). May be worth uplifting and expanding all of those if there’s appetite for this kind of lint in rustc. |
|
@hanna-kruppe To me, the thing that makes I'm definitely a fan of having clippy suggest better unsafe ways to do transmutes, but I don't know that it would necessarily meet the rustc bar if the replacement is still unsafe. |
|
Sure, as long as there’s some consistent reason for what’s uplifted and what isn’t and we aren’t missing clippy existing lints just because nobody looked. |
Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc
implements rust-lang#136067
Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases.
```rs
fn bytes_at_home(x: [u8; 4]) -> u32 {
transmute(x)
}
// other examples
transmute::<[u8; 2], u16>();
transmute::<[u8; 8], f64>();
transmute::<u32, [u8; 4]>();
transmute::<char, u32>();
transmute::<u32, char>();
```
It would be handy to suggest `u32::from_ne_bytes(x)`.
This is implemented for `[u8; _]` -> `{float int}`
This also implements the cases:
`fXX` <-> `uXX` = `{from_bits, to_bits}`
`uXX` -> `iXX` via `cast_unsigned` and `cast_signed`
{`char` -> `u32`, `bool` -> `n8`} via `from`
`u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested)
`u8` -> `bool` via `==` (debatable)
Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc
implements rust-lang#136067
Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases.
```rs
fn bytes_at_home(x: [u8; 4]) -> u32 {
transmute(x)
}
// other examples
transmute::<[u8; 2], u16>();
transmute::<[u8; 8], f64>();
transmute::<u32, [u8; 4]>();
transmute::<char, u32>();
transmute::<u32, char>();
```
It would be handy to suggest `u32::from_ne_bytes(x)`.
This is implemented for `[u8; _]` -> `{float int}`
This also implements the cases:
`fXX` <-> `uXX` = `{from_bits, to_bits}`
`uXX` -> `iXX` via `cast_unsigned` and `cast_signed`
{`char` -> `u32`, `bool` -> `n8`} via `from`
`u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested)
`u8` -> `bool` via `==` (debatable)
Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc
implements rust-lang#136067
Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases.
```rs
fn bytes_at_home(x: [u8; 4]) -> u32 {
transmute(x)
}
// other examples
transmute::<[u8; 2], u16>();
transmute::<[u8; 8], f64>();
transmute::<u32, [u8; 4]>();
transmute::<char, u32>();
transmute::<u32, char>();
```
It would be handy to suggest `u32::from_ne_bytes(x)`.
This is implemented for `[u8; _]` -> `{float int}`
This also implements the cases:
`fXX` <-> `uXX` = `{from_bits, to_bits}`
`uXX` -> `iXX` via `cast_unsigned` and `cast_signed`
{`char` -> `u32`, `bool` -> `n8`} via `from`
`u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested)
`u8` -> `bool` via `==` (debatable)
---
try-job: aarch64-gnu
try-job: test-various
Code
Current output
Desired output
Rationale and extra context
I see people doing this a bunch, like it just came up in Discord.
It would be nice to point them to the safe alternative when possible.
Other cases
Rust Version
Anything else?
https://play.rust-lang.org/?version=nightly&mode=debug&edition=2021&gist=a89dfdaa49736b9d106b2099ca48ddd7
The text was updated successfully, but these errors were encountered: