Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unused_unsafe: stop interpreting unsafe fns as unsafe contexts #69173

Closed
Centril opened this issue Feb 14, 2020 · 6 comments
Closed

unused_unsafe: stop interpreting unsafe fns as unsafe contexts #69173

Centril opened this issue Feb 14, 2020 · 6 comments
Assignees
Labels
A-lints Area: Lints (warnings about flaws in source code) such as unused_mut. C-enhancement Category: An issue proposing an enhancement or a PR with one. E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@Centril
Copy link
Contributor

Centril commented Feb 14, 2020

In other words, the following will result in a lint being emitted today:

unsafe fn _bar() {}

unsafe fn _foo() {
    unsafe {
        _bar();
    }
}

==>

warning: unnecessary `unsafe` block
 --> src/lib.rs:4:5
  |
3 | unsafe fn _foo() {
  | ---------------- because it's nested under this `unsafe` fn
4 |     unsafe {
  |     ^^^^^^ unnecessary `unsafe` block
  |
  = note: `#[warn(unused_unsafe)]` on by default

Based on the discussion in a recent language team meeting (see summary as outlined by @nikomatsakis in rust-lang/rfcs#2585 (comment)), we would like to stop emitting the lint in this case where we have unsafe operations inside an unsafe { ... } inside an unsafe fn (it's probably easiest to not emit the lint at all as opposed to emitting a different lint name, but this can be determined as part of the implementation).

cc @RalfJung @rust-lang/lang

This issue has been assigned to @LeSeulArtichaut via this comment.

@Centril Centril added A-lints Area: Lints (warnings about flaws in source code) such as unused_mut. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. C-enhancement Category: An issue proposing an enhancement or a PR with one. labels Feb 14, 2020
@Centril
Copy link
Contributor Author

Centril commented Feb 14, 2020

cc @oli-obk @eddyb for mentoring instructions?

@eddyb
Copy link
Member

eddyb commented Feb 15, 2020

So looking at the code, it seems that the outermost active unsafe block (or unsafe fn) is used:

match self.unpushed_unsafe {
Safety::Safe => {}
_ => return,
}
self.unpushed_unsafe = Safety::ExplicitUnsafe(hir_id);

(NB: very confusing terminology around unpushed_unsafe, AFAICT it means "unsafe unrelated to {Push,Pop}Unsafe", and the latter is a hacky way to do allow_internal_unsafe, so we should rip it out sooner or later - but it shouldn't impact this issue, it's just confusing)

This are the possible values for Safety:

pub enum Safety {
Safe,
/// Unsafe because of a PushUnsafeBlock
BuiltinUnsafe,
/// Unsafe because of an unsafe fn
FnUnsafe,
/// Unsafe because of an `unsafe` block
ExplicitUnsafe(hir::HirId),
}

So when the "current safety" is Safety::FnUnsafe, it early-returns, instead of replacing it with the inner Safety::ExplicitUnsafe.

By making this change, I think we can get the desired lint effect (while unsafe fn still allowing unsafe operations outside of unsafe blocks):

- Safety::Safe => {}
+ Safety::Safe | Safety::FnUnsafe => {}

@Centril Centril added the E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion. label Feb 15, 2020
@LeSeulArtichaut
Copy link
Contributor

I’m currently trying to tackle this.
@rustbot claim

@RalfJung
Copy link
Member

I updated the RFC to discuss the new proposed lint and the interaction with the "unnecessary unsafe" lint. See rust-lang/rfcs#2585 (comment).

@kevinmehall
Copy link
Contributor

This can probably be closed in favor of the RFC tracking issue #71668. Merging the change proposed here alone was rejected in #69245, but an allow-by-default lint was merged in #71862.

@RalfJung
Copy link
Member

@kevinmehall agreed, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-lints Area: Lints (warnings about flaws in source code) such as unused_mut. C-enhancement Category: An issue proposing an enhancement or a PR with one. E-mentor Call for participation: This issue has a mentor. Use #t-compiler/help on Zulip for discussion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants