Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor inner allocation logic of temp dangling pointer lint #133263

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+90 −33
Open

Refactor inner allocation logic of temp dangling pointer lint #133263

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5b6c7cc
Refactor inner allocation logic of temp dandling pointer lint
Urgau Nov 20, 2024
fe17d7a
Remove now unused Cell and SyncUnsafeCell diagnostic item
Urgau Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 33 additions & 27 deletions compiler/rustc_lint/src/dangling.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
use rustc_ast::visit::{visit_opt, walk_list};
use rustc_hir::def_id::LocalDefId;
use rustc_hir::intravisit::{FnKind, Visitor, walk_expr};
use rustc_hir::{Block, Body, Expr, ExprKind, FnDecl, LangItem};
use rustc_middle::ty::{Ty, TyCtxt};
use rustc_hir::{Block, Body, Expr, ExprKind, FnDecl};
use rustc_middle::ty::Ty;
use rustc_middle::ty::adjustment::{Adjust, Adjustment};
use rustc_session::{declare_lint, impl_lint_pass};
use rustc_span::Span;
use rustc_span::symbol::sym;
Expand Down Expand Up @@ -134,7 +135,8 @@ fn lint_expr(cx: &LateContext<'_>, expr: &Expr<'_>) {
&& cx.tcx.has_attr(fn_id, sym::rustc_as_ptr)
&& is_temporary_rvalue(receiver)
&& let ty = cx.typeck_results().expr_ty(receiver)
&& owns_allocation(cx.tcx, ty)
&& let adjs = cx.typeck_results().expr_adjustments(receiver)
&& is_inner_allocation_owned(ty, adjs)
{
// FIXME: use `emit_node_lint` when `#[primary_span]` is added.
cx.tcx.emit_node_span_lint(
Expand All @@ -151,6 +153,34 @@ fn lint_expr(cx: &LateContext<'_>, expr: &Expr<'_>) {
}
}

/// Determine if a `#[rustc_as_ptr]` receiver type (with adjustments) is only applied
/// to owned allocations.
fn is_inner_allocation_owned(input_ty: Ty<'_>, adjs: &[Adjustment<'_>]) -> bool {
// 1. Exclude any pointer types (as they cannot be owned)
//
// - `&[u8]`: NOT OWNED
// - `*const u8`: NOT OWNED
// - `Box<u8>`: MAYBE OWNED
// - `Box<&u8>`: MAYBE OWNED
!input_ty.is_any_ptr()
// 2. Look at all the deref-ed types and exclude any pointer types
//
// - `Box<u8>` -> `u8`: OWNED
// - `Box<&u8>` -> `&u8`: NOT OWNED
// - `Box<Box<u8>>` -> `Box<u8>` -> `u8`: OWNED
// - `MaybeUninit<MaybeUninit<&u8>>`: OWNED
// - `Box<MaybeUninit<&u8>>` -> `MaybeUninit<&u8>`: OWNED
&& adjs.iter()
.filter_map(|adj| match adj.kind {
Adjust::Deref(_) => Some(adj.target),
Adjust::NeverToAny
| Adjust::Borrow(_)
| Adjust::Pointer(_)
| Adjust::ReborrowPin(_) => None,
})
.all(|deref_ty| !deref_ty.is_any_ptr())
}

fn is_temporary_rvalue(expr: &Expr<'_>) -> bool {
match expr.kind {
// Const is not temporary.
Expand Down Expand Up @@ -196,27 +226,3 @@ fn is_temporary_rvalue(expr: &Expr<'_>) -> bool {
ExprKind::Type(..) | ExprKind::Err(..) => false,
}
}

// Array, Vec, String, CString, MaybeUninit, Cell, Box<[_]>, Box<str>, Box<CStr>, UnsafeCell,
// SyncUnsafeCell, or any of the above in arbitrary many nested Box'es.
fn owns_allocation(tcx: TyCtxt<'_>, ty: Ty<'_>) -> bool {
if ty.is_array() {
true
} else if let Some(inner) = ty.boxed_ty() {
inner.is_slice()
|| inner.is_str()
|| inner.ty_adt_def().is_some_and(|def| tcx.is_lang_item(def.did(), LangItem::CStr))
|| owns_allocation(tcx, inner)
} else if let Some(def) = ty.ty_adt_def() {
for lang_item in [LangItem::String, LangItem::MaybeUninit, LangItem::UnsafeCell] {
if tcx.is_lang_item(def.did(), lang_item) {
return true;
}
}
tcx.get_diagnostic_name(def.did()).is_some_and(|name| {
matches!(name, sym::cstring_type | sym::Vec | sym::Cell | sym::SyncUnsafeCell)
})
} else {
false
}
}
2 changes: 0 additions & 2 deletions compiler/rustc_span/src/symbol.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,6 @@ symbols! {
CallOnceFuture,
CallRefFuture,
Capture,
Cell,
Center,
Cleanup,
Clone,
Expand Down Expand Up @@ -316,7 +315,6 @@ symbols! {
SubdiagMessage,
Subdiagnostic,
Sync,
SyncUnsafeCell,
T,
Target,
ToOwned,
Expand Down
2 changes: 0 additions & 2 deletions library/core/src/cell.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,6 @@ pub use once::OnceCell;
/// ```
///
/// See the [module-level documentation](self) for more.
#[cfg_attr(not(test), rustc_diagnostic_item = "Cell")]
#[stable(feature = "rust1", since = "1.0.0")]
#[repr(transparent)]
#[rustc_pub_transparent]
Expand Down Expand Up @@ -2274,7 +2273,6 @@ impl<T: DispatchFromDyn<U>, U> DispatchFromDyn<UnsafeCell<U>> for UnsafeCell<T>
/// See [`UnsafeCell`] for details.
#[unstable(feature = "sync_unsafe_cell", issue = "95439")]
#[repr(transparent)]
#[rustc_diagnostic_item = "SyncUnsafeCell"]
#[rustc_pub_transparent]
pub struct SyncUnsafeCell<T: ?Sized> {
value: UnsafeCell<T>,
Expand Down
13 changes: 12 additions & 1 deletion tests/ui/lint/dangling-pointers-from-temporaries/types.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,17 @@ fn main() {
//~^ ERROR a dangling pointer will be produced because the temporary `UnsafeCell<u8>` will be dropped
declval::<SyncUnsafeCell<u8>>().get();
//~^ ERROR a dangling pointer will be produced because the temporary `SyncUnsafeCell<u8>` will be dropped
declval::<Box<AsPtrFake>>().as_ptr();
declval::<MaybeUninit<MaybeUninit<&u8>>>().as_ptr();
//~^ ERROR a dangling pointer will be produced because the temporary `MaybeUninit<MaybeUninit<&u8>>` will be dropped
declval::<Box<MaybeUninit<&u8>>>().as_ptr();
//~^ ERROR a dangling pointer will be produced because the temporary `Box<MaybeUninit<&u8>>` will be dropped
declval::<MaybeUninit<&u8>>().as_ptr();
//~^ ERROR a dangling pointer will be produced because the temporary `MaybeUninit<&u8>` will be dropped
declval::<[&u8; 10]>().as_ptr();
//~^ ERROR a dangling pointer will be produced because the temporary `[&u8; 10]` will be dropped

// should not lint
declval::<&[u8]>().as_ptr();
declval::<AsPtrFake>().as_ptr();
declval::<Box<AsPtrFake>>().as_ptr();
}
46 changes: 45 additions & 1 deletion tests/ui/lint/dangling-pointers-from-temporaries/types.stderr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,5 +190,49 @@ LL | declval::<SyncUnsafeCell<u8>>().get();
= note: pointers do not have a lifetime; when calling `get` the `SyncUnsafeCell<u8>` will be deallocated at the end of the statement because nothing is referencing it as far as the type system is concerned
= help: for more information, see <https://doc.rust-lang.org/reference/destructors.html>

error: aborting due to 17 previous errors
error: a dangling pointer will be produced because the temporary `MaybeUninit<MaybeUninit<&u8>>` will be dropped
--> $DIR/types.rs:55:48
|
LL | declval::<MaybeUninit<MaybeUninit<&u8>>>().as_ptr();
| ------------------------------------------ ^^^^^^ this pointer will immediately be invalid
| |
| this `MaybeUninit<MaybeUninit<&u8>>` is deallocated at the end of the statement, bind it to a variable to extend its lifetime
|
= note: pointers do not have a lifetime; when calling `as_ptr` the `MaybeUninit<MaybeUninit<&u8>>` will be deallocated at the end of the statement because nothing is referencing it as far as the type system is concerned
= help: for more information, see <https://doc.rust-lang.org/reference/destructors.html>

error: a dangling pointer will be produced because the temporary `Box<MaybeUninit<&u8>>` will be dropped
--> $DIR/types.rs:57:40
|
LL | declval::<Box<MaybeUninit<&u8>>>().as_ptr();
| ---------------------------------- ^^^^^^ this pointer will immediately be invalid
| |
| this `Box<MaybeUninit<&u8>>` is deallocated at the end of the statement, bind it to a variable to extend its lifetime
|
= note: pointers do not have a lifetime; when calling `as_ptr` the `Box<MaybeUninit<&u8>>` will be deallocated at the end of the statement because nothing is referencing it as far as the type system is concerned
= help: for more information, see <https://doc.rust-lang.org/reference/destructors.html>

error: a dangling pointer will be produced because the temporary `MaybeUninit<&u8>` will be dropped
--> $DIR/types.rs:59:35
|
LL | declval::<MaybeUninit<&u8>>().as_ptr();
| ----------------------------- ^^^^^^ this pointer will immediately be invalid
| |
| this `MaybeUninit<&u8>` is deallocated at the end of the statement, bind it to a variable to extend its lifetime
|
= note: pointers do not have a lifetime; when calling `as_ptr` the `MaybeUninit<&u8>` will be deallocated at the end of the statement because nothing is referencing it as far as the type system is concerned
= help: for more information, see <https://doc.rust-lang.org/reference/destructors.html>

error: a dangling pointer will be produced because the temporary `[&u8; 10]` will be dropped
--> $DIR/types.rs:61:28
|
LL | declval::<[&u8; 10]>().as_ptr();
| ---------------------- ^^^^^^ this pointer will immediately be invalid
| |
| this `[&u8; 10]` is deallocated at the end of the statement, bind it to a variable to extend its lifetime
|
= note: pointers do not have a lifetime; when calling `as_ptr` the `[&u8; 10]` will be deallocated at the end of the statement because nothing is referencing it as far as the type system is concerned
= help: for more information, see <https://doc.rust-lang.org/reference/destructors.html>

error: aborting due to 21 previous errors

Loading