Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add a lint against references to packed fields #72270

Merged
merged 4 commits into from
May 27, 2020

Conversation

RalfJung
Copy link
Member

Creating a reference to an insufficiently aligned packed field is UB and should be disallowed, both inside and outside of unsafe blocks. However, currently there is no stable alternative (#64490) so all we do right now is have a future incompatibility warning when doing this outside unsafe (#46043).

This adds an allow-by-default lint. @retep998 suggested this can help early adopters avoid issues. It also means we can then do a crater run where this is deny-by-default as suggested by @joshtriplett.

I guess the main thing to bikeshed is the lint name. I am not particularly happy with "packed_references" as it sounds like the packed field has reference type. I chose this because it is similar to "safe_packed_borrows". What about "reference_to_packed" or "unaligned_reference" or so?

@rust-highfive
Copy link
Collaborator

r? @varkor

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label May 16, 2020
@RalfJung RalfJung force-pushed the lint-ref-to-packed branch 2 times, most recently from 8f4bed8 to 1c0be80 Compare May 16, 2020 14:37
@retep998
Copy link
Member

Another question is whether this should lint against any reference to a field of a struct that has any level of packing, or if it should only lint when a reference is created to a field where the field's alignment is strictly greater than the struct's alignment? Although this question also applies to the safe_packed_borrows future incompatibility warning.

@RalfJung
Copy link
Member Author

It already does the smart thing here, as the aligned accesses in the test show. This is also what safe_packed_borrows does.

@RalfJung
Copy link
Member Author

RalfJung commented May 16, 2020

Well, so far the "smartness" is that it never complains about references to 1-aligned types. There might be more we can do, but that seems rather orthogonal to the linting part.

@@ -229,6 +231,8 @@ fn mir_const(tcx: TyCtxt<'_>, def_id: DefId) -> Steal<Body<'_>> {
None,
MirPhase::Const,
&[&[
// MIR-level lints.
&check_packed_ref::CheckPackedRef,
// What we need to do constant evaluation.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't even know what this means... I think this is a leftover from the pre-miri MIR based const evaluator. I think we could just merge the entire mir_const query into mir_validated

Copy link
Member Author

@RalfJung RalfJung May 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, maybe we can, I'll leave that to someone else.^^

If you change this, please remember to update the rustc-dev-guide, which is where I learned that this is not just for consts. :)

@varkor varkor assigned oli-obk and unassigned varkor May 16, 2020
@@ -229,6 +231,8 @@ fn mir_const(tcx: TyCtxt<'_>, def_id: DefId) -> Steal<Body<'_>> {
None,
MirPhase::Const,
&[&[
// MIR-level lints.
&check_packed_ref::CheckPackedRef,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like an alternative to this would be to add the lint here:

lints::check(tcx, &body, def_id);

@oli-obk
Copy link
Contributor

oli-obk commented May 25, 2020

Our lint naming rules (https://rust-lang.github.io/rfcs/0344-conventions-galore.html#lints) say that we should have the "bad thing" in the name and use a plural, so unaligned_references?

@RalfJung
Copy link
Member Author

Well this does not detect all unaligned references... references_to_packed_field is a mouthful though.

@RalfJung RalfJung force-pushed the lint-ref-to-packed branch from 1c0be80 to c79535e Compare May 25, 2020 08:57
@RalfJung
Copy link
Member Author

(I rebased so I wouldn't have to rebuild llvm to work on this again.)

@RalfJung
Copy link
Member Author

@oli-obk I ended up renaming the lint as you suggested. False negatives are okay for lints after all (and this lint will hopefully eventually become a hard error anyway -- to fix a soundness issue -- at which point it stops having a name).

@oli-obk
Copy link
Contributor

oli-obk commented May 26, 2020

@bors r+

@bors
Copy link
Contributor

bors commented May 26, 2020

📌 Commit d959a8f has been approved by oli-obk

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 26, 2020
bors added a commit to rust-lang-ci/rust that referenced this pull request May 26, 2020
Rollup of 6 pull requests

Successful merges:

 - rust-lang#72270 (add a lint against references to packed fields)
 - rust-lang#72294 (JS cleanup)
 - rust-lang#72342 (Warn about unused crate deps)
 - rust-lang#72401 (Use correct function for detecting `const fn` in unsafety checking)
 - rust-lang#72581 (Allow unlabeled breaks from desugared `?` in labeled blocks)
 - rust-lang#72592 (Update books)

Failed merges:

r? @ghost
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants