Auto merge of #98919 - 5225225:stricter-invalid-value, r=RalfJung

bors · bors · commit 02654a0844f5 · 2022-08-30T20:39:01.000Z
Strengthen invalid_value lint to forbid uninit primitives, adjust docs to say that's UB For context: #66151 (comment) This does not make it a FCW, but it does explicitly state in the docs that uninit integers are UB. This also doesn't affect any runtime behavior, uninit u32's will still successfully be created through mem::uninitialized.
diff --git a/compiler/rustc_lint/src/builtin.rs b/compiler/rustc_lint/src/builtin.rs
@@ -2469,6 +2469,15 @@ impl<'tcx> LateLintPass<'tcx> for InvalidValue {
                 Char if init == InitKind::Uninit => {
                     Some(("characters must be a valid Unicode codepoint".to_string(), None))
                 }
+                Int(_) | Uint(_) if init == InitKind::Uninit => {
+                    Some(("integers must not be uninitialized".to_string(), None))
+                }
+                Float(_) if init == InitKind::Uninit => {
+                    Some(("floats must not be uninitialized".to_string(), None))
+                }
+                RawPtr(_) if init == InitKind::Uninit => {
+                    Some(("raw pointers must not be uninitialized".to_string(), None))
+                }
                 // Recurse and checks for some compound types.
                 Adt(adt_def, substs) if !adt_def.is_union() => {
                     // First check if this ADT has a layout attribute (like `NonNull` and friends).
diff --git a/library/core/src/mem/maybe_uninit.rs b/library/core/src/mem/maybe_uninit.rs
@@ -54,9 +54,6 @@ use crate::slice;
 /// // The equivalent code with `MaybeUninit<i32>`:
 /// let x: i32 = unsafe { MaybeUninit::uninit().assume_init() }; // undefined behavior! ⚠️
 /// ```
-/// (Notice that the rules around uninitialized integers are not finalized yet, but
-/// until they are, it is advisable to avoid them.)
-///
 /// On top of that, remember that most types have additional invariants beyond merely
 /// being considered initialized at the type level. For example, a `1`-initialized [`Vec<T>`]
 /// is considered initialized (under the current implementation; this does not constitute
diff --git a/library/core/src/mem/mod.rs b/library/core/src/mem/mod.rs
@@ -665,14 +665,14 @@ pub unsafe fn zeroed<T>() -> T {
 /// correctly: it has the same effect as [`MaybeUninit::uninit().assume_init()`][uninit].
 /// As the [`assume_init` documentation][assume_init] explains,
 /// [the Rust compiler assumes][inv] that values are properly initialized.
-/// As a consequence, calling e.g. `mem::uninitialized::<bool>()` causes immediate
-/// undefined behavior for returning a `bool` that is not definitely either `true`
-/// or `false`. Worse, truly uninitialized memory like what gets returned here
+///
+/// Truly uninitialized memory like what gets returned here
 /// is special in that the compiler knows that it does not have a fixed value.
 /// This makes it undefined behavior to have uninitialized data in a variable even
 /// if that variable has an integer type.
-/// (Notice that the rules around uninitialized integers are not finalized yet, but
-/// until they are, it is advisable to avoid them.)
+///
+/// Therefore, it is immediate undefined behavior to call this function on nearly all types,
+/// including integer types and arrays of integer types, and even if the result is unused.
 ///
 /// [uninit]: MaybeUninit::uninit
 /// [assume_init]: MaybeUninit::assume_init
diff --git a/src/test/ui/lint/uninitialized-zeroed.rs b/src/test/ui/lint/uninitialized-zeroed.rs
@@ -100,6 +100,18 @@ fn main() {
         let _val: [bool; 2] = mem::zeroed();
         let _val: [bool; 2] = mem::uninitialized(); //~ ERROR: does not permit being left uninitialized
 
+        let _val: i32 = mem::zeroed();
+        let _val: i32 = mem::uninitialized(); //~ ERROR: does not permit being left uninitialized
+
+        let _val: f32 = mem::zeroed();
+        let _val: f32 = mem::uninitialized(); //~ ERROR: does not permit being left uninitialized
+
+        let _val: *const () = mem::zeroed();
+        let _val: *const () = mem::uninitialized(); //~ ERROR: does not permit being left uninitialized
+
+        let _val: *const [()] = mem::zeroed();
+        let _val: *const [()] = mem::uninitialized(); //~ ERROR: does not permit being left uninitialized
+
         // Transmute-from-0
         let _val: &'static i32 = mem::transmute(0usize); //~ ERROR: does not permit zero-initialization
         let _val: &'static [i32] = mem::transmute((0usize, 0usize)); //~ ERROR: does not permit zero-initialization
@@ -114,13 +126,12 @@ fn main() {
         let _val: Option<&'static i32> = mem::zeroed();
         let _val: Option<fn()> = mem::zeroed();
         let _val: MaybeUninit<&'static i32> = mem::zeroed();
-        let _val: i32 = mem::zeroed();
         let _val: bool = MaybeUninit::zeroed().assume_init();
         let _val: [bool; 0] = MaybeUninit::uninit().assume_init();
         let _val: [!; 0] = MaybeUninit::zeroed().assume_init();
+
         // Some things that happen to work due to rustc implementation details,
         // but are not guaranteed to keep working.
-        let _val: i32 = mem::uninitialized();
         let _val: OneFruit = mem::uninitialized();
     }
 }
diff --git a/src/test/ui/lint/uninitialized-zeroed.stderr b/src/test/ui/lint/uninitialized-zeroed.stderr
@@ -97,7 +97,7 @@ LL |         let _val: (i32, !) = mem::uninitialized();
    |                              this code causes undefined behavior when executed
    |                              help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
    |
-   = note: the `!` type has no valid value
+   = note: integers must not be uninitialized
 
 error: the type `Void` does not permit zero-initialization
   --> $DIR/uninitialized-zeroed.rs:57:26
@@ -414,8 +414,52 @@ LL |         let _val: [bool; 2] = mem::uninitialized();
    |
    = note: booleans must be either `true` or `false`
 
+error: the type `i32` does not permit being left uninitialized
+  --> $DIR/uninitialized-zeroed.rs:104:25
+   |
+LL |         let _val: i32 = mem::uninitialized();
+   |                         ^^^^^^^^^^^^^^^^^^^^
+   |                         |
+   |                         this code causes undefined behavior when executed
+   |                         help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
+   |
+   = note: integers must not be uninitialized
+
+error: the type `f32` does not permit being left uninitialized
+  --> $DIR/uninitialized-zeroed.rs:107:25
+   |
+LL |         let _val: f32 = mem::uninitialized();
+   |                         ^^^^^^^^^^^^^^^^^^^^
+   |                         |
+   |                         this code causes undefined behavior when executed
+   |                         help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
+   |
+   = note: floats must not be uninitialized
+
+error: the type `*const ()` does not permit being left uninitialized
+  --> $DIR/uninitialized-zeroed.rs:110:31
+   |
+LL |         let _val: *const () = mem::uninitialized();
+   |                               ^^^^^^^^^^^^^^^^^^^^
+   |                               |
+   |                               this code causes undefined behavior when executed
+   |                               help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
+   |
+   = note: raw pointers must not be uninitialized
+
+error: the type `*const [()]` does not permit being left uninitialized
+  --> $DIR/uninitialized-zeroed.rs:113:33
+   |
+LL |         let _val: *const [()] = mem::uninitialized();
+   |                                 ^^^^^^^^^^^^^^^^^^^^
+   |                                 |
+   |                                 this code causes undefined behavior when executed
+   |                                 help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
+   |
+   = note: raw pointers must not be uninitialized
+
 error: the type `&i32` does not permit zero-initialization
-  --> $DIR/uninitialized-zeroed.rs:104:34
+  --> $DIR/uninitialized-zeroed.rs:116:34
    |
 LL |         let _val: &'static i32 = mem::transmute(0usize);
    |                                  ^^^^^^^^^^^^^^^^^^^^^^
@@ -426,7 +470,7 @@ LL |         let _val: &'static i32 = mem::transmute(0usize);
    = note: references must be non-null
 
 error: the type `&[i32]` does not permit zero-initialization
-  --> $DIR/uninitialized-zeroed.rs:105:36
+  --> $DIR/uninitialized-zeroed.rs:117:36
    |
 LL |         let _val: &'static [i32] = mem::transmute((0usize, 0usize));
    |                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -437,7 +481,7 @@ LL |         let _val: &'static [i32] = mem::transmute((0usize, 0usize));
    = note: references must be non-null
 
 error: the type `NonZeroU32` does not permit zero-initialization
-  --> $DIR/uninitialized-zeroed.rs:106:32
+  --> $DIR/uninitialized-zeroed.rs:118:32
    |
 LL |         let _val: NonZeroU32 = mem::transmute(0);
    |                                ^^^^^^^^^^^^^^^^^
@@ -448,7 +492,7 @@ LL |         let _val: NonZeroU32 = mem::transmute(0);
    = note: `std::num::NonZeroU32` must be non-null
 
 error: the type `NonNull<i32>` does not permit zero-initialization
-  --> $DIR/uninitialized-zeroed.rs:109:34
+  --> $DIR/uninitialized-zeroed.rs:121:34
    |
 LL |         let _val: NonNull<i32> = MaybeUninit::zeroed().assume_init();
    |                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -459,7 +503,7 @@ LL |         let _val: NonNull<i32> = MaybeUninit::zeroed().assume_init();
    = note: `std::ptr::NonNull<i32>` must be non-null
 
 error: the type `NonNull<i32>` does not permit being left uninitialized
-  --> $DIR/uninitialized-zeroed.rs:110:34
+  --> $DIR/uninitialized-zeroed.rs:122:34
    |
 LL |         let _val: NonNull<i32> = MaybeUninit::uninit().assume_init();
    |                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -470,7 +514,7 @@ LL |         let _val: NonNull<i32> = MaybeUninit::uninit().assume_init();
    = note: `std::ptr::NonNull<i32>` must be non-null
 
 error: the type `bool` does not permit being left uninitialized
-  --> $DIR/uninitialized-zeroed.rs:111:26
+  --> $DIR/uninitialized-zeroed.rs:123:26
    |
 LL |         let _val: bool = MaybeUninit::uninit().assume_init();
    |                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -480,5 +524,5 @@ LL |         let _val: bool = MaybeUninit::uninit().assume_init();
    |
    = note: booleans must be either `true` or `false`
 
-error: aborting due to 39 previous errors
+error: aborting due to 43 previous errors
 
diff --git a/src/test/ui/sanitize/memory.rs b/src/test/ui/sanitize/memory.rs
@@ -14,6 +14,7 @@
 #![feature(core_intrinsics)]
 #![feature(start)]
 #![feature(bench_black_box)]
+#![allow(invalid_value)]
 
 use std::hint::black_box;
 use std::mem::MaybeUninit;
diff --git a/src/tools/clippy/tests/ui/uninit.rs b/src/tools/clippy/tests/ui/uninit.rs
@@ -1,5 +1,5 @@
 #![feature(stmt_expr_attributes)]
-#![allow(clippy::let_unit_value)]
+#![allow(clippy::let_unit_value, invalid_value)]
 
 use std::mem::{self, MaybeUninit};
 
