|
| 1 | +use crate::{LateContext, LateLintPass, LintContext}; |
| 2 | + |
| 3 | +use rustc_errors::Applicability; |
| 4 | +use rustc_hir::{self as hir, Expr, ExprKind, UnOp}; |
| 5 | +use rustc_middle::ty::adjustment::{Adjust, AutoBorrow}; |
| 6 | + |
| 7 | +declare_lint! { |
| 8 | + /// The `implicit_unsafe_autorefs` lint checks for implicitly taken references to dereferences of raw pointers. |
| 9 | + /// |
| 10 | + /// ### Example |
| 11 | + /// |
| 12 | + /// ```rust |
| 13 | + /// unsafe fn fun(ptr: *mut [u8]) -> *mut [u8] { |
| 14 | + /// addr_of_mut!((*ptr)[..16]) |
| 15 | + /// // ^^^^^^ this calls `IndexMut::index_mut(&mut ..., ..16)`, |
| 16 | + /// // implicitly creating a reference |
| 17 | + /// } |
| 18 | + /// ``` |
| 19 | + /// |
| 20 | + /// {{produces}} |
| 21 | + /// |
| 22 | + /// ### Explanation |
| 23 | + /// |
| 24 | + /// When working with raw pointers it's usually undesirable to create references, |
| 25 | + /// since they inflict a lot of safety requirement. Unfortunately, it's possible |
| 26 | + /// to take a reference to a dereferece of a raw pointer implitly, which inflicts |
| 27 | + /// the usual reference requirements without you even knowing that. |
| 28 | + /// |
| 29 | + /// If you are sure, you can soundly take a reference, then you can take it explicitly: |
| 30 | + /// ```rust |
| 31 | + /// unsafe fn fun(ptr: *mut [u8]) -> *mut [u8] { |
| 32 | + /// addr_of_mut!((&mut *ptr)[..16]) |
| 33 | + /// } |
| 34 | + /// ``` |
| 35 | + /// |
| 36 | + /// Otherwise try to find an alternative way to achive your goals that work only with |
| 37 | + /// raw pointers: |
| 38 | + /// ```rust |
| 39 | + /// #![feature(slice_ptr_get)] |
| 40 | + /// |
| 41 | + /// unsafe fn fun(ptr: *mut [u8]) -> *mut [u8] { |
| 42 | + /// ptr.get_unchecked_mut(..16) |
| 43 | + /// } |
| 44 | + /// ``` |
| 45 | + pub IMPLICIT_UNSAFE_AUTOREFS, |
| 46 | + Deny, |
| 47 | + "implicit reference to a dereference of a raw pointer" |
| 48 | +} |
| 49 | + |
| 50 | +declare_lint_pass!(ImplicitUnsafeAutorefs => [IMPLICIT_UNSAFE_AUTOREFS]); |
| 51 | + |
| 52 | +impl<'tcx> LateLintPass<'tcx> for ImplicitUnsafeAutorefs { |
| 53 | + fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) { |
| 54 | + let typeck = cx.typeck_results(); |
| 55 | + let adjustments_table = typeck.adjustments(); |
| 56 | + |
| 57 | + if let Some(adjustments) = adjustments_table.get(expr.hir_id) |
| 58 | + && let [adjustment] = &**adjustments |
| 59 | + // An auto-borrow |
| 60 | + && let Adjust::Borrow(AutoBorrow::Ref(_, mutbl)) = adjustment.kind |
| 61 | + // ... of a deref |
| 62 | + && let ExprKind::Unary(UnOp::Deref, dereferenced) = expr.kind |
| 63 | + // ... of a raw pointer |
| 64 | + && typeck.expr_ty(dereferenced).is_unsafe_ptr() |
| 65 | + { |
| 66 | + let mutbl = hir::Mutability::prefix_str(&mutbl.into()); |
| 67 | + |
| 68 | + let msg = "implicit auto-ref creates a reference to a dereference of a raw pointer"; |
| 69 | + cx.struct_span_lint(IMPLICIT_UNSAFE_AUTOREFS, expr.span, msg, |lint| { |
| 70 | + lint |
| 71 | + .note("creating a reference inflicts a lot of safety requirements") |
| 72 | + .multipart_suggestion( |
| 73 | + "if this reference is intentional, make it explicit", |
| 74 | + vec![ |
| 75 | + (expr.span.shrink_to_lo(), format!("(&{mutbl}")), |
| 76 | + (expr.span.shrink_to_hi(), ")".to_owned()) |
| 77 | + ], |
| 78 | + Applicability::MaybeIncorrect |
| 79 | + ) |
| 80 | + }) |
| 81 | + } |
| 82 | + } |
| 83 | +} |
0 commit comments