2 is_normalizable, last_path_segment, match_def_path, paths, snippet, span_lint, span_lint_and_sugg,
3 span_lint_and_then, sugg,
5 use if_chain::if_chain;
7 use rustc_errors::Applicability;
8 use rustc_hir::{Expr, ExprKind, GenericArg, Mutability, QPath, TyKind, UnOp};
9 use rustc_lint::{LateContext, LateLintPass};
10 use rustc_middle::ty::{self, cast::CastKind, Ty};
11 use rustc_span::DUMMY_SP;
12 use rustc_session::{declare_lint_pass, declare_tool_lint};
13 use rustc_typeck::check::{cast::CastCheck, FnCtxt, Inherited};
16 declare_clippy_lint! {
17 /// **What it does:** Checks for transmutes that can't ever be correct on any
20 /// **Why is this bad?** It's basically guaranteed to be undefined behaviour.
22 /// **Known problems:** When accessing C, users might want to store pointer
23 /// sized objects in `extradata` arguments to save an allocation.
27 /// let ptr: *const T = core::intrinsics::transmute('x')
31 "transmutes that are confusing at best, undefined behaviour at worst and always useless"
34 // FIXME: Move this to `complexity` again, after #5343 is fixed
35 declare_clippy_lint! {
36 /// **What it does:** Checks for transmutes to the original type of the object
37 /// and transmutes that could be a cast.
39 /// **Why is this bad?** Readability. The code tricks people into thinking that
40 /// something complex is going on.
42 /// **Known problems:** None.
46 /// core::intrinsics::transmute(t); // where the result type is the same as `t`'s
48 pub USELESS_TRANSMUTE,
50 "transmutes that have the same to and from types or could be a cast/coercion"
53 declare_clippy_lint! {
54 /// **What it does:** Checks for transmutes between a type `T` and `*T`.
56 /// **Why is this bad?** It's easy to mistakenly transmute between a type and a
57 /// pointer to that type.
59 /// **Known problems:** None.
63 /// core::intrinsics::transmute(t) // where the result type is the same as
66 pub CROSSPOINTER_TRANSMUTE,
68 "transmutes that have to or from types that are a pointer to the other"
71 declare_clippy_lint! {
72 /// **What it does:** Checks for transmutes from a pointer to a reference.
74 /// **Why is this bad?** This can always be rewritten with `&` and `*`.
76 /// **Known problems:** None.
81 /// let _: &T = std::mem::transmute(p); // where p: *const T
84 /// // can be written:
87 pub TRANSMUTE_PTR_TO_REF,
89 "transmutes from a pointer to a reference type"
92 declare_clippy_lint! {
93 /// **What it does:** Checks for transmutes from an integer to a `char`.
95 /// **Why is this bad?** Not every integer is a Unicode scalar value.
97 /// **Known problems:**
98 /// - [`from_u32`] which this lint suggests using is slower than `transmute`
99 /// as it needs to validate the input.
100 /// If you are certain that the input is always a valid Unicode scalar value,
101 /// use [`from_u32_unchecked`] which is as fast as `transmute`
102 /// but has a semantically meaningful name.
103 /// - You might want to handle `None` returned from [`from_u32`] instead of calling `unwrap`.
105 /// [`from_u32`]: https://doc.rust-lang.org/std/char/fn.from_u32.html
106 /// [`from_u32_unchecked`]: https://doc.rust-lang.org/std/char/fn.from_u32_unchecked.html
112 /// let _: char = std::mem::transmute(x); // where x: u32
116 /// let _ = std::char::from_u32(x).unwrap();
118 pub TRANSMUTE_INT_TO_CHAR,
120 "transmutes from an integer to a `char`"
123 declare_clippy_lint! {
124 /// **What it does:** Checks for transmutes from a `&[u8]` to a `&str`.
126 /// **Why is this bad?** Not every byte slice is a valid UTF-8 string.
128 /// **Known problems:**
129 /// - [`from_utf8`] which this lint suggests using is slower than `transmute`
130 /// as it needs to validate the input.
131 /// If you are certain that the input is always a valid UTF-8,
132 /// use [`from_utf8_unchecked`] which is as fast as `transmute`
133 /// but has a semantically meaningful name.
134 /// - You might want to handle errors returned from [`from_utf8`] instead of calling `unwrap`.
136 /// [`from_utf8`]: https://doc.rust-lang.org/std/str/fn.from_utf8.html
137 /// [`from_utf8_unchecked`]: https://doc.rust-lang.org/std/str/fn.from_utf8_unchecked.html
141 /// let b: &[u8] = &[1_u8, 2_u8];
143 /// let _: &str = std::mem::transmute(b); // where b: &[u8]
147 /// let _ = std::str::from_utf8(b).unwrap();
149 pub TRANSMUTE_BYTES_TO_STR,
151 "transmutes from a `&[u8]` to a `&str`"
154 declare_clippy_lint! {
155 /// **What it does:** Checks for transmutes from an integer to a `bool`.
157 /// **Why is this bad?** This might result in an invalid in-memory representation of a `bool`.
159 /// **Known problems:** None.
165 /// let _: bool = std::mem::transmute(x); // where x: u8
169 /// let _: bool = x != 0;
171 pub TRANSMUTE_INT_TO_BOOL,
173 "transmutes from an integer to a `bool`"
176 declare_clippy_lint! {
177 /// **What it does:** Checks for transmutes from an integer to a float.
179 /// **Why is this bad?** Transmutes are dangerous and error-prone, whereas `from_bits` is intuitive
182 /// **Known problems:** None.
187 /// let _: f32 = std::mem::transmute(1_u32); // where x: u32
191 /// let _: f32 = f32::from_bits(1_u32);
193 pub TRANSMUTE_INT_TO_FLOAT,
195 "transmutes from an integer to a float"
198 declare_clippy_lint! {
199 /// **What it does:** Checks for transmutes from a float to an integer.
201 /// **Why is this bad?** Transmutes are dangerous and error-prone, whereas `to_bits` is intuitive
204 /// **Known problems:** None.
209 /// let _: u32 = std::mem::transmute(1f32);
213 /// let _: u32 = 1f32.to_bits();
215 pub TRANSMUTE_FLOAT_TO_INT,
217 "transmutes from a float to an integer"
220 declare_clippy_lint! {
221 /// **What it does:** Checks for transmutes from a pointer to a pointer, or
222 /// from a reference to a reference.
224 /// **Why is this bad?** Transmutes are dangerous, and these can instead be
225 /// written as casts.
227 /// **Known problems:** None.
231 /// let ptr = &1u32 as *const u32;
233 /// // pointer-to-pointer transmute
234 /// let _: *const f32 = std::mem::transmute(ptr);
235 /// // ref-ref transmute
236 /// let _: &f32 = std::mem::transmute(&1u32);
238 /// // These can be respectively written:
239 /// let _ = ptr as *const f32;
240 /// let _ = unsafe{ &*(&1u32 as *const u32 as *const f32) };
242 pub TRANSMUTE_PTR_TO_PTR,
244 "transmutes from a pointer to a pointer / a reference to a reference"
247 declare_clippy_lint! {
248 /// **What it does:** Checks for transmutes between collections whose
249 /// types have different ABI, size or alignment.
251 /// **Why is this bad?** This is undefined behavior.
253 /// **Known problems:** Currently, we cannot know whether a type is a
254 /// collection, so we just lint the ones that come with `std`.
258 /// // different size, therefore likely out-of-bounds memory access
259 /// // You absolutely do not want this in your code!
261 /// std::mem::transmute::<_, Vec<u32>>(vec![2_u16])
265 /// You must always iterate, map and collect the values:
268 /// vec![2_u16].into_iter().map(u32::from).collect::<Vec<_>>();
270 pub UNSOUND_COLLECTION_TRANSMUTE,
272 "transmute between collections of layout-incompatible types"
275 declare_clippy_lint! {
276 /// **What it does:**
278 /// **Why is this bad?**
280 /// **Known problems:** None.
285 /// // example code where clippy issues a warning
289 /// // example code which does not raise clippy warning
291 pub TRANSMUTES_EXPRESSIBLE_AS_PTR_CASTS,
293 "default lint description"
296 declare_lint_pass!(Transmute => [
297 CROSSPOINTER_TRANSMUTE,
298 TRANSMUTE_PTR_TO_REF,
299 TRANSMUTE_PTR_TO_PTR,
302 TRANSMUTE_INT_TO_CHAR,
303 TRANSMUTE_BYTES_TO_STR,
304 TRANSMUTE_INT_TO_BOOL,
305 TRANSMUTE_INT_TO_FLOAT,
306 TRANSMUTE_FLOAT_TO_INT,
307 UNSOUND_COLLECTION_TRANSMUTE,
308 TRANSMUTES_EXPRESSIBLE_AS_PTR_CASTS,
311 // used to check for UNSOUND_COLLECTION_TRANSMUTE
312 static COLLECTIONS: &[&[&str]] = &[
321 impl<'tcx> LateLintPass<'tcx> for Transmute {
322 #[allow(clippy::similar_names, clippy::too_many_lines)]
323 fn check_expr(&mut self, cx: &LateContext<'tcx>, e: &'tcx Expr<'_>) {
325 if let ExprKind::Call(ref path_expr, ref args) = e.kind;
326 if let ExprKind::Path(ref qpath) = path_expr.kind;
327 if let Some(def_id) = cx.qpath_res(qpath, path_expr.hir_id).opt_def_id();
328 if match_def_path(cx, def_id, &paths::TRANSMUTE);
330 let from_ty = cx.typeck_results().expr_ty(&args[0]);
331 let to_ty = cx.typeck_results().expr_ty(e);
333 if can_be_expressed_as_pointer_cast(cx, e, from_ty, to_ty) {
336 TRANSMUTES_EXPRESSIBLE_AS_PTR_CASTS,
339 "transmute from `{}` to `{}` which could be expressed as a pointer cast instead",
344 if let Some(arg) = sugg::Sugg::hir_opt(cx, &args[0]) {
345 let sugg = format!("{} as {}", arg, to_ty);
346 diag.span_suggestion(e.span, "try", sugg, Applicability::Unspecified);
353 match (&from_ty.kind, &to_ty.kind) {
354 _ if from_ty == to_ty => span_lint(
358 &format!("transmute from a type (`{}`) to itself", from_ty),
360 (ty::Ref(_, rty, rty_mutbl), ty::RawPtr(ptr_ty)) => span_lint_and_then(
364 "transmute from a reference to a pointer",
366 if let Some(arg) = sugg::Sugg::hir_opt(cx, &args[0]) {
367 let rty_and_mut = ty::TypeAndMut {
372 let sugg = if *ptr_ty == rty_and_mut {
375 arg.as_ty(cx.tcx.mk_ptr(rty_and_mut)).as_ty(to_ty)
378 diag.span_suggestion(e.span, "try", sugg.to_string(), Applicability::Unspecified);
382 (ty::Int(_) | ty::Uint(_), ty::RawPtr(_)) => span_lint_and_then(
386 "transmute from an integer to a pointer",
388 if let Some(arg) = sugg::Sugg::hir_opt(cx, &args[0]) {
389 diag.span_suggestion(
392 arg.as_ty(&to_ty.to_string()).to_string(),
393 Applicability::Unspecified,
398 (ty::Float(_) | ty::Char, ty::Ref(..) | ty::RawPtr(_)) => span_lint(
402 &format!("transmute from a `{}` to a pointer", from_ty),
404 (ty::RawPtr(from_ptr), _) if from_ptr.ty == to_ty => span_lint(
406 CROSSPOINTER_TRANSMUTE,
409 "transmute from a type (`{}`) to the type that it points to (`{}`)",
413 (_, ty::RawPtr(to_ptr)) if to_ptr.ty == from_ty => span_lint(
415 CROSSPOINTER_TRANSMUTE,
418 "transmute from a type (`{}`) to a pointer to that type (`{}`)",
422 (ty::RawPtr(from_pty), ty::Ref(_, to_ref_ty, mutbl)) => span_lint_and_then(
424 TRANSMUTE_PTR_TO_REF,
427 "transmute from a pointer type (`{}`) to a reference type \
432 let arg = sugg::Sugg::hir(cx, &args[0], "..");
433 let (deref, cast) = if *mutbl == Mutability::Mut {
439 let arg = if from_pty.ty == *to_ref_ty {
442 arg.as_ty(&format!("{} {}", cast, get_type_snippet(cx, qpath, to_ref_ty)))
445 diag.span_suggestion(
448 sugg::make_unop(deref, arg).to_string(),
449 Applicability::Unspecified,
453 (ty::Int(ast::IntTy::I32) | ty::Uint(ast::UintTy::U32), &ty::Char) => {
456 TRANSMUTE_INT_TO_CHAR,
458 &format!("transmute from a `{}` to a `char`", from_ty),
460 let arg = sugg::Sugg::hir(cx, &args[0], "..");
461 let arg = if let ty::Int(_) = from_ty.kind {
462 arg.as_ty(ast::UintTy::U32.name_str())
466 diag.span_suggestion(
469 format!("std::char::from_u32({}).unwrap()", arg.to_string()),
470 Applicability::Unspecified,
475 (ty::Ref(_, ty_from, from_mutbl), ty::Ref(_, ty_to, to_mutbl)) => {
477 if let (&ty::Slice(slice_ty), &ty::Str) = (&ty_from.kind, &ty_to.kind);
478 if let ty::Uint(ast::UintTy::U8) = slice_ty.kind;
479 if from_mutbl == to_mutbl;
481 let postfix = if *from_mutbl == Mutability::Mut {
489 TRANSMUTE_BYTES_TO_STR,
491 &format!("transmute from a `{}` to a `{}`", from_ty, to_ty),
494 "std::str::from_utf8{}({}).unwrap()",
496 snippet(cx, args[0].span, ".."),
498 Applicability::Unspecified,
501 if cx.tcx.erase_regions(&from_ty) != cx.tcx.erase_regions(&to_ty) {
504 TRANSMUTE_PTR_TO_PTR,
506 "transmute from a reference to a reference",
507 |diag| if let Some(arg) = sugg::Sugg::hir_opt(cx, &args[0]) {
508 let ty_from_and_mut = ty::TypeAndMut {
512 let ty_to_and_mut = ty::TypeAndMut { ty: ty_to, mutbl: *to_mutbl };
514 .as_ty(cx.tcx.mk_ptr(ty_from_and_mut))
515 .as_ty(cx.tcx.mk_ptr(ty_to_and_mut));
516 let sugg = if *to_mutbl == Mutability::Mut {
517 sugg_paren.mut_addr_deref()
519 sugg_paren.addr_deref()
521 diag.span_suggestion(
525 Applicability::Unspecified,
533 (ty::RawPtr(_), ty::RawPtr(to_ty)) => span_lint_and_then(
535 TRANSMUTE_PTR_TO_PTR,
537 "transmute from a pointer to a pointer",
539 if let Some(arg) = sugg::Sugg::hir_opt(cx, &args[0]) {
540 let sugg = arg.as_ty(cx.tcx.mk_ptr(*to_ty));
541 diag.span_suggestion(e.span, "try", sugg.to_string(), Applicability::Unspecified);
545 (ty::Int(ast::IntTy::I8) | ty::Uint(ast::UintTy::U8), ty::Bool) => {
548 TRANSMUTE_INT_TO_BOOL,
550 &format!("transmute from a `{}` to a `bool`", from_ty),
552 let arg = sugg::Sugg::hir(cx, &args[0], "..");
553 let zero = sugg::Sugg::NonParen(Cow::from("0"));
554 diag.span_suggestion(
557 sugg::make_binop(ast::BinOpKind::Ne, &arg, &zero).to_string(),
558 Applicability::Unspecified,
563 (ty::Int(_) | ty::Uint(_), ty::Float(_)) => span_lint_and_then(
565 TRANSMUTE_INT_TO_FLOAT,
567 &format!("transmute from a `{}` to a `{}`", from_ty, to_ty),
569 let arg = sugg::Sugg::hir(cx, &args[0], "..");
570 let arg = if let ty::Int(int_ty) = from_ty.kind {
573 int_ty.bit_width().map_or_else(|| "size".to_string(), |v| v.to_string())
578 diag.span_suggestion(
581 format!("{}::from_bits({})", to_ty, arg.to_string()),
582 Applicability::Unspecified,
586 (ty::Float(float_ty), ty::Int(_) | ty::Uint(_)) => span_lint_and_then(
588 TRANSMUTE_FLOAT_TO_INT,
590 &format!("transmute from a `{}` to a `{}`", from_ty, to_ty),
592 let mut expr = &args[0];
593 let mut arg = sugg::Sugg::hir(cx, expr, "..");
595 if let ExprKind::Unary(UnOp::UnNeg, inner_expr) = &expr.kind {
600 // if the expression is a float literal and it is unsuffixed then
601 // add a suffix so the suggestion is valid and unambiguous
602 let op = format!("{}{}", arg, float_ty.name_str()).into();
603 if let ExprKind::Lit(lit) = &expr.kind;
604 if let ast::LitKind::Float(_, ast::LitFloatType::Unsuffixed) = lit.node;
607 sugg::Sugg::MaybeParen(_) => arg = sugg::Sugg::MaybeParen(op),
608 _ => arg = sugg::Sugg::NonParen(op)
613 arg = sugg::Sugg::NonParen(format!("{}.to_bits()", arg.maybe_par()).into());
615 // cast the result of `to_bits` if `to_ty` is signed
616 arg = if let ty::Int(int_ty) = to_ty.kind {
617 arg.as_ty(int_ty.name_str().to_string())
622 diag.span_suggestion(
626 Applicability::Unspecified,
630 (ty::Adt(from_adt, from_substs), ty::Adt(to_adt, to_substs)) => {
631 if from_adt.did != to_adt.did ||
632 !COLLECTIONS.iter().any(|path| match_def_path(cx, to_adt.did, path)) {
635 if from_substs.types().zip(to_substs.types())
636 .any(|(from_ty, to_ty)| is_layout_incompatible(cx, from_ty, to_ty)) {
639 UNSOUND_COLLECTION_TRANSMUTE,
642 "transmute from `{}` to `{}` with mismatched layout is unsound",
658 /// Gets the snippet of `Bar` in `…::transmute<Foo, &Bar>`. If that snippet is
659 /// not available , use
660 /// the type's `ToString` implementation. In weird cases it could lead to types
661 /// with invalid `'_`
662 /// lifetime, but it should be rare.
663 fn get_type_snippet(cx: &LateContext<'_>, path: &QPath<'_>, to_ref_ty: Ty<'_>) -> String {
664 let seg = last_path_segment(path);
666 if let Some(ref params) = seg.args;
667 if !params.parenthesized;
668 if let Some(to_ty) = params.args.iter().filter_map(|arg| match arg {
669 GenericArg::Type(ty) => Some(ty),
672 if let TyKind::Rptr(_, ref to_ty) = to_ty.kind;
674 return snippet(cx, to_ty.ty.span, &to_ref_ty.to_string()).to_string();
678 to_ref_ty.to_string()
681 // check if the component types of the transmuted collection and the result have different ABI,
683 fn is_layout_incompatible<'tcx>(cx: &LateContext<'tcx>, from: Ty<'tcx>, to: Ty<'tcx>) -> bool {
684 let empty_param_env = ty::ParamEnv::empty();
685 // check if `from` and `to` are normalizable to avoid ICE (#4968)
686 if !(is_normalizable(cx, empty_param_env, from) && is_normalizable(cx, empty_param_env, to)) {
689 let from_ty_layout = cx.tcx.layout_of(empty_param_env.and(from));
690 let to_ty_layout = cx.tcx.layout_of(empty_param_env.and(to));
691 if let (Ok(from_layout), Ok(to_layout)) = (from_ty_layout, to_ty_layout) {
692 from_layout.size != to_layout.size || from_layout.align != to_layout.align || from_layout.abi != to_layout.abi
694 // no idea about layout, so don't lint
699 /// Check if the the type conversion can be expressed as a pointer cast, instead of a transmute.
700 fn can_be_expressed_as_pointer_cast<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'_>, from_ty: Ty<'tcx>, to_ty: Ty<'tcx>) -> bool {
703 check_cast(cx, e, from_ty, to_ty),
715 /// If a cast from from_ty to to_ty is valid, returns an Ok containing the kind of the cast.
716 fn check_cast<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'_>, from_ty: Ty<'tcx>, to_ty: Ty<'tcx>) -> Option<CastKind> {
717 let hir_id = e.hir_id;
718 let local_def_id = hir_id.owner;
720 Inherited::build(cx.tcx, local_def_id).enter(|inherited| {
721 let fn_ctxt = FnCtxt::new(
723 // TODO should we try to get the correct ParamEnv?
724 ty::ParamEnv::empty(),
728 // If we already have errors, we can't be sure we can pointer cast.
729 if fn_ctxt.errors_reported_since_creation() {
733 if let Ok(check) = CastCheck::new(
738 // We won't show any error to the user, so we don't care what the span is here.
742 check.do_check(&fn_ctxt)
744 // do_check's documentation says that it might return Ok and create
745 // errors in the fcx instead of returing Err in some cases.
746 .filter(|_| !fn_ctxt.errors_reported_since_creation())
projects / rust.git / blob