Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add lint to deny transmuting &T to &mut T #24392

Merged
merged 3 commits into from
May 7, 2015
Merged

Add lint to deny transmuting &T to &mut T #24392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d131f33
lint: deny transmuting from immutable to mutable, since it's undefine…
seanmonstar Apr 13, 2015
e136f93
std: update select internals to not use mutable transmuting
seanmonstar Apr 13, 2015
5624cfb
test: update run-pass tests to not use mutable transmuting
seanmonstar May 5, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions src/librustc_lint/builtin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2121,6 +2121,72 @@ impl LintPass for InvalidNoMangleItems {
}
}

#[derive(Clone, Copy)]
pub struct MutableTransmutes;

declare_lint! {
MUTABLE_TRANSMUTES,
Deny,
"mutating transmuted &mut T from &T may cause undefined behavior"
}

impl LintPass for MutableTransmutes {
fn get_lints(&self) -> LintArray {
lint_array!(MUTABLE_TRANSMUTES)
}

fn check_expr(&mut self, cx: &Context, expr: &ast::Expr) {
use syntax::ast::DefId;
use syntax::abi::RustIntrinsic;
let msg = "mutating transmuted &mut T from &T may cause undefined behavior,\
consider instead using an UnsafeCell";
match get_transmute_from_to(cx, expr) {
Some((&ty::ty_rptr(_, from_mt), &ty::ty_rptr(_, to_mt))) => {
if to_mt.mutbl == ast::Mutability::MutMutable
&& from_mt.mutbl == ast::Mutability::MutImmutable {
cx.span_lint(MUTABLE_TRANSMUTES, expr.span, msg);
}
}
_ => ()
}

fn get_transmute_from_to<'a, 'tcx>(cx: &Context<'a, 'tcx>, expr: &ast::Expr)
-> Option<(&'tcx ty::sty<'tcx>, &'tcx ty::sty<'tcx>)> {
match expr.node {
ast::ExprPath(..) => (),
_ => return None
}
if let DefFn(did, _) = ty::resolve_expr(cx.tcx, expr) {
if !def_id_is_transmute(cx, did) {
return None;
}
let typ = ty::node_id_to_type(cx.tcx, expr.id);
match typ.sty {
ty::ty_bare_fn(_, ref bare_fn) if bare_fn.abi == RustIntrinsic => {
if let ty::FnConverging(to) = bare_fn.sig.0.output {
let from = bare_fn.sig.0.inputs[0];
return Some((&from.sty, &to.sty));
}
},
_ => ()
}
}
None
}

fn def_id_is_transmute(cx: &Context, def_id: DefId) -> bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need the csearch here. Just check that the ABI is rust-intrinsic and that the path matches transmute

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know enough yet, so likely ignore me. However, it looks like csearch is needed if the fn def_id is not defined in the same crate (so most cases), right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, you don't need to lookup the def, the name of the function is already with you in the ExprPath -- transmute(a) is an ExprCall(ExprPath("transmute"), vec![whatever a is])

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, good point!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Manishearth oh, what about use std::mem::transmute as trans? I imagine that's why the original fn is being looked up?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah right. Lookup is necessary in that case.

match ty::lookup_item_type(cx.tcx, def_id).ty.sty {
ty::ty_bare_fn(_, ref bfty) if bfty.abi == RustIntrinsic => (),
_ => return false
}
ty::with_path(cx.tcx, def_id, |path| match path.last() {
Some(ref last) => last.name().as_str() == "transmute",
_ => false
})
}
}
}

/// Forbids using the `#[feature(...)]` attribute
#[derive(Copy, Clone)]
pub struct UnstableFeatures;
Expand Down
1 change: 1 addition & 0 deletions src/librustc_lint/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ pub fn register_builtins(store: &mut lint::LintStore, sess: Option<&Session>) {
InvalidNoMangleItems,
PluginAsLibrary,
DropWithReprExtern,
MutableTransmutes,
);

add_builtin_with_new!(sess,
Expand Down
30 changes: 19 additions & 11 deletions src/libstd/sync/mpsc/select.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@

use core::prelude::*;

use core::cell::Cell;
use core::cell::{Cell, UnsafeCell};
use core::marker;
use core::mem;
use core::ptr;
Expand All @@ -70,9 +70,13 @@ use sync::mpsc::blocking::{self, SignalToken};
/// The "receiver set" of the select interface. This structure is used to manage
/// a set of receivers which are being selected over.
pub struct Select {
inner: UnsafeCell<SelectInner>,
next_id: Cell<usize>,
}

struct SelectInner {
head: *mut Handle<'static, ()>,
tail: *mut Handle<'static, ()>,
next_id: Cell<usize>,
}

impl !marker::Send for Select {}
Expand All @@ -84,7 +88,7 @@ pub struct Handle<'rx, T:Send+'rx> {
/// The ID of this handle, used to compare against the return value of
/// `Select::wait()`
id: usize,
selector: &'rx Select,
selector: *mut SelectInner,
next: *mut Handle<'static, ()>,
prev: *mut Handle<'static, ()>,
added: bool,
Expand Down Expand Up @@ -127,8 +131,10 @@ impl Select {
/// ```
pub fn new() -> Select {
Select {
head: ptr::null_mut(),
tail: ptr::null_mut(),
inner: UnsafeCell::new(SelectInner {
head: ptr::null_mut(),
tail: ptr::null_mut(),
}),
next_id: Cell::new(1),
}
}
Expand All @@ -141,7 +147,7 @@ impl Select {
self.next_id.set(id + 1);
Handle {
id: id,
selector: self,
selector: self.inner.get(),
next: ptr::null_mut(),
prev: ptr::null_mut(),
added: false,
Expand Down Expand Up @@ -250,7 +256,7 @@ impl Select {
}
}

fn iter(&self) -> Packets { Packets { cur: self.head } }
fn iter(&self) -> Packets { Packets { cur: unsafe { &*self.inner.get() }.head } }
}

impl<'rx, T: Send> Handle<'rx, T> {
Expand All @@ -271,7 +277,7 @@ impl<'rx, T: Send> Handle<'rx, T> {
/// while it is added to the `Select` set.
pub unsafe fn add(&mut self) {
if self.added { return }
let selector: &mut Select = mem::transmute(&*self.selector);
let selector = &mut *self.selector;
let me: *mut Handle<'static, ()> = mem::transmute(&*self);

if selector.head.is_null() {
Expand All @@ -292,7 +298,7 @@ impl<'rx, T: Send> Handle<'rx, T> {
pub unsafe fn remove(&mut self) {
if !self.added { return }

let selector: &mut Select = mem::transmute(&*self.selector);
let selector = &mut *self.selector;
let me: *mut Handle<'static, ()> = mem::transmute(&*self);

if self.prev.is_null() {
Expand All @@ -317,8 +323,10 @@ impl<'rx, T: Send> Handle<'rx, T> {

impl Drop for Select {
fn drop(&mut self) {
assert!(self.head.is_null());
assert!(self.tail.is_null());
unsafe {
assert!((&*self.inner.get()).head.is_null());
assert!((&*self.inner.get()).tail.is_null());
}
}
}

Expand Down
4 changes: 2 additions & 2 deletions src/test/auxiliary/issue_8401.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,6 @@ impl A for B {}
fn bar<T>(_: &mut A, _: &T) {}

fn foo<T>(t: &T) {
let b = B;
bar(unsafe { mem::transmute(&b as &A) }, t)
let mut b = B;
bar(&mut b as &mut A, t)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you run this test? I think that the binding to b needs to be mut for this to work? (I'd recommend being sure to run the tests for these cases).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed before running (the run caught what you noticed), since I needed to rebuild and it'd take a while. It's all done, and I'm pushing the corrections that make these 2 tests pass.

}
20 changes: 20 additions & 0 deletions src/test/compile-fail/transmute-imut-to-mut.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
// Copyright 2015 The Rust Project Developers. See the COPYRIGHT
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

// Tests that transmuting from &T to &mut T is Undefined Behavior.

use std::mem::transmute;

fn main() {
let _a: &mut u8 = unsafe { transmute(&1u8) };
//~^ ERROR mutating transmuted &mut T from &T may cause undefined behavior
}


4 changes: 2 additions & 2 deletions src/test/run-pass/issue-2718.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ pub mod pipes {
unsafe {
if self.p != None {
let self_p: &mut Option<*const packet<T>> =
mem::transmute(&self.p);
mem::transmute(&mut self.p);
let p = replace(self_p, None);
sender_terminate(p.unwrap())
}
Expand Down Expand Up @@ -199,7 +199,7 @@ pub mod pipes {
unsafe {
if self.p != None {
let self_p: &mut Option<*const packet<T>> =
mem::transmute(&self.p);
mem::transmute(&mut self.p);
let p = replace(self_p, None);
receiver_terminate(p.unwrap())
}
Expand Down