]>
Commit | Line | Data |
---|---|---|
5099ac24 FG |
1 | use clippy_utils::diagnostics::span_lint_and_help; |
2 | use rustc_hir::{self as hir, HirId, Item, ItemKind}; | |
2b03887a | 3 | use rustc_hir_analysis::hir_ty_to_ty; |
5099ac24 FG |
4 | use rustc_lint::{LateContext, LateLintPass}; |
5 | use rustc_middle::ty::layout::LayoutOf; | |
6 | use rustc_session::{declare_lint_pass, declare_tool_lint}; | |
7 | use rustc_span::sym; | |
5099ac24 FG |
8 | |
9 | declare_clippy_lint! { | |
10 | /// ### What it does | |
11 | /// Displays a warning when a union is declared with the default representation (without a `#[repr(C)]` attribute). | |
12 | /// | |
13 | /// ### Why is this bad? | |
14 | /// Unions in Rust have unspecified layout by default, despite many people thinking that they | |
15 | /// lay out each field at the start of the union (like C does). That is, there are no guarantees | |
16 | /// about the offset of the fields for unions with multiple non-ZST fields without an explicitly | |
17 | /// specified layout. These cases may lead to undefined behavior in unsafe blocks. | |
18 | /// | |
19 | /// ### Example | |
20 | /// ```rust | |
21 | /// union Foo { | |
22 | /// a: i32, | |
23 | /// b: u32, | |
24 | /// } | |
25 | /// | |
26 | /// fn main() { | |
27 | /// let _x: u32 = unsafe { | |
923072b8 | 28 | /// Foo { a: 0_i32 }.b // Undefined behavior: `b` is allowed to be padding |
5099ac24 FG |
29 | /// }; |
30 | /// } | |
31 | /// ``` | |
32 | /// Use instead: | |
33 | /// ```rust | |
34 | /// #[repr(C)] | |
35 | /// union Foo { | |
36 | /// a: i32, | |
37 | /// b: u32, | |
38 | /// } | |
39 | /// | |
40 | /// fn main() { | |
41 | /// let _x: u32 = unsafe { | |
923072b8 | 42 | /// Foo { a: 0_i32 }.b // Now defined behavior, this is just an i32 -> u32 transmute |
5099ac24 FG |
43 | /// }; |
44 | /// } | |
45 | /// ``` | |
46 | #[clippy::version = "1.60.0"] | |
47 | pub DEFAULT_UNION_REPRESENTATION, | |
48 | restriction, | |
49 | "unions without a `#[repr(C)]` attribute" | |
50 | } | |
51 | declare_lint_pass!(DefaultUnionRepresentation => [DEFAULT_UNION_REPRESENTATION]); | |
52 | ||
53 | impl<'tcx> LateLintPass<'tcx> for DefaultUnionRepresentation { | |
54 | fn check_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx Item<'tcx>) { | |
55 | if is_union_with_two_non_zst_fields(cx, item) && !has_c_repr_attr(cx, item.hir_id()) { | |
56 | span_lint_and_help( | |
57 | cx, | |
58 | DEFAULT_UNION_REPRESENTATION, | |
59 | item.span, | |
60 | "this union has the default representation", | |
61 | None, | |
62 | &format!( | |
63 | "consider annotating `{}` with `#[repr(C)]` to explicitly specify memory layout", | |
2b03887a | 64 | cx.tcx.def_path_str(item.owner_id.to_def_id()) |
5099ac24 FG |
65 | ), |
66 | ); | |
67 | } | |
68 | } | |
69 | } | |
70 | ||
71 | /// Returns true if the given item is a union with at least two non-ZST fields. | |
72 | fn is_union_with_two_non_zst_fields(cx: &LateContext<'_>, item: &Item<'_>) -> bool { | |
73 | if let ItemKind::Union(data, _) = &item.kind { | |
74 | data.fields().iter().filter(|f| !is_zst(cx, f.ty)).count() >= 2 | |
75 | } else { | |
76 | false | |
77 | } | |
78 | } | |
79 | ||
80 | fn is_zst(cx: &LateContext<'_>, hir_ty: &hir::Ty<'_>) -> bool { | |
81 | if hir_ty.span.from_expansion() { | |
82 | return false; | |
83 | } | |
84 | let ty = hir_ty_to_ty(cx.tcx, hir_ty); | |
85 | if let Ok(layout) = cx.layout_of(ty) { | |
86 | layout.is_zst() | |
87 | } else { | |
88 | false | |
89 | } | |
90 | } | |
91 | ||
92 | fn has_c_repr_attr(cx: &LateContext<'_>, hir_id: HirId) -> bool { | |
93 | cx.tcx.hir().attrs(hir_id).iter().any(|attr| { | |
94 | if attr.has_name(sym::repr) { | |
95 | if let Some(items) = attr.meta_item_list() { | |
96 | for item in items { | |
97 | if item.is_word() && matches!(item.name_or_empty(), sym::C) { | |
98 | return true; | |
99 | } | |
100 | } | |
101 | } | |
102 | } | |
103 | false | |
104 | }) | |
105 | } |