]> git.proxmox.com Git - rustc.git/blob - compiler/rustc_lint/src/types.rs
projects / rustc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New upstream version 1.62.1+dfsg1
[rustc.git] / compiler / rustc_lint / src / types.rs
1 use crate::{LateContext, LateLintPass, LintContext};
2 use rustc_ast as ast;
3 use rustc_attr as attr;
4 use rustc_data_structures::fx::FxHashSet;
5 use rustc_errors::Applicability;
6 use rustc_hir as hir;
7 use rustc_hir::def_id::DefId;
8 use rustc_hir::{is_range_literal, Expr, ExprKind, Node};
9 use rustc_middle::ty::layout::{IntegerExt, LayoutOf, SizeSkeleton};
10 use rustc_middle::ty::subst::SubstsRef;
11 use rustc_middle::ty::{self, AdtKind, DefIdTree, Ty, TyCtxt, TypeFoldable};
12 use rustc_span::source_map;
13 use rustc_span::symbol::sym;
14 use rustc_span::{Span, Symbol, DUMMY_SP};
15 use rustc_target::abi::{Abi, WrappingRange};
16 use rustc_target::abi::{Integer, TagEncoding, Variants};
17 use rustc_target::spec::abi::Abi as SpecAbi;
18
19 use std::cmp;
20 use std::iter;
21 use std::ops::ControlFlow;
22 use tracing::debug;
23
24 declare_lint! {
25 /// The `unused_comparisons` lint detects comparisons made useless by
26 /// limits of the types involved.
27 ///
28 /// ### Example
29 ///
30 /// ```rust
31 /// fn foo(x: u8) {
32 /// x >= 0;
33 /// }
34 /// ```
35 ///
36 /// {{produces}}
37 ///
38 /// ### Explanation
39 ///
40 /// A useless comparison may indicate a mistake, and should be fixed or
41 /// removed.
42 UNUSED_COMPARISONS,
43 Warn,
44 "comparisons made useless by limits of the types involved"
45 }
46
47 declare_lint! {
48 /// The `overflowing_literals` lint detects literal out of range for its
49 /// type.
50 ///
51 /// ### Example
52 ///
53 /// ```rust,compile_fail
54 /// let x: u8 = 1000;
55 /// ```
56 ///
57 /// {{produces}}
58 ///
59 /// ### Explanation
60 ///
61 /// It is usually a mistake to use a literal that overflows the type where
62 /// it is used. Either use a literal that is within range, or change the
63 /// type to be within the range of the literal.
64 OVERFLOWING_LITERALS,
65 Deny,
66 "literal out of range for its type"
67 }
68
69 declare_lint! {
70 /// The `variant_size_differences` lint detects enums with widely varying
71 /// variant sizes.
72 ///
73 /// ### Example
74 ///
75 /// ```rust,compile_fail
76 /// #![deny(variant_size_differences)]
77 /// enum En {
78 /// V0(u8),
79 /// VBig([u8; 1024]),
80 /// }
81 /// ```
82 ///
83 /// {{produces}}
84 ///
85 /// ### Explanation
86 ///
87 /// It can be a mistake to add a variant to an enum that is much larger
88 /// than the other variants, bloating the overall size required for all
89 /// variants. This can impact performance and memory usage. This is
90 /// triggered if one variant is more than 3 times larger than the
91 /// second-largest variant.
92 ///
93 /// Consider placing the large variant's contents on the heap (for example
94 /// via [`Box`]) to keep the overall size of the enum itself down.
95 ///
96 /// This lint is "allow" by default because it can be noisy, and may not be
97 /// an actual problem. Decisions about this should be guided with
98 /// profiling and benchmarking.
99 ///
100 /// [`Box`]: https://doc.rust-lang.org/std/boxed/index.html
101 VARIANT_SIZE_DIFFERENCES,
102 Allow,
103 "detects enums with widely varying variant sizes"
104 }
105
106 #[derive(Copy, Clone)]
107 pub struct TypeLimits {
108 /// Id of the last visited negated expression
109 negated_expr_id: Option<hir::HirId>,
110 }
111
112 impl_lint_pass!(TypeLimits => [UNUSED_COMPARISONS, OVERFLOWING_LITERALS]);
113
114 impl TypeLimits {
115 pub fn new() -> TypeLimits {
116 TypeLimits { negated_expr_id: None }
117 }
118 }
119
120 /// Attempts to special-case the overflowing literal lint when it occurs as a range endpoint.
121 /// Returns `true` iff the lint was overridden.
122 fn lint_overflowing_range_endpoint<'tcx>(
123 cx: &LateContext<'tcx>,
124 lit: &hir::Lit,
125 lit_val: u128,
126 max: u128,
127 expr: &'tcx hir::Expr<'tcx>,
128 parent_expr: &'tcx hir::Expr<'tcx>,
129 ty: &str,
130 ) -> bool {
131 // We only want to handle exclusive (`..`) ranges,
132 // which are represented as `ExprKind::Struct`.
133 let mut overwritten = false;
134 if let ExprKind::Struct(_, eps, _) = &parent_expr.kind {
135 if eps.len() != 2 {
136 return false;
137 }
138 // We can suggest using an inclusive range
139 // (`..=`) instead only if it is the `end` that is
140 // overflowing and only by 1.
141 if eps[1].expr.hir_id == expr.hir_id && lit_val - 1 == max {
142 cx.struct_span_lint(OVERFLOWING_LITERALS, parent_expr.span, |lint| {
143 let mut err = lint.build(&format!("range endpoint is out of range for `{}`", ty));
144 if let Ok(start) = cx.sess().source_map().span_to_snippet(eps[0].span) {
145 use ast::{LitIntType, LitKind};
146 // We need to preserve the literal's suffix,
147 // as it may determine typing information.
148 let suffix = match lit.node {
149 LitKind::Int(_, LitIntType::Signed(s)) => s.name_str(),
150 LitKind::Int(_, LitIntType::Unsigned(s)) => s.name_str(),
151 LitKind::Int(_, LitIntType::Unsuffixed) => "",
152 _ => bug!(),
153 };
154 let suggestion = format!("{}..={}{}", start, lit_val - 1, suffix);
155 err.span_suggestion(
156 parent_expr.span,
157 "use an inclusive range instead",
158 suggestion,
159 Applicability::MachineApplicable,
160 );
161 err.emit();
162 overwritten = true;
163 }
164 });
165 }
166 }
167 overwritten
168 }
169
170 // For `isize` & `usize`, be conservative with the warnings, so that the
171 // warnings are consistent between 32- and 64-bit platforms.
172 fn int_ty_range(int_ty: ty::IntTy) -> (i128, i128) {
173 match int_ty {
174 ty::IntTy::Isize => (i64::MIN.into(), i64::MAX.into()),
175 ty::IntTy::I8 => (i8::MIN.into(), i8::MAX.into()),
176 ty::IntTy::I16 => (i16::MIN.into(), i16::MAX.into()),
177 ty::IntTy::I32 => (i32::MIN.into(), i32::MAX.into()),
178 ty::IntTy::I64 => (i64::MIN.into(), i64::MAX.into()),
179 ty::IntTy::I128 => (i128::MIN, i128::MAX),
180 }
181 }
182
183 fn uint_ty_range(uint_ty: ty::UintTy) -> (u128, u128) {
184 let max = match uint_ty {
185 ty::UintTy::Usize => u64::MAX.into(),
186 ty::UintTy::U8 => u8::MAX.into(),
187 ty::UintTy::U16 => u16::MAX.into(),
188 ty::UintTy::U32 => u32::MAX.into(),
189 ty::UintTy::U64 => u64::MAX.into(),
190 ty::UintTy::U128 => u128::MAX,
191 };
192 (0, max)
193 }
194
195 fn get_bin_hex_repr(cx: &LateContext<'_>, lit: &hir::Lit) -> Option<String> {
196 let src = cx.sess().source_map().span_to_snippet(lit.span).ok()?;
197 let firstch = src.chars().next()?;
198
199 if firstch == '0' {
200 match src.chars().nth(1) {
201 Some('x' | 'b') => return Some(src),
202 _ => return None,
203 }
204 }
205
206 None
207 }
208
209 fn report_bin_hex_error(
210 cx: &LateContext<'_>,
211 expr: &hir::Expr<'_>,
212 ty: attr::IntType,
213 repr_str: String,
214 val: u128,
215 negative: bool,
216 ) {
217 let size = Integer::from_attr(&cx.tcx, ty).size();
218 cx.struct_span_lint(OVERFLOWING_LITERALS, expr.span, |lint| {
219 let (t, actually) = match ty {
220 attr::IntType::SignedInt(t) => {
221 let actually = if negative {
222 -(size.sign_extend(val) as i128)
223 } else {
224 size.sign_extend(val) as i128
225 };
226 (t.name_str(), actually.to_string())
227 }
228 attr::IntType::UnsignedInt(t) => {
229 let actually = size.truncate(val);
230 (t.name_str(), actually.to_string())
231 }
232 };
233 let mut err = lint.build(&format!("literal out of range for `{}`", t));
234 if negative {
235 // If the value is negative,
236 // emits a note about the value itself, apart from the literal.
237 err.note(&format!(
238 "the literal `{}` (decimal `{}`) does not fit into \
239 the type `{}`",
240 repr_str, val, t
241 ));
242 err.note(&format!("and the value `-{}` will become `{}{}`", repr_str, actually, t));
243 } else {
244 err.note(&format!(
245 "the literal `{}` (decimal `{}`) does not fit into \
246 the type `{}` and will become `{}{}`",
247 repr_str, val, t, actually, t
248 ));
249 }
250 if let Some(sugg_ty) =
251 get_type_suggestion(cx.typeck_results().node_type(expr.hir_id), val, negative)
252 {
253 if let Some(pos) = repr_str.chars().position(|c| c == 'i' || c == 'u') {
254 let (sans_suffix, _) = repr_str.split_at(pos);
255 err.span_suggestion(
256 expr.span,
257 &format!("consider using the type `{}` instead", sugg_ty),
258 format!("{}{}", sans_suffix, sugg_ty),
259 Applicability::MachineApplicable,
260 );
261 } else {
262 err.help(&format!("consider using the type `{}` instead", sugg_ty));
263 }
264 }
265 err.emit();
266 });
267 }
268
269 // This function finds the next fitting type and generates a suggestion string.
270 // It searches for fitting types in the following way (`X < Y`):
271 // - `iX`: if literal fits in `uX` => `uX`, else => `iY`
272 // - `-iX` => `iY`
273 // - `uX` => `uY`
274 //
275 // No suggestion for: `isize`, `usize`.
276 fn get_type_suggestion(t: Ty<'_>, val: u128, negative: bool) -> Option<&'static str> {
277 use ty::IntTy::*;
278 use ty::UintTy::*;
279 macro_rules! find_fit {
280 ($ty:expr, $val:expr, $negative:expr,
281 $($type:ident => [$($utypes:expr),*] => [$($itypes:expr),*]),+) => {
282 {
283 let _neg = if negative { 1 } else { 0 };
284 match $ty {
285 $($type => {
286 $(if !negative && val <= uint_ty_range($utypes).1 {
287 return Some($utypes.name_str())
288 })*
289 $(if val <= int_ty_range($itypes).1 as u128 + _neg {
290 return Some($itypes.name_str())
291 })*
292 None
293 },)+
294 _ => None
295 }
296 }
297 }
298 }
299 match t.kind() {
300 ty::Int(i) => find_fit!(i, val, negative,
301 I8 => [U8] => [I16, I32, I64, I128],
302 I16 => [U16] => [I32, I64, I128],
303 I32 => [U32] => [I64, I128],
304 I64 => [U64] => [I128],
305 I128 => [U128] => []),
306 ty::Uint(u) => find_fit!(u, val, negative,
307 U8 => [U8, U16, U32, U64, U128] => [],
308 U16 => [U16, U32, U64, U128] => [],
309 U32 => [U32, U64, U128] => [],
310 U64 => [U64, U128] => [],
311 U128 => [U128] => []),
312 _ => None,
313 }
314 }
315
316 fn lint_int_literal<'tcx>(
317 cx: &LateContext<'tcx>,
318 type_limits: &TypeLimits,
319 e: &'tcx hir::Expr<'tcx>,
320 lit: &hir::Lit,
321 t: ty::IntTy,
322 v: u128,
323 ) {
324 let int_type = t.normalize(cx.sess().target.pointer_width);
325 let (min, max) = int_ty_range(int_type);
326 let max = max as u128;
327 let negative = type_limits.negated_expr_id == Some(e.hir_id);
328
329 // Detect literal value out of range [min, max] inclusive
330 // avoiding use of -min to prevent overflow/panic
331 if (negative && v > max + 1) || (!negative && v > max) {
332 if let Some(repr_str) = get_bin_hex_repr(cx, lit) {
333 report_bin_hex_error(
334 cx,
335 e,
336 attr::IntType::SignedInt(ty::ast_int_ty(t)),
337 repr_str,
338 v,
339 negative,
340 );
341 return;
342 }
343
344 let par_id = cx.tcx.hir().get_parent_node(e.hir_id);
345 if let Node::Expr(par_e) = cx.tcx.hir().get(par_id) {
346 if let hir::ExprKind::Struct(..) = par_e.kind {
347 if is_range_literal(par_e)
348 && lint_overflowing_range_endpoint(cx, lit, v, max, e, par_e, t.name_str())
349 {
350 // The overflowing literal lint was overridden.
351 return;
352 }
353 }
354 }
355
356 cx.struct_span_lint(OVERFLOWING_LITERALS, e.span, |lint| {
357 let mut err = lint.build(&format!("literal out of range for `{}`", t.name_str()));
358 err.note(&format!(
359 "the literal `{}` does not fit into the type `{}` whose range is `{}..={}`",
360 cx.sess()
361 .source_map()
362 .span_to_snippet(lit.span)
363 .expect("must get snippet from literal"),
364 t.name_str(),
365 min,
366 max,
367 ));
368 if let Some(sugg_ty) =
369 get_type_suggestion(cx.typeck_results().node_type(e.hir_id), v, negative)
370 {
371 err.help(&format!("consider using the type `{}` instead", sugg_ty));
372 }
373 err.emit();
374 });
375 }
376 }
377
378 fn lint_uint_literal<'tcx>(
379 cx: &LateContext<'tcx>,
380 e: &'tcx hir::Expr<'tcx>,
381 lit: &hir::Lit,
382 t: ty::UintTy,
383 ) {
384 let uint_type = t.normalize(cx.sess().target.pointer_width);
385 let (min, max) = uint_ty_range(uint_type);
386 let lit_val: u128 = match lit.node {
387 // _v is u8, within range by definition
388 ast::LitKind::Byte(_v) => return,
389 ast::LitKind::Int(v, _) => v,
390 _ => bug!(),
391 };
392 if lit_val < min || lit_val > max {
393 let parent_id = cx.tcx.hir().get_parent_node(e.hir_id);
394 if let Node::Expr(par_e) = cx.tcx.hir().get(parent_id) {
395 match par_e.kind {
396 hir::ExprKind::Cast(..) => {
397 if let ty::Char = cx.typeck_results().expr_ty(par_e).kind() {
398 cx.struct_span_lint(OVERFLOWING_LITERALS, par_e.span, |lint| {
399 lint.build("only `u8` can be cast into `char`")
400 .span_suggestion(
401 par_e.span,
402 "use a `char` literal instead",
403 format!("'\\u{{{:X}}}'", lit_val),
404 Applicability::MachineApplicable,
405 )
406 .emit();
407 });
408 return;
409 }
410 }
411 hir::ExprKind::Struct(..) if is_range_literal(par_e) => {
412 let t = t.name_str();
413 if lint_overflowing_range_endpoint(cx, lit, lit_val, max, e, par_e, t) {
414 // The overflowing literal lint was overridden.
415 return;
416 }
417 }
418 _ => {}
419 }
420 }
421 if let Some(repr_str) = get_bin_hex_repr(cx, lit) {
422 report_bin_hex_error(
423 cx,
424 e,
425 attr::IntType::UnsignedInt(ty::ast_uint_ty(t)),
426 repr_str,
427 lit_val,
428 false,
429 );
430 return;
431 }
432 cx.struct_span_lint(OVERFLOWING_LITERALS, e.span, |lint| {
433 lint.build(&format!("literal out of range for `{}`", t.name_str()))
434 .note(&format!(
435 "the literal `{}` does not fit into the type `{}` whose range is `{}..={}`",
436 cx.sess()
437 .source_map()
438 .span_to_snippet(lit.span)
439 .expect("must get snippet from literal"),
440 t.name_str(),
441 min,
442 max,
443 ))
444 .emit();
445 });
446 }
447 }
448
449 fn lint_literal<'tcx>(
450 cx: &LateContext<'tcx>,
451 type_limits: &TypeLimits,
452 e: &'tcx hir::Expr<'tcx>,
453 lit: &hir::Lit,
454 ) {
455 match *cx.typeck_results().node_type(e.hir_id).kind() {
456 ty::Int(t) => {
457 match lit.node {
458 ast::LitKind::Int(v, ast::LitIntType::Signed(_) | ast::LitIntType::Unsuffixed) => {
459 lint_int_literal(cx, type_limits, e, lit, t, v)
460 }
461 _ => bug!(),
462 };
463 }
464 ty::Uint(t) => lint_uint_literal(cx, e, lit, t),
465 ty::Float(t) => {
466 let is_infinite = match lit.node {
467 ast::LitKind::Float(v, _) => match t {
468 ty::FloatTy::F32 => v.as_str().parse().map(f32::is_infinite),
469 ty::FloatTy::F64 => v.as_str().parse().map(f64::is_infinite),
470 },
471 _ => bug!(),
472 };
473 if is_infinite == Ok(true) {
474 cx.struct_span_lint(OVERFLOWING_LITERALS, e.span, |lint| {
475 lint.build(&format!("literal out of range for `{}`", t.name_str()))
476 .note(&format!(
477 "the literal `{}` does not fit into the type `{}` and will be converted to `{}::INFINITY`",
478 cx.sess()
479 .source_map()
480 .span_to_snippet(lit.span)
481 .expect("must get snippet from literal"),
482 t.name_str(),
483 t.name_str(),
484 ))
485 .emit();
486 });
487 }
488 }
489 _ => {}
490 }
491 }
492
493 impl<'tcx> LateLintPass<'tcx> for TypeLimits {
494 fn check_expr(&mut self, cx: &LateContext<'tcx>, e: &'tcx hir::Expr<'tcx>) {
495 match e.kind {
496 hir::ExprKind::Unary(hir::UnOp::Neg, ref expr) => {
497 // propagate negation, if the negation itself isn't negated
498 if self.negated_expr_id != Some(e.hir_id) {
499 self.negated_expr_id = Some(expr.hir_id);
500 }
501 }
502 hir::ExprKind::Binary(binop, ref l, ref r) => {
503 if is_comparison(binop) && !check_limits(cx, binop, &l, &r) {
504 cx.struct_span_lint(UNUSED_COMPARISONS, e.span, |lint| {
505 lint.build("comparison is useless due to type limits").emit();
506 });
507 }
508 }
509 hir::ExprKind::Lit(ref lit) => lint_literal(cx, self, e, lit),
510 _ => {}
511 };
512
513 fn is_valid<T: cmp::PartialOrd>(binop: hir::BinOp, v: T, min: T, max: T) -> bool {
514 match binop.node {
515 hir::BinOpKind::Lt => v > min && v <= max,
516 hir::BinOpKind::Le => v >= min && v < max,
517 hir::BinOpKind::Gt => v >= min && v < max,
518 hir::BinOpKind::Ge => v > min && v <= max,
519 hir::BinOpKind::Eq | hir::BinOpKind::Ne => v >= min && v <= max,
520 _ => bug!(),
521 }
522 }
523
524 fn rev_binop(binop: hir::BinOp) -> hir::BinOp {
525 source_map::respan(
526 binop.span,
527 match binop.node {
528 hir::BinOpKind::Lt => hir::BinOpKind::Gt,
529 hir::BinOpKind::Le => hir::BinOpKind::Ge,
530 hir::BinOpKind::Gt => hir::BinOpKind::Lt,
531 hir::BinOpKind::Ge => hir::BinOpKind::Le,
532 _ => return binop,
533 },
534 )
535 }
536
537 fn check_limits(
538 cx: &LateContext<'_>,
539 binop: hir::BinOp,
540 l: &hir::Expr<'_>,
541 r: &hir::Expr<'_>,
542 ) -> bool {
543 let (lit, expr, swap) = match (&l.kind, &r.kind) {
544 (&hir::ExprKind::Lit(_), _) => (l, r, true),
545 (_, &hir::ExprKind::Lit(_)) => (r, l, false),
546 _ => return true,
547 };
548 // Normalize the binop so that the literal is always on the RHS in
549 // the comparison
550 let norm_binop = if swap { rev_binop(binop) } else { binop };
551 match *cx.typeck_results().node_type(expr.hir_id).kind() {
552 ty::Int(int_ty) => {
553 let (min, max) = int_ty_range(int_ty);
554 let lit_val: i128 = match lit.kind {
555 hir::ExprKind::Lit(ref li) => match li.node {
556 ast::LitKind::Int(
557 v,
558 ast::LitIntType::Signed(_) | ast::LitIntType::Unsuffixed,
559 ) => v as i128,
560 _ => return true,
561 },
562 _ => bug!(),
563 };
564 is_valid(norm_binop, lit_val, min, max)
565 }
566 ty::Uint(uint_ty) => {
567 let (min, max): (u128, u128) = uint_ty_range(uint_ty);
568 let lit_val: u128 = match lit.kind {
569 hir::ExprKind::Lit(ref li) => match li.node {
570 ast::LitKind::Int(v, _) => v,
571 _ => return true,
572 },
573 _ => bug!(),
574 };
575 is_valid(norm_binop, lit_val, min, max)
576 }
577 _ => true,
578 }
579 }
580
581 fn is_comparison(binop: hir::BinOp) -> bool {
582 matches!(
583 binop.node,
584 hir::BinOpKind::Eq
585 | hir::BinOpKind::Lt
586 | hir::BinOpKind::Le
587 | hir::BinOpKind::Ne
588 | hir::BinOpKind::Ge
589 | hir::BinOpKind::Gt
590 )
591 }
592 }
593 }
594
595 declare_lint! {
596 /// The `improper_ctypes` lint detects incorrect use of types in foreign
597 /// modules.
598 ///
599 /// ### Example
600 ///
601 /// ```rust
602 /// extern "C" {
603 /// static STATIC: String;
604 /// }
605 /// ```
606 ///
607 /// {{produces}}
608 ///
609 /// ### Explanation
610 ///
611 /// The compiler has several checks to verify that types used in `extern`
612 /// blocks are safe and follow certain rules to ensure proper
613 /// compatibility with the foreign interfaces. This lint is issued when it
614 /// detects a probable mistake in a definition. The lint usually should
615 /// provide a description of the issue, along with possibly a hint on how
616 /// to resolve it.
617 IMPROPER_CTYPES,
618 Warn,
619 "proper use of libc types in foreign modules"
620 }
621
622 declare_lint_pass!(ImproperCTypesDeclarations => [IMPROPER_CTYPES]);
623
624 declare_lint! {
625 /// The `improper_ctypes_definitions` lint detects incorrect use of
626 /// [`extern` function] definitions.
627 ///
628 /// [`extern` function]: https://doc.rust-lang.org/reference/items/functions.html#extern-function-qualifier
629 ///
630 /// ### Example
631 ///
632 /// ```rust
633 /// # #![allow(unused)]
634 /// pub extern "C" fn str_type(p: &str) { }
635 /// ```
636 ///
637 /// {{produces}}
638 ///
639 /// ### Explanation
640 ///
641 /// There are many parameter and return types that may be specified in an
642 /// `extern` function that are not compatible with the given ABI. This
643 /// lint is an alert that these types should not be used. The lint usually
644 /// should provide a description of the issue, along with possibly a hint
645 /// on how to resolve it.
646 IMPROPER_CTYPES_DEFINITIONS,
647 Warn,
648 "proper use of libc types in foreign item definitions"
649 }
650
651 declare_lint_pass!(ImproperCTypesDefinitions => [IMPROPER_CTYPES_DEFINITIONS]);
652
653 #[derive(Clone, Copy)]
654 crate enum CItemKind {
655 Declaration,
656 Definition,
657 }
658
659 struct ImproperCTypesVisitor<'a, 'tcx> {
660 cx: &'a LateContext<'tcx>,
661 mode: CItemKind,
662 }
663
664 enum FfiResult<'tcx> {
665 FfiSafe,
666 FfiPhantom(Ty<'tcx>),
667 FfiUnsafe { ty: Ty<'tcx>, reason: String, help: Option<String> },
668 }
669
670 crate fn nonnull_optimization_guaranteed<'tcx>(tcx: TyCtxt<'tcx>, def: ty::AdtDef<'tcx>) -> bool {
671 tcx.has_attr(def.did(), sym::rustc_nonnull_optimization_guaranteed)
672 }
673
674 /// `repr(transparent)` structs can have a single non-ZST field, this function returns that
675 /// field.
676 pub fn transparent_newtype_field<'a, 'tcx>(
677 tcx: TyCtxt<'tcx>,
678 variant: &'a ty::VariantDef,
679 ) -> Option<&'a ty::FieldDef> {
680 let param_env = tcx.param_env(variant.def_id);
681 variant.fields.iter().find(|field| {
682 let field_ty = tcx.type_of(field.did);
683 let is_zst = tcx.layout_of(param_env.and(field_ty)).map_or(false, |layout| layout.is_zst());
684 !is_zst
685 })
686 }
687
688 /// Is type known to be non-null?
689 fn ty_is_known_nonnull<'tcx>(cx: &LateContext<'tcx>, ty: Ty<'tcx>, mode: CItemKind) -> bool {
690 let tcx = cx.tcx;
691 match ty.kind() {
692 ty::FnPtr(_) => true,
693 ty::Ref(..) => true,
694 ty::Adt(def, _) if def.is_box() && matches!(mode, CItemKind::Definition) => true,
695 ty::Adt(def, substs) if def.repr().transparent() && !def.is_union() => {
696 let marked_non_null = nonnull_optimization_guaranteed(tcx, *def);
697
698 if marked_non_null {
699 return true;
700 }
701
702 // Types with a `#[repr(no_niche)]` attribute have their niche hidden.
703 // The attribute is used by the UnsafeCell for example (the only use so far).
704 if def.repr().hide_niche() {
705 return false;
706 }
707
708 def.variants()
709 .iter()
710 .filter_map(|variant| transparent_newtype_field(cx.tcx, variant))
711 .any(|field| ty_is_known_nonnull(cx, field.ty(tcx, substs), mode))
712 }
713 _ => false,
714 }
715 }
716
717 /// Given a non-null scalar (or transparent) type `ty`, return the nullable version of that type.
718 /// If the type passed in was not scalar, returns None.
719 fn get_nullable_type<'tcx>(cx: &LateContext<'tcx>, ty: Ty<'tcx>) -> Option<Ty<'tcx>> {
720 let tcx = cx.tcx;
721 Some(match *ty.kind() {
722 ty::Adt(field_def, field_substs) => {
723 let inner_field_ty = {
724 let first_non_zst_ty = field_def
725 .variants()
726 .iter()
727 .filter_map(|v| transparent_newtype_field(cx.tcx, v));
728 debug_assert_eq!(
729 first_non_zst_ty.clone().count(),
730 1,
731 "Wrong number of fields for transparent type"
732 );
733 first_non_zst_ty
734 .last()
735 .expect("No non-zst fields in transparent type.")
736 .ty(tcx, field_substs)
737 };
738 return get_nullable_type(cx, inner_field_ty);
739 }
740 ty::Int(ty) => tcx.mk_mach_int(ty),
741 ty::Uint(ty) => tcx.mk_mach_uint(ty),
742 ty::RawPtr(ty_mut) => tcx.mk_ptr(ty_mut),
743 // As these types are always non-null, the nullable equivalent of
744 // Option<T> of these types are their raw pointer counterparts.
745 ty::Ref(_region, ty, mutbl) => tcx.mk_ptr(ty::TypeAndMut { ty, mutbl }),
746 ty::FnPtr(..) => {
747 // There is no nullable equivalent for Rust's function pointers -- you
748 // must use an Option<fn(..) -> _> to represent it.
749 ty
750 }
751
752 // We should only ever reach this case if ty_is_known_nonnull is extended
753 // to other types.
754 ref unhandled => {
755 debug!(
756 "get_nullable_type: Unhandled scalar kind: {:?} while checking {:?}",
757 unhandled, ty
758 );
759 return None;
760 }
761 })
762 }
763
764 /// Check if this enum can be safely exported based on the "nullable pointer optimization". If it
765 /// can, return the type that `ty` can be safely converted to, otherwise return `None`.
766 /// Currently restricted to function pointers, boxes, references, `core::num::NonZero*`,
767 /// `core::ptr::NonNull`, and `#[repr(transparent)]` newtypes.
768 /// FIXME: This duplicates code in codegen.
769 crate fn repr_nullable_ptr<'tcx>(
770 cx: &LateContext<'tcx>,
771 ty: Ty<'tcx>,
772 ckind: CItemKind,
773 ) -> Option<Ty<'tcx>> {
774 debug!("is_repr_nullable_ptr(cx, ty = {:?})", ty);
775 if let ty::Adt(ty_def, substs) = ty.kind() {
776 let field_ty = match &ty_def.variants().raw[..] {
777 [var_one, var_two] => match (&var_one.fields[..], &var_two.fields[..]) {
778 ([], [field]) | ([field], []) => field.ty(cx.tcx, substs),
779 _ => return None,
780 },
781 _ => return None,
782 };
783
784 if !ty_is_known_nonnull(cx, field_ty, ckind) {
785 return None;
786 }
787
788 // At this point, the field's type is known to be nonnull and the parent enum is Option-like.
789 // If the computed size for the field and the enum are different, the nonnull optimization isn't
790 // being applied (and we've got a problem somewhere).
791 let compute_size_skeleton = |t| SizeSkeleton::compute(t, cx.tcx, cx.param_env).unwrap();
792 if !compute_size_skeleton(ty).same_size(compute_size_skeleton(field_ty)) {
793 bug!("improper_ctypes: Option nonnull optimization not applied?");
794 }
795
796 // Return the nullable type this Option-like enum can be safely represented with.
797 let field_ty_abi = &cx.layout_of(field_ty).unwrap().abi;
798 if let Abi::Scalar(field_ty_scalar) = field_ty_abi {
799 match field_ty_scalar.valid_range(cx) {
800 WrappingRange { start: 0, end }
801 if end == field_ty_scalar.size(&cx.tcx).unsigned_int_max() - 1 =>
802 {
803 return Some(get_nullable_type(cx, field_ty).unwrap());
804 }
805 WrappingRange { start: 1, .. } => {
806 return Some(get_nullable_type(cx, field_ty).unwrap());
807 }
808 WrappingRange { start, end } => {
809 unreachable!("Unhandled start and end range: ({}, {})", start, end)
810 }
811 };
812 }
813 }
814 None
815 }
816
817 impl<'a, 'tcx> ImproperCTypesVisitor<'a, 'tcx> {
818 /// Check if the type is array and emit an unsafe type lint.
819 fn check_for_array_ty(&mut self, sp: Span, ty: Ty<'tcx>) -> bool {
820 if let ty::Array(..) = ty.kind() {
821 self.emit_ffi_unsafe_type_lint(
822 ty,
823 sp,
824 "passing raw arrays by value is not FFI-safe",
825 Some("consider passing a pointer to the array"),
826 );
827 true
828 } else {
829 false
830 }
831 }
832
833 /// Checks if the given field's type is "ffi-safe".
834 fn check_field_type_for_ffi(
835 &self,
836 cache: &mut FxHashSet<Ty<'tcx>>,
837 field: &ty::FieldDef,
838 substs: SubstsRef<'tcx>,
839 ) -> FfiResult<'tcx> {
840 let field_ty = field.ty(self.cx.tcx, substs);
841 if field_ty.has_opaque_types() {
842 self.check_type_for_ffi(cache, field_ty)
843 } else {
844 let field_ty = self.cx.tcx.normalize_erasing_regions(self.cx.param_env, field_ty);
845 self.check_type_for_ffi(cache, field_ty)
846 }
847 }
848
849 /// Checks if the given `VariantDef`'s field types are "ffi-safe".
850 fn check_variant_for_ffi(
851 &self,
852 cache: &mut FxHashSet<Ty<'tcx>>,
853 ty: Ty<'tcx>,
854 def: ty::AdtDef<'tcx>,
855 variant: &ty::VariantDef,
856 substs: SubstsRef<'tcx>,
857 ) -> FfiResult<'tcx> {
858 use FfiResult::*;
859
860 if def.repr().transparent() {
861 // Can assume that at most one field is not a ZST, so only check
862 // that field's type for FFI-safety.
863 if let Some(field) = transparent_newtype_field(self.cx.tcx, variant) {
864 self.check_field_type_for_ffi(cache, field, substs)
865 } else {
866 // All fields are ZSTs; this means that the type should behave
867 // like (), which is FFI-unsafe
868 FfiUnsafe {
869 ty,
870 reason: "this struct contains only zero-sized fields".into(),
871 help: None,
872 }
873 }
874 } else {
875 // We can't completely trust repr(C) markings; make sure the fields are
876 // actually safe.
877 let mut all_phantom = !variant.fields.is_empty();
878 for field in &variant.fields {
879 match self.check_field_type_for_ffi(cache, &field, substs) {
880 FfiSafe => {
881 all_phantom = false;
882 }
883 FfiPhantom(..) if def.is_enum() => {
884 return FfiUnsafe {
885 ty,
886 reason: "this enum contains a PhantomData field".into(),
887 help: None,
888 };
889 }
890 FfiPhantom(..) => {}
891 r => return r,
892 }
893 }
894
895 if all_phantom { FfiPhantom(ty) } else { FfiSafe }
896 }
897 }
898
899 /// Checks if the given type is "ffi-safe" (has a stable, well-defined
900 /// representation which can be exported to C code).
901 fn check_type_for_ffi(&self, cache: &mut FxHashSet<Ty<'tcx>>, ty: Ty<'tcx>) -> FfiResult<'tcx> {
902 use FfiResult::*;
903
904 let tcx = self.cx.tcx;
905
906 // Protect against infinite recursion, for example
907 // `struct S(*mut S);`.
908 // FIXME: A recursion limit is necessary as well, for irregular
909 // recursive types.
910 if !cache.insert(ty) {
911 return FfiSafe;
912 }
913
914 match *ty.kind() {
915 ty::Adt(def, substs) => {
916 if def.is_box() && matches!(self.mode, CItemKind::Definition) {
917 if ty.boxed_ty().is_sized(tcx.at(DUMMY_SP), self.cx.param_env) {
918 return FfiSafe;
919 } else {
920 return FfiUnsafe {
921 ty,
922 reason: "box cannot be represented as a single pointer".to_string(),
923 help: None,
924 };
925 }
926 }
927 if def.is_phantom_data() {
928 return FfiPhantom(ty);
929 }
930 match def.adt_kind() {
931 AdtKind::Struct | AdtKind::Union => {
932 let kind = if def.is_struct() { "struct" } else { "union" };
933
934 if !def.repr().c() && !def.repr().transparent() {
935 return FfiUnsafe {
936 ty,
937 reason: format!("this {} has unspecified layout", kind),
938 help: Some(format!(
939 "consider adding a `#[repr(C)]` or \
940 `#[repr(transparent)]` attribute to this {}",
941 kind
942 )),
943 };
944 }
945
946 let is_non_exhaustive =
947 def.non_enum_variant().is_field_list_non_exhaustive();
948 if is_non_exhaustive && !def.did().is_local() {
949 return FfiUnsafe {
950 ty,
951 reason: format!("this {} is non-exhaustive", kind),
952 help: None,
953 };
954 }
955
956 if def.non_enum_variant().fields.is_empty() {
957 return FfiUnsafe {
958 ty,
959 reason: format!("this {} has no fields", kind),
960 help: Some(format!("consider adding a member to this {}", kind)),
961 };
962 }
963
964 self.check_variant_for_ffi(cache, ty, def, def.non_enum_variant(), substs)
965 }
966 AdtKind::Enum => {
967 if def.variants().is_empty() {
968 // Empty enums are okay... although sort of useless.
969 return FfiSafe;
970 }
971
972 // Check for a repr() attribute to specify the size of the
973 // discriminant.
974 if !def.repr().c() && !def.repr().transparent() && def.repr().int.is_none()
975 {
976 // Special-case types like `Option<extern fn()>`.
977 if repr_nullable_ptr(self.cx, ty, self.mode).is_none() {
978 return FfiUnsafe {
979 ty,
980 reason: "enum has no representation hint".into(),
981 help: Some(
982 "consider adding a `#[repr(C)]`, \
983 `#[repr(transparent)]`, or integer `#[repr(...)]` \
984 attribute to this enum"
985 .into(),
986 ),
987 };
988 }
989 }
990
991 if def.is_variant_list_non_exhaustive() && !def.did().is_local() {
992 return FfiUnsafe {
993 ty,
994 reason: "this enum is non-exhaustive".into(),
995 help: None,
996 };
997 }
998
999 // Check the contained variants.
1000 for variant in def.variants() {
1001 let is_non_exhaustive = variant.is_field_list_non_exhaustive();
1002 if is_non_exhaustive && !variant.def_id.is_local() {
1003 return FfiUnsafe {
1004 ty,
1005 reason: "this enum has non-exhaustive variants".into(),
1006 help: None,
1007 };
1008 }
1009
1010 match self.check_variant_for_ffi(cache, ty, def, variant, substs) {
1011 FfiSafe => (),
1012 r => return r,
1013 }
1014 }
1015
1016 FfiSafe
1017 }
1018 }
1019 }
1020
1021 ty::Char => FfiUnsafe {
1022 ty,
1023 reason: "the `char` type has no C equivalent".into(),
1024 help: Some("consider using `u32` or `libc::wchar_t` instead".into()),
1025 },
1026
1027 ty::Int(ty::IntTy::I128) | ty::Uint(ty::UintTy::U128) => FfiUnsafe {
1028 ty,
1029 reason: "128-bit integers don't currently have a known stable ABI".into(),
1030 help: None,
1031 },
1032
1033 // Primitive types with a stable representation.
1034 ty::Bool | ty::Int(..) | ty::Uint(..) | ty::Float(..) | ty::Never => FfiSafe,
1035
1036 ty::Slice(_) => FfiUnsafe {
1037 ty,
1038 reason: "slices have no C equivalent".into(),
1039 help: Some("consider using a raw pointer instead".into()),
1040 },
1041
1042 ty::Dynamic(..) => {
1043 FfiUnsafe { ty, reason: "trait objects have no C equivalent".into(), help: None }
1044 }
1045
1046 ty::Str => FfiUnsafe {
1047 ty,
1048 reason: "string slices have no C equivalent".into(),
1049 help: Some("consider using `*const u8` and a length instead".into()),
1050 },
1051
1052 ty::Tuple(..) => FfiUnsafe {
1053 ty,
1054 reason: "tuples have unspecified layout".into(),
1055 help: Some("consider using a struct instead".into()),
1056 },
1057
1058 ty::RawPtr(ty::TypeAndMut { ty, .. }) | ty::Ref(_, ty, _)
1059 if {
1060 matches!(self.mode, CItemKind::Definition)
1061 && ty.is_sized(self.cx.tcx.at(DUMMY_SP), self.cx.param_env)
1062 } =>
1063 {
1064 FfiSafe
1065 }
1066
1067 ty::RawPtr(ty::TypeAndMut { ty, .. })
1068 if match ty.kind() {
1069 ty::Tuple(tuple) => tuple.is_empty(),
1070 _ => false,
1071 } =>
1072 {
1073 FfiSafe
1074 }
1075
1076 ty::RawPtr(ty::TypeAndMut { ty, .. }) | ty::Ref(_, ty, _) => {
1077 self.check_type_for_ffi(cache, ty)
1078 }
1079
1080 ty::Array(inner_ty, _) => self.check_type_for_ffi(cache, inner_ty),
1081
1082 ty::FnPtr(sig) => {
1083 if self.is_internal_abi(sig.abi()) {
1084 return FfiUnsafe {
1085 ty,
1086 reason: "this function pointer has Rust-specific calling convention".into(),
1087 help: Some(
1088 "consider using an `extern fn(...) -> ...` \
1089 function pointer instead"
1090 .into(),
1091 ),
1092 };
1093 }
1094
1095 let sig = tcx.erase_late_bound_regions(sig);
1096 if !sig.output().is_unit() {
1097 let r = self.check_type_for_ffi(cache, sig.output());
1098 match r {
1099 FfiSafe => {}
1100 _ => {
1101 return r;
1102 }
1103 }
1104 }
1105 for arg in sig.inputs() {
1106 let r = self.check_type_for_ffi(cache, *arg);
1107 match r {
1108 FfiSafe => {}
1109 _ => {
1110 return r;
1111 }
1112 }
1113 }
1114 FfiSafe
1115 }
1116
1117 ty::Foreign(..) => FfiSafe,
1118
1119 // While opaque types are checked for earlier, if a projection in a struct field
1120 // normalizes to an opaque type, then it will reach this branch.
1121 ty::Opaque(..) => {
1122 FfiUnsafe { ty, reason: "opaque types have no C equivalent".into(), help: None }
1123 }
1124
1125 // `extern "C" fn` functions can have type parameters, which may or may not be FFI-safe,
1126 // so they are currently ignored for the purposes of this lint.
1127 ty::Param(..) | ty::Projection(..) if matches!(self.mode, CItemKind::Definition) => {
1128 FfiSafe
1129 }
1130
1131 ty::Param(..)
1132 | ty::Projection(..)
1133 | ty::Infer(..)
1134 | ty::Bound(..)
1135 | ty::Error(_)
1136 | ty::Closure(..)
1137 | ty::Generator(..)
1138 | ty::GeneratorWitness(..)
1139 | ty::Placeholder(..)
1140 | ty::FnDef(..) => bug!("unexpected type in foreign function: {:?}", ty),
1141 }
1142 }
1143
1144 fn emit_ffi_unsafe_type_lint(
1145 &mut self,
1146 ty: Ty<'tcx>,
1147 sp: Span,
1148 note: &str,
1149 help: Option<&str>,
1150 ) {
1151 let lint = match self.mode {
1152 CItemKind::Declaration => IMPROPER_CTYPES,
1153 CItemKind::Definition => IMPROPER_CTYPES_DEFINITIONS,
1154 };
1155
1156 self.cx.struct_span_lint(lint, sp, |lint| {
1157 let item_description = match self.mode {
1158 CItemKind::Declaration => "block",
1159 CItemKind::Definition => "fn",
1160 };
1161 let mut diag = lint.build(&format!(
1162 "`extern` {} uses type `{}`, which is not FFI-safe",
1163 item_description, ty
1164 ));
1165 diag.span_label(sp, "not FFI-safe");
1166 if let Some(help) = help {
1167 diag.help(help);
1168 }
1169 diag.note(note);
1170 if let ty::Adt(def, _) = ty.kind() {
1171 if let Some(sp) = self.cx.tcx.hir().span_if_local(def.did()) {
1172 diag.span_note(sp, "the type is defined here");
1173 }
1174 }
1175 diag.emit();
1176 });
1177 }
1178
1179 fn check_for_opaque_ty(&mut self, sp: Span, ty: Ty<'tcx>) -> bool {
1180 struct ProhibitOpaqueTypes<'a, 'tcx> {
1181 cx: &'a LateContext<'tcx>,
1182 }
1183
1184 impl<'a, 'tcx> ty::fold::TypeVisitor<'tcx> for ProhibitOpaqueTypes<'a, 'tcx> {
1185 type BreakTy = Ty<'tcx>;
1186
1187 fn visit_ty(&mut self, ty: Ty<'tcx>) -> ControlFlow<Self::BreakTy> {
1188 match ty.kind() {
1189 ty::Opaque(..) => ControlFlow::Break(ty),
1190 // Consider opaque types within projections FFI-safe if they do not normalize
1191 // to more opaque types.
1192 ty::Projection(..) => {
1193 let ty = self.cx.tcx.normalize_erasing_regions(self.cx.param_env, ty);
1194
1195 // If `ty` is an opaque type directly then `super_visit_with` won't invoke
1196 // this function again.
1197 if ty.has_opaque_types() {
1198 self.visit_ty(ty)
1199 } else {
1200 ControlFlow::CONTINUE
1201 }
1202 }
1203 _ => ty.super_visit_with(self),
1204 }
1205 }
1206 }
1207
1208 if let Some(ty) = ty.visit_with(&mut ProhibitOpaqueTypes { cx: self.cx }).break_value() {
1209 self.emit_ffi_unsafe_type_lint(ty, sp, "opaque types have no C equivalent", None);
1210 true
1211 } else {
1212 false
1213 }
1214 }
1215
1216 fn check_type_for_ffi_and_report_errors(
1217 &mut self,
1218 sp: Span,
1219 ty: Ty<'tcx>,
1220 is_static: bool,
1221 is_return_type: bool,
1222 ) {
1223 // We have to check for opaque types before `normalize_erasing_regions`,
1224 // which will replace opaque types with their underlying concrete type.
1225 if self.check_for_opaque_ty(sp, ty) {
1226 // We've already emitted an error due to an opaque type.
1227 return;
1228 }
1229
1230 // it is only OK to use this function because extern fns cannot have
1231 // any generic types right now:
1232 let ty = self.cx.tcx.normalize_erasing_regions(self.cx.param_env, ty);
1233
1234 // C doesn't really support passing arrays by value - the only way to pass an array by value
1235 // is through a struct. So, first test that the top level isn't an array, and then
1236 // recursively check the types inside.
1237 if !is_static && self.check_for_array_ty(sp, ty) {
1238 return;
1239 }
1240
1241 // Don't report FFI errors for unit return types. This check exists here, and not in
1242 // `check_foreign_fn` (where it would make more sense) so that normalization has definitely
1243 // happened.
1244 if is_return_type && ty.is_unit() {
1245 return;
1246 }
1247
1248 match self.check_type_for_ffi(&mut FxHashSet::default(), ty) {
1249 FfiResult::FfiSafe => {}
1250 FfiResult::FfiPhantom(ty) => {
1251 self.emit_ffi_unsafe_type_lint(ty, sp, "composed only of `PhantomData`", None);
1252 }
1253 // If `ty` is a `repr(transparent)` newtype, and the non-zero-sized type is a generic
1254 // argument, which after substitution, is `()`, then this branch can be hit.
1255 FfiResult::FfiUnsafe { ty, .. } if is_return_type && ty.is_unit() => {}
1256 FfiResult::FfiUnsafe { ty, reason, help } => {
1257 self.emit_ffi_unsafe_type_lint(ty, sp, &reason, help.as_deref());
1258 }
1259 }
1260 }
1261
1262 fn check_foreign_fn(&mut self, id: hir::HirId, decl: &hir::FnDecl<'_>) {
1263 let def_id = self.cx.tcx.hir().local_def_id(id);
1264 let sig = self.cx.tcx.fn_sig(def_id);
1265 let sig = self.cx.tcx.erase_late_bound_regions(sig);
1266
1267 for (input_ty, input_hir) in iter::zip(sig.inputs(), decl.inputs) {
1268 self.check_type_for_ffi_and_report_errors(input_hir.span, *input_ty, false, false);
1269 }
1270
1271 if let hir::FnRetTy::Return(ref ret_hir) = decl.output {
1272 let ret_ty = sig.output();
1273 self.check_type_for_ffi_and_report_errors(ret_hir.span, ret_ty, false, true);
1274 }
1275 }
1276
1277 fn check_foreign_static(&mut self, id: hir::HirId, span: Span) {
1278 let def_id = self.cx.tcx.hir().local_def_id(id);
1279 let ty = self.cx.tcx.type_of(def_id);
1280 self.check_type_for_ffi_and_report_errors(span, ty, true, false);
1281 }
1282
1283 fn is_internal_abi(&self, abi: SpecAbi) -> bool {
1284 matches!(
1285 abi,
1286 SpecAbi::Rust | SpecAbi::RustCall | SpecAbi::RustIntrinsic | SpecAbi::PlatformIntrinsic
1287 )
1288 }
1289 }
1290
1291 impl<'tcx> LateLintPass<'tcx> for ImproperCTypesDeclarations {
1292 fn check_foreign_item(&mut self, cx: &LateContext<'_>, it: &hir::ForeignItem<'_>) {
1293 let mut vis = ImproperCTypesVisitor { cx, mode: CItemKind::Declaration };
1294 let abi = cx.tcx.hir().get_foreign_abi(it.hir_id());
1295
1296 if !vis.is_internal_abi(abi) {
1297 match it.kind {
1298 hir::ForeignItemKind::Fn(ref decl, _, _) => {
1299 vis.check_foreign_fn(it.hir_id(), decl);
1300 }
1301 hir::ForeignItemKind::Static(ref ty, _) => {
1302 vis.check_foreign_static(it.hir_id(), ty.span);
1303 }
1304 hir::ForeignItemKind::Type => (),
1305 }
1306 }
1307 }
1308 }
1309
1310 impl<'tcx> LateLintPass<'tcx> for ImproperCTypesDefinitions {
1311 fn check_fn(
1312 &mut self,
1313 cx: &LateContext<'tcx>,
1314 kind: hir::intravisit::FnKind<'tcx>,
1315 decl: &'tcx hir::FnDecl<'_>,
1316 _: &'tcx hir::Body<'_>,
1317 _: Span,
1318 hir_id: hir::HirId,
1319 ) {
1320 use hir::intravisit::FnKind;
1321
1322 let abi = match kind {
1323 FnKind::ItemFn(_, _, header, ..) => header.abi,
1324 FnKind::Method(_, sig, ..) => sig.header.abi,
1325 _ => return,
1326 };
1327
1328 let mut vis = ImproperCTypesVisitor { cx, mode: CItemKind::Definition };
1329 if !vis.is_internal_abi(abi) {
1330 vis.check_foreign_fn(hir_id, decl);
1331 }
1332 }
1333 }
1334
1335 declare_lint_pass!(VariantSizeDifferences => [VARIANT_SIZE_DIFFERENCES]);
1336
1337 impl<'tcx> LateLintPass<'tcx> for VariantSizeDifferences {
1338 fn check_item(&mut self, cx: &LateContext<'_>, it: &hir::Item<'_>) {
1339 if let hir::ItemKind::Enum(ref enum_definition, _) = it.kind {
1340 let t = cx.tcx.type_of(it.def_id);
1341 let ty = cx.tcx.erase_regions(t);
1342 let Ok(layout) = cx.layout_of(ty) else { return };
1343 let Variants::Multiple {
1344 tag_encoding: TagEncoding::Direct, tag, ref variants, ..
1345 } = &layout.variants else {
1346 return
1347 };
1348
1349 let tag_size = tag.size(&cx.tcx).bytes();
1350
1351 debug!(
1352 "enum `{}` is {} bytes large with layout:\n{:#?}",
1353 t,
1354 layout.size.bytes(),
1355 layout
1356 );
1357
1358 let (largest, slargest, largest_index) = iter::zip(enum_definition.variants, variants)
1359 .map(|(variant, variant_layout)| {
1360 // Subtract the size of the enum tag.
1361 let bytes = variant_layout.size().bytes().saturating_sub(tag_size);
1362
1363 debug!("- variant `{}` is {} bytes large", variant.ident, bytes);
1364 bytes
1365 })
1366 .enumerate()
1367 .fold((0, 0, 0), |(l, s, li), (idx, size)| {
1368 if size > l {
1369 (size, l, idx)
1370 } else if size > s {
1371 (l, size, li)
1372 } else {
1373 (l, s, li)
1374 }
1375 });
1376
1377 // We only warn if the largest variant is at least thrice as large as
1378 // the second-largest.
1379 if largest > slargest * 3 && slargest > 0 {
1380 cx.struct_span_lint(
1381 VARIANT_SIZE_DIFFERENCES,
1382 enum_definition.variants[largest_index].span,
1383 |lint| {
1384 lint.build(&format!(
1385 "enum variant is more than three times \
1386 larger ({} bytes) than the next largest",
1387 largest
1388 ))
1389 .emit();
1390 },
1391 );
1392 }
1393 }
1394 }
1395 }
1396
1397 declare_lint! {
1398 /// The `invalid_atomic_ordering` lint detects passing an `Ordering`
1399 /// to an atomic operation that does not support that ordering.
1400 ///
1401 /// ### Example
1402 ///
1403 /// ```rust,compile_fail
1404 /// # use core::sync::atomic::{AtomicU8, Ordering};
1405 /// let atom = AtomicU8::new(0);
1406 /// let value = atom.load(Ordering::Release);
1407 /// # let _ = value;
1408 /// ```
1409 ///
1410 /// {{produces}}
1411 ///
1412 /// ### Explanation
1413 ///
1414 /// Some atomic operations are only supported for a subset of the
1415 /// `atomic::Ordering` variants. Passing an unsupported variant will cause
1416 /// an unconditional panic at runtime, which is detected by this lint.
1417 ///
1418 /// This lint will trigger in the following cases: (where `AtomicType` is an
1419 /// atomic type from `core::sync::atomic`, such as `AtomicBool`,
1420 /// `AtomicPtr`, `AtomicUsize`, or any of the other integer atomics).
1421 ///
1422 /// - Passing `Ordering::Acquire` or `Ordering::AcqRel` to
1423 /// `AtomicType::store`.
1424 ///
1425 /// - Passing `Ordering::Release` or `Ordering::AcqRel` to
1426 /// `AtomicType::load`.
1427 ///
1428 /// - Passing `Ordering::Relaxed` to `core::sync::atomic::fence` or
1429 /// `core::sync::atomic::compiler_fence`.
1430 ///
1431 /// - Passing `Ordering::Release` or `Ordering::AcqRel` as the failure
1432 /// ordering for any of `AtomicType::compare_exchange`,
1433 /// `AtomicType::compare_exchange_weak`, or `AtomicType::fetch_update`.
1434 ///
1435 /// - Passing in a pair of orderings to `AtomicType::compare_exchange`,
1436 /// `AtomicType::compare_exchange_weak`, or `AtomicType::fetch_update`
1437 /// where the failure ordering is stronger than the success ordering.
1438 INVALID_ATOMIC_ORDERING,
1439 Deny,
1440 "usage of invalid atomic ordering in atomic operations and memory fences"
1441 }
1442
1443 declare_lint_pass!(InvalidAtomicOrdering => [INVALID_ATOMIC_ORDERING]);
1444
1445 impl InvalidAtomicOrdering {
1446 fn inherent_atomic_method_call<'hir>(
1447 cx: &LateContext<'_>,
1448 expr: &Expr<'hir>,
1449 recognized_names: &[Symbol], // used for fast path calculation
1450 ) -> Option<(Symbol, &'hir [Expr<'hir>])> {
1451 const ATOMIC_TYPES: &[Symbol] = &[
1452 sym::AtomicBool,
1453 sym::AtomicPtr,
1454 sym::AtomicUsize,
1455 sym::AtomicU8,
1456 sym::AtomicU16,
1457 sym::AtomicU32,
1458 sym::AtomicU64,
1459 sym::AtomicU128,
1460 sym::AtomicIsize,
1461 sym::AtomicI8,
1462 sym::AtomicI16,
1463 sym::AtomicI32,
1464 sym::AtomicI64,
1465 sym::AtomicI128,
1466 ];
1467 if let ExprKind::MethodCall(ref method_path, args, _) = &expr.kind
1468 && recognized_names.contains(&method_path.ident.name)
1469 && let Some(m_def_id) = cx.typeck_results().type_dependent_def_id(expr.hir_id)
1470 && let Some(impl_did) = cx.tcx.impl_of_method(m_def_id)
1471 && let Some(adt) = cx.tcx.type_of(impl_did).ty_adt_def()
1472 // skip extension traits, only lint functions from the standard library
1473 && cx.tcx.trait_id_of_impl(impl_did).is_none()
1474 && let parent = cx.tcx.parent(adt.did())
1475 && cx.tcx.is_diagnostic_item(sym::atomic_mod, parent)
1476 && ATOMIC_TYPES.contains(&cx.tcx.item_name(adt.did()))
1477 {
1478 return Some((method_path.ident.name, args));
1479 }
1480 None
1481 }
1482
1483 fn matches_ordering(cx: &LateContext<'_>, did: DefId, orderings: &[Symbol]) -> bool {
1484 let tcx = cx.tcx;
1485 let atomic_ordering = tcx.get_diagnostic_item(sym::Ordering);
1486 orderings.iter().any(|ordering| {
1487 tcx.item_name(did) == *ordering && {
1488 let parent = tcx.parent(did);
1489 Some(parent) == atomic_ordering
1490 // needed in case this is a ctor, not a variant
1491 || tcx.opt_parent(parent) == atomic_ordering
1492 }
1493 })
1494 }
1495
1496 fn opt_ordering_defid(cx: &LateContext<'_>, ord_arg: &Expr<'_>) -> Option<DefId> {
1497 if let ExprKind::Path(ref ord_qpath) = ord_arg.kind {
1498 cx.qpath_res(ord_qpath, ord_arg.hir_id).opt_def_id()
1499 } else {
1500 None
1501 }
1502 }
1503
1504 fn check_atomic_load_store(cx: &LateContext<'_>, expr: &Expr<'_>) {
1505 use rustc_hir::def::{DefKind, Res};
1506 use rustc_hir::QPath;
1507 if let Some((method, args)) = Self::inherent_atomic_method_call(cx, expr, &[sym::load, sym::store])
1508 && let Some((ordering_arg, invalid_ordering)) = match method {
1509 sym::load => Some((&args[1], sym::Release)),
1510 sym::store => Some((&args[2], sym::Acquire)),
1511 _ => None,
1512 }
1513 && let ExprKind::Path(QPath::Resolved(_, path)) = ordering_arg.kind
1514 && let Res::Def(DefKind::Ctor(..), ctor_id) = path.res
1515 && Self::matches_ordering(cx, ctor_id, &[invalid_ordering, sym::AcqRel])
1516 {
1517 cx.struct_span_lint(INVALID_ATOMIC_ORDERING, ordering_arg.span, |diag| {
1518 if method == sym::load {
1519 diag.build("atomic loads cannot have `Release` or `AcqRel` ordering")
1520 .help("consider using ordering modes `Acquire`, `SeqCst` or `Relaxed`")
1521 .emit()
1522 } else {
1523 debug_assert_eq!(method, sym::store);
1524 diag.build("atomic stores cannot have `Acquire` or `AcqRel` ordering")
1525 .help("consider using ordering modes `Release`, `SeqCst` or `Relaxed`")
1526 .emit();
1527 }
1528 });
1529 }
1530 }
1531
1532 fn check_memory_fence(cx: &LateContext<'_>, expr: &Expr<'_>) {
1533 if let ExprKind::Call(ref func, ref args) = expr.kind
1534 && let ExprKind::Path(ref func_qpath) = func.kind
1535 && let Some(def_id) = cx.qpath_res(func_qpath, func.hir_id).opt_def_id()
1536 && matches!(cx.tcx.get_diagnostic_name(def_id), Some(sym::fence | sym::compiler_fence))
1537 && let ExprKind::Path(ref ordering_qpath) = &args[0].kind
1538 && let Some(ordering_def_id) = cx.qpath_res(ordering_qpath, args[0].hir_id).opt_def_id()
1539 && Self::matches_ordering(cx, ordering_def_id, &[sym::Relaxed])
1540 {
1541 cx.struct_span_lint(INVALID_ATOMIC_ORDERING, args[0].span, |diag| {
1542 diag.build("memory fences cannot have `Relaxed` ordering")
1543 .help("consider using ordering modes `Acquire`, `Release`, `AcqRel` or `SeqCst`")
1544 .emit();
1545 });
1546 }
1547 }
1548
1549 fn check_atomic_compare_exchange(cx: &LateContext<'_>, expr: &Expr<'_>) {
1550 if let Some((method, args)) = Self::inherent_atomic_method_call(cx, expr, &[sym::fetch_update, sym::compare_exchange, sym::compare_exchange_weak])
1551 && let Some((success_order_arg, failure_order_arg)) = match method {
1552 sym::fetch_update => Some((&args[1], &args[2])),
1553 sym::compare_exchange | sym::compare_exchange_weak => Some((&args[3], &args[4])),
1554 _ => None,
1555 }
1556 && let Some(fail_ordering_def_id) = Self::opt_ordering_defid(cx, failure_order_arg)
1557 {
1558 // Helper type holding on to some checking and error reporting data. Has
1559 // - (success ordering,
1560 // - list of failure orderings forbidden by the success order,
1561 // - suggestion message)
1562 type OrdLintInfo = (Symbol, &'static [Symbol], &'static str);
1563 const RELAXED: OrdLintInfo = (sym::Relaxed, &[sym::SeqCst, sym::Acquire], "ordering mode `Relaxed`");
1564 const ACQUIRE: OrdLintInfo = (sym::Acquire, &[sym::SeqCst], "ordering modes `Acquire` or `Relaxed`");
1565 const SEQ_CST: OrdLintInfo = (sym::SeqCst, &[], "ordering modes `Acquire`, `SeqCst` or `Relaxed`");
1566 const RELEASE: OrdLintInfo = (sym::Release, RELAXED.1, RELAXED.2);
1567 const ACQREL: OrdLintInfo = (sym::AcqRel, ACQUIRE.1, ACQUIRE.2);
1568 const SEARCH: [OrdLintInfo; 5] = [RELAXED, ACQUIRE, SEQ_CST, RELEASE, ACQREL];
1569
1570 let success_lint_info = Self::opt_ordering_defid(cx, success_order_arg)
1571 .and_then(|success_ord_def_id| -> Option<OrdLintInfo> {
1572 SEARCH
1573 .iter()
1574 .copied()
1575 .find(|(ordering, ..)| {
1576 Self::matches_ordering(cx, success_ord_def_id, &[*ordering])
1577 })
1578 });
1579 if Self::matches_ordering(cx, fail_ordering_def_id, &[sym::Release, sym::AcqRel]) {
1580 // If we don't know the success order is, use what we'd suggest
1581 // if it were maximally permissive.
1582 let suggested = success_lint_info.unwrap_or(SEQ_CST).2;
1583 cx.struct_span_lint(INVALID_ATOMIC_ORDERING, failure_order_arg.span, |diag| {
1584 let msg = format!(
1585 "{}'s failure ordering may not be `Release` or `AcqRel`",
1586 method,
1587 );
1588 diag.build(&msg)
1589 .help(&format!("consider using {} instead", suggested))
1590 .emit();
1591 });
1592 } else if let Some((success_ord, bad_ords_given_success, suggested)) = success_lint_info {
1593 if Self::matches_ordering(cx, fail_ordering_def_id, bad_ords_given_success) {
1594 cx.struct_span_lint(INVALID_ATOMIC_ORDERING, failure_order_arg.span, |diag| {
1595 let msg = format!(
1596 "{}'s failure ordering may not be stronger than the success ordering of `{}`",
1597 method,
1598 success_ord,
1599 );
1600 diag.build(&msg)
1601 .help(&format!("consider using {} instead", suggested))
1602 .emit();
1603 });
1604 }
1605 }
1606 }
1607 }
1608 }
1609
1610 impl<'tcx> LateLintPass<'tcx> for InvalidAtomicOrdering {
1611 fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
1612 Self::check_atomic_load_store(cx, expr);
1613 Self::check_memory_fence(cx, expr);
1614 Self::check_atomic_compare_exchange(cx, expr);
1615 }
1616 }
backport for Debian buster