Uplift clippy::invalid_null_ptr_usage lint as invalid_null_arguments
#119220
Conversation
rustbot
added
S-waiting-on-review
|
Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
rustbot
added
the
I-lang-nominated
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
uplift-invalid_null_ptr_usage
branch
2 times, most recently
from
b25c44c to
7308419
Compare
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
uplift-invalid_null_ptr_usage
branch
from
7308419 to
05aabc1
Compare
|
I think @saethlin has also found plenty of code that hits this in the wild, so this seems like a good lint. |
|
You're probably referring to PyO3/pyo3#2687 and servo/font-kit#197 I don't think either of these would be detected by the lint, but I agree that this is a reasonable lint target. |
apiraino
added
S-waiting-on-team
|
I'll flag this as |
|
☔ The latest upstream changes (presumably #120991) made this pull request unmergeable. Please resolve the merge conflicts. |
|
(Just me, with my lang hat on but not talking for the team.) I wish there was an easier way for these to get added without waiting on us. Would you be interested in making a proposal of some sort for making maybe a It'd be great if, rather than lang needing to approve stuff, it'd just be |
|
That feels similar to what flux and verus are doing but at a smaller scale. Unsure about allowing downstream users to access it but it'd be great to make these kinds of checks more prevalent (and not just for null ptr cases) |
|
I do like refinement types. We should discuss this further, I love the idea of rust expanding its sights of correctness to this, rather than a devtool (what flux does atm) |
|
I would if there was an easier way to add those kind of lints. Using the
That would be awesome, I would love if it were this "simple". I can write something akin to an MCP (for t-lang) but I don't have the time for a full RFC :-) |
This comment was marked as outdated.
This comment was marked as outdated.
|
@traviscross It's been more than a year since I nominated this PR for T-lang, I know it's not high priority/high in the list, and I don't mind waiting, but it's becoming annoying to maintain these kind of PR. This one in particular has nearly all modified files in conflict. Is this something T-lang would accept? Is there a way to gather consensus outside of a nomination? If not I rather close this PR than continue to waste my time maintaining this PR. |
rustbot
added
the
I-lang-easy-decision
traviscross
added
T-lang
|
Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members: Concerns:
Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns. |
rfcbot
added
proposed-final-comment-period
|
Anyone have a better suggestion for the lint name than |
Urgau
added
S-waiting-on-review
| | | ||
| = help: for more information, visit <https://doc.rust-lang.org/std/ptr/index.html> and <https://doc.rust-lang.org/reference/behavior-considered-undefined.html> | ||
|
|
||
| error: calling this function with a null pointer is Undefined Behavior, even if the result of the function is unused |
There was a problem hiding this comment.
| error: calling this function with a null pointer is Undefined Behavior, even if the result of the function is unused | |
| error: it is undefined behavior to call this function with a null pointer, even if the result of the function is unused |
We already have a diagnostic that says "it is undefined behavior to use this value", so making this follow that format feels nicer to me. Also we don't capitalize UB in diagnostics so we should follow that: https://github.com/search?q=repo%3Arust-lang%2Frust+undefined+behavior+path%3Atests%2Fui&type=code
There was a problem hiding this comment.
We also have diagnostics of the form I used.
As for Undefined Behavior being capitalized I took this style from miri in their diagnostics.
There was a problem hiding this comment.
Keeping the form you used is fine, I'd still want it to not be capitalized. This is a rustc lint so it should follow what rustc uses. (We really should have a large whole-project discussion on this though, just to see if we may find a consensus)
There was a problem hiding this comment.
I think I convinced RalfJ that "undefined behavior" should not be capitalized (just as we don't capitalize "race condition") -- and he later updated the Reference accordingly -- but prior to that, he had capitalized it in a lot of places (like Miri), and those haven't all been updated yet.
As a stylistic matter in the Reference, we write "undefined behavior". I push the text in lang RFCs this direction as well.
rustbot
added
S-waiting-on-author
Urgau
force-pushed
the
uplift-invalid_null_ptr_usage
branch
from
c82c601 to
6f2c561
Compare
Urgau
added
S-waiting-on-review
|
r=me after the diagnostic is recapitalized to |
Urgau
force-pushed
the
uplift-invalid_null_ptr_usage
branch
from
6f2c561 to
aa88480
Compare
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
What is this?This is an experimental post-merge analysis report that shows differences in test outcomes between the merged PR and its parent PR.Comparing 3c0f722 (parent) -> 7bfd952 (this PR) Test differencesShow 225 test diffsStage 1
(and 120 additional test diffs) Additionally, 5 doctest diffs were found. These are ignored, as they are noisy. Job group index
Job duration changes
How to interpret the job duration changes?Job durations can vary a lot, based on the actual runner instance |
|
Finished benchmarking commit (7bfd952): comparison URL. Overall result: no relevant changes - no action needed@rustbot label: -perf-regression Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)Results (secondary 2.1%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesThis benchmark run did not return any relevant results for this metric. Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 776.099s -> 776.473s (0.05%) |
This was promoted from a clippy lint in nightly. Link: rust-lang/rust#119220
This was promoted from a clippy lint in nightly. Link: rust-lang/rust#119220
… r=fee1-dead Uplift `clippy::invalid_null_ptr_usage` lint as `invalid_null_arguments` This PR aims at uplifting the `clippy::invalid_null_ptr_usage` lint into rustc, this is similar to the [`clippy::invalid_utf8_in_unchecked` uplift](rust-lang#111543) a few months ago, in the sense that those two lints lint on invalid parameter(s), here a null pointer where it is unexpected and UB to pass one. *For context: GitHub Search reveals that just for `slice::from_raw_parts{_mut}` [~20 invalid usages](hhttps://github.com/search?q=lang%3Arust+%2Fslice%3A%3Afrom_raw_parts%28_mut%29%3F%5C%28ptr%3A%3Anull%2F+NOT+path%3A%2F%5Eclippy_lints%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Erust%5C%2Fsrc%5C%2Ftools%5C%2Fclippy%5C%2Fclippy_lints%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Esrc%5C%2Ftools%5C%2Fclippy%5C%2Fclippy_lints%5C%2Fsrc%5C%2F%2F&type=code) with `ptr::null` and an additional [4 invalid usages](https://github.com/search?q=lang%3Arust+%2Fslice%3A%3Afrom_raw_parts%5C%280%28%5C%29%7C+as%29%2F+NOT+path%3A%2F%5Eclippy_lints%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Erust%5C%2Fsrc%5C%2Ftools%5C%2Fclippy%5C%2Fclippy_lints%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Esrc%5C%2Ftools%5C%2Fclippy%5C%2Fclippy_lints%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Eutils%5C%2Ftinystr%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Eutils%5C%2Fzerovec%5C%2Fsrc%5C%2F%2F+NOT+path%3A%2F%5Eprovider%5C%2Fcore%5C%2Fsrc%5C%2F%2F&type=code) with `0 as *const ...`-ish casts.* ----- ## `invalid_null_arguments` (deny-by-default) The `invalid_null_arguments` lint checks for invalid usage of null pointers. ### Example ```rust // Undefined behavior unsafe { std::slice::from_raw_parts(ptr::null(), 1); } ``` Produces: ``` error: calling this function with a null pointer is Undefined Behavior, even if the result of the function is unused --> $DIR/invalid_null_args.rs:21:23 | LL | let _: &[usize] = std::slice::from_raw_parts(ptr::null_mut(), 0); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^---------------^^^^ | | | null pointer originates from here | = help: for more information, visit <https://doc.rust-lang.org/std/ptr/index.html> and <https://doc.rust-lang.org/reference/behavior-considered-undefined.html> ``` ### Explanation Calling methods whose safety invariants requires non-null pointer with a null pointer is undefined behavior. ----- The lint use a list of functions to know which functions and arguments to checks, this could be improved in the future with a rustc attribute, or maybe even with a `#[diagnostic]` attribute. This PR also includes some small refactoring to avoid some ambiguities in naming, those can be done in another PR is desired. `@rustbot` label: +I-lang-nominated r? compiler
This PR aims at uplifting the
clippy::invalid_null_ptr_usagelint into rustc, this is similar to theclippy::invalid_utf8_in_uncheckeduplift a few months ago, in the sense that those two lints lint on invalid parameter(s), here a null pointer where it is unexpected and UB to pass one.For context: GitHub Search reveals that just for
slice::from_raw_parts{_mut}~20 invalid usages withptr::nulland an additional 4 invalid usages with0 as *const ...-ish casts.invalid_null_arguments(deny-by-default)
The
invalid_null_argumentslint checks for invalid usage of null pointers.Example
Produces:
Explanation
Calling methods whose safety invariants requires non-null pointer with a null pointer is undefined behavior.
The lint use a list of functions to know which functions and arguments to checks, this could be improved in the future with a rustc attribute, or maybe even with a
#[diagnostic]attribute.This PR also includes some small refactoring to avoid some ambiguities in naming, those can be done in another PR is desired.
@rustbot label: +I-lang-nominated
r? compiler