-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disallow hidden references to mutable static #124895
base: master
Are you sure you want to change the base?
Conversation
Sorry, I can only review interpreter and Miri PRs. r? compiler |
r? @davidtwco |
This comment has been minimized.
This comment has been minimized.
ef8ab6d
to
ac71600
Compare
This comment has been minimized.
This comment has been minimized.
ac71600
to
968dfbc
Compare
This comment has been minimized.
This comment has been minimized.
Marking as waiting on author since you've made this a draft. |
968dfbc
to
7d2fd98
Compare
This comment has been minimized.
This comment has been minimized.
7d2fd98
to
72b1c9b
Compare
This comment has been minimized.
This comment has been minimized.
72b1c9b
to
6467ccd
Compare
This comment has been minimized.
This comment has been minimized.
6467ccd
to
abfd0a0
Compare
The Miri subtree was changed cc @rust-lang/miri Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
@rustbot ready |
That error can be solved by
Otherwise the code instantiated when |
Thanks, @traviscross! What would be an acceptable heuristic for determining from the method signature that the |
Sounds like a start. For |
☔ The latest upstream changes (presumably #128134) made this pull request unmergeable. Please resolve the merge conflicts. |
In terms of the heuristic, I'm trying to think up the maximally-pessimistic example of how the reference could leak. Perhaps it's something like this: use core::cell::Cell;
struct W<'w>(Cell<Option<&'w W<'w>>>);
impl<'w> W<'w> {
fn leak<'a: 'w>(&'a self) {
self.0.set(Some(self));
}
}
fn main() {
static mut X: W = W(Cell::new(None));
unsafe { X.leak() };
let leaked = unsafe { X.0.get().unwrap() };
_ = [leaked];
} |
d94ae0c
to
14eb5e0
Compare
This comment has been minimized.
This comment has been minimized.
14eb5e0
to
5f03388
Compare
This comment has been minimized.
This comment has been minimized.
5f03388
to
ed2dbf8
Compare
ed2dbf8
to
ddc4ef9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes I asked for were addressed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please change all of the FIXME(obeis)
to not reference a specific username, since this is probably grouped under something better like FIXME(static_mut_refs)
.
Also, are all of the test changes still necessary? Do we really need to change STATIC += 1
to STATIC = STATIC + 1
? If we're motivating users to make somewhat churn-y noop changes to their code, I really don't think this lint is complete yet. If not, then those should be reverted.
Same with x.is_some()
to let Some(_) = X
, and most of the other changes to tests.
Existing tests should not be changing static mut
to static
or to use atomics. In general, tests should be left alone, and have allow(static_mut_refs)
added to the top. There's no reason to add FIXME
s to those -- some of these tests are explicitly using static muts to exercise their behavior in the compiler.
I was perhaps a bit too knee-jerky on the test changes, but they're really hard to separate out the changes from an initial glance. I would prefe us to separately in a follow-up PR (or maybe even a PR that lands before this one) that we could tweak some of the test to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are also some random stray files that need to be deleted:
compiler/rustc_lint_defs/src/lib.rs:11:5
compiler/rustc_lint_defs/src/lib.rs:887:48
} | ||
hir::ExprKind::MethodCall(_, e, _, _) | ||
if let Some(err_span) = path_is_static_mut(e, expr.span) | ||
&& let typeck = cx.tcx.typeck(expr.hir_id.owner) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use cx.typeck_results
here instead of calling the query: https://doc.rust-lang.org/nightly/nightly-rustc/rustc_lint/struct.LateContext.html#method.typeck_results
&& let inputs = | ||
cx.tcx.fn_sig(method_def_id).skip_binder().inputs().skip_binder() | ||
&& !inputs.is_empty() | ||
&& inputs[0].is_ref() => | ||
{ | ||
let m = | ||
if let TyKind::Ref(_, _, m) = inputs[0].kind() { *m } else { Mutability::Not }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be simplified into something like let Some(receiver) = inputs.get(0) && let ty::Ref(_, _, m) = receiver.kind()
.
cx: &LateContext<'_>, | ||
span: Span, | ||
sugg_span: Span, | ||
mutable: Option<Mutability>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's never a case where this isn't Some
on the caller side, so this could be simplified to just Mutability
.
I'd personally rather we try to make this lint a bit less trigger-prone if possible. I'd be fine even if we implement it only for totally unconstrained late-bound receiver lifetimes where the lifetime does not show up in the return type or something like that. But that's my personal opinion; I guess if T-lang is fine with this amount of churn then whatever. |
ddc4ef9
to
901bd3d
Compare
r? @compiler-errors -- I'm not a good reviewer for this other than the basics. |
☔ The latest upstream changes (presumably #107251) made this pull request unmergeable. Please resolve the merge conflicts. |
901bd3d
to
27d118d
Compare
27d118d
to
3b0ce1b
Compare
@compiler-errors Done. |
Closes #123060
Tracking: