Disallow hidden references to mutable static #124895
Conversation
rustbot
added
S-waiting-on-review
|
Sorry, I can only review interpreter and Miri PRs. r? compiler |
|
r? @davidtwco |
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
ef8ab6d
to
ac71600
Compare
rustbot
added
A-testsuite
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
ac71600
to
968dfbc
Compare
This comment has been minimized.
This comment has been minimized.
davidtwco
added
S-waiting-on-author
|
Marking as waiting on author since you've made this a draft. |
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
968dfbc
to
7d2fd98
Compare
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
7d2fd98
to
72b1c9b
Compare
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
72b1c9b
to
6467ccd
Compare
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
6467ccd
to
abfd0a0
Compare
|
The Miri subtree was changed cc @rust-lang/miri Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
|
@rustbot ready |
|
That error can be solved by Otherwise the code instantiated when |
|
Thanks, @traviscross! What would be an acceptable heuristic for determining from the method signature that the |
Sounds like a start. For |
|
☔ The latest upstream changes (presumably #128134) made this pull request unmergeable. Please resolve the merge conflicts. |
|
In terms of the heuristic, I'm trying to think up the maximally-pessimistic example of how the reference could leak. Perhaps it's something like this: use core::cell::Cell;
struct W<'w>(Cell<Option<&'w W<'w>>>);
impl<'w> W<'w> {
fn leak<'a: 'w>(&'a self) {
self.0.set(Some(self));
}
}
fn main() {
static mut X: W = W(Cell::new(None));
unsafe { X.leak() };
let leaked = unsafe { X.0.get().unwrap() };
_ = [leaked];
} |
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
d94ae0c
to
14eb5e0
Compare
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
14eb5e0
to
5f03388
Compare
This comment has been minimized.
This comment has been minimized.
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
5f03388
to
ed2dbf8
Compare
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
ed2dbf8
to
ddc4ef9
Compare
There was a problem hiding this comment.
Please change all of the FIXME(obeis) to not reference a specific username, since this is probably grouped under something better like FIXME(static_mut_refs).
Also, are all of the test changes still necessary? Do we really need to change STATIC += 1 to STATIC = STATIC + 1? If we're motivating users to make somewhat churn-y noop changes to their code, I really don't think this lint is complete yet. If not, then those should be reverted.
Same with x.is_some() to let Some(_) = X, and most of the other changes to tests.
Existing tests should not be changing static mut to static or to use atomics. In general, tests should be left alone, and have allow(static_mut_refs) added to the top. There's no reason to add FIXMEs to those -- some of these tests are explicitly using static muts to exercise their behavior in the compiler.
|
I was perhaps a bit too knee-jerky on the test changes, but they're really hard to separate out the changes from an initial glance. I would prefe us to separately in a follow-up PR (or maybe even a PR that lands before this one) that we could tweak some of the test to use |
| } | ||
| hir::ExprKind::MethodCall(_, e, _, _) | ||
| if let Some(err_span) = path_is_static_mut(e, expr.span) | ||
| && let typeck = cx.tcx.typeck(expr.hir_id.owner) |
There was a problem hiding this comment.
You should use cx.typeck_results here instead of calling the query: https://doc.rust-lang.org/nightly/nightly-rustc/rustc_lint/struct.LateContext.html#method.typeck_results
| && let inputs = | ||
| cx.tcx.fn_sig(method_def_id).skip_binder().inputs().skip_binder() | ||
| && !inputs.is_empty() | ||
| && inputs[0].is_ref() => | ||
| { | ||
| let m = | ||
| if let TyKind::Ref(_, _, m) = inputs[0].kind() { *m } else { Mutability::Not }; |
There was a problem hiding this comment.
This can be simplified into something like let Some(receiver) = inputs.get(0) && let ty::Ref(_, _, m) = receiver.kind().
| cx: &LateContext<'_>, | ||
| span: Span, | ||
| sugg_span: Span, | ||
| mutable: Option<Mutability>, |
There was a problem hiding this comment.
There's never a case where this isn't Some on the caller side, so this could be simplified to just Mutability.
|
I'd personally rather we try to make this lint a bit less trigger-prone if possible. I'd be fine even if we implement it only for totally unconstrained late-bound receiver lifetimes where the lifetime does not show up in the return type or something like that. But that's my personal opinion; I guess if T-lang is fine with this amount of churn then whatever. |
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
ddc4ef9
to
901bd3d
Compare
|
r? @compiler-errors -- I'm not a good reviewer for this other than the basics. |
|
☔ The latest upstream changes (presumably #107251) made this pull request unmergeable. Please resolve the merge conflicts. |
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
901bd3d
to
27d118d
Compare
obeis
force-pushed
the
static-mut-hidden-ref
branch
from
27d118d
to
3b0ce1b
Compare
|
@compiler-errors Done. |
Closes #123060
Tracking: