Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uplift temporary-cstring-as-ptr lint from clippy into rustc #75671

Merged
merged 13 commits into from
Oct 28, 2020

Conversation

nathanwhit
Copy link
Member

The general consensus seems to be that this lint covers a common enough mistake to warrant inclusion in rustc.
The diagnostic message might need some tweaking, as I'm not sure the use of second-person perspective matches the rest of rustc, but I'd like to hear others' thoughts on that.

(cc #53224).

r? @oli-obk

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Aug 18, 2020
@Mark-Simulacrum
Copy link
Member

@bors try @rust-timer queue

@rust-timer
Copy link
Collaborator

Awaiting bors try build completion

@bors
Copy link
Contributor

bors commented Aug 18, 2020

⌛ Trying commit f7da096488c6fd9d4be7c480affa26d9f7b80a02 with merge ca7ac508d257828878fb0e7cade1ad46381056f8...

@oli-obk
Copy link
Contributor

oli-obk commented Aug 18, 2020

Sgtm, modulo CI passing, perf being clean and we'll need an MCP so the entire compiler team is informed about this. Can you open an MCP? It just needs a sentence or two and maybe an example on what is now being linted.

src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved

declare_lint! {
pub TEMPORARY_CSTRING_AS_PTR,
Deny,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need a crater run to check the fallout from this (but it should still be deny by default unless we break some foundational crate, IMO).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dependencies get their lints capped anyway, so it will only break building that crate directly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel that it shouldn't be deny by default as long as it considers func(CString::new("...").unwrap().as_ptr()); to be erroneous (since in typical situations this would be a false positive).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for making this Warn, and not Deny (though I don't know if we have other similar deny-by-default lints).

I think we also should add a regression test for func(CString::new("...").unwrap().as_ptr());. I wouldn't personally call it as a false-positive though: it's not UB, but still sufficiently obscure style worth linting against.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree on the Warn by default, since the lint covers cases that aren't incorrect. That's reflected in the PR now.

src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
@nathanwhit
Copy link
Member Author

Sgtm, modulo CI passing, perf being clean and we'll need an MCP so the entire compiler team is informed about this. Can you open an MCP? It just needs a sentence or two and maybe an example on what is now being linted.

Sure thing! Filed rust-lang/compiler-team#346.

@bors
Copy link
Contributor

bors commented Aug 23, 2020

☔ The latest upstream changes (presumably #73084) made this pull request unmergeable. Please resolve the merge conflicts.

@jyn514
Copy link
Member

jyn514 commented Sep 1, 2020

I think rust-lang/rust-clippy#5838 should be fixed before making this deny-by-default. Warn-by-default is fine if fixing the false positive is too difficult and we want to get this in soon.

@jyn514 jyn514 added A-lint Area: Lints (warnings about flaws in source code) such as unused_mut. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Sep 1, 2020
@matklad
Copy link
Member

matklad commented Sep 1, 2020

I feel moderately strongly that rust-lang/rust-clippy#5838 is not a false positive.

it is false-positive for "this code is UB", as it is not UB. But it absolutely is a true positive for "this code is confusing, because you need to be a language lawyer to understand why it is not UB".

@jyn514
Copy link
Member

jyn514 commented Sep 1, 2020

it is false-positive for "this code is UB", as it is not UB. But it absolutely is a true positive for "this code is confusing, because you need to be a language lawyer to understand why it is not UB".

Then it should say that. Instead it currently says

= note: that pointer will be invalid outside this expression

Which is not true. It will be invalid outside the statement, which encompasses both the .as_ptr() and the function call.

@jyn514
Copy link
Member

jyn514 commented Sep 1, 2020

Also I think it would be nice for it to link to https://doc.rust-lang.org/reference/destructors.html, but I won't block on that.

Copy link
Member

@jyn514 jyn514 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should add a test case for rust-lang/rust-clippy#5838. If the behavior there is intentional, then it should be tested; it shouldn't slip in by accident. If it's not intentional, the lint should be fixed.

src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
src/librustc_lint/methods.rs Outdated Show resolved Hide resolved
@jyn514 jyn514 added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Sep 15, 2020
@jyn514
Copy link
Member

jyn514 commented Oct 27, 2020

 Command failed. Attempt 5/5:
    Updating crates.io index
warning: spurious network error (2 tries remaining): error inflating zlib stream; class=Zlib (5)
warning: spurious network error (1 tries remaining): error inflating zlib stream; class=Zlib (5)
error: failed to get `cc` as a dependency of package `bootstrap v0.0.0 (D:\a\rust\rust\src\bootstrap)`

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  error inflating zlib stream; class=Zlib (5)
failed to run: D:\a\rust\rust\build\i686-pc-windows-gnu\stage0\bin\cargo.exe build --manifest-path D:\a\rust\rust\src/bootstrap/Cargo.toml --locked

@bors retry

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 27, 2020
@bors
Copy link
Contributor

bors commented Oct 27, 2020

⌛ Testing commit 572cd35 with merge 90e6d0d...

@bors
Copy link
Contributor

bors commented Oct 28, 2020

☀️ Test successful - checks-actions
Approved by: oli-obk
Pushing 90e6d0d to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Oct 28, 2020
@bors bors merged commit 90e6d0d into rust-lang:master Oct 28, 2020
@rustbot rustbot added this to the 1.49.0 milestone Oct 28, 2020
@flip1995
Copy link
Member

Uh, can we have a policy that the Clippy team is pinged for major changes to Clippy in rustc, such as uplifting lints. Even though the lint was removed, it wasn't deprecated properly (which is a lengthy process by design). Luckily @ebroto caught that in the rustup. But with a ping to the Clippy team we can avoid pull requests, like this "emergency sync": #78505

bors added a commit to rust-lang-ci/rust that referenced this pull request Aug 16, 2021
…eywiser

Uplift the invalid_atomic_ordering lint from clippy to rustc

This is mostly just a rebase of rust-lang#79654; I've copy/pasted the text from that PR below.

r? `@lcnr` since you reviewed the last one, but feel free to reassign.

---

This is an implementation of rust-lang/compiler-team#390.

As mentioned, in general this turns an unconditional runtime panic into a (compile time) lint failure. It has no false positives, and the only false negatives I'm aware of are if `Ordering` isn't specified directly and is comes from an argument/constant/whatever.

As a result of it having no false positives, and the alternative always being strictly wrong, it's on as deny by default. This seems right.

In the [zulip stream](https://rust-lang.zulipchat.com/#narrow/stream/233931-t-compiler.2Fmajor-changes/topic/Uplift.20the.20.60invalid_atomic_ordering.60.20lint.20from.20clippy/near/218483957) `@joshtriplett` suggested that lang team should FCP this before landing it. Perhaps libs team cares too?

---

Some notes on the code for reviewers / others below

## Changes from clippy

The code is changed from [the implementation in clippy](https://github.com/rust-lang/rust-clippy/blob/68cf94f6a66e47234e3adefc6dfbe806cd6ad164/clippy_lints/src/atomic_ordering.rs) in the following ways:

1. Uses `Symbols` and `rustc_diagnostic_item`s instead of string literals.
    - It's possible I should have just invoked Symbol::intern for some of these instead? Seems better to use symbol, but it did require adding several.
2. The functions are moved to static methods inside the lint struct, as a way to namespace them.
    - There's a lot of other code in that file — which I picked as the location for this lint because `@jyn514` told me that seemed reasonable.
3. Supports unstable AtomicU128/AtomicI128.
    - I did this because it was almost easier to support them than not — not supporting them would have (ideally) required finding a way not to give them a `rustc_diagnostic_item`, which would have complicated an already big macro.
    - These don't have tests since I wasn't sure if/how I should make tests conditional on whether or not the target has the atomic... This is to a certain extent an issue of 64bit atomics too, but 128-bit atomics are much less common. Regardless, the existing tests should be *more* than thorough enough here.
4. Minor changes like:
    - grammar tweaks ("loads cannot have `Release` **and** `AcqRel` ordering" => "loads cannot have `Release` **or** `AcqRel` ordering")
    - function renames (`match_ordering_def_path` => `matches_ordering_def_path`),
    - avoiding clippy-specific helper methods that don't exist in rustc_lint and didn't seem worth adding for this case (for example `cx.struct_span_lint` vs clippy's `span_lint_and_help` helper).

## Potential issues

(This is just about the code in this PR, not conceptual issues with the lint or anything)

1. I'm not sure if I should have used a diagnostic item for `Ordering` and its variants (I couldn't figure out how really, so if I should do this some pointers would be appreciated).
    - It seems possible that failing to do this might possibly mean there are more cases this lint would miss, but I don't really know how `match_def_path` works and if it has any pitfalls like that, so maybe not.

2. I *think* I deprecated the lint in clippy (CC `@flip1995` who asked to be notified about clippy changes in the future in [this comment](rust-lang#75671 (comment))) but I'm not sure if I need to do anything else there.
    - I'm kind of hoping CI will catch if I missed anything, since `x.py test src/tools/clippy` fails with a lot of errors with and without my changes (and is probably a nonsense command regardless). Running `cargo test` from src/tools/clippy also fails with unrelated errors that seem like refactorings that didnt update clippy? So, honestly no clue.

3. I wasn't sure if the description/example I gave good. Hopefully it is. The example is less thorough than the one from clippy here: https://rust-lang.github.io/rust-clippy/master/index.html#invalid_atomic_ordering. Let me know if/how I should change it if it needs changing.

4. It pulls in the `if_chain` crate. This crate was already used in clippy, and seems like it's used elsewhere in rustc, but I'm willing to rewrite it to not use this if needed (I'd prefer not to, all things being equal).
flip1995 pushed a commit to flip1995/rust-clippy that referenced this pull request Aug 26, 2021
Uplift the invalid_atomic_ordering lint from clippy to rustc

This is mostly just a rebase of rust-lang/rust#79654; I've copy/pasted the text from that PR below.

r? `@lcnr` since you reviewed the last one, but feel free to reassign.

---

This is an implementation of rust-lang/compiler-team#390.

As mentioned, in general this turns an unconditional runtime panic into a (compile time) lint failure. It has no false positives, and the only false negatives I'm aware of are if `Ordering` isn't specified directly and is comes from an argument/constant/whatever.

As a result of it having no false positives, and the alternative always being strictly wrong, it's on as deny by default. This seems right.

In the [zulip stream](https://rust-lang.zulipchat.com/#narrow/stream/233931-t-compiler.2Fmajor-changes/topic/Uplift.20the.20.60invalid_atomic_ordering.60.20lint.20from.20clippy/near/218483957) `@joshtriplett` suggested that lang team should FCP this before landing it. Perhaps libs team cares too?

---

Some notes on the code for reviewers / others below

## Changes from clippy

The code is changed from [the implementation in clippy](https://github.com/rust-lang/rust-clippy/blob/68cf94f6a66e47234e3adefc6dfbe806cd6ad164/clippy_lints/src/atomic_ordering.rs) in the following ways:

1. Uses `Symbols` and `rustc_diagnostic_item`s instead of string literals.
    - It's possible I should have just invoked Symbol::intern for some of these instead? Seems better to use symbol, but it did require adding several.
2. The functions are moved to static methods inside the lint struct, as a way to namespace them.
    - There's a lot of other code in that file — which I picked as the location for this lint because `@jyn514` told me that seemed reasonable.
3. Supports unstable AtomicU128/AtomicI128.
    - I did this because it was almost easier to support them than not — not supporting them would have (ideally) required finding a way not to give them a `rustc_diagnostic_item`, which would have complicated an already big macro.
    - These don't have tests since I wasn't sure if/how I should make tests conditional on whether or not the target has the atomic... This is to a certain extent an issue of 64bit atomics too, but 128-bit atomics are much less common. Regardless, the existing tests should be *more* than thorough enough here.
4. Minor changes like:
    - grammar tweaks ("loads cannot have `Release` **and** `AcqRel` ordering" => "loads cannot have `Release` **or** `AcqRel` ordering")
    - function renames (`match_ordering_def_path` => `matches_ordering_def_path`),
    - avoiding clippy-specific helper methods that don't exist in rustc_lint and didn't seem worth adding for this case (for example `cx.struct_span_lint` vs clippy's `span_lint_and_help` helper).

## Potential issues

(This is just about the code in this PR, not conceptual issues with the lint or anything)

1. I'm not sure if I should have used a diagnostic item for `Ordering` and its variants (I couldn't figure out how really, so if I should do this some pointers would be appreciated).
    - It seems possible that failing to do this might possibly mean there are more cases this lint would miss, but I don't really know how `match_def_path` works and if it has any pitfalls like that, so maybe not.

2. I *think* I deprecated the lint in clippy (CC `@flip1995` who asked to be notified about clippy changes in the future in [this comment](rust-lang/rust#75671 (comment))) but I'm not sure if I need to do anything else there.
    - I'm kind of hoping CI will catch if I missed anything, since `x.py test src/tools/clippy` fails with a lot of errors with and without my changes (and is probably a nonsense command regardless). Running `cargo test` from src/tools/clippy also fails with unrelated errors that seem like refactorings that didnt update clippy? So, honestly no clue.

3. I wasn't sure if the description/example I gave good. Hopefully it is. The example is less thorough than the one from clippy here: https://rust-lang.github.io/rust-clippy/master/index.html#invalid_atomic_ordering. Let me know if/how I should change it if it needs changing.

4. It pulls in the `if_chain` crate. This crate was already used in clippy, and seems like it's used elsewhere in rustc, but I'm willing to rewrite it to not use this if needed (I'd prefer not to, all things being equal).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-lint Area: Lints (warnings about flaws in source code) such as unused_mut. merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.