rust/compiler/rustc_lint/src/reference_casting.rs

use rustc_ast::Mutability;
use rustc_data_structures::fx::FxHashMap;
use rustc_hir::{def::Res, Expr, ExprKind, HirId, Local, QPath, StmtKind, UnOp};
use rustc_middle::ty::{self, TypeAndMut};
use rustc_span::{sym, Span};

use crate::{lints::InvalidReferenceCastingDiag, LateContext, LateLintPass, LintContext};

declare_lint! {
    /// The `invalid_reference_casting` lint checks for casts of `&T` to `&mut T`
    /// without using interior mutability.
    ///
    /// ### Example
    ///
    /// ```rust,compile_fail
    /// fn x(r: &i32) {
    ///     unsafe {
    ///         *(r as *const i32 as *mut i32) += 1;
    ///     }
    /// }
    /// ```
    ///
    /// {{produces}}
    ///
    /// ### Explanation
    ///
    /// Casting `&T` to `&mut T` without using interior mutability is undefined behavior,
    /// as it's a violation of Rust reference aliasing requirements.
    ///
    /// `UnsafeCell` is the only way to obtain aliasable data that is considered
    /// mutable.
    INVALID_REFERENCE_CASTING,
    Deny,
    "casts of `&T` to `&mut T` without interior mutability"
}

#[derive(Default)]
pub struct InvalidReferenceCasting {
    casted: FxHashMap<HirId, Span>,
}

impl_lint_pass!(InvalidReferenceCasting => [INVALID_REFERENCE_CASTING]);

impl<'tcx> LateLintPass<'tcx> for InvalidReferenceCasting {
    fn check_stmt(&mut self, cx: &LateContext<'tcx>, stmt: &'tcx rustc_hir::Stmt<'tcx>) {
        let StmtKind::Local(local) = stmt.kind else {
            return;
        };
        let Local { init: Some(init), els: None, .. } = local else {
            return;
        };

        if is_cast_from_const_to_mut(cx, init) {
            self.casted.insert(local.pat.hir_id, init.span);
        }
    }

    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'tcx>) {
        let Some((is_assignment, e)) = is_operation_we_care_about(cx, expr) else {
            return;
        };

        let orig_cast = if is_cast_from_const_to_mut(cx, e) {
            None
        } else if let ExprKind::Path(QPath::Resolved(_, path)) = e.kind
            && let Res::Local(hir_id) = &path.res
            && let Some(orig_cast) = self.casted.get(hir_id) {
            Some(*orig_cast)
        } else {
            return;
        };

        cx.emit_spanned_lint(
            INVALID_REFERENCE_CASTING,
            expr.span,
            if is_assignment {
                InvalidReferenceCastingDiag::AssignToRef { orig_cast }
            } else {
                InvalidReferenceCastingDiag::BorrowAsMut { orig_cast }
            },
        );
    }
}

fn is_operation_we_care_about<'tcx>(
    cx: &LateContext<'tcx>,
    e: &'tcx Expr<'tcx>,
) -> Option<(bool, &'tcx Expr<'tcx>)> {
    fn deref_assign_or_addr_of<'tcx>(expr: &'tcx Expr<'tcx>) -> Option<(bool, &'tcx Expr<'tcx>)> {
        // &mut <expr>
        let inner = if let ExprKind::AddrOf(_, Mutability::Mut, expr) = expr.kind {
            expr
        // <expr> = ...
        } else if let ExprKind::Assign(expr, _, _) = expr.kind {
            expr
        // <expr> += ...
        } else if let ExprKind::AssignOp(_, expr, _) = expr.kind {
            expr
        } else {
            return None;
        };

        if let ExprKind::Unary(UnOp::Deref, e) = &inner.kind {
            Some((!matches!(expr.kind, ExprKind::AddrOf(..)), e))
        } else {
            None
        }
    }

    fn ptr_write<'tcx>(
        cx: &LateContext<'tcx>,
        e: &'tcx Expr<'tcx>,
    ) -> Option<(bool, &'tcx Expr<'tcx>)> {
        if let ExprKind::Call(path, [arg_ptr, _arg_val]) = e.kind
            && let ExprKind::Path(ref qpath) = path.kind
            && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
            && matches!(cx.tcx.get_diagnostic_name(def_id), Some(sym::ptr_write | sym::ptr_write_volatile | sym::ptr_write_unaligned))
        {
            Some((true, arg_ptr))
        } else {
            None
        }
    }

    deref_assign_or_addr_of(e).or_else(|| ptr_write(cx, e))
}

fn is_cast_from_const_to_mut<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'tcx>) -> bool {
    let e = e.peel_blocks();

    fn from_casts<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'tcx>) -> Option<&'tcx Expr<'tcx>> {
        // <expr> as *mut ...
        let mut e = if let ExprKind::Cast(e, t) = e.kind
            && let ty::RawPtr(TypeAndMut { mutbl: Mutability::Mut, .. }) = cx.typeck_results().node_type(t.hir_id).kind() {
            e
        // <expr>.cast_mut()
        } else if let ExprKind::MethodCall(_, expr, [], _) = e.kind
            && let Some(def_id) = cx.typeck_results().type_dependent_def_id(e.hir_id)
            && cx.tcx.is_diagnostic_item(sym::ptr_cast_mut, def_id) {
            expr
        } else {
            return None;
        };

        let mut had_at_least_one_cast = false;
        loop {
            e = e.peel_blocks();
            // <expr> as *mut/const ... or <expr> as <uint>
            e = if let ExprKind::Cast(expr, t) = e.kind
                && matches!(cx.typeck_results().node_type(t.hir_id).kind(), ty::RawPtr(_) | ty::Uint(_))  {
                had_at_least_one_cast = true;
                expr
            // <expr>.cast(), <expr>.cast_mut() or <expr>.cast_const()
            } else if let ExprKind::MethodCall(_, expr, [], _) = e.kind
                && let Some(def_id) = cx.typeck_results().type_dependent_def_id(e.hir_id)
                && matches!(
                    cx.tcx.get_diagnostic_name(def_id),
                    Some(sym::ptr_cast | sym::const_ptr_cast | sym::ptr_cast_mut | sym::ptr_cast_const)
                )
            {
                had_at_least_one_cast = true;
                expr
            // ptr::from_ref(<expr>)
            } else if let ExprKind::Call(path, [arg]) = e.kind
                && let ExprKind::Path(ref qpath) = path.kind
                && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
                && cx.tcx.is_diagnostic_item(sym::ptr_from_ref, def_id) {
                return Some(arg);
            } else if had_at_least_one_cast {
                return Some(e);
            } else {
                return None;
            };
        }
    }

    fn from_transmute<'tcx>(
        cx: &LateContext<'tcx>,
        e: &'tcx Expr<'tcx>,
    ) -> Option<&'tcx Expr<'tcx>> {
        // mem::transmute::<_, *mut _>(<expr>)
        if let ExprKind::Call(path, [arg]) = e.kind
            && let ExprKind::Path(ref qpath) = path.kind
            && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
            && cx.tcx.is_diagnostic_item(sym::transmute, def_id)
            && let ty::RawPtr(TypeAndMut { mutbl: Mutability::Mut, .. }) = cx.typeck_results().node_type(e.hir_id).kind() {
            Some(arg)
        } else {
            None
        }
    }

    let Some(e) = from_casts(cx, e).or_else(|| from_transmute(cx, e)) else {
        return false;
    };

    let e = e.peel_blocks();
    matches!(cx.typeck_results().node_type(e.hir_id).kind(), ty::Ref(_, _, Mutability::Not))
}
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`use rustc_ast::Mutability;`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`use rustc_data_structures::fx::FxHashMap;`
			`use rustc_hir::{def::Res, Expr, ExprKind, HirId, Local, QPath, StmtKind, UnOp};`
			`use rustc_middle::ty::{self, TypeAndMut};`
			`use rustc_span::{sym, Span};`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00
Rename cast_ref_to_mut lint to invalid_reference_casting 2023-07-06 19:45:24 +00:00			`use crate::{lints::InvalidReferenceCastingDiag, LateContext, LateLintPass, LintContext};`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00
			`declare_lint! {`
Rename cast_ref_to_mut lint to invalid_reference_casting 2023-07-06 19:45:24 +00:00			/// The `invalid_reference_casting` lint checks for casts of `&T` to `&mut T`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`/// without using interior mutability.`
			`///`
			`/// ### Example`
			`///`
			/// ```rust,compile_fail
			`/// fn x(r: &i32) {`
			`/// unsafe {`
			`/// (r as const i32 as *mut i32) += 1;`
			`/// }`
			`/// }`
			/// ```
			`///`
			`/// {{produces}}`
			`///`
			`/// ### Explanation`
			`///`
			/// Casting `&T` to `&mut T` without using interior mutability is undefined behavior,
			`/// as it's a violation of Rust reference aliasing requirements.`
			`///`
			/// `UnsafeCell` is the only way to obtain aliasable data that is considered
			`/// mutable.`
Rename cast_ref_to_mut lint to invalid_reference_casting 2023-07-06 19:45:24 +00:00			`INVALID_REFERENCE_CASTING,`
Revert "Temporarily switch invalid_reference_casting lint to allow-by-default" This reverts commit f25ad54a4d0febbcb2b7e951835228b7b2320b49. 2023-07-14 19:54:27 +00:00			`Deny,`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			"casts of `&T` to `&mut T` without interior mutability"
			`}`

Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`#[derive(Default)]`
			`pub struct InvalidReferenceCasting {`
			`casted: FxHashMap<HirId, Span>,`
			`}`

			`impl_lint_pass!(InvalidReferenceCasting => [INVALID_REFERENCE_CASTING]);`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00
Rename cast_ref_to_mut lint to invalid_reference_casting 2023-07-06 19:45:24 +00:00			`impl<'tcx> LateLintPass<'tcx> for InvalidReferenceCasting {`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`fn check_stmt(&mut self, cx: &LateContext<'tcx>, stmt: &'tcx rustc_hir::Stmt<'tcx>) {`
			`let StmtKind::Local(local) = stmt.kind else {`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`return;`
			`};`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`let Local { init: Some(init), els: None, .. } = local else {`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`return;`
			`};`

Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`if is_cast_from_const_to_mut(cx, init) {`
			`self.casted.insert(local.pat.hir_id, init.span);`
			`}`
			`}`

			`fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'tcx>) {`
Add support for ptr::write for the invalid_reference_casting lint 2023-08-22 13:41:07 +00:00			`let Some((is_assignment, e)) = is_operation_we_care_about(cx, expr) else {`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`return;`
			`};`

Improve diagnostics of the invalid_reference_casting lint 2023-07-14 20:25:47 +00:00			`let orig_cast = if is_cast_from_const_to_mut(cx, e) {`
			`None`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`} else if let ExprKind::Path(QPath::Resolved(_, path)) = e.kind`
			`&& let Res::Local(hir_id) = &path.res`
			`&& let Some(orig_cast) = self.casted.get(hir_id) {`
Improve diagnostics of the invalid_reference_casting lint 2023-07-14 20:25:47 +00:00			`Some(*orig_cast)`
			`} else {`
			`return;`
			`};`

			`cx.emit_spanned_lint(`
			`INVALID_REFERENCE_CASTING,`
			`expr.span,`
Add support for ptr::write for the invalid_reference_casting lint 2023-08-22 13:41:07 +00:00			`if is_assignment {`
Improve diagnostics of the invalid_reference_casting lint 2023-07-14 20:25:47 +00:00			`InvalidReferenceCastingDiag::AssignToRef { orig_cast }`
Add support for ptr::write for the invalid_reference_casting lint 2023-08-22 13:41:07 +00:00			`} else {`
			`InvalidReferenceCastingDiag::BorrowAsMut { orig_cast }`
Improve diagnostics of the invalid_reference_casting lint 2023-07-14 20:25:47 +00:00			`},`
			`);`
Uplift clippy::cast_ref_to_mut to rustc 2023-05-14 14:20:32 +00:00			`}`
			`}`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00
Add support for ptr::write for the invalid_reference_casting lint 2023-08-22 13:41:07 +00:00			`fn is_operation_we_care_about<'tcx>(`
			`cx: &LateContext<'tcx>,`
			`e: &'tcx Expr<'tcx>,`
			`) -> Option<(bool, &'tcx Expr<'tcx>)> {`
			`fn deref_assign_or_addr_of<'tcx>(expr: &'tcx Expr<'tcx>) -> Option<(bool, &'tcx Expr<'tcx>)> {`
			`// &mut <expr>`
			`let inner = if let ExprKind::AddrOf(_, Mutability::Mut, expr) = expr.kind {`
			`expr`
			`// <expr> = ...`
			`} else if let ExprKind::Assign(expr, _, _) = expr.kind {`
			`expr`
			`// <expr> += ...`
			`} else if let ExprKind::AssignOp(_, expr, _) = expr.kind {`
			`expr`
			`} else {`
			`return None;`
			`};`

			`if let ExprKind::Unary(UnOp::Deref, e) = &inner.kind {`
			`Some((!matches!(expr.kind, ExprKind::AddrOf(..)), e))`
			`} else {`
			`None`
			`}`
			`}`

			`fn ptr_write<'tcx>(`
			`cx: &LateContext<'tcx>,`
			`e: &'tcx Expr<'tcx>,`
			`) -> Option<(bool, &'tcx Expr<'tcx>)> {`
			`if let ExprKind::Call(path, [arg_ptr, _arg_val]) = e.kind`
			`&& let ExprKind::Path(ref qpath) = path.kind`
			`&& let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()`
			`&& matches!(cx.tcx.get_diagnostic_name(def_id), Some(sym::ptr_write \| sym::ptr_write_volatile \| sym::ptr_write_unaligned))`
			`{`
			`Some((true, arg_ptr))`
			`} else {`
			`None`
			`}`
			`}`

			`deref_assign_or_addr_of(e).or_else(\|\| ptr_write(cx, e))`
			`}`

Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`fn is_cast_from_const_to_mut<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'tcx>) -> bool {`
			`let e = e.peel_blocks();`

Also consider `transmute` with the `invalid_reference_casting` lint 2023-08-12 10:40:26 +00:00			`fn from_casts<'tcx>(cx: &LateContext<'tcx>, e: &'tcx Expr<'tcx>) -> Option<&'tcx Expr<'tcx>> {`
			`// <expr> as *mut ...`
Improve `invalid_reference_casting` lint 2023-08-13 15:08:33 +00:00			`let mut e = if let ExprKind::Cast(e, t) = e.kind`
Also consider `transmute` with the `invalid_reference_casting` lint 2023-08-12 10:40:26 +00:00			`&& let ty::RawPtr(TypeAndMut { mutbl: Mutability::Mut, .. }) = cx.typeck_results().node_type(t.hir_id).kind() {`
			`e`
			`// <expr>.cast_mut()`
			`} else if let ExprKind::MethodCall(_, expr, [], _) = e.kind`
			`&& let Some(def_id) = cx.typeck_results().type_dependent_def_id(e.hir_id)`
			`&& cx.tcx.is_diagnostic_item(sym::ptr_cast_mut, def_id) {`
			`expr`
			`} else {`
			`return None;`
			`};`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00
Improve `invalid_reference_casting` lint 2023-08-13 15:08:33 +00:00			`let mut had_at_least_one_cast = false;`
			`loop {`
			`e = e.peel_blocks();`
			`// <expr> as *mut/const ... or <expr> as <uint>`
			`e = if let ExprKind::Cast(expr, t) = e.kind`
			`&& matches!(cx.typeck_results().node_type(t.hir_id).kind(), ty::RawPtr(_) \| ty::Uint(_)) {`
			`had_at_least_one_cast = true;`
			`expr`
			`// <expr>.cast(), <expr>.cast_mut() or <expr>.cast_const()`
			`} else if let ExprKind::MethodCall(_, expr, [], _) = e.kind`
			`&& let Some(def_id) = cx.typeck_results().type_dependent_def_id(e.hir_id)`
			`&& matches!(`
			`cx.tcx.get_diagnostic_name(def_id),`
			`Some(sym::ptr_cast \| sym::const_ptr_cast \| sym::ptr_cast_mut \| sym::ptr_cast_const)`
			`)`
			`{`
			`had_at_least_one_cast = true;`
			`expr`
			`// ptr::from_ref(<expr>)`
			`} else if let ExprKind::Call(path, [arg]) = e.kind`
			`&& let ExprKind::Path(ref qpath) = path.kind`
			`&& let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()`
			`&& cx.tcx.is_diagnostic_item(sym::ptr_from_ref, def_id) {`
			`return Some(arg);`
			`} else if had_at_least_one_cast {`
			`return Some(e);`
			`} else {`
			`return None;`
			`};`
			`}`
Also consider `transmute` with the `invalid_reference_casting` lint 2023-08-12 10:40:26 +00:00			`}`

			`fn from_transmute<'tcx>(`
			`cx: &LateContext<'tcx>,`
			`e: &'tcx Expr<'tcx>,`
			`) -> Option<&'tcx Expr<'tcx>> {`
			`// mem::transmute::<_, *mut _>(<expr>)`
			`if let ExprKind::Call(path, [arg]) = e.kind`
			`&& let ExprKind::Path(ref qpath) = path.kind`
			`&& let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()`
			`&& cx.tcx.is_diagnostic_item(sym::transmute, def_id)`
			`&& let ty::RawPtr(TypeAndMut { mutbl: Mutability::Mut, .. }) = cx.typeck_results().node_type(e.hir_id).kind() {`
			`Some(arg)`
			`} else {`
			`None`
			`}`
			`}`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00
Also consider `transmute` with the `invalid_reference_casting` lint 2023-08-12 10:40:26 +00:00			`let Some(e) = from_casts(cx, e).or_else(\|\| from_transmute(cx, e)) else {`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`return false;`
			`};`

			`let e = e.peel_blocks();`
Avoid linting on expression that are only UB with SB/TB 2023-07-14 20:15:28 +00:00			`matches!(cx.typeck_results().node_type(e.hir_id).kind(), ty::Ref(_, _, Mutability::Not))`
Add support for deferred casting for the invalid_reference_casting lint 2023-07-14 20:10:14 +00:00			`}`