diff --git a/CHANGELOG.md b/CHANGELOG.md
index b72387f0d71..671450a120d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
# Change Log
All notable changes to this project will be documented in this file.
+* New [`mut_from_ref`] lint
+
## 0.0.114 — 2017-02-08
* Rustup to rustc 1.17.0-nightly (c49d10207 2017-02-07)
* Tests are now ui tests (testing the exact output of rustc)
@@ -369,6 +371,7 @@ All notable changes to this project will be documented in this file.
[`mixed_case_hex_literals`]: https://github.com/Manishearth/rust-clippy/wiki#mixed_case_hex_literals
[`module_inception`]: https://github.com/Manishearth/rust-clippy/wiki#module_inception
[`modulo_one`]: https://github.com/Manishearth/rust-clippy/wiki#modulo_one
+[`mut_from_ref`]: https://github.com/Manishearth/rust-clippy/wiki#mut_from_ref
[`mut_mut`]: https://github.com/Manishearth/rust-clippy/wiki#mut_mut
[`mutex_atomic`]: https://github.com/Manishearth/rust-clippy/wiki#mutex_atomic
[`mutex_integer`]: https://github.com/Manishearth/rust-clippy/wiki#mutex_integer
diff --git a/README.md b/README.md
index 1f6fb4ff9c0..cfc9d06b495 100644
--- a/README.md
+++ b/README.md
@@ -180,7 +180,7 @@ transparently:
## Lints
-There are 186 lints included in this crate:
+There are 187 lints included in this crate:
name | default | triggers on
-----------------------------------------------------------------------------------------------------------------------|---------|----------------------------------------------------------------------------------------------------------------------------------
@@ -278,6 +278,7 @@ name
[mixed_case_hex_literals](https://github.com/Manishearth/rust-clippy/wiki#mixed_case_hex_literals) | warn | hex literals whose letter digits are not consistently upper- or lowercased
[module_inception](https://github.com/Manishearth/rust-clippy/wiki#module_inception) | warn | modules that have the same name as their parent module
[modulo_one](https://github.com/Manishearth/rust-clippy/wiki#modulo_one) | warn | taking a number modulo 1, which always returns 0
+[mut_from_ref](https://github.com/Manishearth/rust-clippy/wiki#mut_from_ref) | warn | fns that create mutable refs from immutable ref args
[mut_mut](https://github.com/Manishearth/rust-clippy/wiki#mut_mut) | allow | usage of double-mut refs, e.g. `&mut &mut ...`
[mutex_atomic](https://github.com/Manishearth/rust-clippy/wiki#mutex_atomic) | warn | using a mutex where an atomic value could be used instead
[mutex_integer](https://github.com/Manishearth/rust-clippy/wiki#mutex_integer) | allow | using a mutex for an integer type
diff --git a/clippy_lints/src/lib.rs b/clippy_lints/src/lib.rs
index 1099738d799..4b7b72f0c79 100644
--- a/clippy_lints/src/lib.rs
+++ b/clippy_lints/src/lib.rs
@@ -15,6 +15,7 @@
#![allow(needless_lifetimes)]
extern crate syntax;
+extern crate syntax_pos;
#[macro_use]
extern crate rustc;
extern crate rustc_data_structures;
@@ -464,6 +465,7 @@ pub fn register_plugins(reg: &mut rustc_plugin::Registry) {
precedence::PRECEDENCE,
print::PRINT_WITH_NEWLINE,
ptr::CMP_NULL,
+ ptr::MUT_FROM_REF,
ptr::PTR_ARG,
ranges::RANGE_STEP_BY_ZERO,
ranges::RANGE_ZIP_WITH_LEN,
diff --git a/clippy_lints/src/ptr.rs b/clippy_lints/src/ptr.rs
index 590e3d587d4..e9176372ebc 100644
--- a/clippy_lints/src/ptr.rs
+++ b/clippy_lints/src/ptr.rs
@@ -5,7 +5,9 @@ use rustc::hir::map::NodeItem;
use rustc::lint::*;
use rustc::ty;
use syntax::ast::NodeId;
-use utils::{match_path, match_type, paths, span_lint};
+use syntax::codemap::Span;
+use syntax_pos::MultiSpan;
+use utils::{match_path, match_type, paths, span_lint, span_lint_and_then};
/// **What it does:** This lint checks for function arguments of type `&String` or `&Vec` unless
/// the references are mutable.
@@ -44,13 +46,32 @@ declare_lint! {
"comparing a pointer to a null pointer, suggesting to use `.is_null()` instead."
}
+/// **What it does:** This lint checks for functions that take immutable references and return
+/// mutable ones.
+///
+/// **Why is this bad?** This is trivially unsound, as one can create two mutable references
+/// from the same (immutable!) source. This [error](https://github.com/rust-lang/rust/issues/39465)
+/// actually lead to an interim Rust release 1.15.1.
+///
+/// **Known problems:** To be on the conservative side, if there's at least one mutable reference
+/// with the output lifetime, this lint will not trigger. In practice, this case is unlikely anyway.
+///
+/// **Example:**
+/// ```rust
+/// fn foo(&Foo) -> &mut Bar { .. }
+/// ```
+declare_lint! {
+ pub MUT_FROM_REF,
+ Warn,
+ "fns that create mutable refs from immutable ref args"
+}
#[derive(Copy,Clone)]
pub struct PointerPass;
impl LintPass for PointerPass {
fn get_lints(&self) -> LintArray {
- lint_array!(PTR_ARG, CMP_NULL)
+ lint_array!(PTR_ARG, CMP_NULL, MUT_FROM_REF)
}
}
@@ -111,6 +132,37 @@ fn check_fn(cx: &LateContext, decl: &FnDecl, fn_id: NodeId) {
}
}
}
+
+ if let FunctionRetTy::Return(ref ty) = decl.output {
+ if let Some((out, MutMutable, _)) = get_rptr_lm(ty) {
+ let mut immutables = vec![];
+ for (_, ref mutbl, ref argspan) in
+ decl.inputs
+ .iter()
+ .filter_map(|ty| get_rptr_lm(ty))
+ .filter(|&(lt, _, _)| lt.name == out.name) {
+ if *mutbl == MutMutable {
+ return;
+ }
+ immutables.push(*argspan);
+ }
+ if immutables.is_empty() {
+ return;
+ }
+ span_lint_and_then(cx, MUT_FROM_REF, ty.span, "mutable borrow from immutable input(s)", |db| {
+ let ms = MultiSpan::from_spans(immutables);
+ db.span_note(ms, "immutable borrow here");
+ });
+ }
+ }
+}
+
+fn get_rptr_lm(ty: &Ty) -> Option<(&Lifetime, Mutability, Span)> {
+ if let Ty_::TyRptr(ref lt, ref m) = ty.node {
+ Some((lt, m.mutbl, ty.span))
+ } else {
+ None
+ }
}
fn is_null_path(expr: &Expr) -> bool {
diff --git a/src/main.rs b/src/main.rs
index 7a744356eb4..ac90528c606 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,7 +1,6 @@
// error-pattern:yummy
#![feature(box_syntax)]
#![feature(rustc_private)]
-#![feature(static_in_const)]
#![allow(unknown_lints, missing_docs_in_private_items)]
diff --git a/tests/ui/mut_from_ref.rs b/tests/ui/mut_from_ref.rs
new file mode 100644
index 00000000000..35bff9371d9
--- /dev/null
+++ b/tests/ui/mut_from_ref.rs
@@ -0,0 +1,48 @@
+#![feature(plugin)]
+#![plugin(clippy)]
+#![allow(unused)]
+#![deny(mut_from_ref)]
+
+struct Foo;
+
+impl Foo {
+ fn this_wont_hurt_a_bit(&self) -> &mut Foo {
+ unimplemented!()
+ }
+}
+
+trait Ouch {
+ fn ouch(x: &Foo) -> &mut Foo;
+}
+
+impl Ouch for Foo {
+ fn ouch(x: &Foo) -> &mut Foo {
+ unimplemented!()
+ }
+}
+
+fn fail(x: &u32) -> &mut u16 {
+ unimplemented!()
+}
+
+fn fail_lifetime<'a>(x: &'a u32, y: &mut u32) -> &'a mut u32 {
+ unimplemented!()
+}
+
+fn fail_double<'a, 'b>(x: &'a u32, y: &'a u32, z: &'b mut u32) -> &'a mut u32 {
+ unimplemented!()
+}
+
+// this is OK, because the result borrows y
+fn works<'a>(x: &u32, y: &'a mut u32) -> &'a mut u32 {
+ unimplemented!()
+}
+
+// this is also OK, because the result could borrow y
+fn also_works<'a>(x: &'a u32, y: &'a mut u32) -> &'a mut u32 {
+ unimplemented!()
+}
+
+fn main() {
+ //TODO
+}
diff --git a/tests/ui/mut_from_ref.stderr b/tests/ui/mut_from_ref.stderr
new file mode 100644
index 00000000000..5098d7d0ab5
--- /dev/null
+++ b/tests/ui/mut_from_ref.stderr
@@ -0,0 +1,67 @@
+error: mutable borrow from immutable input(s)
+ --> $DIR/mut_from_ref.rs:9:39
+ |
+9 | fn this_wont_hurt_a_bit(&self) -> &mut Foo {
+ | ^^^^^^^^
+ |
+note: lint level defined here
+ --> $DIR/mut_from_ref.rs:4:9
+ |
+4 | #![deny(mut_from_ref)]
+ | ^^^^^^^^^^^^
+note: immutable borrow here
+ --> $DIR/mut_from_ref.rs:9:29
+ |
+9 | fn this_wont_hurt_a_bit(&self) -> &mut Foo {
+ | ^^^^^
+
+error: mutable borrow from immutable input(s)
+ --> $DIR/mut_from_ref.rs:15:25
+ |
+15 | fn ouch(x: &Foo) -> &mut Foo;
+ | ^^^^^^^^
+ |
+note: immutable borrow here
+ --> $DIR/mut_from_ref.rs:15:16
+ |
+15 | fn ouch(x: &Foo) -> &mut Foo;
+ | ^^^^
+
+error: mutable borrow from immutable input(s)
+ --> $DIR/mut_from_ref.rs:24:21
+ |
+24 | fn fail(x: &u32) -> &mut u16 {
+ | ^^^^^^^^
+ |
+note: immutable borrow here
+ --> $DIR/mut_from_ref.rs:24:12
+ |
+24 | fn fail(x: &u32) -> &mut u16 {
+ | ^^^^
+
+error: mutable borrow from immutable input(s)
+ --> $DIR/mut_from_ref.rs:28:50
+ |
+28 | fn fail_lifetime<'a>(x: &'a u32, y: &mut u32) -> &'a mut u32 {
+ | ^^^^^^^^^^^
+ |
+note: immutable borrow here
+ --> $DIR/mut_from_ref.rs:28:25
+ |
+28 | fn fail_lifetime<'a>(x: &'a u32, y: &mut u32) -> &'a mut u32 {
+ | ^^^^^^^
+
+error: mutable borrow from immutable input(s)
+ --> $DIR/mut_from_ref.rs:32:67
+ |
+32 | fn fail_double<'a, 'b>(x: &'a u32, y: &'a u32, z: &'b mut u32) -> &'a mut u32 {
+ | ^^^^^^^^^^^
+ |
+note: immutable borrow here
+ --> $DIR/mut_from_ref.rs:32:27
+ |
+32 | fn fail_double<'a, 'b>(x: &'a u32, y: &'a u32, z: &'b mut u32) -> &'a mut u32 {
+ | ^^^^^^^ ^^^^^^^
+
+error: aborting due to 5 previous errors
+