Add analyzer+codefix for unsafe methods missing [RequiresUnsafe]#125196
Add analyzer+codefix for unsafe methods missing [RequiresUnsafe]#125196
Conversation
Add a new DiagnosticAnalyzer (UnsafeMethodMissingRequiresUnsafeAnalyzer) that warns when a method, constructor, or local function has the 'unsafe' modifier but is not annotated with [RequiresUnsafe]. Add a matching CodeFixProvider that adds the [RequiresUnsafe] attribute to the flagged declaration. Both are #if DEBUG guarded and enabled via the existing EnableUnsafeAnalyzer MSBuild property. New diagnostic: IL5004 (UnsafeMethodMissingRequiresUnsafe) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
dotnet-policy-service
bot
added
the
linkable-framework
Now based on methods with pointer types, rather than methods with .
…r-content-125195 # Conflicts: # src/libraries/Common/src/Interop/Unix/System.Native/Interop.Futex.cs # src/libraries/System.Private.CoreLib/src/System/Threading/LowLevelFutex.Unix.cs
- Remove lambda/anonymous method break in RequiresUnsafeAnalyzer so unsafe context flows through nested lambdas (matching C# semantics) - Add FieldDeclarationSyntax to IsInRequiresScope for unsafe field initializers - Remove [RequiresUnsafe] from files compiled outside CoreLib (Common/, nativeaot/Runtime.Base/, Resources/) where the attribute is unavailable - Add tests for lambda-in-unsafe-method, anonymous delegate, and field initializer scenarios Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use the DiagnosticSeverity.Info overload so IL5004 shows as a suggestion rather than a warning/error in builds. Update tests to expect Info severity. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
agocke
force-pushed
the
copilot/duplicate-pr-content-125195
branch
from
c08c9a1 to
a6490f4
Compare
…r-content-125195 # Conflicts: # src/coreclr/System.Private.CoreLib/src/System/AppContext.CoreCLR.cs # src/coreclr/System.Private.CoreLib/src/System/StartupHookProvider.CoreCLR.cs
Co-authored-by: agocke <515774+agocke@users.noreply.github.com>
| [NonVersionable] | ||
| [CLSCompliant(false)] | ||
| [MethodImpl(MethodImplOptions.AggressiveInlining)] | ||
| [RequiresUnsafe] |
There was a problem hiding this comment.
@copilot Revert RequiresUnsafe on Add and Subtract methods in this file. They do not dereference the pointer:
There was a problem hiding this comment.
Removed [RequiresUnsafe] from both Add<T>(void*, int) and Subtract<T>(void*, int) in 66211d8.
| /// <para>This method is a thin wrapper over the C <c>calloc</c> API.</para> | ||
| /// </remarks> | ||
| [CLSCompliant(false)] | ||
| [RequiresUnsafe] |
There was a problem hiding this comment.
Do we have a definitive answer about Alloc and AllocZeroed?
There was a problem hiding this comment.
I don't see why it would be unsafe -- just a function that returns a pointer. Even if it returned an invalid pointer, there's nothing unsafe about having an invalid pointer, only dereferencing it.
@copilot can you remove RequiresUnsafe?
There was a problem hiding this comment.
Removed [RequiresUnsafe] from all Alloc and AllocZeroed overloads across NativeMemory.cs and NativeMemory.Unix.cs in f06fd45.
Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
| @@ -281,6 +281,7 @@ public static TTo BitCast<TFrom, TTo>(TFrom source) | |||
| [NonVersionable] | |||
There was a problem hiding this comment.
@copilot Add RequiresUnsafe to Add and Subtract methods in this file that return ref T
There was a problem hiding this comment.
Added [RequiresUnsafe] to all 6 Add and Subtract methods returning ref T in 4a5abce. The void*-returning variants remain without the attribute.
…nsafe.cs Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
| // Mono:Add | ||
| [NonVersionable] | ||
| [MethodImpl(MethodImplOptions.AggressiveInlining)] | ||
| [RequiresUnsafe] |
There was a problem hiding this comment.
@copilot Add RequiresUnsafe to AddByteOffset and SubtractByteOffset methods in this file that return ref T
There was a problem hiding this comment.
Added [RequiresUnsafe] to all 4 AddByteOffset and SubtractByteOffset methods returning ref T in ba966e8.
Co-authored-by: agocke <515774+agocke@users.noreply.github.com>
…returning ref T Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
Description
Cherry-pick of PR #125195 (agocke/runtime). Adds a Roslyn analyzer and code fixer that warns on methods with the
unsafemodifier but missing[RequiresUnsafe], and applies[RequiresUnsafe]to allunsafemethods in System.Private.CoreLib.UnsafeMethodMissingRequiresUnsafeAnalyzer): ReportsIL2900onunsafemethods lacking[RequiresUnsafe]UnsafeMethodMissingRequiresUnsafeCodeFixProvider): Adds[RequiresUnsafe]attribute automatically[RequiresUnsafe]MdImport.cs— kept currentLibraryImport/partialsignature (diverged from fork'sMethodImpl/extern), added[RequiresUnsafe][RequiresUnsafe]fromIntPtr.csandUIntPtr.cs— pointers in those files do not implyRequiresUnsafe[RequiresUnsafe]fromAdd<T>(void*, int)andSubtract<T>(void*, int)inUnsafe.cs— these methods do not dereference the pointer[RequiresUnsafe]to allAdd,Subtract,AddByteOffset, andSubtractByteOffsetmethods returningref TinUnsafe.cs— these perform pointer arithmetic on references[RequiresUnsafe]fromAllocandAllocZeroedinNativeMemory.csandNativeMemory.Unix.cs— returning a pointer is not inherently unsafe, only dereferencing it would be🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.