Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lint transmute where source type is unspecified. #715

Closed
ticki opened this issue Feb 26, 2016 · 2 comments · Fixed by #12239
Closed

Lint transmute where source type is unspecified. #715

ticki opened this issue Feb 26, 2016 · 2 comments · Fixed by #12239
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. L-correctness Lint: Belongs in the correctness lint group T-middle Type: Probably requires verifiying types

Comments

@ticki
Copy link

ticki commented Feb 26, 2016

This is an easy way to create UB. For example:

unsafe {
    let bytes = [0u8; 4];
    let num = *mem::transmute<_, &u32>(bytes);
}

The error (resulting in segfault) might be a little hard to spot. The problem is that the array is transmuted into a null pointer. The transmute argument should be &bytes instead.

By forcing the programmer to add type annotations, he or she is not as likely to commit this mistake (since it will be catched during type checking):

unsafe {
    let bytes = [0; 4];
    let num = *mem::transmute<&[u8; 4], &u32>(&bytes);
}

Since this is a major source of bugs resulting in UB, I propose adding a lint being deny by default, which forces the programmer to annotate the type.
@Manishearth
Copy link
Member

I'm against deny lints for anything that isn't outright wrong.

Also, your code above won't compile due to the size requirement on transmute. I don't think annotations are explicitly necessary due to this requirement. Given this I'd actually prefer allow, but am okay with warn.

@ticki
Copy link
Author

ticki commented Feb 26, 2016

Oh, yeah. The code is wrong, but the idea is right. This is an issue, I've dealt with multiple times. I have found explicit notation to help a lot on these errors.

Maybe deny is too much? warn would be fine. I think allow would be a little misplaced, since this is actually something that can lead to UB and/or logic errors.

@mcarton mcarton added the A-lint Area: New lints label Feb 26, 2016
@mcarton mcarton added E-medium Call for participation: Medium difficulty level problem and requires some initial experience. T-middle Type: Probably requires verifiying types L-correctness Lint: Belongs in the correctness lint group labels Jul 3, 2016
@oli-obk oli-obk mentioned this issue Apr 6, 2017
Open
@GuillaumeGomez GuillaumeGomez mentioned this issue Feb 7, 2024
Merged
@bors bors closed this as completed in 95c62ff Mar 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. L-correctness Lint: Belongs in the correctness lint group T-middle Type: Probably requires verifiying types
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add missing_transmute_annotations lint GuillaumeGomez/rust-clippy
3 participants
@Manishearth @mcarton @ticki