patterns: reject raw pointers that are not just integers

[RalfJung]

Matching against 0 as *const i32 is fine, matching against &42 as *const i32 is not.

This extends the existing check against function pointers and wide pointers: we now uniformly reject all these pointer types during valtree construction, and then later lint because of that. See here for some more explanation and context.

Also fixes #116929.

Cc @oli-obk @lcnr

[rustbot]

r? @davidtwco

(rustbot has picked a reviewer for you, use r? to override)

[RalfJung]

I didn't realize this lint is still allow-by-default oO. Seems high time we make it warn-by-default?

[RalfJung]

The 2nd commit makes this forbid-by-default so we can crater it.
@bors try

[bors]

⌛ Trying commit 0787e62 with merge ebb1189...

[RalfJung]

Due to #116929 this lint still has a big gap, it'll only find bad raw pointers "at the root".

I wonder if with this change to valtree construction, we can make it so that some lint always fires when a const is used as a pattern and valtree construction fails? I do think those cases should all become hard errors eventually...

[bors]

☀️ Try build successful - checks-actions
Build commit: ebb1189 (ebb118907fa893a392c699ddf120848fa0a8d6c2)

[RalfJung]

Let's see how much fallout we're getting from this weak form of the lint.
@craterbot check

[craterbot]

👌 Experiment pr-116930 created and queued.
🤖 Automatically detected try build ebb1189
🔍 You can check out the queue and this experiment's details.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[rustbot]

Some changes might have occurred in exhaustiveness checking

cc @Nadrieril

[RalfJung]

Lol, the doctest for StructuralEq uses a function pointer as a bad example.^^

[RalfJung]

FWIW these entire trait docs are outdated; that's tracked in #115881.

[craterbot]

🚧 Experiment pr-116930 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🎉 Experiment pr-116930 is completed!
📊 876 regressed and 3 fixed (379825 total)
📰 Open the full report.

⚠️ If you notice any spurious failure please add them to the blacklist!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[RalfJung]

@craterbot run mode=check-only crates=https://crater-reports.s3.amazonaws.com/pr-116930/retry-regressed-list.txt

[RalfJung]

Those seem to be 3 legit regressions:

• this matched on a fn ptr (so already triggered the lint before this PR, but the lint was allow-by-default)
• same here
• and same here

In particular, none of them is matching on a raw pointer that was not derived from an integer. So IMO we should land this PR to make sure people don't start doing that.

[RalfJung]

@rust-lang/lang this PR does three things:

• it fixes our old lint that detects match on function pointers and wide pointers to also catch cases where those pointers are hidden inside other types
• it makes that lint warn-by-default (but doesn't yet make it show up in dependencies)
• it makes the lint also trigger when encountering a raw pointer that was not constructed via int as *const/mut T, but e.g. via &something as *const T -- those allocations don't have guarantees on their ptr equality just like function pointers and vtables, so we should reject them for the same reason.

We haven't reached a proper conclusion in the recent "match on const" meeting, but the general direction seems to have been towards "it should still work like a pattern" (and not like sugar for ==), and this PR is a crucial step towards ensuring that they do indeed behave like a pattern, with structural properties and all that. Even if the goal is just to future-proof against both options (as has been the strategy so far), we want this warning.

Crater found only 3 cases where the warning triggers, in the entire ecosystem. All of them would already warn on stable if they enabled the lint; the new cases covered by this PR were not detected at all by crater.

[davidtwco]

Implementation changes look good to me, r=me after decisions from t-lang.

[davidtwco]

nit: could be part of the condition on the previous line

[nikomatsakis]

I'm in favor of this. (I also have thoughts on the semantics of matching on constants -- tl;dr I think I'm ready to accept "match is not an extensible mechanism" and hence will not act the same as == so we can stop talking about it -- but those are best discussed elsewhere, I assume)

[WaffleLapkin]

T-lang meeting consensus: let's do this, no FCP needed.

[RalfJung]

@bors r=davidtwco

[bors]

📌 Commit 3058865 has been approved by davidtwco

It is now in the queue for this repository.

[bors]

⌛ Testing commit 3058865 with merge fdaaaf9...

[bors]

☀️ Test successful - checks-actions
Approved by: davidtwco
Pushing fdaaaf9 to master...

[rust-timer]

Finished benchmarking commit (fdaaaf9): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	0.6%	[0.4%, 1.4%]	5
Regressions ❌ (secondary)	3.6%	[3.6%, 3.6%]	1
Improvements ✅ (primary)	-0.7%	[-1.1%, -0.5%]	7
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-0.1%	[-1.1%, 1.4%]	12

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	0.4%	[0.4%, 0.5%]	2
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-0.4%	[-0.4%, -0.4%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	0.1%	[-0.4%, 0.5%]	3

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 662.394s -> 663.159s (0.12%)
Artifact size: 308.74 MiB -> 308.75 MiB (0.00%)