Warn against calls which mutates an interior mutable const-item

[Urgau]

interior_mutable_const_item_mutations

suspicious_mutation_of_interior_mutable_consts

warn-by-default

The interior_mutable_const_item_mutations lint checks for calls which mutates an interior mutable const-item.

Example

use std::sync::Once;

const INIT: Once = Once::new(); // using `INIT` will always create a temporary and
                                // never modify it-self on use, should be a `static`
                                // instead for shared use

fn init() {
    INIT.call_once(|| {
        println!("Once::call_once first call");
    });
}

warning: mutation of an interior mutable `const` item with call to `call_once`
  --> a.rs:11:5
   |
11 |       INIT.call_once(|| {
   |       ^---
   |       |
   |  _____`INIT` is a interior mutable `const` item of type `std::sync::Once`
   | |
12 | |         println!("Once::call_once first call");
13 | |     });
   | |______^
   |
   = note: each usage of a `const` item creates a new temporary
   = note: only the temporaries and never the original `const INIT` will be modified
   = help: for more details on interior mutability see <https://doc.rust-lang.org/reference/interior-mutability.html>
   = note: `#[warn(interior_mutable_const_item_mutations)]` on by default
help: for a shared instance of `INIT`, consider making it a `static` item instead
   |
 6 - const INIT: Once = Once::new(); // using `INIT` will always create a temporary and
 6 + static INIT: Once = Once::new(); // using `INIT` will always create a temporary and
   |

Explanation

Calling a method which mutates an interior mutable type has no effect as const-item are essentially inlined wherever they are used, meaning that they are copied directly into the relevant context when used rendering modification through interior mutability ineffective across usage of that const-item.

The current implementation of this lint only warns on significant std and core interior mutable types, like Once, AtomicI32, ... this is done out of prudence and may be extended in the future.

---

This PR is an targeted alternative to #132146. It avoids false-positives by adding an internal-only attribute #[rustc_must_not_call_on_interior_mutable_consts] on methods and functions that mutates an interior mutale type through a shared reference (mutable refrences are already linted by the const_item_mutation lint).

It should also be noted that this is NOT an uplift of the more general clippy::borrow_interior_mutable_const lint, which is a much more general lint regarding borrow of interior mutable types, but has false-positives that are completly avoided by this lint.

A simple GitHub Search reveals many instance where the user probably wanted to use a static-item instead.

---

@rustbot labels +I-lang-nominated +T-lang
cc @traviscross
r? compiler

Fixes IRLO - Forbidding creation of constant mutexes, etc
Fixes #132028
Fixes #40543

[rustbot]

Some changes occurred in compiler/rustc_passes/src/check_attr.rs

cc @jdonszelmann

Some changes occurred in compiler/rustc_hir/src/attrs

cc @jdonszelmann

Some changes occurred in src/tools/clippy

cc @rust-lang/clippy

Some changes occurred in compiler/rustc_attr_parsing

cc @jdonszelmann

[traviscross]

Thanks for the PR. For my part, I like the approach.

Regarding the name, since this only affects const items (i.e., not e.g. const blocks), I'd probably like to have "item" or "items" in the name (as with const-item-mutation). Probably, also, I'd put the plural on "mutations" rather than on "consts" or on "items".

The word "suspicious" in a lint name makes sense when only a subset of the named things are suspicious. E.g., with suspicious-double-ref-op, not all operations on double references are suspicious, but some are. For this one, do we know of any cases of mutations on interior mutable const items that aren't suspicious? (I.e., even if we're only linting a subset at the moment, due to needing to manually mark which functions actually do mutations through a shared reference.)

If not, maybe I'd think to name it interior_mutable_const_item_mutations (and if so, maybe suspicous_interior_mutable_const_item_mutations).

Probably I'd also think about whether we might want to rename const-item-mutation into const-item-mut-refs and then make const-item-mutations (adding the plural) into a lint group that covers both const-item-mut-refs and interior-mutable-const-item-mutations.

[traviscross]

Makes sense to me. I propose we do this.

@rfcbot fcp merge

[rust-rfcbot]

Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members:

• @joshtriplett
• @nikomatsakis
• @scottmcm
• @tmandry
• @traviscross

No concerns currently listed.

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns.
See this document for info about what commands tagged team members can give me.

[camsteffen]

For naming, s/interior mutable item mutations/item interior mutations.