lint ImproperCTypes: overhaul (take 2 of "better handling of indirections") #134697
Conversation
rustbot
added
S-waiting-on-review
|
( |
|
ah, and before I forget: a small part of the new test file is commented out because it hits ICE #134587, but there should be more than decent coverage anyway |
|
unfortunately the lint needs to be gutted and rewritten. |
|
Also while I was possibly having a mild case of get-there-itis and thus mostly tried to just make sure things were coherent, I would prefer all new code for the lint be in |
workingjubilee
added
S-waiting-on-author
|
The version cut happened so there will be less time pressure now. |
|
I have a first version for you probably have things to say about its architecture, even if the whole thing still have a bunch of TODO comments
If you want to take a look in this state, should I just commit it here? (possibly put the PR in draft mode while I'm at it?) |
|
☔ The latest upstream changes (presumably #135525) made this pull request unmergeable. Please resolve the merge conflicts. |
niacdoial
force-pushed
the
linting-ptrdyn-ffi
branch
from
5764b36 to
6c19cff
Compare
|
aaaand I think I have something that's "first draft" material! (should I put this pull in the "draft" state?) here's a list of some of my remaining questions and concerns:
|
This comment has been minimized.
This comment has been minimized.
|
☔ The latest upstream changes (presumably #135921) made this pull request unmergeable. Please resolve the merge conflicts. |
niacdoial
force-pushed
the
linting-ptrdyn-ffi
branch
from
6c19cff to
13720e7
Compare
This comment has been minimized.
This comment has been minimized.
|
hmm. |
workingjubilee
added
S-waiting-on-review
Yes, it's a good marker for "I don't want this merged yet, even if it looks done". |
It probably is.
Yes, but in particular, not to just repartition them between: I think breaking them into as many conceptually-smaller lints as possible is good, as long as each one is a distinct idea (no splitting just for the sake of splitting!).
I'm not sure what you mean?
We must allow Rust code to declare a pointer in a C signature to be
Yes, probably. |
| // but for some reason one can just go and write function *pointers* like that: | ||
| // `type Foo = extern "C" fn(::std::ffi::CStr);` |
There was a problem hiding this comment.
- Because unsized function parameters are something we may want to support.
- The code may not be well-formed: as you may have noticed at some point, you get warnings even if you get errors (usually), and this is because we lint even on "bad" code. This is because rustc didn't use to, once upon a time, and it was a bad debugging experience.
workingjubilee
added
S-waiting-on-author
|
alright, sorry for taking a while! I'm currently planning what changes I'll do in terms of splitting the lint(s)
well, this is more or less answered in what I said before that, but my question was about how to deal with "switching" from checking arguments for, say, a function definition, to checking the arguments of a FnPtr argument?
I... maybe? I can't for the life of me find the link to that again but I think I saw a discussion about that and type covariance/contravariance, Though you'll definitely know more than me on all the moving parts. As for the rest of your advice, I already took all this in! |
visitation steps [does not pass tests]
- removed special-case logic for a few cases (including the unit type, which is now only checked for in one place) - moved a lot of type-checking code in their dedicated visit_* methods - reworked FfiResult type to handle multiple diagnostics per type (currently imperfect due to type caching) - reworked the messages around CStr and CString
…ed from non-rust code
niacdoial
force-pushed
the
linting-ptrdyn-ffi
branch
from
ee6f1cd to
6cab7b5
Compare
rustbot
added
the
A-LLVM
This comment has been minimized.
This comment has been minimized.
niacdoial
force-pushed
the
linting-ptrdyn-ffi
branch
from
6cab7b5 to
a32c27b
Compare
This comment has been minimized.
This comment has been minimized.
- now the lint scans repr(C) struct/enum/union definitions - it now also scans method declarations in traits - many other changes in the underlying logic - some extra tests
- also fix a couple of thorny typos in/around types.rs::is_outer_optionlike_around_ty() and subsequently fix library and tests
- do not check ADT definitions themselves, it turns out `repr(C)` is not a strong enough signal to determine if something is designed for FFIs - however, start checking static variables with `#[no_mangle]` or `#[export_name=_]`, even if that's not a perfect signal due to the lack of specified ABI - some changes to the LLVM codegen so it can be seen as FFI-safe
for now, let's fully remove this lint. it might be reintroduced later as a way to make the lints ignore the inside of some ADT definitions
- make clippy happy about the changes in rust_codegen_llvm - split a test stderr into 32bit and 64bit - fix some documentation
niacdoial
force-pushed
the
linting-ptrdyn-ffi
branch
from
a32c27b to
b70eb45
Compare
|
Some changes occurred in compiler/rustc_codegen_cranelift cc @bjorn3 This PR modifies cc @jieyouxu This PR changes a file inside Some changes occurred in src/tools/clippy cc @rust-lang/clippy These commits modify the If this was unintentional then you should revert the changes before this PR is merged. rust-analyzer is developed in its own repository. If possible, consider making this change to rust-lang/rust-analyzer instead. cc @rust-lang/rust-analyzer Some changes occurred in compiler/rustc_codegen_llvm/src/llvm/enzyme_ffi.rs cc @ZuseZ4 The Miri subtree was changed cc @rust-lang/miri |
|
...ok that's what I get for clicking a button at 1h30 am. I'll fix all this new stuff tomorrow |
|
as an answer to those automated warnings: things that might need further changes
mostly changes to add the new lints to the documentation, and some expected lint reshuffling in the tests things with no further changes needed IMO
just a lint rename
yes. I was removing
done
the only change is an added dependency of
the changes are basically to wrap the |
|
☔ The latest upstream changes (presumably #141824) made this pull request unmergeable. Please resolve the merge conflicts. |
|
at this point I think I'll deal with this (merge conflicts) when reviews have occurred. Probably the same amount of human work on my side, but it prevents changes of code mid-review, and will save a bunch of compute time running all tests every two days |
|
Sorry, had taken a bit to claw through review backlog accumulated during RustWeek! |
So, an odd thing happened: We discovered that "a struct with uninhabited fields" is actually how we model the ABI of functions that are marked Specifically, we fixed " |
| /// use it, and for all functions that return references or boxes, | ||
| /// preface them/their docs with `|wrap` for automated non-null-assumption checks on those returns | ||
| #[macro_export] | ||
| macro_rules! wrap_returns_in_options { |
There was a problem hiding this comment.
hm. sadly, that we need this feels like a warning that the current changeset is a bit too ambitious and will require too sudden and sharp a migration.
There was a problem hiding this comment.
Eugh. I hope I am not suddenly changing my mind on you.
It's a questionable thing obviously, but I'm not sure if we can in good conscience extend the warning so widely here.
There was a problem hiding this comment.
yeah...
I think this can be postponed to a later PR and a separate (sub)lint, like for checking the types of pointees (if the pointers themselves are good)
I'll just add a commit that reverts this part, so it can be un-reverted easily later.
how much should I remove from this? Do I make the smallest amount of changes relative to the current state of this PR, or do I remove as much as possible to reduce the size of the PR as a whole?
(also, this huge macro_rules! item and its uses will go away, but should I also remove the changes to rustc_codegen_llvm::back::write and library::proc_macro::bridge::{buffer,closure}?)
also also, for what is worth, this part of the lint was indeed your suggestion to begin with, :P (here). don't worry though, it was one of the easier things to take into account
| // FIXME: this following call is awkward. | ||
| // is there a way to perform its logic in MIR space rather than HIR space? | ||
| // (so that its logic can be absorbed into visitor.visit_struct_or_union) | ||
| visitor.check_struct_for_power_alignment(cx, item, adt_def); | ||
| } |
There was a problem hiding this comment.
We probably can rip out the power alignment lint, it is just papering over llvm/llvm-project#133599
There was a problem hiding this comment.
ok?
I feel out of my depth here, given that linked issue is still open. (and if I read the comments on it correctly, it's up to the compilers that use LLVM to make sure they get the alignment right? has rust implemented this somewhere already?)
so, let me ask another way: do you want me to remove this lint during this PR? If so, no problem.
so... option 1 (all uninhabited returns allowed) for now, and later restrict this to option 2 (only
oh, right I should have anticipated this. still, no problem! I kinda expected you to have a lot of other things taking your time (especially if some are more critical than a lint revamp) |
|
Adding this pull that just landed and causes a few merge conflicts as required reading for myself, eventhough I started reading parts of it. (I should have seen this while it was in RFC... at least this gives me a slight clarification about the PowerAlignment lint thing) |
This PR started as a try to re-add the changes of #131669 (reverted in #134064 after one (1) nightly)
It has since evolved in an overhaul of the ImproperCTypes lints, splitting the two lints into four:
extern "ABI"blocksextern "ABI"functions#[no_mangle]/1[export_name=_]static variablesextern "ABI"callbacks (ty::FnPtrarguments/return types/ADT fields)It also allows for "detailed" lint messages, with successive notes that amount to "this is unsafe because of that, which is unsafe because of that, which is unsafe for this reason", and possible help messages at every step.
Hopefully the overall architecture of the lint is something less special-case-y, with better-separated abstractions.
the comment containing the most recent summary of the decisions and considerations is #134697 (comment)
oh, also, since this was already fixing it for the wrong reasons, I decided to add something that fixes it for the right ones:
Fixes #130310
(leaving this in because it was in the original version of this description:)
r? workingjubilee (because you reviewed the first attempt)