Commit dfc4a7b

committed

make unaligned_reference a hard error

1 parent f361413 commit dfc4a7bCopy full SHA for dfc4a7b

File tree

27 files changed

+170

-686

lines changed

compiler
- rustc_error_codes/src
  - error_codes.rs
  - error_codes
    - E0793.md
- rustc_lint_defs/src
  - builtin.rs
- rustc_lint/src
  - lib.rs
- rustc_mir_transform/src
  - check_packed_ref.rs
src/tools/miri/tests/fail/unaligned_pointers
- reference_to_packed.rs
- reference_to_packed.stderr
tests/ui

27 files changed

+170

-686

lines changed

`‎compiler/rustc_error_codes/src/error_codes.rs‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`// /!\ IMPORTANT /!\`
`6`	`6`	`//`
`7`	`7`	`// Error messages' format must follow the RFC 1567 available here:`
`8`		`-// https://github.com/rust-lang/rfcs/pull/1567`
	`8`	`+// https://rust-lang.github.io/rfcs/1567-long-error-codes-explanation-normalization.html`
`9`	`9`
`10`	`10`	`register_diagnostics! {`
`11`	`11`	`E0001: include_str!("./error_codes/E0001.md"),`
`@@ -510,6 +510,7 @@ E0789: include_str!("./error_codes/E0789.md"),`
`510`	`510`	`E0790: include_str!("./error_codes/E0790.md"),`
`511`	`511`	`E0791: include_str!("./error_codes/E0791.md"),`
`512`	`512`	`E0792: include_str!("./error_codes/E0792.md"),`
	`513`	`+E0793: include_str!("./error_codes/E0793.md"),`
`513`	`514`	`;`
`514`	`515`	`// E0006, // merged with E0005`
`515`	`516`	`// E0008, // cannot bind by-move into a pattern guard`

`‎compiler/rustc_error_codes/src/error_codes/E0793.md‎`

Lines changed: 64 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,64 @@`
	`1`	`+An unaligned references to a field of a [packed] struct got created.`
	`2`	`+`
	`3`	`+Erroneous code example:`
	`4`	`+`
	`5`	+```compile_fail,E0793
	`6`	`+#[repr(packed)]`
	`7`	`+pub struct Foo {`
	`8`	`+ field1: u64,`
	`9`	`+ field2: u8,`
	`10`	`+}`
	`11`	`+`
	`12`	`+unsafe {`
	`13`	`+ let foo = Foo { field1: 0, field2: 0 };`
	`14`	`+ // Accessing the field directly is fine.`
	`15`	`+ let val = foo.field1;`
	`16`	`+ // A reference to a packed field causes a error.`
	`17`	`+ let val = &foo.field1; // ERROR`
	`18`	+ // An implicit `&` is added in format strings, causing the same error.
	`19`	`+ println!("{}", foo.field1); // ERROR`
	`20`	`+}`
	`21`	+```
	`22`	`+`
	`23`	`+Creating a reference to an insufficiently aligned packed field is`
	`24`	+[undefined behavior] and therefore disallowed. Using an `unsafe` block does not
	`25`	`+change anything about this. Instead, the code should do a copy of the data in`
	`26`	`+the packed field or use raw pointers and unaligned accesses.`
	`27`	`+`
	`28`	+```
	`29`	`+#[repr(packed)]`
	`30`	`+pub struct Foo {`
	`31`	`+ field1: u64,`
	`32`	`+ field2: u8,`
	`33`	`+}`
	`34`	`+`
	`35`	`+unsafe {`
	`36`	`+ let foo = Foo { field1: 0, field2: 0 };`
	`37`	`+`
	`38`	`+ // Instead of a reference, we can create a raw pointer...`
	`39`	`+ let ptr = std::ptr::addr_of!(foo.field1);`
	`40`	`+ // ... and then (crucially!) access it in an explicitly unaligned way.`
	`41`	`+ let val = unsafe { ptr.read_unaligned() };`
	`42`	`+ // This would NOT be correct:`
	`43`	`+ // let val = unsafe { *ptr }; // Undefined Behavior due to unaligned load!`
	`44`	`+`
	`45`	`+ // For formatting, we can create a copy to avoid the direct reference.`
	`46`	`+ let copy = foo.field1;`
	`47`	`+ println!("{}", copy);`
	`48`	`+ // Creating a copy can be written in a single line with curly braces.`
	`49`	`+ // (This is equivalent to the two lines above.)`
	`50`	`+ println!("{}", { foo.field1 });`
	`51`	`+}`
	`52`	+```
	`53`	`+`
	`54`	`+### Additional information`
	`55`	`+`
	`56`	`+Note that this error is specifically about references to packed fields.`
	`57`	`+Direct by-value access of those fields is fine, since then the compiler has`
	`58`	`+enough information to generate the correct kind of access.`
	`59`	`+`
	`60`	`+See [issue #82523] for more information.`
	`61`	`+`
	`62`	`+[packed]: https://doc.rust-lang.org/reference/type-layout.html#the-alignment-modifiers`
	`63`	`+[undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html`
	`64`	`+[issue #82523]: https://github.com/rust-lang/rust/issues/82523`

`‎compiler/rustc_lint/src/lib.rs‎`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,6 @@ fn register_builtins(store: &mut LintStore) {`
`324`	`324`	`store.register_renamed("exceeding_bitshifts", "arithmetic_overflow");`
`325`	`325`	`store.register_renamed("redundant_semicolon", "redundant_semicolons");`
`326`	`326`	`store.register_renamed("overlapping_patterns", "overlapping_range_endpoints");`
`327`		`- store.register_renamed("safe_packed_borrows", "unaligned_references");`
`328`	`327`	`store.register_renamed("disjoint_capture_migration", "rust_2021_incompatible_closure_captures");`
`329`	`328`	`store.register_renamed("or_patterns_back_compat", "rust_2021_incompatible_or_patterns");`
`330`	`329`	`store.register_renamed("non_fmt_panic", "non_fmt_panics");`
`@@ -487,6 +486,16 @@ fn register_builtins(store: &mut LintStore) {`
`487`	`486`	`"converted into hard error, see issue #71800 \`
`488`	`487`	`<https://github.com/rust-lang/rust/issues/71800> for more information",`
`489`	`488`	`);`
	`489`	`+ store.register_removed(`
	`490`	`+ "safe_packed_borrows",`
	`491`	`+ "converted into hard error, see issue #82523 \`
	`492`	`+ <https://github.com/rust-lang/rust/issues/82523> for more information",`
	`493`	`+ );`
	`494`	`+ store.register_removed(`
	`495`	`+ "unaligned_references",`
	`496`	`+ "converted into hard error, see issue #82523 \`
	`497`	`+ <https://github.com/rust-lang/rust/issues/82523> for more information",`
	`498`	`+ );`
`490`	`499`	`}`
`491`	`500`
`492`	`501`	`fn register_internals(store: &mut LintStore) {`

`‎compiler/rustc_lint_defs/src/builtin.rs‎`

Lines changed: 0 additions & 46 deletions

Original file line number	Diff line number	Diff line change
`@@ -1187,51 +1187,6 @@ declare_lint! {`
`1187`	`1187`	`"lints that have been renamed or removed"`
`1188`	`1188`	`}`
`1189`	`1189`
`1190`		`-declare_lint! {`
`1191`		- /// The `unaligned_references` lint detects unaligned references to fields
`1192`		`- /// of [packed] structs.`
`1193`		`- ///`
`1194`		`- /// [packed]: https://doc.rust-lang.org/reference/type-layout.html#the-alignment-modifiers`
`1195`		`- ///`
`1196`		`- /// ### Example`
`1197`		`- ///`
`1198`		- /// ```rust,compile_fail
`1199`		`- /// #[repr(packed)]`
`1200`		`- /// pub struct Foo {`
`1201`		`- /// field1: u64,`
`1202`		`- /// field2: u8,`
`1203`		`- /// }`
`1204`		`- ///`
`1205`		`- /// fn main() {`
`1206`		`- /// unsafe {`
`1207`		`- /// let foo = Foo { field1: 0, field2: 0 };`
`1208`		`- /// let _ = &foo.field1;`
`1209`		- /// println!("{}", foo.field1); // An implicit `&` is added here, triggering the lint.
`1210`		`- /// }`
`1211`		`- /// }`
`1212`		- /// ```
`1213`		`- ///`
`1214`		`- /// {{produces}}`
`1215`		`- ///`
`1216`		`- /// ### Explanation`
`1217`		`- ///`
`1218`		`- /// Creating a reference to an insufficiently aligned packed field is [undefined behavior] and`
`1219`		- /// should be disallowed. Using an `unsafe` block does not change anything about this. Instead,
`1220`		`- /// the code should do a copy of the data in the packed field or use raw pointers and unaligned`
`1221`		`- /// accesses. See [issue #82523] for more information.`
`1222`		`- ///`
`1223`		`- /// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html`
`1224`		`- /// [issue #82523]: https://github.com/rust-lang/rust/issues/82523`
`1225`		`- pub UNALIGNED_REFERENCES,`
`1226`		`- Deny,`
`1227`		`- "detects unaligned references to fields of packed structs",`
`1228`		`- @future_incompatible = FutureIncompatibleInfo {`
`1229`		`- reference: "issue #82523 <https://github.com/rust-lang/rust/issues/82523>",`
`1230`		`- reason: FutureIncompatibilityReason::FutureReleaseErrorReportNow,`
`1231`		`- };`
`1232`		`- report_in_external_macro`
`1233`		`-}`
`1234`		`-`
`1235`	`1190`	`declare_lint! {`
`1236`	`1191`	/// The `const_item_mutation` lint detects attempts to mutate a `const`
`1237`	`1192`	`/// item.`
`@@ -3308,7 +3263,6 @@ declare_lint_pass! {`
`3308`	`3263`	`PUB_USE_OF_PRIVATE_EXTERN_CRATE,`
`3309`	`3264`	`INVALID_TYPE_PARAM_DEFAULT,`
`3310`	`3265`	`RENAMED_AND_REMOVED_LINTS,`
`3311`		`- UNALIGNED_REFERENCES,`
`3312`	`3266`	`CONST_ITEM_MUTATION,`
`3313`	`3267`	`PATTERNS_IN_FNS_WITHOUT_BODY,`
`3314`	`3268`	`MISSING_FRAGMENT_SPECIFIER,`

`‎compiler/rustc_mir_transform/src/check_packed_ref.rs‎`

Lines changed: 17 additions & 26 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
	`1`	`+use rustc_errors::struct_span_err;`
`1`	`2`	`use rustc_middle::mir::visit::{PlaceContext, Visitor};`
`2`	`3`	`use rustc_middle::mir::*;`
`3`	`4`	`use rustc_middle::ty::{self, TyCtxt};`
`4`		`-use rustc_session::lint::builtin::UNALIGNED_REFERENCES;`
`5`	`5`
`6`	`6`	`use crate::util;`
`7`	`7`	`use crate::MirLint;`
`@@ -49,31 +49,22 @@ impl<'tcx> Visitor<'tcx> for PackedRefChecker<'_, 'tcx> {`
`49`	`49`	`// shouldn't do.`
`50`	`50`	`unreachable!();`
`51`	`51`	`} else {`
`52`		`- let source_info = self.source_info;`
`53`		`- let lint_root = self.body.source_scopes[source_info.scope]`
`54`		`- .local_data`
`55`		`- .as_ref()`
`56`		`- .assert_crate_local()`
`57`		`- .lint_root;`
`58`		`- self.tcx.struct_span_lint_hir(`
`59`		`- UNALIGNED_REFERENCES,`
`60`		`- lint_root,`
`61`		`- source_info.span,`
`62`		`- "reference to packed field is unaligned",`
`63`		`- \|lint\| {`
`64`		`- lint`
`65`		`- .note(`
`66`		`- "fields of packed structs are not properly aligned, and creating \`
`67`		`- a misaligned reference is undefined behavior (even if that \`
`68`		`- reference is never dereferenced)",`
`69`		`- )`
`70`		`- .help(`
`71`		`- "copy the field contents to a local variable, or replace the \`
`72`		- reference with a raw pointer and use `read_unaligned`/`write_unaligned` \
`73`		- (loads and stores via `*p` must be properly aligned even when using raw pointers)"
`74`		`- )`
`75`		`- },`
`76`		`- );`
	`52`	`+ struct_span_err!(`
	`53`	`+ self.tcx.sess,`
	`54`	`+ self.source_info.span,`
	`55`	`+ E0793,`
	`56`	`+ "reference to packed field is unaligned"`
	`57`	`+ )`
	`58`	`+ .note(`
	`59`	`+ "fields of packed structs are not properly aligned, and creating \`
	`60`	`+ a misaligned reference is undefined behavior (even if that \`
	`61`	`+ reference is never dereferenced)",`
	`62`	`+ ).help(`
	`63`	`+ "copy the field contents to a local variable, or replace the \`
	`64`	+ reference with a raw pointer and use `read_unaligned`/`write_unaligned` \
	`65`	+ (loads and stores via `*p` must be properly aligned even when using raw pointers)"
	`66`	`+ )`
	`67`	`+ .emit();`
`77`	`68`	`}`
`78`	`69`	`}`
`79`	`70`	`}`

`‎src/tools/miri/tests/fail/unaligned_pointers/reference_to_packed.rs‎`

Lines changed: 10 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,19 +1,26 @@`
`1`	`1`	`// This should fail even without validation/SB`
`2`	`2`	`//@compile-flags: -Zmiri-disable-validation -Zmiri-disable-stacked-borrows`
`3`	`3`
`4`		`-#![allow(dead_code, unused_variables, unaligned_references)]`
	`4`	`+#![allow(dead_code, unused_variables)]`
	`5`	`+`
	`6`	`+use std::{ptr, mem};`
`5`	`7`
`6`	`8`	`#[repr(packed)]`
`7`	`9`	`struct Foo {`
`8`	`10`	`x: i32,`
`9`	`11`	`y: i32,`
`10`	`12`	`}`
`11`	`13`
	`14`	`+unsafe fn raw_to_ref<'a, T>(x: *const T) -> &'a T {`
	`15`	`+ mem::transmute(x)`
	`16`	`+}`
	`17`	`+`
`12`	`18`	`fn main() {`
`13`	`19`	`// Try many times as this might work by chance.`
`14`	`20`	`for _ in 0..20 {`
`15`	`21`	`let foo = Foo { x: 42, y: 99 };`
`16`		`- let p = &foo.x;`
`17`		`- let i = *p; //~ERROR: alignment 4 is required`
	`22`	`+ // There seem to be implicit reborrows, which make the error already appear here`
	`23`	`+ let p: &i32 = unsafe { raw_to_ref(ptr::addr_of!(foo.x)) }; //~ERROR: alignment 4 is required`
	`24`	`+ let i = *p;`
`18`	`25`	`}`
`19`	`26`	`}`

`‎src/tools/miri/tests/fail/unaligned_pointers/reference_to_packed.stderr‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`error: Undefined Behavior: accessing memory with alignment ALIGN, but alignment ALIGN is required`
`2`	`2`	`--> $DIR/reference_to_packed.rs:LL:CC`
`3`	`3`	`\|`
`4`		`-LL \| let i = *p;`
`5`		`- \| ^^ accessing memory with alignment ALIGN, but alignment ALIGN is required`
	`4`	`+LL \| let p: &i32 = unsafe { raw_to_ref(ptr::addr_of!(foo.x)) };`
	`5`	`+ \| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ accessing memory with alignment ALIGN, but alignment ALIGN is required`
`6`	`6`	`\|`
`7`	`7`	`= help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior`
`8`	`8`	`= help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information`

`‎tests/ui/binding/issue-53114-safety-checks.rs‎`

Lines changed: 0 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,13 +21,11 @@ fn let_wild_gets_unsafe_field() {`
`21`	`21`	`let u2 = U { a: I(1) };`
`22`	`22`	`let p = P { a: &2, b: &3 };`
`23`	`23`	`let _ = &p.b; //~ ERROR reference to packed field`
`24`		`- //~^ WARN will become a hard error`
`25`	`24`	`let _ = u1.a; // #53114: should eventually signal error as well`
`26`	`25`	`let _ = &u2.a; //~ ERROR [E0133]`
`27`	`26`
`28`	`27`	// variation on above with `_` in substructure
`29`	`28`	`let (_,) = (&p.b,); //~ ERROR reference to packed field`
`30`		`- //~^ WARN will become a hard error`
`31`	`29`	`let (_,) = (u1.a,); //~ ERROR [E0133]`
`32`	`30`	`let (_,) = (&u2.a,); //~ ERROR [E0133]`
`33`	`31`	`}`
`@@ -37,13 +35,11 @@ fn match_unsafe_field_to_wild() {`
`37`	`35`	`let u2 = U { a: I(1) };`
`38`	`36`	`let p = P { a: &2, b: &3 };`
`39`	`37`	`match &p.b { _ => { } } //~ ERROR reference to packed field`
`40`		`- //~^ WARN will become a hard error`
`41`	`38`	`match u1.a { _ => { } } //~ ERROR [E0133]`
`42`	`39`	`match &u2.a { _ => { } } //~ ERROR [E0133]`
`43`	`40`
`44`	`41`	// variation on above with `_` in substructure
`45`	`42`	`match (&p.b,) { (_,) => { } } //~ ERROR reference to packed field`
`46`		`- //~^ WARN will become a hard error`
`47`	`43`	`match (u1.a,) { (_,) => { } } //~ ERROR [E0133]`
`48`	`44`	`match (&u2.a,) { (_,) => { } } //~ ERROR [E0133]`
`49`	`45`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit dfc4a7b

File tree

27 files changed

27 files changed

`‎compiler/rustc_error_codes/src/error_codes.rs‎`

`‎compiler/rustc_error_codes/src/error_codes/E0793.md‎`

`‎compiler/rustc_lint/src/lib.rs‎`

`‎compiler/rustc_lint_defs/src/builtin.rs‎`

`‎compiler/rustc_mir_transform/src/check_packed_ref.rs‎`

`‎src/tools/miri/tests/fail/unaligned_pointers/reference_to_packed.rs‎`

`‎src/tools/miri/tests/fail/unaligned_pointers/reference_to_packed.stderr‎`

`‎tests/ui/binding/issue-53114-safety-checks.rs‎`

0 commit comments