New lint: deref coercions

Aaron1011 commented 3 years ago

What it does

Lints on any use of deref coercions - for example, accessing a field or method through a Deref impl

Categories (optional)

Kind: Restriction lint

What is the advantage of the recommended code over the original code

Normally, deref coercions are a very useful part of rust, making smart points like Box, Rc, Ref, and RefMut much easier to use. However, this can be undesirable when writing unsafe code, since a non-trivial function call could be completely hidden from view. For example:

Unsafe code can temporarily put data structures in an unusual state, which will lead to undefined behavior if dropped (e.g. Vec::set_len). A deref coercion might cause a panic at an unexpected point (due to a panicking user-supplied Deref impl), leading to undefined behavior.
When mixing raw pointers and references, it's important to pay attention to the provenance of pointers. A deref coercion can hide the creation of an &self reference behind what looks like a normal field access, leading to a very subtle form of undefined behavior.

Drawbacks

This would be a fairly niche lint - unless you're writing unsafe code, there's little need to use it.

Example

fn main() {
    let a = Box::new(true);
    let b: &bool = &a;
}

Could be written as:

use std::ops::Deref;
fn main() {
    let a = Box::new(true);
    let b: &bool = (&a).deref();
}

Heidar-An commented 1 year ago

This sounds interesting, and I'd want to do it, any help on how I would do this though (sorry for naive question, this would be my first issue).

could I also be assigned to this?

Centri3 commented 1 year ago

You can ping rustbot like rustbot claim (plus an @ of course)

In regards to implementing this, I'm not sure. I don't think implicit deref coercion is explicitly in the HIR (as a node) so unless there's a query for it you'd need to figure it out yourself, maybe there's some method to do that in dereference.rs (likely where you'd implement the lint). Perhaps @xFrednet (or others) have any ideas :)?

PS: FnCtxt::deref_steps looks interesting! Same with can_coerce. Haven't tested them so perhaps they won't catch this but it could be a good starting point ^^

y21 commented 1 year ago

Perhaps this could use TypeckResults::expr_adjustments by checking if there are any Adjust::Derefs where the target type is different from the source type (from expr_ty without adjusts) with references removed

Centri3 commented 1 year ago

I hadn't thought of that; that sounds perfect for this

xFrednet commented 1 year ago

TypeckResults::expr_adjustments

You found the correct method :+1:

rust-lang / rust-clippy