Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn on transmutes that could use pre-defined methods instead #1675

Open
clarfonthey opened this issue Apr 14, 2017 · 4 comments
Open

Warn on transmutes that could use pre-defined methods instead #1675

clarfonthey opened this issue Apr 14, 2017 · 4 comments
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. T-middle Type: Probably requires verifiying types

Comments

@clarfonthey
Copy link
Contributor

clarfonthey commented Apr 14, 2017
edited
Loading

I've been rather exhaustively adding methods to the standard library that allow "safe" transmutes that we know work, like between [u8] and str (see: rust-lang/rust#41119 and rust-lang/rust#40380). It'd be nice if we had a framework to detect transmutes specifically between these types and suggest other methods instead.

For example, &str -> &u8 is str::as_bytes, and the reverse is str::from_utf8_unchecked. If someone does a raw transmute here, they should be redirected to the standard library functions that do these conversions.

I've been slowly adding methods to do less common conversions, like &mut [u8] -> &mut str. In general it makes sense to have some sort of framework to recognise transmutes and suggest to replace them with more explicit functions, especially as these other methods get stabilised.

If we want to go all-out, we could detect functions that do these conversions and suggest them instead of transmutes.

Current list:

  • transmute::<&str, &[u8]> => str::as_bytes
  • transmute::<&mut str, &mut [u8]> => str::as_mut_bytes
  • transmute::<&[u8], &str> => std::str::from_utf8_unchecked
  • transmute::<&mut [u8], &mut str> => std::str::from_utf8_unchecked_mut
  • transmute::<&CStr, &[u8]> => CStr::to_bytes_with_nul
  • transmute::<&[u8], &CStr> => CStr::from_bytes_with_nul_unchecked
  • transmute::<f32, u32> => f32::to_bits
  • transmute::<f64, u64> => f64::to_bits
  • transmute::<u32, f32> => f32::from_bits
  • transmute::<u64, f64> => f64::from_bits
@mcarton mcarton added E-medium Call for participation: Medium difficulty level problem and requires some initial experience. A-lint Area: New lints T-middle Type: Probably requires verifiying types labels Apr 15, 2017
@clarfonthey
Copy link
Contributor Author

This should also include pointer conversions, such as *(x as *const [u8] as *const str) for example.

@oli-obk
Copy link
Contributor

oli-obk commented Dec 8, 2017

@clarcharr since you are the most qualified to talk about these, can you create a list of transformations that you'd like to see?

@clarfonthey
Copy link
Contributor Author

Wrote a list up for anyone who's interested in implementing this. Added float versions too after noticing rust-lang/rust#50464.

@philipc philipc mentioned this issue Oct 5, 2018
Merged
@Enet4 Enet4 mentioned this issue Dec 14, 2018
Closed
@alex
Copy link
Member

alex commented Apr 1, 2019

An extension of this with the recent Rust release is using transmute in place of to_le_bytes() and from_le_bytes(). Like the others, clippy warning about these would be good since it'd reduce unsafe usage in the ecosystem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. T-middle Type: Probably requires verifiying types
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alex @oli-obk @mcarton @clarfonthey