restriction lint: subcondition side-effects #2215

xd009642 · 2017-11-07T21:52:08Z

So disclaimer, I'm not sure if this is a necessary lint (anyone with input see my rust forum post https://users.rust-lang.org/t/evaluation-order-of-boolean-subconditions/13748). But I have the feeling that boolean subcondition execution order is probably not guaranteed like in C and C++. Therefore, if a user had side-effects in a subcondition program behaviour could change significantly due to something like a changed optimisation flag.

Below is some code which should be warned against if this lint is necessary. If this is an issue I wouldn't mind implementing the lint to help out 😄

fn side_effect(i: &mut i32) -> bool {
    (*i) += 1;
    true
}

fn main() {
    let mut i  = 4;
    if false && side_effect(&mut i) {
        //Some code
    }
    println!("i is {}", i);
    if side_effect(&mut i) && false {
        //Some code
    }
    println!("i is {}", i);
}

The text was updated successfully, but these errors were encountered:

oli-obk · 2017-11-08T06:24:23Z

Subconditions are ordered in c++, too and often this is required. E.g. foo.len() > 3 && foo[2] is guaranteed panic free.

oli-obk · 2017-11-08T07:05:52Z

For bit operations instead of short circuiting operations this makes sense though. I think we already have an issue for eval order unclearness

#1193

#277

xd009642 · 2017-11-08T17:22:57Z

Fair enough, I guess this is the issue with spending the day job doing MISRA C you forget what is paranoia and what is language spec 😄 I'm happy closing this issue if you think there's nothing that needs doing

oli-obk · 2017-11-15T10:07:03Z

I guess this is the issue with spending the day job doing MISRA C you forget what is paranoia and what is language spec

It never hurts to be paranoid. Please bring in your experience with MISRA-C by scrutinizing Rust code! We can really use an experienced eye from mission critical software development.

We could have a restriction lint that disallows side-effects in boolean chains. I think this could often result in a gain in readability. What do you think?

xd009642 · 2017-11-15T17:17:12Z

True true, when I have time I'll look over my copy of the MISRA standard and open an issue with warning lints related to MISRA violations/warnings. It's a good first step in getting the safety of rust onto things like automobiles etc 😄

oli-obk changed the title ~~New subcondition side-effect lint~~ restriction lint: subcondition side-effects Nov 15, 2017

oli-obk added L-correctness Lint: Belongs in the correctness lint group E-medium Call for participation: Medium difficulty level problem and requires some initial experience. A-lint Area: New lints T-middle Type: Probably requires verifiying types labels Nov 15, 2017

xd009642 mentioned this issue Nov 15, 2017

Lint suggestions based on MISRA 2004 #2227

Open

48 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

restriction lint: subcondition side-effects #2215

restriction lint: subcondition side-effects #2215

xd009642 commented Nov 7, 2017

oli-obk commented Nov 8, 2017

oli-obk commented Nov 8, 2017

xd009642 commented Nov 8, 2017

oli-obk commented Nov 15, 2017

xd009642 commented Nov 15, 2017

restriction lint: subcondition side-effects #2215

restriction lint: subcondition side-effects #2215

Comments

xd009642 commented Nov 7, 2017

oli-obk commented Nov 8, 2017

oli-obk commented Nov 8, 2017

xd009642 commented Nov 8, 2017

oli-obk commented Nov 15, 2017

xd009642 commented Nov 15, 2017