lint: deny transmuting from immutable to mutable, since it's undefined behavior

seanmonstar · seanmonstar · commit d0f33607f594 · 2015-04-13T16:09:09.000-07:00
diff --git a/src/librustc_lint/builtin.rs b/src/librustc_lint/builtin.rs
@@ -2087,6 +2087,82 @@ impl LintPass for InvalidNoMangleItems {
     }
 }
 
+#[derive(Clone, Copy)]
+pub struct MutableTransmutes;
+
+declare_lint! {
+    MUTABLE_TRANSMUTES,
+    Deny,
+    "transmuting from &T to &mut T is undefined behavior"
+}
+
+impl LintPass for MutableTransmutes {
+    fn get_lints(&self) -> LintArray {
+        lint_array!(MUTABLE_TRANSMUTES)
+    }
+
+    fn check_expr(&mut self, cx: &Context, expr: &ast::Expr) {
+        use syntax::ast::DefId;
+        use syntax::abi::RustIntrinsic;
+        let msg = "transmuting from immutable to mutable is undefined behavior";
+        match get_transmute_from_to(cx, expr) {
+            Some((&ty::ty_rptr(_, from_mt), &ty::ty_rptr(_, to_mt))) => {
+                if to_mt.mutbl == ast::Mutability::MutMutable
+                    && from_mt.mutbl == ast::Mutability::MutImmutable {
+                    cx.span_lint(MUTABLE_TRANSMUTES, expr.span, msg);
+                }
+            }
+            _ => ()
+        }
+
+        fn get_transmute_from_to<'a, 'tcx>(cx: &Context<'a, 'tcx>, expr: &ast::Expr)
+            -> Option<(&'tcx ty::sty<'tcx>, &'tcx ty::sty<'tcx>)> {
+            if let ast::ExprPath(..) = expr.node {
+                if let DefFn(did, _) = ty::resolve_expr(cx.tcx, expr) {
+                    if def_id_is_transmute(cx, did) {
+                        let typ = ty::node_id_to_type(cx.tcx, expr.id);
+                        match typ.sty {
+                            ty::ty_bare_fn(_, ref bare_fn) if bare_fn.abi == RustIntrinsic => {
+                                if let ty::FnConverging(to) = bare_fn.sig.0.output {
+                                    let from = bare_fn.sig.0.inputs[0];
+                                    return Some((&from.sty, &to.sty));
+                                }
+                            },
+                            _ => ()
+                        }
+                    }
+                }
+            }
+            None
+        }
+
+        fn def_id_is_transmute(cx: &Context, def_id: DefId) -> bool {
+            use syntax::ast_map::NodeForeignItem;
+            let intrinsic = match ty::lookup_item_type(cx.tcx, def_id).ty.sty {
+                ty::ty_bare_fn(_, ref bfty) => bfty.abi == RustIntrinsic,
+                _ => return false
+            };
+            if def_id.krate == ast::LOCAL_CRATE {
+                match cx.tcx.map.get(def_id.node) {
+                    NodeForeignItem(ref item) if intrinsic => {
+                        token::get_ident(item.ident) ==
+                            token::intern_and_get_ident("transmute")
+                    }
+                    _ => false,
+                }
+            } else {
+                match csearch::get_item_path(cx.tcx, def_id).last() {
+                    Some(ref last) if intrinsic => {
+                        token::get_name(last.name()) ==
+                            token::intern_and_get_ident("transmute")
+                    }
+                    _ => false,
+                }
+            }
+        }
+    }
+}
+
 /// Forbids using the `#[feature(...)]` attribute
 #[derive(Copy, Clone)]
 pub struct UnstableFeatures;
diff --git a/src/librustc_lint/lib.rs b/src/librustc_lint/lib.rs
@@ -109,6 +109,7 @@ pub fn register_builtins(store: &mut lint::LintStore, sess: Option<&Session>) {
                  UnconditionalRecursion,
                  InvalidNoMangleItems,
                  PluginAsLibrary,
+                 MutableTransmutes,
                  );
 
     add_builtin_with_new!(sess,
diff --git a/src/test/compile-fail/transmute-imut-to-mut.rs b/src/test/compile-fail/transmute-imut-to-mut.rs
@@ -0,0 +1,20 @@
+// Copyright 2015 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+// Tests that transmuting from &T to &mut T is Undefined Behavior.
+
+use std::mem::transmute;
+
+fn main() {
+    let _a: &mut u8 = unsafe { transmute(&1u8) };
+    //~^ ERROR transmuting from immutable to mutable is undefined behavior
+}
+
+
