Implement a lint for implicit autoref of raw pointer dereference - take 2

[Urgau]

This PR aims at implementing a lint for implicit autoref of raw pointer dereference, it is based on #103735 with suggestion and improvements from #103735 (comment).

The goal is to catch cases like this, where the user probably doesn't realise it just created a reference.

pub struct Test {
    data: [u8],
}

pub fn test_len(t: *const Test) -> usize {
    unsafe { (*t).data.len() }  // this calls <[T]>::len(&self)
}

Since #103735 already went 2 times through T-lang, where they T-lang ended-up asking for a more restricted version (which is what this PR does), I would prefer this PR to be reviewed first before re-nominating it for T-lang.

---

Compared to the PR it is as based on, this PR adds 3 restrictions on the outer most expression, which must either be:

1. A deref followed by any non-deref place projection (that intermediate deref will typically be auto-inserted)
2. A method call annotated with #[rustc_no_implicit_refs].
3. A deref followed by a addr_of! or addr_of_mut!. See bottom of post for details.

There are several points that are not 100% clear to me when implementing the modifications:

• "4. Any number of automatically inserted deref/derefmut calls." I as never able to trigger this. Am I missing something?
• Are "index" and "field" enough?

---

cc @JakobDegen @WaffleLapkin
r? @RalfJung

[rustbot]

The Miri subtree was changed

cc @rust-lang/miri

[RalfJung]

Sorry, I can't take on more reviews currently.
r? compiler
(or feel free to pick someone specific who's suited)

[fmease]

Suggested change

	/// the usual reference requirements without you even knowing that.
	/// the usual reference requirements potentially without you realizing that.

More neutral, less “condescending” imo.

[fmease]

While catching up with the comments posted in the now closed PR, I thought the plan was to avoid suggesting explicit borrows and to instead suggest #[allow]'ing the lint: Sth. like if this reference is intentional make it explicit by adding #[allow(implicit_unsafe_autorefs)].

CC 1st paragraph of #103735 (comment); #103735 (comment); #103735 (comment)

[Urgau]

There has been concern from T-lang member about having only #[allow] as an option for lint, cc #118833 (comment) (and maybe a bit #122759 (comment)).

I think it would make sense to ask T-lang about this in the nomination, to see what they want, worst case it's just removing some code.

[tmandry]

FWIW, nothing in #122759 is meant to imply that we shouldn't have lints whose suggestion is #[allow].

[Urgau]

Good to know. Thanks.

[jieyouxu]

I think it would make sense to ask T-lang about this in the nomination, to see what they want, worst case it's just removing some code.

@Urgau how do you want to proceed here, should we ask for T-lang feedback?

[fmease]

We want to nominate this for T-lang in any case -- once I've reviewed this PR ^^' I'll really try to get to it tonight.

[wesleywiser]

Hi @fmease, just wanted to remind you to take a look at this PR if you are still interested. Thanks! 🙂

[Dylan-DPC]

@Urgau if you can rebase the latest conflicts we can push this forward and maybe get it reviewed by another reviewer

[Urgau]

@Dylan-DPC rebased.

@rustbot review

[rustbot]

Some changes occurred in compiler/rustc_passes/src/check_attr.rs

cc @jdonszelmann

[RalfJung]

@Urgau I recommend asking on Zulip to find another reviewer. I would generally recommend doing that after about 2 weeks of silence; it's been half a year since we last heard from @fmease so I think you've been unreasonably patient already. :)

[Urgau]

r? @jdonszelmann per https://rust-lang.zulipchat.com/#narrow/channel/131828-t-compiler/topic/reviewer.20for.20.23123239

[jdonszelmann]

Heya, this looks somewhat interesting and I think I understand most parts involved so I'm willing to review it :)

[jdonszelmann]

It seems like there's still an open comment asking for T-lang feedback here? It's from august, did that ever happen? Not here at least it seems.

[Urgau]

It seems like there's still an open comment asking for T-lang feedback here? It's from august, did that ever happen? Not here at least it seems.

Not yet. That will be a question for the T-lang nomination, which will be after the logic in this PR is checked to be correct-ish.

[jdonszelmann]

Hmm, okay. I'll give it one more look but I'm reasonably confident this now at least implements the logic from the linked comment.

[jdonszelmann]

are you sure asserting None here is correct? I wrote some tests and can't find an example going wrong but I'm not 100% sure to be honest when this would be Some.

[Urgau]

We check the Some() case in has_implicit_borrow so we can't peel it otherwise we will miss it in has_implicit_borrow.

[jdonszelmann]

ah, yea that makes sense!

[jdonszelmann]

could it ever happen that there are multiple Some cases in a row before a deref of a raw pointer?

[jdonszelmann]

(since has_implicit_borrow only strips one layer)

[bors]

☔ The latest upstream changes (presumably #138267) made this pull request unmergeable. Please resolve the merge conflicts.