Re: [PATCH v7 7/7] rust: enable `clippy::ref_as_ptr` lint

From: Benno Lossin
Date: Wed Mar 26 2025 - 17:10:37 EST

Next message: Andrew Ballance: "Re: [PATCH 09/10] rust: property: Add PropertyGuard"
Previous message: Jann Horn: "Re: [GIT PULL] asm-generic changes for 6.15"
In reply to: Tamir Duberstein: "Re: [PATCH v7 7/7] rust: enable `clippy::ref_as_ptr` lint"
Next in thread: Tamir Duberstein: "Re: [PATCH v7 7/7] rust: enable `clippy::ref_as_ptr` lint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed Mar 26, 2025 at 8:06 PM CET, Tamir Duberstein wrote:
> On Wed, Mar 26, 2025 at 1:36 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote:
>> On Wed Mar 26, 2025 at 5:57 PM CET, Tamir Duberstein wrote:
>> > In the current code you're looking at, yes. But in the code I have
>> > locally I'm transmuting `[u8]` to `BStr`. See my earlier reply where I
>> > said "Hmm, looking at this again we can just transmute ref-to-ref and
>> > avoid pointers entirely. We're already doing that in
>> > `CStr::from_bytes_with_nul_unchecked`".
>>
>> `CStr::from_bytes_with_nul_unchecked` does the transmute with
>> references. That is a usage that the docs of `transmute` explicitly
>> recommend to change to an `as` cast [1].
>
> RIght. That guidance was written in 2016
> (https://github.com/rust-lang/rust/pull/34609) and doesn't present any
> rationale for `as` casts being preferred to transmute. I posted a
> comment in the most relevant issue I could find:
> https://github.com/rust-lang/rust/issues/34249#issuecomment-2755316610.

Not sure if that's the correct issue, maybe we should post one on the
UCG (unsafe code guidelines). But before that we probably should ask on
zulip...

>> No idea about provenance still.
>
> Well that's not surprising, nobody was thinking about provenance in
> 2016. But I really don't think we should blindly follow the advice in
> this case. It doesn't make an iota of sense to me - does it make sense
> to you?

For ptr-to-int transmutes, I know that they will probably remove
provenance, hence I am a bit cautious about using them for ptr-to-ptr or
ref-to-ref.

>> [1]: https://doc.rust-lang.org/std/mem/fn.transmute.html#alternatives
>>
>> >> I tried to find some existing issues about the topic and found that
>> >> there exists a clippy lint `transmute_ptr_to_ptr`. There is an issue
>> >> asking for a better justification [1] and it seems like nobody provided
>> >> one there. Maybe we should ask the opsem team what happens to provenance
>> >> when transmuting?
>> >
>> > Yeah, we should do this - but again: not relevant in this discussion.
>>
>> I think it's pretty relevant.
>
> It's not relevant because we're no longer talking about transmuting
> pointer to pointer. The two options are:
> 1. transmute reference to reference.
> 2. coerce reference to pointer, `as` cast pointer to pointer (triggers
> `ptr_as_ptr`), reborrow pointer to reference.
>
> If anyone can help me understand why (2) is better than (1), I'd
> certainly appreciate it.

I am very confident that (2) is correct. With (1) I'm not sure (see
above), so that's why I mentioned it.

---
Cheers,
Benno

Next message: Andrew Ballance: "Re: [PATCH 09/10] rust: property: Add PropertyGuard"
Previous message: Jann Horn: "Re: [GIT PULL] asm-generic changes for 6.15"
In reply to: Tamir Duberstein: "Re: [PATCH v7 7/7] rust: enable `clippy::ref_as_ptr` lint"
Next in thread: Tamir Duberstein: "Re: [PATCH v7 7/7] rust: enable `clippy::ref_as_ptr` lint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]