-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lint overflowing integer casts in const prop #67676
Conversation
a186122
to
60a3038
Compare
Force pushed with new error message |
60a3038
to
554458f
Compare
This comment has been minimized.
This comment has been minimized.
554458f
to
afb73a6
Compare
Blessed tests |
9c5b7e2
to
df79825
Compare
r=me with a comment about the weird zst situation added |
@bors r=oli-bok |
📌 Commit d2eddfe7d139051df4ad569224b5d97dee395698 has been approved by |
This extends the invalid cases we catch in const prop to include overflowing integer casts using the same machinery as the overflowing binary and unary operation logic.
d2eddfe
to
001cea4
Compare
Rebased @bors r=oli-obk |
📌 Commit 001cea4 has been approved by |
…sts, r=oli-obk Lint overflowing integer casts in const prop This extends the invalid cases we catch in const prop to include overflowing integer casts using the same machinery as the overflowing binary and unary operation logic. r? @oli-obk
Lint overflowing integer casts in const prop This extends the invalid cases we catch in const prop to include overflowing integer casts using the same machinery as the overflowing binary and unary operation logic. r? @oli-obk
☀️ Test successful - checks-azure |
Tested on commit rust-lang/rust@0ec3706. Direct link to PR: <rust-lang/rust#67676> 💔 miri on windows: test-pass → test-fail (cc @oli-obk @eddyb @RalfJung, @rust-lang/infra). 💔 miri on linux: test-pass → test-fail (cc @oli-obk @eddyb @RalfJung, @rust-lang/infra).
To me it looks like the lint is handling enum variants incorrectly: enum Signed {
Bar = -42,
Baz,
Quux = 100,
}
fn signed() -> [i8; 3] {
let baz = Signed::Baz; // let-expansion changes the MIR significantly
[Signed::Bar as i8, baz as i8, Signed::Quux as i8]
} This errors at Cc /~https://github.com/rust-lang/miri/pull/1138/files#r362443894 |
@RalfJung Yeah, you're totally correct. I'm surprised we don't have any tests that exercise this code in |
The premise of this PR seems flawed. Truncating is in some cases the legitimate desired behavior, and Compare with overflow checking in |
@SimonSapin The lint does not fire on every instance of To draw a comparison with the let x = 1026u16 as u8; // lint fires here
let y = (1026u16 & 0x00FFu16) as u8; // lint does not fire here |
It is unfortunate that there is no way to tell intentional truncation apart from accidental truncation, and https://internals.rust-lang.org/t/pre-rfc-add-explicitly-named-numeric-conversion-apis/11395 tries to fix that, but it is a fact of today’s Rust. |
It's not an error and not a stability problem because it's just a lint that you can turn off (even locally). I suggest you disable the lint for your code instead of using a workaround. |
https://perf.rust-lang.org/status.html currently shows:
[…] error: truncating cast: the value 4294967292 requires 32 bits but the target type is only 16 bits
--> /tmp/.tmpmCOmcQ/target/debug/build/style-f46d78432390fdd0/out/gecko_properties.rs:10050:21
|
10050 | structs::NS_FONT_STRETCH_ULTRA_CONDENSED as i16,
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: `#[deny(const_err)]` on by default (I don’t know if there is a permanent URL for this log.) pub const NS_FONT_STRETCH_ULTRA_CONDENSED: ::std::os::raw::c_int = -4; However I didn’t manage to reproduce the error with this reduction: pub const A: ::std::os::raw::c_int = -4;
pub const B: i16 = A as i16;
fn main() {
dbg!(B);
} and
The above shows there’s at least one case in the wild of previously-valid code where this lint triggers. This suggests that Crater is needed to determine how much of a stability issue it is to make this lint deny by default. |
This may be a case similar to the bug Ralf pointed out earlier |
Yes, the lint has a signedness bug |
Two separate things:
|
|
Thank you for taking care of the revert. Intentional cases are not gonna look like literally const BITS: u16 = 0x1234;
let upper = (BITS >> 8) as u8;
let lower = BITS as u8; |
I disagree that
Something like
That seems nearly impossible to do. Just like it's super hard to really prove with data that using Though since we are doing that in clippy, if we had a Second: So... while there are ways to move forward for general truncation casts, the situation we have here is that we statically know that you are truncating a value. We are allowed to add more lints for statically knowing that the user is doing something buggy as per RFC 1229. The example from that RFC is let x = 5u32 << 42; which actually used to be a hard error and we weakened it to the That example from the RFC is in fact also a truncation causing the bitshift to be
So the big difference between this new trigger of the lint is that it's not triggering on behaviour that panics at runtime with debug assertions. Which brings us back to the question "should For now, let's leave such lints to clippy until we have a way to truncate via |
Reverts part of rust-lang#67676
Reverts part of rust-lang#67676
Yes, and we’re not making lossless
This is pretty much my point, but not what this PR does. |
Revert `const_err` lint checking of casts Reverts part of rust-lang#67676 r? @oli-obk cc @SimonSapin
This extends the invalid cases we catch in const prop to include
overflowing integer casts using the same machinery as the overflowing
binary and unary operation logic.
r? @oli-obk