-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking Issue for strict_provenance_lints #130351
Comments
However, that discussion was about ptr-to- Nominating for t-lang to get a "temperature". |
Would hosting this in |
Code that wants to be portable for CHERI likely has to set these lints to |
We discussed this in (excessive, as is our wont) length at the @rust-lang/lang meeting. The conclusions were:
|
Did anyone explain why? Suggesting people automatically migrate to the strict provenance conversions will type-check but probably add UB that is highly non-theoretical since #121282. Suggesting |
I'm afraid that signal will anyway diminish fairly quickly, as we have seen e.g. with |
This issue is tracking the factors that will cause the signal to diminish. If we care about the signal, we should be mindful to preserve it instead of creating more problems like was done with MaybeUninit. |
The documentation suggested it for arrays of But anyway, that was just an example, we don't have to litigate its details. The point is, I am not convinced we are fully in control of how that signal will diminish. Also, not having any |
This tracks the two lints associated with the strict provenance feature:
as
cast from an integer to a pointer. It is better to usewith_exposed_provenance
instead to make explicit what happens.as
cast from a pointer to an integer. It is better to useexpose_provenance
instead to make explicit what happens.I am not sure if having two lints here is really justified, IMO they could be merged into one -- not sure what that one should be called, though. Other than that, this seems like a useful lint to ensure the codebase follows strict provenance (or opts-out explicitly, via the methods mentioned above).
I am also not sure if this shouldn't maybe be a clippy lint instead of a rustc lint?
Cc @rust-lang/opsem
The text was updated successfully, but these errors were encountered: