This tracks the two lints associated with the strict provenance feature:
- fuzzy_provenance_casts: detects an
as cast from an integer to a pointer. It is better to use with_exposed_provenance instead to make explicit what happens.
- lossy_provenance_casts: detects an
as cast from a pointer to an integer. It is better to use expose_provenance instead to make explicit what happens.
I am not sure if having two lints here is really justified, IMO they could be merged into one -- not sure what that one should be called, though. Other than that, this seems like a useful lint to ensure the codebase follows strict provenance (or opts-out explicitly, via the methods mentioned above).
I am also not sure if this shouldn't maybe be a clippy lint instead of a rustc lint?
Open questions:
- What replacement should be auto-suggested? Currently the lint suggests to replace
as usize by .addr() which seems dangerous as it will introduce UB if the integer is cast back to a pointer.
Cc @rust-lang/opsem
This tracks the two lints associated with the strict provenance feature:
ascast from an integer to a pointer. It is better to usewith_exposed_provenanceinstead to make explicit what happens.ascast from a pointer to an integer. It is better to useexpose_provenanceinstead to make explicit what happens.I am not sure if having two lints here is really justified, IMO they could be merged into one -- not sure what that one should be called, though. Other than that, this seems like a useful lint to ensure the codebase follows strict provenance (or opts-out explicitly, via the methods mentioned above).
I am also not sure if this shouldn't maybe be a clippy lint instead of a rustc lint?
Open questions:
as usizeby.addr()which seems dangerous as it will introduce UB if the integer is cast back to a pointer.Cc @rust-lang/opsem