Uplift clippy::invalid_null_ptr_usage as invalid_null_arguments

Author: Urgau

compiler/rustc_lint/messages.ftl

@@ -456,6 +456,10 @@ lint_invalid_nan_comparisons_eq_ne = incorrect NaN comparison, NaN cannot be dir
 
 lint_invalid_nan_comparisons_lt_le_gt_ge = incorrect NaN comparison, NaN is not orderable
 
+lint_invalid_null_arguments = calling this function with a null pointer is Undefined Behavior, even if the result of the function is unused
+    .note = null pointer originate from here
+    .suggestion = consider using a dangling pointer instead
+
 lint_invalid_reference_casting_assign_to_ref = assigning to `&T` is undefined behavior, consider using an `UnsafeCell`
     .label = casting happened here
 

compiler/rustc_lint/src/lints.rs

@@ -609,6 +609,30 @@ pub(crate) enum UselessPtrNullChecksDiag<'a> {
     FnRet { fn_name: Ident },
 }
 
+#[derive(LintDiagnostic)]
+#[diag(lint_invalid_null_arguments)]
+pub(crate) struct InvalidNullArgumentsDiag<'a> {
+    #[note]
+    pub null_span: Option<Span>,
+    #[subdiagnostic]
+    pub suggestion: InvalidNullArgumentsSuggestion<'a>,
+}
+
+#[derive(Subdiagnostic)]
+pub(crate) enum InvalidNullArgumentsSuggestion<'a> {
+    #[multipart_suggestion(lint_suggestion, applicability = "machine-applicable")]
+    WithoutExplicitType {
+        #[suggestion_part(code = "core::ptr::NonNull::dangling().as_ptr()")]
+        arg_span: Span,
+    },
+    #[multipart_suggestion(lint_suggestion, applicability = "machine-applicable")]
+    WithExplicitType {
+        ty: Ty<'a>,
+        #[suggestion_part(code = "core::ptr::NonNull::<{ty}>::dangling().as_ptr()")]
+        arg_span: Span,
+    },
+}
+
 // for_loops_over_fallibles.rs
 #[derive(LintDiagnostic)]
 #[diag(lint_for_loops_over_fallibles)]

compiler/rustc_lint/src/ptr_nulls.rs

@@ -1,9 +1,13 @@
 use rustc_ast::LitKind;
 use rustc_hir::{BinOpKind, Expr, ExprKind, TyKind};
+use rustc_middle::ty::RawPtr;
 use rustc_session::{declare_lint, declare_lint_pass};
-use rustc_span::sym;
+use rustc_span::{Span, sym};
 
-use crate::lints::UselessPtrNullChecksDiag;
+use crate::lints::{
+    InvalidNullArgumentsDiag, InvalidNullArgumentsSuggestion, UselessPtrNullChecksDiag,
+};
+use crate::utils::peel_casts;
 use crate::{LateContext, LateLintPass, LintContext};
 
 declare_lint! {
@@ -31,7 +35,30 @@ declare_lint! {
     "useless checking of non-null-typed pointer"
 }
 
-declare_lint_pass!(PtrNullChecks => [USELESS_PTR_NULL_CHECKS]);
+declare_lint! {
+    /// The `invalid_null_arguments` lint checks for invalid usage of null pointers in arguments.
+    ///
+    /// ### Example
+    ///
+    /// ```rust,compile_fail
+    /// # use std::{slice, ptr};
+    /// // Undefined behavior
+    /// # let _slice: &[u8] =
+    /// unsafe { slice::from_raw_parts(ptr::null(), 0) };
+    /// ```
+    ///
+    /// {{produces}}
+    ///
+    /// ### Explanation
+    ///
+    /// Calling methods whos safety invariants requires non-null ptr with a null pointer
+    /// is Undefined Behavior!
+    INVALID_NULL_ARGUMENTS,
+    Deny,
+    "invalid null pointer in arguments"
+}
+
+declare_lint_pass!(PtrNullChecks => [USELESS_PTR_NULL_CHECKS, INVALID_NULL_ARGUMENTS]);
 
 /// This function checks if the expression is from a series of consecutive casts,
 /// ie. `(my_fn as *const _ as *mut _).cast_mut()` and whether the original expression is either
@@ -85,6 +112,25 @@ fn useless_check<'a, 'tcx: 'a>(
     }
 }
 
+/// Checks if the given expression is a null pointer (modulo casting)
+fn is_null_ptr<'tcx>(cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) -> Option<Span> {
+    let (expr, _) = peel_casts(cx, expr);
+
+    if let ExprKind::Call(path, []) = expr.kind
+        && let ExprKind::Path(ref qpath) = path.kind
+        && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
+        && let Some(diag_item) = cx.tcx.get_diagnostic_name(def_id)
+    {
+        (diag_item == sym::ptr_null || diag_item == sym::ptr_null_mut).then_some(expr.span)
+    } else if let ExprKind::Lit(spanned) = expr.kind
+        && let LitKind::Int(v, _) = spanned.node
+    {
+        (v == 0).then_some(expr.span)
+    } else {
+        None
+    }
+}
+
 impl<'tcx> LateLintPass<'tcx> for PtrNullChecks {
     fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
         match expr.kind {
@@ -102,6 +148,70 @@ impl<'tcx> LateLintPass<'tcx> for PtrNullChecks {
                 cx.emit_span_lint(USELESS_PTR_NULL_CHECKS, expr.span, diag)
             }
 
+            // Catching:
+            // <path>(arg...) where `arg` is null-ptr and `path` is a fn that expect non-null-ptr
+            ExprKind::Call(path, args)
+                if let ExprKind::Path(ref qpath) = path.kind
+                    && let Some(def_id) = cx.qpath_res(qpath, path.hir_id).opt_def_id()
+                    && let Some(diag_name) = cx.tcx.get_diagnostic_name(def_id) =>
+            {
+                // `arg` positions where null would cause U.B.
+                //
+                // We should probably have a `rustc` attribute, but checking them is costly,
+                // maybe if we checked for null ptr first, it would be acceptable?
+                let arg_indices: &[_] = match diag_name {
+                    sym::ptr_read
+                    | sym::ptr_read_unaligned
+                    | sym::ptr_read_volatile
+                    | sym::ptr_replace
+                    | sym::ptr_write
+                    | sym::ptr_write_bytes
+                    | sym::ptr_write_unaligned
+                    | sym::ptr_write_volatile
+                    | sym::slice_from_raw_parts
+                    | sym::slice_from_raw_parts_mut => &[0],
+                    sym::ptr_copy
+                    | sym::ptr_copy_nonoverlapping
+                    | sym::ptr_swap
+                    | sym::ptr_swap_nonoverlapping => &[0, 1],
+                    _ => return,
+                };
+
+                for &arg_idx in arg_indices {
+                    if let Some(arg) = args.get(arg_idx)
+                        && let Some(null_span) = is_null_ptr(cx, arg)
+                        && let Some(ty) = cx.typeck_results().expr_ty_opt(arg)
+                        && let RawPtr(ty, _mutbl) = ty.kind()
+                    {
+                        // ZST are fine, don't lint on them
+                        let typing_env = cx.typing_env();
+                        if cx
+                            .tcx
+                            .layout_of(typing_env.as_query_input(*ty))
+                            .is_ok_and(|layout| layout.is_1zst())
+                        {
+                            break;
+                        }
+
+                        let arg_span = arg.span;
+
+                        let suggestion = if let ExprKind::Cast(..) = arg.peel_blocks().kind {
+                            InvalidNullArgumentsSuggestion::WithExplicitType { ty: *ty, arg_span }
+                        } else {
+                            InvalidNullArgumentsSuggestion::WithoutExplicitType { arg_span }
+                        };
+
+                        let null_span = if arg_span != null_span { Some(null_span) } else { None };
+
+                        cx.emit_span_lint(
+                            INVALID_NULL_ARGUMENTS,
+                            expr.span,
+                            InvalidNullArgumentsDiag { null_span, suggestion },
+                        )
+                    }
+                }
+            }
+
             // Catching:
             // (fn_ptr as *<const/mut> <ty>).is_null()
             ExprKind::MethodCall(_, receiver, _, _)

tests/ui/lint/invalid_null_args.rs

@@ -0,0 +1,112 @@
+// check-fail
+// run-rustfix
+
+use std::ptr;
+use std::mem;
+
+unsafe fn null_ptr() {
+    ptr::write(
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+        ptr::null_mut() as *mut u32,
+        mem::transmute::<[u8; 4], _>([0, 0, 0, 255]),
+    );
+
+    let _: &[usize] = std::slice::from_raw_parts(ptr::null(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _: &[usize] = std::slice::from_raw_parts(ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _: &[usize] = std::slice::from_raw_parts(0 as *mut _, 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _: &[usize] = std::slice::from_raw_parts(mem::transmute(0usize), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    let _: &[usize] = std::slice::from_raw_parts_mut(ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::copy::<usize>(ptr::null(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    ptr::copy::<usize>(ptr::NonNull::dangling().as_ptr(), ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::copy_nonoverlapping::<usize>(ptr::null(), ptr::NonNull::dangling().as_ptr(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    ptr::copy_nonoverlapping::<usize>(
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+        ptr::NonNull::dangling().as_ptr(),
+        ptr::null_mut(),
+        0
+    );
+
+    #[derive(Copy, Clone)]
+    struct A(usize);
+    let mut v = A(200);
+
+    let _a: A = ptr::read(ptr::null());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _a: A = ptr::read(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    let _a: A = ptr::read_unaligned(ptr::null());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _a: A = ptr::read_unaligned(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    let _a: A = ptr::read_volatile(ptr::null());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    let _a: A = ptr::read_volatile(ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    let _a: A = ptr::replace(ptr::null_mut(), v);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::swap::<A>(ptr::null_mut(), &mut v);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    ptr::swap::<A>(&mut v, ptr::null_mut());
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::swap_nonoverlapping::<A>(ptr::null_mut(), &mut v, 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+    ptr::swap_nonoverlapping::<A>(&mut v, ptr::null_mut(), 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::write(ptr::null_mut(), v);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::write_unaligned(ptr::null_mut(), v);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::write_volatile(ptr::null_mut(), v);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+
+    ptr::write_bytes::<usize>(ptr::null_mut(), 42, 0);
+    //~^ ERROR calling this function with a null pointer is Undefined Behavior
+}
+
+unsafe fn zst() {
+    struct A; // zero-sized type
+
+    ptr::read::<()>(ptr::null());
+    ptr::read::<A>(ptr::null());
+
+    ptr::write(ptr::null_mut(), ());
+    ptr::write(ptr::null_mut(), A);
+}
+
+unsafe fn not_invalid() {
+    // Simplified false-positive from std quicksort implementation
+
+    let mut a = ptr::null_mut();
+    let mut b = ();
+
+    loop {
+        if false {
+            break;
+        }
+
+        a = &raw mut b;
+    }
+
+    ptr::write(a, ());
+}
+
+fn main() {}