Add lint to detect dereferencing of NULL pointers

[RalfJung]

I propose we add a lint that detects code like

*(0 as *const i32)
*ptr::null()
*ptr::null_mut()

Some people seem to think that this is okay in contexts like &*(0 as *const i32) or addr_of!(*(0 as *const i32)), but that is not the case -- * on a NULL pointer is UB even as a place expression.

To implement this, you can use the invalid_value lint as a template:

rust/compiler/rustc_lint/src/builtin.rs

Line 2360 in 9d8f833

declare_lint_pass!(InvalidValue => [INVALID_VALUE]);

check_expr should check for Unary expressions with a Deref operator, and then check the operand to be either a cast of 0 to a pointer type, or a call to one of the null methods. To detect the methods, make them "diagnostic items"; the invalid_value lint does that e.g. for mem::zeroed so it can again serve as a template here.

[RalfJung]

Ah, turns out clippy already has a lint for this: zero_ptr. So maybe we should just move that to rustc? Cc @rust-lang/clippy

[ABouttefeux]

@rustbot claim

[RalfJung]

@ABouttefeux awesome. :) Let me know if you need any help.

[ABouttefeux]

Thanks :)

[slightlyoutofphase]

@RalfJung

Did you mean something slightly different with your "okay in contexts like" examples, perhaps? Neither of those two actually compile as written, since they're just attempts to deference something that isn't even a pointer. You get:

error[E0614]: type `usize` cannot be dereferenced

in both cases.

[RalfJung]

oops I screwed up the casts, should be fixed now.

[Manishearth]

Yeah, happy to have Clippy lints upstreamed to rust, let us know when it's done so we can deprecate it on our end

[ABouttefeux]

@RalfJung for detecting a call like ptr::null() you said to use TyCtxt::is_diagnostic_item. However I do not know what to use for the symbol argument. There is compiler\rustc_span\src\symbol.rs that defines symbol but nothing looks like creating a null ptr. Should I add one what should it look like ?

[RalfJung]

You first need to add the diagnostic item attribute to the relevant function inside library, like so:

rust/library/core/src/mem/mod.rs

Line 621 in 58e7189

#[rustc_diagnostic_item = "mem_zeroed"]

This name must be globally unique, e.g. ptr_null and ptr_null_mut.

Then you add those names to the list in compiler\rustc_span\src\symbol.rs (please keep it alphabetically sorted), and then you can use them for is_diagnostic_item.