Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc by bend-n · Pull Request #136083 · rust-lang/rust

bend-n · 2025-01-26T04:12:57Z

implements #136067

Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases.

fn bytes_at_home(x: [u8; 4]) -> u32 {
   transmute(x)
}

// other examples
transmute::<[u8; 2], u16>();
transmute::<[u8; 8], f64>();
transmute::<u32, [u8; 4]>();
transmute::<char, u32>();
transmute::<u32, char>();

It would be handy to suggest u32::from_ne_bytes(x).
This is implemented for [u8; _] -> {float int}

This also implements the cases:
fXX <-> uXX = {from_bits, to_bits}
uXX -> iXX via cast_unsigned and cast_signed
{char -> u32, bool -> n8} via from
u32 -> char via from_u32_unchecked (note: notes from_u32().unwrap()) (contested)
u8 -> bool via == (debatable)

try-job: aarch64-gnu
try-job: test-various

rustbot · 2025-01-26T04:13:05Z

r? @wesleywiser

rustbot has assigned @wesleywiser.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

bend-n · 2025-01-26T05:37:43Z

how do i fix stdarch?

juntyr · 2025-01-26T08:46:13Z

compiler/rustc_mir_transform/src/check_redundant_transmutes.rs

+            Bool | Uint(..) | Int(..) => {
+                matches!(fn_sig.output().kind(), Int(..) | Uint(..)).then(|| {
+                    errors::RedundantTransmute {
+                        sugg: format!("({arg}) as {}", fn_sig.output()),


I wouldn't suggest an as conversion here as as is so overloaded that I at least always forget what each conversion does. I remember there was an attempt in the past to create explicit methods for each as behaviour - if they've been merged, perhaps we could recommend them?

I'm not sure what methods you're referring to... I don't think i should suggest i32::from_ne_bytes(x.to_ne_bytes())? And try_from has different behavior.

There are the unstable cast_unsigned and cast_signed methods, and there's an ACP for additional methods rust-lang/libs-team#453.

Perhaps for now the code just gets a FIXME so that the recommendation is changed once #125882 is stabilized (feature integer_sign_cast)?

The cast_(un)signed methods will be stable on nightly in another 2 days: #125882 (comment)

So maybe we just hold off on merging this PR until that stabilization PR lands? I'm also not a fan of as, so would like to avoid suggesting something that clippy will soon then start suggesting to change again.

oh wow! i guess ill make it suggest those methods then

what about bool as integer though?

@bend-n

let b: bool = true; let x = u8::from(b); assert_eq!(x, 1);

.into() would be nicer but depends on knowing u8 or i8 from type inference. u8::from and i8::from work in any context, though they don't work in postfix position. For the purposes of this lint, though, the only integer types you can transmute a bool to would be u8 or i8, and transmute already isn't postfix, so I'd suggest that transmutes from bool to u8/i8 should suggest u8::from and i8::from, respectively.

i can do that with u32::from(char) i think, as well

Noratrieb · 2025-01-26T09:47:04Z

Is there a reason you made it a MIR lint instead of a HIR lint? HIR lints will make it easier to do the spans.

bend-n · 2025-01-26T10:04:33Z

@Noratrieb i dont know the difference; i looked for transmute and copied that (ptr_to_integer_transmute_in_consts) lint.

bend-n · 2025-01-26T10:07:43Z

Also, how should i fix stdarch? Should i make a PR over there to remove the unnecessary trans?

Noratrieb · 2025-01-26T10:15:32Z

I would first recommend checking out if the lang team wants this lint.
Can you write out a clear PR description with the exact cases you're covering and some examples for the lang team?

joshtriplett · 2025-02-12T16:13:41Z

We talked about this briefly in today's @rust-lang/lang meeting. This seems likely to always be desirable, and it helps people rewrite unsafe code as safe code. Let's give it a try in nightly and see how it goes! (In particular, that'll let us evaluate possible false positives.)

scottmcm · 2025-02-12T16:48:20Z

u32 -> char via from_u32_unchecked

I'm slightly torn on this one. It feels more like a clippy lint to me, because to me what we're approving here as a lang team is "suggesting safe alternatives to unsafe transmutes", not "well there's a different unsafe version that would be better" -- it's the removing of unsafe that gets it to the "yes this is in rustc" bar, in my mind. (Other team members may disagree, however.)

traviscross · 2025-02-12T17:23:11Z

I'm torn on it too. It is marginally safer, because then at least it goes through the asssert_unsafe_precondition:

pub(super) const unsafe fn from_u32_unchecked(i: u32) -> char {
    // SAFETY: the caller must guarantee that `i` is a valid char value.
    unsafe {
        assert_unsafe_precondition!(
            check_language_ub,
            "invalid value for `char`",
            (i: u32 = i) => char_try_from_u32(i).is_ok()
        );
        transmute(i)
    }
}

Playground link

The assertion only fires on debug builds, though.

rustbot · 2025-02-14T14:20:17Z

Some changes occurred to MIR optimizations

cc @rust-lang/wg-mir-opt

lcnr · 2025-04-15T12:34:22Z

@bors try

Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc implements rust-lang#136067 Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases. ```rs fn bytes_at_home(x: [u8; 4]) -> u32 { transmute(x) } // other examples transmute::<[u8; 2], u16>(); transmute::<[u8; 8], f64>(); transmute::<u32, [u8; 4]>(); transmute::<char, u32>(); transmute::<u32, char>(); ``` It would be handy to suggest `u32::from_ne_bytes(x)`. This is implemented for `[u8; _]` -> `{float int}` This also implements the cases: `fXX` <-> `uXX` = `{from_bits, to_bits}` `uXX` -> `iXX` via `cast_unsigned` and `cast_signed` {`char` -> `u32`, `bool` -> `n8`} via `from` `u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested) `u8` -> `bool` via `==` (debatable) --- try-job: aarch64-gnu try-job: test-various

bors · 2025-04-15T12:35:34Z

⌛ Trying commit 14d9dc8 with merge 1fbc7e2...

bend-n · 2025-04-15T12:35:57Z

its probably still going to fail :(
i dont know what the problem is

bors · 2025-04-15T13:03:22Z

💔 Test failed - checks-actions

bors · 2025-04-16T19:32:02Z

☔ The latest upstream changes (presumably #139914) made this pull request unmergeable. Please resolve the merge conflicts.

Zalathar · 2025-04-18T03:28:11Z

@bors try

bors · 2025-04-18T03:29:22Z

⌛ Trying commit dd96397 with merge 0d8a33b...

bend-n · 2025-04-19T09:09:14Z

@rustbot ready

bors · 2025-04-23T22:05:49Z

☔ The latest upstream changes (presumably #139983) made this pull request unmergeable. Please resolve the merge conflicts.

…gers, etc

lcnr · 2025-04-24T13:56:09Z

@bors r+

bors · 2025-04-24T13:56:11Z

📌 Commit 6921a51 has been approved by lcnr

It is now in the queue for this repository.

rustbot assigned wesleywiser Jan 26, 2025

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Jan 26, 2025