ImproperCTypes: change handling of slices

niacdoial · niacdoial · commit d409c7e3247e · 2025-09-21T12:21:28.000+02:00
correctly handle !Sized arrays at the tail-end of structs
and a cosmetic change to the array/slice-related lints,
diff --git a/compiler/rustc_lint/messages.ftl b/compiler/rustc_lint/messages.ftl
@@ -386,8 +386,7 @@ lint_improper_ctypes_only_phantomdata = composed only of `PhantomData`
 
 lint_improper_ctypes_opaque = opaque types have no C equivalent
 
-lint_improper_ctypes_slice_help = consider using a raw pointer instead
-
+lint_improper_ctypes_slice_help = consider using a raw pointer to the slice's first element (and a length) instead
 lint_improper_ctypes_slice_reason = slices have no C equivalent
 
 lint_improper_ctypes_str_help = consider using `*const u8` and a length instead
diff --git a/compiler/rustc_lint/src/types/improper_ctypes.rs b/compiler/rustc_lint/src/types/improper_ctypes.rs
@@ -659,9 +659,6 @@ bitflags! {
         /// To show that there is no outer type, the current type is directly used by a `static`
         /// variable or a function/FnPtr
         const NO_OUTER_TY = 0b100000;
-        /// For NO_OUTER_TY cases, show that we are being directly used by a FnPtr specifically
-        /// FIXME(ctypes): this is only used for "bad behaviour" reproduced for compatibility's sake
-        const NOOUT_FNPTR = 0b1000000;
     }
 }
 
@@ -696,7 +693,7 @@ impl EphemeralStateFlags {
     /// modify self to change the ephemeral part of the flags
     fn from_outer_ty<'tcx>(ty: Ty<'tcx>) -> Self {
         match ty.kind() {
-            ty::FnPtr(..) => Self::NO_OUTER_TY | Self::NOOUT_FNPTR,
+            ty::FnPtr(..) => Self::NO_OUTER_TY,
             k @ (ty::RawPtr(..) | ty::Ref(..)) => {
                 let mut ret = Self::IN_PTR;
                 if ty.is_mutable_ptr() {
@@ -740,7 +737,7 @@ impl VisitorState {
             } else {
                 PersistentStateFlags::ARGUMENT_TY_IN_FNPTR
             },
-            ephemeral_flags: EphemeralStateFlags::NO_OUTER_TY | EphemeralStateFlags::NOOUT_FNPTR,
+            ephemeral_flags: EphemeralStateFlags::NO_OUTER_TY,
         }
     }
 
@@ -779,6 +776,15 @@ impl VisitorState {
         Self::entry_point(PersistentStateFlags::STATIC_TY)
     }
 
+    /// Whether the type is used as the type of a static variable.
+    fn is_direct_in_static(&self) -> bool {
+        let ret = self.persistent_flags.contains(PersistentStateFlags::STATIC);
+        if ret {
+            debug_assert!(!self.persistent_flags.contains(PersistentStateFlags::FUNC));
+        }
+        ret && self.ephemeral_flags.contains(EphemeralStateFlags::NO_OUTER_TY)
+    }
+
     /// Whether the type is used in a function.
     fn is_in_function(&self) -> bool {
         let ret = self.persistent_flags.contains(PersistentStateFlags::FUNC);
@@ -844,6 +850,12 @@ impl VisitorState {
     fn is_raw_pointee(&self) -> bool {
         self.ephemeral_flags.contains(EphemeralStateFlags::IN_PTR | EphemeralStateFlags::PTR_RAW)
     }
+
+    /// Whether the current type directly in the memory layout of the parent ty
+    #[inline]
+    fn is_memory_inlined(&self) -> bool {
+        self.ephemeral_flags.contains(EphemeralStateFlags::MEMORY_INLINED)
+    }
 }
 
 /// Visitor used to recursively traverse MIR types and evaluate FFI-safety.
@@ -1320,11 +1332,21 @@ impl<'a, 'tcx> ImproperCTypesVisitor<'a, 'tcx> {
                 Some(fluent::lint_improper_ctypes_char_help),
             ),
 
-            ty::Slice(_) => FfiResult::new_with_reason(
-                ty,
-                fluent::lint_improper_ctypes_slice_reason,
-                Some(fluent::lint_improper_ctypes_slice_help),
-            ),
+            ty::Slice(inner_ty) => {
+                // ty::Slice is used for !Sized arrays, since they are the pointee for actual slices
+                let slice_is_actually_array =
+                    state.is_memory_inlined() || state.is_direct_in_static();
+
+                if slice_is_actually_array {
+                    self.visit_type(state.get_next(ty), inner_ty)
+                } else {
+                    FfiResult::new_with_reason(
+                        ty,
+                        fluent::lint_improper_ctypes_slice_reason,
+                        Some(fluent::lint_improper_ctypes_slice_help),
+                    )
+                }
+            }
 
             ty::Dynamic(..) => {
                 FfiResult::new_with_reason(ty, fluent::lint_improper_ctypes_dyn, None)
@@ -1376,10 +1398,7 @@ impl<'a, 'tcx> ImproperCTypesVisitor<'a, 'tcx> {
             }
 
             ty::Array(inner_ty, _) => {
-                if state.is_direct_in_function()
-                    // FIXME(ctypes): VVV-this-VVV shouldn't be the case
-                    && !state.ephemeral_flags.contains(EphemeralStateFlags::NOOUT_FNPTR)
-                {
+                if state.is_direct_in_function() {
                     // C doesn't really support passing arrays by value - the only way to pass an array by value
                     // is through a struct.
                     FfiResult::new_with_reason(
diff --git a/tests/ui/lint/extern-C-fnptr-lints-slices.stderr b/tests/ui/lint/extern-C-fnptr-lints-slices.stderr
@@ -5,7 +5,7 @@ LL | pub type F = extern "C" fn(&[u8]);
    |              ^^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `for<'a> extern "C" fn(&'a [u8])` is FFI-unsafe due to `&[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: this reference to an unsized type contains metadata, which makes it incompatible with a C pointer
 note: the lint level is defined here
   --> $DIR/extern-C-fnptr-lints-slices.rs:1:8
diff --git a/tests/ui/lint/improper-ctypes/lint-94223.stderr b/tests/ui/lint/improper-ctypes/lint-94223.stderr
@@ -5,7 +5,7 @@ LL | pub fn bad(f: extern "C" fn([u8])) {}
    |               ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 note: the lint level is defined here
   --> $DIR/lint-94223.rs:2:36
@@ -20,7 +20,7 @@ LL | pub fn bad_twice(f: Result<extern "C" fn([u8]), extern "C" fn([u8])>) {}
    |                            ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `[u8]`, which is not FFI-safe
@@ -30,7 +30,7 @@ LL | pub fn bad_twice(f: Result<extern "C" fn([u8]), extern "C" fn([u8])>) {}
    |                                                 ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `[u8]`, which is not FFI-safe
@@ -40,7 +40,7 @@ LL | struct BadStruct(extern "C" fn([u8]));
    |                  ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `[u8]`, which is not FFI-safe
@@ -50,7 +50,7 @@ LL |     A(extern "C" fn([u8])),
    |       ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `[u8]`, which is not FFI-safe
@@ -60,7 +60,7 @@ LL |     A(extern "C" fn([u8])),
    |       ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `[u8]`, which is not FFI-safe
@@ -70,7 +70,7 @@ LL | type Foo = extern "C" fn([u8]);
    |            ^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: the function pointer to `extern "C" fn([u8])` is FFI-unsafe due to `[u8]`
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: slices have no C equivalent
 
 error: `extern` callback uses type `Option<&<T as FooTrait>::FooType>`, which is not FFI-safe
diff --git a/tests/ui/lint/improper-ctypes/lint-ctypes.stderr b/tests/ui/lint/improper-ctypes/lint-ctypes.stderr
@@ -4,7 +4,7 @@ error: `extern` block uses type `&[u32]`, which is not FFI-safe
 LL |     pub fn slice_type(p: &[u32]);
    |                          ^^^^^^ not FFI-safe
    |
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: this reference to an unsized type contains metadata, which makes it incompatible with a C pointer
 note: the lint level is defined here
   --> $DIR/lint-ctypes.rs:5:9
@@ -170,7 +170,7 @@ note: the type is defined here
    |
 LL | pub struct TwoBadTypes<'a> {
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: this reference to an unsized type contains metadata, which makes it incompatible with a C pointer
 
 error: `extern` block uses type `&UnsizedStructBecauseDyn`, which is not FFI-safe
diff --git a/tests/ui/lint/improper-ctypes/lint-fn.stderr b/tests/ui/lint/improper-ctypes/lint-fn.stderr
@@ -19,7 +19,7 @@ error: `extern` fn uses type `&[u32]`, which is not FFI-safe
 LL | pub extern "C" fn slice_type(p: &[u32]) { }
    |                                 ^^^^^^ not FFI-safe
    |
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: this reference to an unsized type contains metadata, which makes it incompatible with a C pointer
 note: the lint level is defined here
   --> $DIR/lint-fn.rs:2:31
@@ -42,7 +42,7 @@ error: `extern` fn uses type `Box<[u8]>`, which is not FFI-safe
 LL | pub extern "C" fn boxed_slice(p: Box<[u8]>) { }
    |                                  ^^^^^^^^^ not FFI-safe
    |
-   = help: consider using a raw pointer instead
+   = help: consider using a raw pointer to the slice's first element (and a length) instead
    = note: this box for an unsized type contains metadata, which makes it incompatible with a C pointer
 
 error: `extern` fn uses type `Box<str>`, which is not FFI-safe

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ LL \| pub type F = extern "C" fn(&[u8]);`
`5`	`5`	`\| ^^^^^^^^^^^^^^^^^^^^ not FFI-safe`
`6`	`6`	`\|`
`7`	`7`	= note: the function pointer to `for<'a> extern "C" fn(&'a [u8])` is FFI-unsafe due to `&[u8]`
`8`		`- = help: consider using a raw pointer instead`
	`8`	`+ = help: consider using a raw pointer to the slice's first element (and a length) instead`
`9`	`9`	`= note: this reference to an unsized type contains metadata, which makes it incompatible with a C pointer`
`10`	`10`	`note: the lint level is defined here`
`11`	`11`	`--> $DIR/extern-C-fnptr-lints-slices.rs:1:8`