pub static LOSSY_PROVENANCE_CASTS: &Lint
Expand description
The lossy_provenance_casts
lint detects an as
cast between a pointer
and an integer.
§Example
#![warn(lossy_provenance_casts)]
fn main() {
let x: u8 = 37;
let _addr: usize = &x as *const u8 as usize;
}
{{produces}}
§Explanation
This lint is part of the strict provenance effort, see issue #95228. Casting a pointer to an integer is a lossy operation, because beyond just an address a pointer may be associated with a particular provenance. This information is used by the optimiser and for dynamic analysis/dynamic program verification (e.g. Miri or CHERI platforms).
Since this cast is lossy, it is considered good style to use the
ptr::addr
method instead, which has a similar effect, but doesn’t
“expose” the pointer provenance. This improves optimisation potential.
See the docs of ptr::addr
and ptr::expose_provenance
for more information
about exposing pointer provenance.
If your code can’t comply with strict provenance and needs to expose
the provenance, then there is ptr::expose_provenance
as an escape hatch,
which preserves the behaviour of as usize
casts while being explicit
about the semantics.