rustc_lint_defs::builtin

Static LOSSY_PROVENANCE_CASTS

Source
pub static LOSSY_PROVENANCE_CASTS: &Lint
Expand description

The lossy_provenance_casts lint detects an as cast between a pointer and an integer.

§Example

#![warn(lossy_provenance_casts)]

fn main() {
    let x: u8 = 37;
    let _addr: usize = &x as *const u8 as usize;
}

{{produces}}

§Explanation

This lint is part of the strict provenance effort, see issue #95228. Casting a pointer to an integer is a lossy operation, because beyond just an address a pointer may be associated with a particular provenance. This information is used by the optimiser and for dynamic analysis/dynamic program verification (e.g. Miri or CHERI platforms).

Since this cast is lossy, it is considered good style to use the ptr::addr method instead, which has a similar effect, but doesn’t “expose” the pointer provenance. This improves optimisation potential. See the docs of ptr::addr and ptr::expose_provenance for more information about exposing pointer provenance.

If your code can’t comply with strict provenance and needs to expose the provenance, then there is ptr::expose_provenance as an escape hatch, which preserves the behaviour of as usize casts while being explicit about the semantics.