Suggest `{to,from}_ne_bytes` when people use transmute between arrays and integers #136067

scottmcm · 2025-01-25T21:24:35Z

Code

fn bytes_at_home_1(a: [u8; 4]) -> u32 {
    unsafe { std::mem::transmute(a) }
}

fn bytes_at_home_2(x: u32) -> [u8; 4] {
    unsafe { std::mem::transmute(x) }
}

Current output

(no warnings)

Desired output

Warning: use the safe alternative instead
|
|    unsafe { std::mem::transmute(a) }
|             ^^^^^^^^^^^^^^^^^^^ This can be done with `u32::from_ne_bytes(a)` instead
|
hint: there's also `from_le_bytes` and `from_ne_bytes` if you expect a particular byte order

Warning: use the safe alternative instead
|
|    unsafe { std::mem::transmute(x) }
|             ^^^^^^^^^^^^^^^^^^^ This can be done with `x.to_ne_bytes()` instead
|
hint: there's also `to_le_bytes` and `to_ne_bytes` if you expect a particular byte order

Rationale and extra context

I see people doing this a bunch, like it just came up in Discord.

It would be nice to point them to the safe alternative when possible.

Other cases

Rust Version

Playground nightly ⬇

Anything else?

https://play.rust-lang.org/?version=nightly&mode=debug&edition=2021&gist=a89dfdaa49736b9d106b2099ca48ddd7

The text was updated successfully, but these errors were encountered:

kpreid · 2025-01-25T21:54:16Z

Some other byte-reinterpretations that could be linted against on the same premise, that don’t involve arrays:

iNN ↔ uNN
bool ↔ u8
char ↔ u32

bend-n · 2025-01-26T01:57:38Z

@rustbot claim

hanna-kruppe · 2025-01-26T20:41:03Z

FWIW, clippy already has a bunch of warn-by-default lints for transmutes that can be done with safe constructors or need extra checks to be sound (including some already mentioned in this thread, but also int<->float, &str <-> &[u8], NonZeroT <-> T). May be worth uplifting and expanding all of those if there’s appetite for this kind of lint in rustc.

scottmcm · 2025-02-12T17:05:11Z

@hanna-kruppe To me, the thing that makes to_ne_bytes worth warning in rustc is that it removes unsafe code.

I'm definitely a fan of having clippy suggest better unsafe ways to do transmutes, but I don't know that it would necessarily meet the rustc bar if the replacement is still unsafe.

hanna-kruppe · 2025-02-12T17:42:13Z

Sure, as long as there’s some consistent reason for what’s uplifted and what isn’t and we aren’t missing clippy existing lints just because nobody looked.

Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc implements rust-lang#136067 Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases. ```rs fn bytes_at_home(x: [u8; 4]) -> u32 { transmute(x) } // other examples transmute::<[u8; 2], u16>(); transmute::<[u8; 8], f64>(); transmute::<u32, [u8; 4]>(); transmute::<char, u32>(); transmute::<u32, char>(); ``` It would be handy to suggest `u32::from_ne_bytes(x)`. This is implemented for `[u8; _]` -> `{float int}` This also implements the cases: `fXX` <-> `uXX` = `{from_bits, to_bits}` `uXX` -> `iXX` via `cast_unsigned` and `cast_signed` {`char` -> `u32`, `bool` -> `n8`} via `from` `u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested) `u8` -> `bool` via `==` (debatable)

Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc implements rust-lang#136067 Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases. ```rs fn bytes_at_home(x: [u8; 4]) -> u32 { transmute(x) } // other examples transmute::<[u8; 2], u16>(); transmute::<[u8; 8], f64>(); transmute::<u32, [u8; 4]>(); transmute::<char, u32>(); transmute::<u32, char>(); ``` It would be handy to suggest `u32::from_ne_bytes(x)`. This is implemented for `[u8; _]` -> `{float int}` This also implements the cases: `fXX` <-> `uXX` = `{from_bits, to_bits}` `uXX` -> `iXX` via `cast_unsigned` and `cast_signed` {`char` -> `u32`, `bool` -> `n8`} via `from` `u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested) `u8` -> `bool` via `==` (debatable) --- try-job: aarch64-gnu try-job: test-various

Rollup merge of rust-lang#136083 - bend-n:⃤⃤, r=lcnr Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc implements rust-lang#136067 Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases. ```rs fn bytes_at_home(x: [u8; 4]) -> u32 { transmute(x) } // other examples transmute::<[u8; 2], u16>(); transmute::<[u8; 8], f64>(); transmute::<u32, [u8; 4]>(); transmute::<char, u32>(); transmute::<u32, char>(); ``` It would be handy to suggest `u32::from_ne_bytes(x)`. This is implemented for `[u8; _]` -> `{float int}` This also implements the cases: `fXX` <-> `uXX` = `{from_bits, to_bits}` `uXX` -> `iXX` via `cast_unsigned` and `cast_signed` {`char` -> `u32`, `bool` -> `n8`} via `from` `u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested) `u8` -> `bool` via `==` (debatable) --- try-job: aarch64-gnu try-job: test-various

bend-n · 2025-04-28T14:50:06Z

What about std::simd types? we could add those in too, maybe?
Or [[T:N];N] -> [T; N * N] via as_flattened

Starting with Rust 1.88.0 (expected 2025-06-26) [1][2], `rustc` may introduce a new lint that catches unnecessary transmutes, e.g.: error: unnecessary transmute --> rust/uapi/uapi_generated.rs:23242:18 | 23242 | unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: replace this with: `(self._bitfield_1.get(0usize, 1u8) as u8 == 1)` | = note: `-D unnecessary-transmutes` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(unnecessary_transmutes)]` There are a lot of them (at least 300), but luckily they are all in `bindgen`-generated code. Thus clean all up by allowing it there. Since unknown lints trigger a lint itself in older compilers, do it conditionally so that we can keep the `unknown_lints` lint enabled. Cc: [email protected] # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: rust-lang/rust#136083 [1] Link: rust-lang/rust#136067 [2] Signed-off-by: Miguel Ojeda <[email protected]>

Starting with Rust 1.88.0 (expected 2025-06-26) [1][2], `rustc` may introduce a new lint that catches unnecessary transmutes, e.g.: error: unnecessary transmute --> rust/uapi/uapi_generated.rs:23242:18 | 23242 | unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: replace this with: `(self._bitfield_1.get(0usize, 1u8) as u8 == 1)` | = note: `-D unnecessary-transmutes` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(unnecessary_transmutes)]` There are a lot of them (at least 300), but luckily they are all in `bindgen`-generated code. Thus clean all up by allowing it there. Since unknown lints trigger a lint itself in older compilers, do it conditionally so that we can keep the `unknown_lints` lint enabled. Cc: [email protected] # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: rust-lang/rust#136083 [1] Link: rust-lang/rust#136067 [2] Reviewed-by: Alice Ryhl <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Miguel Ojeda <[email protected]>

Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc implements rust-lang#136067 Rust has helper methods for many kinds of safe transmutes, for example integer<->bytes. This is a lint against using transmute for these cases. ```rs fn bytes_at_home(x: [u8; 4]) -> u32 { transmute(x) } // other examples transmute::<[u8; 2], u16>(); transmute::<[u8; 8], f64>(); transmute::<u32, [u8; 4]>(); transmute::<char, u32>(); transmute::<u32, char>(); ``` It would be handy to suggest `u32::from_ne_bytes(x)`. This is implemented for `[u8; _]` -> `{float int}` This also implements the cases: `fXX` <-> `uXX` = `{from_bits, to_bits}` `uXX` -> `iXX` via `cast_unsigned` and `cast_signed` {`char` -> `u32`, `bool` -> `n8`} via `from` `u32` -> `char` via `from_u32_unchecked` (note: notes `from_u32().unwrap()`) (contested) `u8` -> `bool` via `==` (debatable) --- try-job: aarch64-gnu try-job: test-various

commit 7129ea6 upstream. Starting with Rust 1.88.0 (expected 2025-06-26) [1][2], `rustc` may introduce a new lint that catches unnecessary transmutes, e.g.: error: unnecessary transmute --> rust/uapi/uapi_generated.rs:23242:18 | 23242 | unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: replace this with: `(self._bitfield_1.get(0usize, 1u8) as u8 == 1)` | = note: `-D unnecessary-transmutes` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(unnecessary_transmutes)]` There are a lot of them (at least 300), but luckily they are all in `bindgen`-generated code. Thus clean all up by allowing it there. Since unknown lints trigger a lint itself in older compilers, do it conditionally so that we can keep the `unknown_lints` lint enabled. Cc: [email protected] # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: rust-lang/rust#136083 [1] Link: rust-lang/rust#136067 [2] Reviewed-by: Alice Ryhl <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Miguel Ojeda <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>

scottmcm added A-diagnostics Area: Messages for errors, warnings, and lints T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jan 25, 2025

rustbot assigned bend-n Jan 26, 2025

bend-n mentioned this issue Jan 26, 2025

Suggest {to,from}_ne_bytes for transmutations between arrays and integers, etc #136083

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Suggest `{to,from}_ne_bytes` when people use transmute between arrays and integers #136067

Suggest `{to,from}_ne_bytes` when people use transmute between arrays and integers #136067

scottmcm commented Jan 25, 2025 •

edited by rustbot

Loading

kpreid commented Jan 25, 2025

bend-n commented Jan 26, 2025

hanna-kruppe commented Jan 26, 2025

scottmcm commented Feb 12, 2025

hanna-kruppe commented Feb 12, 2025

bend-n commented Apr 28, 2025 •

edited

Loading

Suggest {to,from}_ne_bytes when people use transmute between arrays and integers #136067

Suggest {to,from}_ne_bytes when people use transmute between arrays and integers #136067

Comments

scottmcm commented Jan 25, 2025 • edited by rustbot Loading

Code

Current output

Desired output

Rationale and extra context

Other cases

Rust Version

Anything else?

kpreid commented Jan 25, 2025

bend-n commented Jan 26, 2025

hanna-kruppe commented Jan 26, 2025

scottmcm commented Feb 12, 2025

hanna-kruppe commented Feb 12, 2025

bend-n commented Apr 28, 2025 • edited Loading

Suggest `{to,from}_ne_bytes` when people use transmute between arrays and integers #136067

Suggest `{to,from}_ne_bytes` when people use transmute between arrays and integers #136067

scottmcm commented Jan 25, 2025 •

edited by rustbot

Loading

bend-n commented Apr 28, 2025 •

edited

Loading