Skip to content

Detect dereference of null pointer #12598

New issue
New issue
Open
Open
Detect dereference of null pointer#12598
Labels
A-lintArea: New lintsT-MIRType: This lint will require working with the MIR
@estebank

Description

@estebank
estebank
opened on Mar 30, 2024

What it does

Tracks the creation of null pointers with std::ptr::{null, null_mut}, and any binding that holds them that are never touched until they are dereferenced. When such a case is encountered, a deny-by-default lint is triggered.

Advantage

  • compile time detection of assured UB
  • slightly lowered need for miri

Drawbacks

  • detection logic to avoid false positives might be tricky
  • miri already catches this, this could be considered redundant

Example

fn foo(x: *mut i32) -> i32 {
    unsafe {
        if x.is_null() {
            *x
        } else {
            0
        }
    }
}
fn main() {
    foo(std::ptr::null_mut());
}

Should complain about the access to a null pointer at compile time on *x.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-lintArea: New lintsT-MIRType: This lint will require working with the MIR

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions