What is this?
We recently added checks for valid enum discriminants to -Zub-checks (PR #141759). This currently sanitizes (in dbg-builds) for a pattern where an invalid enum is created. As an example the following code:
#[repr(u8)]
enum Foo {
A = 0,
B = 1
}
...
let foo = unsafe { std::mem::transmute::<_, Foo>(3_u8) };Would result in the following runtime panic:
trying to construct an enum from an invalid value 0x3
While this is nice and helpful, most people don't transmute to invalid enum values. A much more common place where this can happen is when interacting with other languages. E.g. with C(++):
#[repr(C)]
enum Foo {
A,
B,
}
unsafe extern "C" {
fn get_foo() -> *const Foo;
}
...
let foo = unsafe { *get_foo() };The current check is not sufficient here and wouldn't catch the invalid value. So one goal is to extend the check to catch such cases.
Another improvement we would like to do is a better debug message for when this fails. At the moment this just tells the invalid runtime discriminant value that was used to create this enum. It would be helpful to have more information here.
Steps
Implementation history
What is this?
We recently added checks for valid enum discriminants to
-Zub-checks(PR #141759). This currently sanitizes (in dbg-builds) for a pattern where an invalid enum is created. As an example the following code:Would result in the following runtime panic:
While this is nice and helpful, most people don't transmute to invalid enum values. A much more common place where this can happen is when interacting with other languages. E.g. with C(++):
The current check is not sufficient here and wouldn't catch the invalid value. So one goal is to extend the check to catch such cases.
Another improvement we would like to do is a better debug message for when this fails. At the moment this just tells the invalid runtime discriminant value that was used to create this enum. It would be helpful to have more information here.
Steps
Implementation history