Lib.rs

Rust patterns
#proc-macro #check #cast #invalid #casts #procedural #try-into

cast_checks

A procedural macro to check for invalid casts

by Samuel Moelius

5 releases

0.1.4 Oct 5, 2023
0.1.3 Jul 25, 2023
0.1.2 Apr 2, 2023
0.1.1 Mar 26, 2023
0.1.0 Mar 24, 2023

#651 in Rust patterns

MIT/Apache

8KB

cast_checks

A procedural macro to check for invalid casts

Like -C overflow-checks, cast_checks is enabled only for debug builds by default. To enable cast_checks for release builds, set the crate-level release feature.

How it works

cast_checks::enable essentially rewrites each expression of the form:

expr as T

to an expression involving try_into:

<_ as TryInto::< T >>::try_into( expr ).expect("invalid cast")

So when an invalid cast occurs, a message like the following results:

thread 'checked_truncation' panicked at 'invalid cast: TryFromIntError(())', cast_checks/tests/basic.rs:30:13

We say "essentially rewrites" because the actual generated code is slightly more complex. It uses Nikolai Vazquez's impls' trick to determine whether an appropriate TryInto implementation exists.

How to use

With a stable compiler

You must use cast_checks::enable as an outer attribute. Example:

#[cast_checks::enable]
fn as_u16(x: u64) -> u16 {
    x as u16
}

With a nightly compiler

We recommend enabling Rust features custom_inner_attributes and proc_macro_hygiene, and compiling with the procmacro2_semver_exempt config flag, e.g.:

RUSTFLAGS='--cfg procmacro2_semver_exempt' cargo build

If you enable the custom_inner_attributes and proc_macro_hygiene features, you can use cast_checks::enable as an inner attribute. Example:

#![feature(custom_inner_attributes, proc_macro_hygiene)]

mod m {
    #![cast_checks::enable]

    /* items */
}

However, in our experience, this can cause panics to refer to the wrong locations.

To help counter the above, if you compile with the procmacro2_semver_exempt config flag, cast_checks will include more elaborate expect messages. Example:

thread 'checked_truncation' panicked at 'invalid cast in `x as u8` at cast_checks/tests/basic.rs:30:13: TryFromIntError(())', cast_checks/tests/basic.rs:30:13

CAST_CHECKS_LOG

If you are concerned that some casts are not being checked, try setting CAST_CHECKS_LOG when compiling. This will cause cast_checks to dump to standard output:

  • all rewritten locations
  • all modules whose contents are not visited because they are not inlined

Example:

cast_checks rewriting `x as u16` at src/lib.rs:0:0
cast_checks not descending into `mod c ;` at src/lib.rs:0:0

Note that CAST_CHECKS_LOG requires --cfg procmacro2_semver_exempt to be passed to rustc.

Dependencies

~320–770KB
~18K SLoC