dangling pointer from temp cleanup

[hkBst]

Continuation of #148348
r? @Urgau

[rustbot]

r? @lcnr

rustbot has assigned @lcnr.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[Urgau]

I'm not sure that's the a good description of the issue, I feel like it's a bit misleading, the temporary is not yet dropped (otherwise this would insta UB), it's dropped only after creating the pointer, and it's the dropping of the temporary which makes the pointer dangling.

The previously wording was clearer IMO on this point. Not sure how to best improve that.

[hkBst]

Hmm, I thought that detail did not matter. Do you have a reference for your claim that that would be insta UB?

[Urgau]

Do you have a reference for your claim that that would be insta UB?

For String::new().DROPPED.as_ptr() it's apparently a grey area rust-lang/unsafe-code-guidelines#188 where use-after-dropped and use-after-free are different regarding opsem. I was told that it should probably be UB and is heavily discouraged.

But for allocation like "".to_string().DROPPED.as_ptr() Miri flags it as UB¹ on the as_ptr() call, so 🤷

Footnotes

1. https://play.rust-lang.org/?version=stable&mode=debug&edition=2024&gist=1c4f3446888f2b92d486a5f478722640 ↩

[hkBst]

I created rust-lang/miri#4668 to hopefully clarify this...

[hkBst]

Right, so this is UB because of a dangling reference (which miri calls a pointer confusingly). I think the existence of https://doc.rust-lang.org/nightly/std/ptr/fn.dangling.html proves that just a dangling pointer is not UB.

I also think that means that it does not really matter whether a now-dangling pointer was temporarily valid at its point of creation.

[Urgau]

My un-easeness is not on whenever the pointer was temporarily valid, it is, but as you said it's not relevant. What I'm having problem with that your proposed message makes it ambiguous as to whenever or not the pointer was created from an invalid temporary, which rust-lang/miri#4668 made it clear that it's UB (lang or libs).

It would be IMO better if the message made it clear / obvious that the pointer is dangling precisely because it points to a temporary that's dropped too early, which the previous message was clearer about.

Maybe we could say something like this:

dropped temporary makes the pointer to {$ty} dangling

[Urgau]

Or maybe something like this:
warning: this pointer becomes dangling as the temporary {$ty} is dropped at statement end

After reflection I think I like this one the best, with the caveat that we should change the primary span to the as_ptr() part

[Urgau]

This also is misleading IMO, it's not yet dangling but it will be.

[Urgau]

Suggested change

	.label_ptr = dangling pointer created here
	.label_ptr = pointer created here

[hkBst]

BTW help vs note: help should be used to show changes the user can possibly make to fix the problem. note should be used for everything else, such as other context, information and facts, online resources to read, etc. -- https://rustc-dev-guide.rust-lang.org/diagnostics.html#diagnostic-levels

Should probably change a lot of these helps to notes...

[hkBst]

@rustbot ready