cast_checks

A procedural macro to check for invalid casts

Like [-C overflow-checks], cast_checks is enabled only for debug builds by default. To enable cast_checks for release builds, set the crate-level release feature.

How it works

cast_checks::enable essentially rewrites each expression of the form:

rust,ignore expr as T

to an expression involving [try_into]:

rust,ignore <_ as TryInto::< T >>::try_into( expr ).expect("invalid cast")

So when an invalid cast occurs, a message like the following results:

text thread 'checked_truncation' panicked at 'invalid cast: TryFromIntError(())', cast_checks/tests/basic.rs:30:13

We say "essentially rewrites" because the actual generated code is slightly more complex. It uses [Nikolai Vazquez]'s [impls]' [trick] to determine whether an appropriate [TryInto] implementation exists.

How to use

With a stable compiler

You must use cast_checks::enable as an outer [attribute]. Example:

```rust

[cast_checks::enable]

fn as_u16(x: u64) -> u16 { x as u16 } ```

With a nightly compiler

We recommend enabling Rust features [custom_inner_attributes] and [proc_macro_hygiene], and compiling with the [procmacro2_semver_exempt] config flag, e.g.:

sh RUSTFLAGS='--cfg procmacro2_semver_exempt' cargo build

If you enable the [custom_inner_attributes] and [proc_macro_hygiene] features, you can use cast_checks::enable as an inner [attribute]. Example:

```rust,ignore

![feature(custominnerattributes, procmacrohygiene)]

mod m { #![cast_checks::enable]

/* items */

} ```

However, in our experience, this can cause panics to refer to the wrong locations.

To help counter the above, if you compile with the [procmacro2_semver_exempt] config flag, cast_checks will include more elaborate expect messages. Example:

text thread 'checked_truncation' panicked at 'invalid cast in `x as u8` at cast_checks/tests/basic.rs:30:13: TryFromIntError(())', cast_checks/tests/basic.rs:30:13

CAST_CHECKS_LOG

If you are concerned that some casts are not being checked, try setting CAST_CHECKS_LOG when compiling. This will cause cast_checks to dump to standard output:

• all rewritten locations
• all modules whose contents are not visited because they are not inlined

Example:

text cast_checks rewriting `x as u16` at src/lib.rs:0:0 cast_checks not descending into `mod c ;` at src/lib.rs:0:0

Note that CAST_CHECKS_LOG requires --cfg procmacro2_semver_exempt to be passed to rustc.