New Lint [hash_borrow_str_semantics]

Implements a lint to prevent implementation of Hash, Borrow<str> and
Borrow<[u8]> as it breaks Borrow<T> "semantics". According to the book,
types that implement Borrow<A> and Borrow<B> must ensure equality of
borrow results under Eq,Ord and Hash.

> In particular Eq, Ord and Hash must be equivalent for borrowed and
owned values: x.borrow() == y.borrow() should give the same result as x == y.

In the same way, hash(x) == hash(x as Borrow<[u8]>) != hash(x as Borrow<str>).

changelog: newlint [`hash_borrow_str_semantics`]

Author: PartiallyUntyped

CHANGELOG.md

@@ -5058,6 +5058,7 @@ Released 2018-09-13
 [`get_first`]: https://rust-lang.github.io/rust-clippy/master/index.html#get_first
 [`get_last_with_len`]: https://rust-lang.github.io/rust-clippy/master/index.html#get_last_with_len
 [`get_unwrap`]: https://rust-lang.github.io/rust-clippy/master/index.html#get_unwrap
+[`hash_borrow_str_semantics`]: https://rust-lang.github.io/rust-clippy/master/index.html#hash_borrow_str_semantics
 [`host_endian_bytes`]: https://rust-lang.github.io/rust-clippy/master/index.html#host_endian_bytes
 [`identity_conversion`]: https://rust-lang.github.io/rust-clippy/master/index.html#identity_conversion
 [`identity_op`]: https://rust-lang.github.io/rust-clippy/master/index.html#identity_op

clippy_lints/src/declared_lints.rs

@@ -199,6 +199,7 @@ pub(crate) static LINTS: &[&crate::LintInfo] = &[
     crate::functions::TOO_MANY_ARGUMENTS_INFO,
     crate::functions::TOO_MANY_LINES_INFO,
     crate::future_not_send::FUTURE_NOT_SEND_INFO,
+    crate::hash_borrow_str_semantics::HASH_BORROW_STR_SEMANTICS_INFO,
     crate::if_let_mutex::IF_LET_MUTEX_INFO,
     crate::if_not_else::IF_NOT_ELSE_INFO,
     crate::if_then_some_else_none::IF_THEN_SOME_ELSE_NONE_INFO,

clippy_lints/src/hash_borrow_str_semantics.rs

@@ -0,0 +1,103 @@
+use clippy_utils::diagnostics::span_lint_and_then;
+use clippy_utils::ty::implements_trait;
+use rustc_hir::def::{DefKind, Res};
+use rustc_hir::{Item, ItemKind, Path, TraitRef};
+use rustc_lint::{LateContext, LateLintPass};
+use rustc_middle::ty::Ty;
+use rustc_session::{declare_lint_pass, declare_tool_lint};
+use rustc_span::symbol::sym;
+
+declare_clippy_lint! {
+    /// ### What it does
+    /// This lint is concerned with the semantics of Borrow and Hash for a
+    /// type that implements all three of Hash, Borrow<str> and Borrow<[u8]>
+    /// as it is impossible to satisfy the semantics of Borrow and Hash for
+    /// both Borrow<str> and Borrow<[u8]>.
+    ///
+    /// ### Why is this bad?
+    ///
+    /// When providing implementations for Borrow<T>, one should consider whether the different
+    /// implementations should act as facets or representations of the underlying type. Generic code
+    /// typically uses Borrow<T> when it relies on the identical behavior of these additional trait
+    /// implementations. These traits will likely appear as additional trait bounds.
+    ///
+    /// In particular Eq, Ord and Hash must be equivalent for borrowed and owned values:
+    /// `x.borrow() == y.borrow()` should give the same result as `x == y`.
+    /// It follows then that the following equivalence must hold:
+    /// `hash(x) == hash((x as Borrow<[u8]>).borrow()) == hash((x as Borrow<str>).borrow())`
+    ///
+    /// Unfortunately it doesn't hold as `hash("abc") != hash("abc".as_bytes())`.
+    ///
+    /// ### Example
+    ///
+    /// ```
+    /// use std::borrow::Borrow;
+    /// use std::hash::{Hash, Hasher};
+    ///
+    /// struct ExampleType {
+    ///     data: String
+    /// }
+    ///
+    /// impl Hash for ExampleType {
+    ///     fn hash<H: Hasher>(&self, state: &mut H) {
+    ///         self.data.hash(state);
+    ///     }
+    /// }
+    ///
+    /// impl Borrow<str> for ExampleType {
+    ///     fn borrow(&self) -> &str {
+    ///         &self.data
+    ///     }
+    /// }
+    ///
+    /// impl Borrow<[u8]> for ExampleType {
+    ///     fn borrow(&self) -> &[u8] {
+    ///         self.data.as_bytes()
+    ///     }
+    /// }
+    /// ```
+    /// As a consequence, hashing a `&ExampleType` and hashing the result of the two
+    /// borrows will result in different values.
+    ///
+    #[clippy::version = "1.75.0"]
+    pub HASH_BORROW_STR_SEMANTICS,
+    correctness,
+    "Ensures that the semantics of Borrow for Hash are satisfied when Borrow<str> and Borrow<[u8]> are implemented"
+}
+
+declare_lint_pass!(HashBorrowStrSemantics => [HASH_BORROW_STR_SEMANTICS]);
+
+impl LateLintPass<'_> for HashBorrowStrSemantics {
+    /// We are emitting this lint at the Hash impl of a type that implements all
+    /// three of Hash, Borrow<str> and Borrow<[u8]>.
+    ///
+    /// We check that we are in the Hash impl
+    /// Then we check that the type implements Borrow<str> and Borrow<[u8]>
+    fn check_item(&mut self, cx: &LateContext<'_>, item: &Item<'_>) {
+        if let ItemKind::Impl(imp) = item.kind
+            && let Some(TraitRef {path: Path {span, res, ..}, ..}) = imp.of_trait
+            && let ty = cx.tcx.type_of(item.owner_id).instantiate_identity()
+            && let Some(hash_id) = cx.tcx.get_diagnostic_item(sym::Hash)
+            && Res::Def(DefKind::Trait, hash_id) == *res
+            && let Some(borrow_id) = cx.tcx.get_diagnostic_item(sym::Borrow)
+            // since we are in the Hash impl, we don't need to check for that.
+            // we need only to check for Borrow<str> and Borrow<[u8]>
+            && implements_trait(cx, ty, borrow_id, &[cx.tcx.types.str_.into()])
+            &&implements_trait(cx, ty, borrow_id, &[Ty::new_slice(cx.tcx, cx.tcx.types.u8).into()])
+        {
+            span_lint_and_then(
+                cx,
+                HASH_BORROW_STR_SEMANTICS,
+                *span,
+                "can't satisfy the semantics of `Hash` when both `Borrow<str>` and `Borrow<[u8]>` are implemented",
+                |diag| {
+                    diag.note("types that implement Hash and Borrow<T> should have equivalent Hash results for borrowed and owned values");
+
+                    diag.note("this is not the case for Borrow<str> and Borrow<[u8]> as the two types result in different Hash values");
+
+                    diag.help("consider removing one implementation of Borrow (Borrow<str> or Borrow<[u8]>) or not implementing Hash for this type");
+                },
+            );
+        }
+    }
+}

clippy_lints/src/lib.rs

@@ -140,6 +140,7 @@ mod from_raw_with_void_ptr;
 mod from_str_radix_10;
 mod functions;
 mod future_not_send;
+mod hash_borrow_str_semantics;
 mod if_let_mutex;
 mod if_not_else;
 mod if_then_some_else_none;
@@ -1066,6 +1067,7 @@ pub fn register_lints(store: &mut rustc_lint::LintStore, conf: &'static Conf) {
     });
     store.register_late_pass(move |_| Box::new(manual_hash_one::ManualHashOne::new(msrv())));
     store.register_late_pass(|_| Box::new(iter_without_into_iter::IterWithoutIntoIter));
+    store.register_late_pass(|_| Box::new(hash_borrow_str_semantics::HashBorrowStrSemantics));
     // add lints here, do not remove this comment, it's used in `new_lint`
 }
 

tests/ui/hash_borrow_str_semantics.rs

@@ -0,0 +1,87 @@
+#![warn(clippy::hash_borrow_str_semantics)]
+
+use std::borrow::Borrow;
+use std::hash::{Hash, Hasher};
+
+struct ExampleType {
+    data: String,
+}
+
+impl Hash for ExampleType {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        self.data.hash(state);
+    }
+}
+
+impl Borrow<str> for ExampleType {
+    fn borrow(&self) -> &str {
+        &self.data
+    }
+}
+
+impl Borrow<[u8]> for ExampleType {
+    fn borrow(&self) -> &[u8] {
+        self.data.as_bytes()
+    }
+}
+
+struct ShouldNotRaiseForHash {}
+impl Hash for ShouldNotRaiseForHash {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        todo!();
+    }
+}
+
+struct ShouldNotRaiseForBorrow {}
+impl Borrow<str> for ShouldNotRaiseForBorrow {
+    fn borrow(&self) -> &str {
+        todo!();
+    }
+}
+impl Borrow<[u8]> for ShouldNotRaiseForBorrow {
+    fn borrow(&self) -> &[u8] {
+        todo!();
+    }
+}
+
+struct ShouldNotRaiseForHashBorrowStr {}
+impl Hash for ShouldNotRaiseForHashBorrowStr {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        todo!();
+    }
+}
+impl Borrow<str> for ShouldNotRaiseForHashBorrowStr {
+    fn borrow(&self) -> &str {
+        todo!();
+    }
+}
+
+struct ShouldNotRaiseForHashBorrowSlice {}
+impl Hash for ShouldNotRaiseForHashBorrowSlice {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        todo!();
+    }
+}
+
+impl Borrow<[u8]> for ShouldNotRaiseForHashBorrowSlice {
+    fn borrow(&self) -> &[u8] {
+        todo!();
+    }
+}
+
+#[derive(Hash)]
+struct Derived {
+    data: String,
+}
+
+impl Borrow<str> for Derived {
+    fn borrow(&self) -> &str {
+        self.data.as_str()
+    }
+}
+
+impl Borrow<[u8]> for Derived {
+    fn borrow(&self) -> &[u8] {
+        self.data.as_bytes()
+    }
+}

tests/ui/hash_borrow_str_semantics.stderr

@@ -0,0 +1,25 @@
+error: can't satisfy the semantics of `Hash` when both `Borrow<str>` and `Borrow<[u8]>` are implemented
+  --> $DIR/hash_borrow_str_semantics.rs:10:6
+   |
+LL | impl Hash for ExampleType {
+   |      ^^^^
+   |
+   = note: types that implement Hash and Borrow<T> should have equivalent Hash results for borrowed and owned values
+   = note: this is not the case for Borrow<str> and Borrow<[u8]> as the two types result in different Hash values
+   = help: consider removing one implementation of Borrow (Borrow<str> or Borrow<[u8]>) or not implementing Hash for this type
+   = note: `-D clippy::hash-borrow-str-semantics` implied by `-D warnings`
+   = help: to override `-D warnings` add `#[allow(clippy::hash_borrow_str_semantics)]`
+
+error: can't satisfy the semantics of `Hash` when both `Borrow<str>` and `Borrow<[u8]>` are implemented
+  --> $DIR/hash_borrow_str_semantics.rs:72:10
+   |
+LL | #[derive(Hash)]
+   |          ^^^^
+   |
+   = note: types that implement Hash and Borrow<T> should have equivalent Hash results for borrowed and owned values
+   = note: this is not the case for Borrow<str> and Borrow<[u8]> as the two types result in different Hash values
+   = help: consider removing one implementation of Borrow (Borrow<str> or Borrow<[u8]>) or not implementing Hash for this type
+   = note: this error originates in the derive macro `Hash` (in Nightly builds, run with -Z macro-backtrace for more info)
+
+error: aborting due to 2 previous errors
+