Add analyzer+codefix for applying RequiresUnsafe to pointer methods#125196
Add analyzer+codefix for applying RequiresUnsafe to pointer methods#125196
Conversation
Add a new DiagnosticAnalyzer (UnsafeMethodMissingRequiresUnsafeAnalyzer) that warns when a method, constructor, or local function has the 'unsafe' modifier but is not annotated with [RequiresUnsafe]. Add a matching CodeFixProvider that adds the [RequiresUnsafe] attribute to the flagged declaration. Both are #if DEBUG guarded and enabled via the existing EnableUnsafeAnalyzer MSBuild property. New diagnostic: IL5004 (UnsafeMethodMissingRequiresUnsafe) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
dotnet-policy-service
bot
added
the
linkable-framework
Now based on methods with pointer types, rather than methods with .
…r-content-125195 # Conflicts: # src/libraries/Common/src/Interop/Unix/System.Native/Interop.Futex.cs # src/libraries/System.Private.CoreLib/src/System/Threading/LowLevelFutex.Unix.cs
- Remove lambda/anonymous method break in RequiresUnsafeAnalyzer so unsafe context flows through nested lambdas (matching C# semantics) - Add FieldDeclarationSyntax to IsInRequiresScope for unsafe field initializers - Remove [RequiresUnsafe] from files compiled outside CoreLib (Common/, nativeaot/Runtime.Base/, Resources/) where the attribute is unavailable - Add tests for lambda-in-unsafe-method, anonymous delegate, and field initializer scenarios Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use the DiagnosticSeverity.Info overload so IL5004 shows as a suggestion rather than a warning/error in builds. Update tests to expect Info severity. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
agocke
force-pushed
the
copilot/duplicate-pr-content-125195
branch
from
c08c9a1 to
a6490f4
Compare
…r-content-125195 # Conflicts: # src/coreclr/System.Private.CoreLib/src/System/AppContext.CoreCLR.cs # src/coreclr/System.Private.CoreLib/src/System/StartupHookProvider.CoreCLR.cs
Co-authored-by: agocke <515774+agocke@users.noreply.github.com>
src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/Unsafe.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/NativeMemory.cs
Outdated
Show resolved
Hide resolved
Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
agocke
changed the title
This does not look right to me. Unsafe.Add/Subtract on byrefs need RequiresUnsafe. Otherwise, all byref dereferences would have to be unsafe - I do not think we want that. EDIT: I see your comment above. This PR is not trying to be complete; you are leaving it for later. |
|
@copilot please merge with main and resolve merge conflicts |
…/duplicate-pr-content-125195 # Conflicts: # src/libraries/System.Private.CoreLib/src/System/Runtime/Intrinsics/Arm/Sve.PlatformNotSupported.cs
Merged with main and resolved merge conflicts in |
There was a problem hiding this comment.
Copilot reviewed 238 out of 241 changed files in this pull request and generated no comments.
You can also share your feedback on Copilot code review. Take the survey.
|
I think this is ready -- it only annotates System.Private.CoreLib so once everything goes through here we can take on the remaining libraries. |
|
|
||
| using System.Diagnostics; | ||
| using System.Runtime.InteropServices; | ||
| using System.Diagnostics.CodeAnalysis; |
There was a problem hiding this comment.
@copilot This file has unnecessary whitespace only changes. Please revert the changes in this file. Also, check the rest of the PR for the same issue
There was a problem hiding this comment.
Reverted StackFrameIterator.cs and found 42 additional files with the same issue (unnecessary using System.Diagnostics.CodeAnalysis; additions without any [RequiresUnsafe]). Also restored UTF-8 BOMs that were inadvertently stripped by the fork's editor in 20 files. All fixed in 06eb913.
Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
|
The annotations look fine to me. |
Description
Cherry-pick of PR #125195 (agocke/runtime). Adds a Roslyn analyzer and code fixer that warns on methods with the
unsafemodifier but missing[RequiresUnsafe], and applies[RequiresUnsafe]to allunsafemethods in System.Private.CoreLib.UnsafeMethodMissingRequiresUnsafeAnalyzer): ReportsIL2900onunsafemethods lacking[RequiresUnsafe]UnsafeMethodMissingRequiresUnsafeCodeFixProvider): Adds[RequiresUnsafe]attribute automatically[RequiresUnsafe]MdImport.cs— kept currentLibraryImport/partialsignature (diverged from fork'sMethodImpl/extern), added[RequiresUnsafe]Sve.PlatformNotSupported.cs— resolved conflicts from SVE method signature changes (Vector<int>/Vector<uint>→Vector<long>/Vector<ulong>), ensured newunsafepointer methods have[RequiresUnsafe][RequiresUnsafe]fromIntPtr.csandUIntPtr.cs— pointers in those files do not implyRequiresUnsafe[RequiresUnsafe]fromAdd<T>(void*, int)andSubtract<T>(void*, int)inUnsafe.cs— these methods do not dereference the pointer[RequiresUnsafe]fromAllocandAllocZeroedinNativeMemory.csandNativeMemory.Unix.cs— returning a pointer is not inherently unsafe, only dereferencing it would beusing System.Diagnostics.CodeAnalysis;additions without any[RequiresUnsafe]usage (leftover from code fixer iterations), and restored UTF-8 BOMs in 20 files that were inadvertently stripped by the fork's editor[RequiresUnsafe]onAdd,Subtract,AddByteOffset, andSubtractByteOffsetmethods returningref TinUnsafe.cswas reverted to keep this PR focused on pointer-based methods; non-pointerRequiresUnsafechanges will be grouped into a separate PR🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.