impl<'a> Visitor<'a> for AstValidator<'a> {

fn visit_attribute(&mut self, attr: &Attribute) {

validate_attr::check_attr(&self.session.psess, attr);

validate_attr::check_attr(&self.features, &self.session.psess, attr);

}

fn visit_ty(&mut self, ty: &'a Ty) {

let mut span: Option<Span> = None;

while let Some(attr) = attrs.next() {

rustc_ast_passes::feature_gate::check_attribute(attr, self.cx.sess, features);

validate_attr::check_attr(&self.cx.sess.psess, attr);

validate_attr::check_attr(features, &self.cx.sess.psess, attr);

let current_span = if let Some(sp) = span { sp.to(attr.span) } else { attr.span };

span = Some(current_span);

})

}

pub fn is_unsafe_attr(name: Symbol) -> bool {

BUILTIN_ATTRIBUTE_MAP.get(&name).is_some_and(|attr| attr.safety == AttributeSafety::Unsafe)

}

pub static BUILTIN_ATTRIBUTE_MAP: LazyLock<FxHashMap<Symbol, &BuiltinAttribute>> =

LazyLock::new(|| {

let mut map = FxHashMap::default();

pub use builtin_attrs::AttributeDuplicates;

pub use builtin_attrs::{

deprecated_attributes, encode_cross_crate, find_gated_cfg, is_builtin_attr_name,

is_unsafe_attr, is_valid_for_get_attr, AttributeGate, AttributeTemplate, AttributeType,

is_valid_for_get_attr, AttributeGate, AttributeSafety, AttributeTemplate, AttributeType,

BuiltinAttribute, GatedCfg, BUILTIN_ATTRIBUTES, BUILTIN_ATTRIBUTE_MAP,

};

pub use removed::REMOVED_FEATURES;

lint_unnecessary_qualification = unnecessary qualification

.suggestion = remove the unnecessary path segments

lint_unsafe_attr_outside_unsafe = unsafe attribute used without unsafe

.label = usage of unsafe attribute

lint_unsafe_attr_outside_unsafe_suggestion = wrap the attribute in `unsafe(...)`

lint_unsupported_group = `{$lint_group}` lint group is not supported with ´--force-warn´

lint_untranslatable_diag = diagnostics should be created using translatable messages

BuiltinLintDiag::UnusedQualifications { removal_span } => {

lints::UnusedQualifications { removal_span }.decorate_lint(diag);

}

BuiltinLintDiag::UnsafeAttrOutsideUnsafe {

attribute_name_span,

sugg_spans: (left, right),

} => {

lints::UnsafeAttrOutsideUnsafe {

span: attribute_name_span,

suggestion: lints::UnsafeAttrOutsideUnsafeSuggestion { left, right },

}

.decorate_lint(diag);

}

BuiltinLintDiag::AssociatedConstElidedLifetime {

elided,

span: lt_span,

pub import_vis: String,

pub max_vis: String,

}

#[derive(LintDiagnostic)]

#[diag(lint_unsafe_attr_outside_unsafe)]

pub struct UnsafeAttrOutsideUnsafe {

#[label]

pub span: Span,

#[subdiagnostic]

pub suggestion: UnsafeAttrOutsideUnsafeSuggestion,

}

#[derive(Subdiagnostic)]

#[multipart_suggestion(

lint_unsafe_attr_outside_unsafe_suggestion,

applicability = "machine-applicable"

)]

pub struct UnsafeAttrOutsideUnsafeSuggestion {

#[suggestion_part(code = "unsafe(")]

pub left: Span,

#[suggestion_part(code = ")")]

pub right: Span,

}

UNNAMEABLE_TYPES,

UNREACHABLE_CODE,

UNREACHABLE_PATTERNS,

UNSAFE_ATTR_OUTSIDE_UNSAFE,

UNSAFE_OP_IN_UNSAFE_FN,

UNSTABLE_NAME_COLLISIONS,

UNSTABLE_SYNTAX_PRE_EXPANSION,

reference: "issue #123743 <https://github.com/rust-lang/rust/issues/123743>",

};

}

declare_lint! {

/// The `unsafe_attr_outside_unsafe` lint detects a missing unsafe keyword

/// on attributes considered unsafe.

///

/// ### Example

///

/// ```rust

/// #![feature(unsafe_attributes)]

/// #![warn(unsafe_attr_outside_unsafe)]

///

/// #[no_mangle]

/// extern "C" fn foo() {}

///

/// fn main() {}

/// ```

///

/// {{produces}}

///

/// ### Explanation

///

/// Some attributes (e.g. `no_mangle`, `export_name`, `link_section` -- see

/// [issue #82499] for a more complete list) are considered "unsafe" attributes.

/// An unsafe attribute must only be used inside unsafe(...).

///

/// This lint can automatically wrap the attributes in `unsafe(...)` , but this

/// obviously cannot verify that the preconditions of the `unsafe`

/// attributes are fulfilled, so that is still up to the user.

///

/// The lint is currently "allow" by default, but that might change in the

/// future.

///

/// [editions]: https://doc.rust-lang.org/edition-guide/

/// [issue #82499]: https://github.com/rust-lang/rust/issues/82499

pub UNSAFE_ATTR_OUTSIDE_UNSAFE,

Allow,

"detects unsafe attributes outside of unsafe",

@future_incompatible = FutureIncompatibleInfo {

reason: FutureIncompatibilityReason::EditionError(Edition::Edition2024),

reference: "issue #123757 <https://github.com/rust-lang/rust/issues/123757>",

};

}

/// The span of the unnecessarily-qualified path to remove.

removal_span: Span,

},

UnsafeAttrOutsideUnsafe {

attribute_name_span: Span,

sugg_spans: (Span, Span),

},

AssociatedConstElidedLifetime {

elided: bool,

span: Span,

.label_does_not_annotate_this = the inner doc comment doesn't annotate this {$item}

.sugg_change_inner_to_outer = to annotate the {$item}, change the doc comment from inner to outer style

parse_invalid_attr_unsafe = `{$name}` is not an unsafe attribute

.suggestion = remove the `unsafe(...)`

.note = extraneous unsafe is not allowed in attributes

parse_invalid_block_macro_segment = cannot use a `block` macro fragment here

.label = the `block` fragment is within this context

.suggestion = wrap this in another block

*[other] remove extra angle brackets

}

parse_unsafe_attr_outside_unsafe = unsafe attribute used without unsafe

.label = usage of unsafe attribute

parse_unsafe_attr_outside_unsafe_suggestion = wrap the attribute in `unsafe(...)`

parse_unskipped_whitespace = whitespace symbol '{$ch}' is not skipped

.label = {parse_unskipped_whitespace}