unused_must_use is silenced when returning a #[must_use] value from an unsafe block and not using it

[PatchMixolydic]

Found while working on a fix for #93906.

I tried this code (playground):

#![feature(core_intrinsics)]

#[no_mangle]
#[must_use]
fn foo() -> i64 {
    4
}

extern "Rust" {
    #[link_name = "foo"]
    #[must_use]
    fn foreign_foo() -> i64;
}

fn main() {
    unsafe { foreign_foo() };
    unsafe { std::intrinsics::arith_offset::<isize>(std::ptr::null(), 0) };
}

I expected to see this happen:

Both lines in main should trip unused_must_use. Note that core::intrinsics::arith_offset is marked as #[must_use]:

rust/library/core/src/intrinsics.rs

Lines 1187 to 1189 in e789f3a

	#[must_use = "returns a new pointer rather than modifying its argument"]
	#[rustc_const_unstable(feature = "const_ptr_offset", issue = "71499")]
	pub fn arith_offset<T>(dst: *const T, offset: isize) -> *const T;

Instead, this happened:

nothing

Meta

rustc version: 1.60.0-nightly (2022-02-10 e646f3d2a95419523107)

@rustbot modify labels +A-ffi

[PatchMixolydic]

Note that adding a semicolon after the expressions within the unsafe blocks will cause #[must_use] to trip (playground):

-     unsafe { foreign_foo() };
+     unsafe { foreign_foo(); };

warning: unused return value of `foreign_foo` that must be used
  --> src/main.rs:16:14
   |
16 |     unsafe { foreign_foo(); };
   |              ^^^^^^^^^^^^^^
   |
   = note: `#[warn(unused_must_use)]` on by default

This is documented in the Rust Reference, but this case may still be an issue since one might not think of unsafe { foreign_foo() }; as a use, much like I did when initially filing this issue.

[asquared31415]

minimal version with no extern or intrinsics:

#[must_use]
unsafe fn foo() -> i64 {
    4
}

fn main() {
    unsafe { foo() };
}

playground

[asquared31415]

Oh the unsafe isn't even required. Just returning it from a block (and then not binding the block's value) fails to show the warning as well

#[must_use]
fn foo() -> i64 {
    4
}

fn main() {
   { foo() };
}

playground

[PatchMixolydic]

Note that unused_must_used not firing on block returns is documented/intentional behaviour. Quoth the Reference:

Note: Trivial no-op expressions containing the value will not violate the lint. Examples include wrapping the value in a type that does not implement Drop and then not using that type and being the final expression of a block expression that is not used.

At the time I opened this issue, I thought that applying this lint to unsafe blocks greatly decreased the utility of #[must_use] on unsafe fn, as it is common practice to scope unsafe blocks as tightly as possible, resulting in constructions like:

let x = unsafe { get_x_unchecked() };

However, this lint only trips for unsafe blocks followed by a semicolon, which are uncommon. Like with most block-like expressions, statements which consist of an unsafe block and no semicolon must be of type () (playground for improper unsafe return):

unsafe fn x() -> i32 {
    4
}

fn main() {
    unsafe {
        x()
    }

    // avoid interpreting the unsafe block as `main`'s return expression
    ()
}

error[E0308]: mismatched types
 --> src/main.rs:7:9
  |
7 |         x()
  |         ^^^- help: consider using a semicolon here: `;`
  |         |
  |         expected `()`, found `i32`

Empirically, most unsafe blocks followed by a semicolon are already part of a larger statement (usually a let statement). Because of this, I don't think this issue is an actual issue.