Unchecked code fixes#7786

ShaharNaveh

While trying to run: clippy --all-features --workspace I've seen lots of errors. This PR goal is to break the fixes needed for it to run on the CI, into smaller chunks

Summary by CodeRabbit

Chores
- Prevent simultaneous enablement of conflicting SSL implementations; improve SSL configuration safety.
- Improve portability and internal consistency across native SSL/cert handling and core utilities.
Style
- Refined debug/tracing output formatting for opcode execution logs.
- Silenced select false-positive warnings and clarified lint intent.
Bug Fixes
- Made error messages for certain UI bindings clearer and more accurate.

coderabbitai

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: e552344b-6598-48aa-93ec-f634f0004b83

📥 Commits

Reviewing files that changed from the base of the PR and between ae9094c and f5096bb.

📒 Files selected for processing (3)

crates/stdlib/src/ssl/compat.rs
crates/vm/src/frame.rs
crates/vm/src/stdlib/_io.rs

✅ Files skipped from review due to trivial changes (3)

crates/vm/src/stdlib/_io.rs
crates/stdlib/src/ssl/compat.rs
crates/vm/src/frame.rs

📝 Walkthrough

Walkthrough

This PR consolidates SSL/TLS feature configuration by gating the ssl module on ssl-rustls with clippy-aware conflict detection, and systematically migrates OpenSSL FFI code to use core:: paths for pointers, slices, and type operations. Additional changes include visibility restrictions on JIT helpers, SSL module warning suppressions, and frame logging updates.

Changes

SSL/TLS Feature Gating & Module Configuration

Layer / File(s)	Summary
Module Declaration Organization `crates/stdlib/src/lib.rs`	Module declarations are reorganized with explicit path attributes and formatting adjustments; `_tokenize` gains explicit `#[path = "_tokenize.rs"]` declaration.
SSL/TLS Feature Gating & Conflict Detection `crates/stdlib/src/lib.rs`	SSL module is now conditionally compiled only under `feature = "ssl-rustls"` within host/non-wasm constraints; mutual-exclusion `compile_error!` for both `ssl-openssl` and `ssl-rustls` is emitted only when `not(clippy)`.
Module Definition List Updates `crates/stdlib/src/lib.rs`	`stdlib_module_defs` conditionally includes `ssl::module_def(ctx)` under the `ssl-rustls` feature to align with new compilation configuration.

OpenSSL FFI Portability to core:: Paths

Layer / File(s)	Summary
Import Paths & Compiler Directives `crates/stdlib/src/openssl.rs`, `crates/stdlib/src/openssl/cert.rs`	Import statements migrate from `std::` to `core::` for FFI-related types (`ptr`, `slice`, `ffi`, `str`); clippy-specific `#[allow(clippy::duplicate_mod)]` attribute is added to suppress module-duplication warnings.
Pointer & Slice Construction Updates `crates/stdlib/src/openssl.rs`	OpenSSL callbacks, session handlers, and control wrappers (SNI, msg callbacks, DH params, ALPN, session statistics) replace `std::ptr::null_mut()` with `core::ptr::null_mut()` and `std::slice::from_raw_parts()` with `core::slice::from_raw_parts()`.
Network Address & Certificate Type Conversions `crates/stdlib/src/openssl.rs`, `crates/stdlib/src/openssl/cert.rs`	Server hostname parsing uses `core::net::IpAddr`; certificate ASN.1 UTF-8 decoding uses `core::str::from_utf8()`; IPv6 SAN address formatting uses `core::net::Ipv6Addr`; certificate object text extraction uses `core::ptr::null_mut()`.

SSL Support Code Cleanup & Warnings

Layer / File(s)	Summary
Compiler Attribute Additions `crates/stdlib/src/ssl/compat.rs`, `crates/stdlib/src/ssl/error.rs`	`#[allow(clippy::duplicate_mod)]` suppresses module-duplication warnings in `ssl/compat.rs`; `#[allow(dead_code, reason = ...)]` attributes suppress false-positive dead-code warnings on `create_ssl_eof_error` and `create_ssl_zero_return_error`.
Tkinter String Conversion & Error Messages `crates/stdlib/src/tkinter.rs`	`varname_converter` uses `downcast_ref::<PyStr>()` with `map(

VM Internal Visibility & Instrumentation Updates

Layer / File(s)	Summary
JIT Helper Visibility Restrictions `crates/vm/src/builtins/function/jit.rs`	`ArgsError` enum and functions `new_jit_error`, `get_jit_arg_types`, `jit_ret_type` change from `pub` to `pub(super)`, restricting external visibility while preserving internal module access.
Execution Frame Logging Updates `crates/vm/src/frame.rs`	Instruction logging in `ExecutingFrame::execute_instruction` updates to a simplified opcode-focused message format (`Executing opcode: {instruction:?} {arg:?}`) replacing prior `instruction.display(...)` approach.
Whitespace & Minor Formatting `crates/vm/src/stdlib/_io.rs`, `crates/vm/src/stdlib/_thread.rs`	Whitespace-only adjustments to module re-exports with no functional impact.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

RustPython/RustPython#7755: Related clippy lint surface changes; both PRs touch clippy-related cfg/allow patterns.
RustPython/RustPython#7740: Also modifies SSL/OpenSSL code and conditional compilation around SSL features.
RustPython/RustPython#7762: Related visibility and unreachable_pub lint changes that narrow exported items.

Suggested reviewers

fanninpm
bschoenmaeckers
youknowone

Poem

🐰 I hopped from std into core with cheer,
SSL gates re-checked with clippy near,
JIT helpers tucked to narrower scope,
Logs simplified, and certs keep their hope—
A tiny rabbit celebrates this steer!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 54.76% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title is vague and generic, using non-descriptive terms like 'Unchecked code fixes' without indicating the specific scope, nature, or primary focus of the changes across multiple files.	Consider using a more descriptive title that specifies the main category of fixes (e.g., 'Add Clippy lint suppression attributes' or 'Refactor SSL feature gating and code portability fixes').

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Co-authored-by: fanninpm <27117322+fanninpm@users.noreply.github.com>

fanninpm

The reason why I ask "Does this work?" is that #[expect(...)] will panic if the condition it is given is not true.

ShaharNaveh

The reason why I ask "Does this work?" is that #[expect(...)] will panic if the condition it is given is not true.

I'm aware, let's see if that works:)

fanninpm

The reason why I ask "Does this work?" is that #[expect(...)] will panic if the condition it is given is not true.

I'm aware, let's see if that works:)

error: this lint expectation is unfulfilled

It doesn't work.

ShaharNaveh

The reason why I ask "Does this work?" is that #[expect(...)] will panic if the condition it is given is not true.

I'm aware, let's see if that works:)

error: this lint expectation is unfulfilled

It doesn't work.

Right, that's because it isn't reached without passing --all-features 🤦

This reverts commit b34228f.

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

crates/stdlib/src/tkinter.rs (1)
83-83: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

#[expect(dead_code)] here is brittle and can fail CI when unfulfilled

Given the prior unfulfilled-expectation failure on this PR, annotating the whole TkApp item with #[expect(dead_code)] is risky across feature/cfg combinations. Prefer #[allow(dead_code)] for this placeholder phase, or move lint handling to the specific unused fields/methods once identified.
In Rust, when does `#[expect(dead_code)]` produce an "unfulfilled lint expectation" warning/error, especially under cfg/feature-gated code? Is `#[allow(dead_code)]` recommended for temporarily-unused structs during staged implementation?
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/stdlib/src/tkinter.rs` at line 83, The #[expect(dead_code, reason =
"TODO: Impl more methods")] on the TkApp item is brittle and can cause
"unfulfilled lint expectation" failures across cfg/feature permutations; replace
it with #[allow(dead_code)] on the TkApp declaration (or, even better, move
#[allow(dead_code)] to the specific unused fields/methods inside the TkApp
impl/struct) so the placeholder doesn't trigger CI failures—look for the TkApp
struct/item and change the attribute accordingly.

🧹 Nitpick comments (1)

crates/stdlib/src/ssl/error.rs (1)

128-138: ⚡ Quick win

Scope dead-code suppression to clippy-only builds.

These unconditional allow(dead_code) attributes can hide real dead-code drift outside clippy runs. Since this PR is clippy-focused, prefer cfg_attr(clippy, ...) here.

♻️ Suggested change

-    #[allow(dead_code, reason = "This seems like a false positive")]
+    #[cfg_attr(clippy, allow(dead_code, reason = "False positive under clippy feature matrix"))]
     pub(crate) fn create_ssl_zero_return_error(vm: &VirtualMachine) -> PyRef<PyOSError> {
@@
-    #[allow(dead_code, reason = "This seems like a false positive")]
+    #[cfg_attr(clippy, allow(dead_code, reason = "False positive under clippy feature matrix"))]
     pub(crate) fn create_ssl_syscall_error(

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/stdlib/src/ssl/error.rs` around lines 128 - 138, The unconditional
#[allow(dead_code, reason = "...")] on functions like
create_ssl_zero_return_error and create_ssl_syscall_error should be scoped to
clippy runs; replace those attributes with cfg_attr(clippy, allow(dead_code,
reason = "...")) so the dead-code allowance only applies when clippy is enabled,
keeping normal builds able to surface true dead code. Ensure you update both
function attributes to use cfg_attr(clippy, ...) and preserve the existing
reason text.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/vm/src/builtins/function/jit.rs`:
- Line 14: The visibility mismatch is that get_jit_args is pub(crate) but
ArgsError is declared pub(super); fix by promoting ArgsError to pub(crate) so
its visibility matches all public signatures that return it (update the enum
declaration for ArgsError to pub(crate) and ensure related constructors like
new_jit_error and callers get_jit_arg_types and jit_ret_type continue to
compile); alternatively, if you prefer to restrict the API, change get_jit_args
(and any other pub(crate) functions returning ArgsError) to pub(super) so
signatures and ArgsError visibility align—choose one consistent visibility and
apply it to ArgsError and the affected functions.

---

Duplicate comments:
In `@crates/stdlib/src/tkinter.rs`:
- Line 83: The #[expect(dead_code, reason = "TODO: Impl more methods")] on the
TkApp item is brittle and can cause "unfulfilled lint expectation" failures
across cfg/feature permutations; replace it with #[allow(dead_code)] on the
TkApp declaration (or, even better, move #[allow(dead_code)] to the specific
unused fields/methods inside the TkApp impl/struct) so the placeholder doesn't
trigger CI failures—look for the TkApp struct/item and change the attribute
accordingly.

---

Nitpick comments:
In `@crates/stdlib/src/ssl/error.rs`:
- Around line 128-138: The unconditional #[allow(dead_code, reason = "...")] on
functions like create_ssl_zero_return_error and create_ssl_syscall_error should
be scoped to clippy runs; replace those attributes with cfg_attr(clippy,
allow(dead_code, reason = "...")) so the dead-code allowance only applies when
clippy is enabled, keeping normal builds able to surface true dead code. Ensure
you update both function attributes to use cfg_attr(clippy, ...) and preserve
the existing reason text.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: f624171e-21d5-4b0f-8ab0-da1a7efb247e

📥 Commits

Reviewing files that changed from the base of the PR and between 1c43618 and ae9094c.

📒 Files selected for processing (10)

crates/stdlib/src/lib.rs
crates/stdlib/src/openssl.rs
crates/stdlib/src/openssl/cert.rs
crates/stdlib/src/ssl/compat.rs
crates/stdlib/src/ssl/error.rs
crates/stdlib/src/tkinter.rs
crates/vm/src/builtins/function/jit.rs
crates/vm/src/frame.rs
crates/vm/src/stdlib/_io.rs
crates/vm/src/stdlib/_thread.rs

Clippy lints fixes

4f4ce4a

fanninpm reviewed May 5, 2026

View reviewed changes

ShaharNaveh and others added 4 commits May 5, 2026 21:58

Update crates/stdlib/src/tkinter.rs …

0587ed4

Co-authored-by: fanninpm <27117322+fanninpm@users.noreply.github.com>

Update crates/stdlib/src/openssl.rs …

22b371d

Co-authored-by: fanninpm <27117322+fanninpm@users.noreply.github.com>

Update crates/stdlib/src/ssl/compat.rs …

ea5b37a

Co-authored-by: fanninpm <27117322+fanninpm@users.noreply.github.com>

Update crates/stdlib/src/ssl/compat.rs …

b34228f

Co-authored-by: fanninpm <27117322+fanninpm@users.noreply.github.com>

ShaharNaveh added 2 commits May 6, 2026 11:37

Revert "Update crates/stdlib/src/ssl/compat.rs" …

255b012

This reverts commit b34228f.

Merge remote-tracking branch 'upstream/main' into clippy-fixes-stage

ae9094c

ShaharNaveh marked this pull request as ready for review May 7, 2026 14:46

coderabbitai Bot reviewed May 7, 2026

View reviewed changes

youknowone requested a review from fanninpm May 8, 2026 07:17

youknowone enabled auto-merge (squash) May 8, 2026 07:17

ShaharNaveh added 2 commits May 10, 2026 10:23

Merge remote-tracking branch 'upstream/main' into clippy-fixes-stage

38869a7

Merge remote-tracking branch 'upstream/main' into clippy-fixes-stage

f5096bb

youknowone disabled auto-merge May 13, 2026 00:44

youknowone enabled auto-merge (squash) May 13, 2026 00:44

youknowone disabled auto-merge May 13, 2026 00:45

coderabbitai Bot mentioned this pull request May 20, 2026

more hostenv isolation #7932

Open

coderabbitai Bot mentioned this pull request May 27, 2026

Fix ssl-vendor (OpenSSL) #7985

Merged

coderabbitai Bot mentioned this pull request Jun 14, 2026

Resolve cargo-shear warnings #8031

Open

2 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unchecked code fixes#7786