Commit Graph

9899 Commits

Author SHA1 Message Date
Thom Chiovoloni
54a6d4edbc
Add #![deny(unsafe_op_in_unsafe_fn)] in liballoc tests 2022-11-23 08:10:17 -08:00
Manish Goregaokar
316bda89e4
Rollup merge of #104647 - RalfJung:alloc-strict-provenance, r=thomcc
enable fuzzy_provenance_casts lint in liballoc and libstd

r? ````@thomcc````
2022-11-22 22:54:41 -05:00
bors
604d52108e Auto merge of #104743 - JohnTitor:rollup-9z9u7yd, r=JohnTitor
Rollup of 7 pull requests

Successful merges:

 - #101368 (Forbid inlining `thread_local!`'s `__getit` function on Windows)
 - #102293 (Add powerpc64-ibm-aix as Tier-3 target)
 - #104717 (Add failing test for projections used as const generic)
 - #104720 (rustdoc: remove no-op CSS `.popover::before / a.test-arrow { display: inline-block }`)
 - #104722 (Speed up mpsc_stress test)
 - #104724 (Fix `ClosureKind::to_def_id`)
 - #104728 (Use `tcx.require_lang_item` instead of unwrapping lang items)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
2022-11-22 23:43:13 +00:00
Yuki Okushi
2f506e6dd4
Rollup merge of #101368 - thomcc:wintls-noinline, r=ChrisDenton
Forbid inlining `thread_local!`'s `__getit` function on Windows

Sadly, this will make things slower to avoid UB in an edge case, but it seems hard to avoid... and really whenever I look at this code I can't help but think we're asking for trouble.

It's pretty dodgy for us to leave this as a normal function rather than `#[inline(never)]`, given that if it *does* get inlined into a dynamically linked component, it's extremely unsafe (you get some other thread local, or if you're lucky, crash). Given that it's pretty rare for people to use dylibs on Windows, the fact that we haven't gotten bug reports about it isn't really that convincing. Ideally we'd come up with some kind of compiler solution (that avoids paying for this cost when static linking, or *at least* for use within the same crate...), but it's not clear what that looks like.

Oh, and because all this is only needed when we're implementing `thread_local!` with `#[thread_local]`, this patch adjusts the `cfg_attr` to be `all(windows, target_thread_local)` as well.

r? ``@ChrisDenton``

See also #84933, which is about improving the situation.
2022-11-23 06:40:21 +09:00
The 8472
3ed8fccff5 fix OOB access in SIMD impl of str.contains() 2022-11-22 20:59:19 +01:00
The 8472
d576a9b241 add test for issue 104726 2022-11-22 20:58:43 +01:00
Dylan DPC
a40659ded3
Rollup merge of #104710 - RalfJung:doc-strict-provenance, r=thomcc
disable strict-provenance-violating doctests in Miri

Most of these are on deprecated unstable functions anyway. This lets us run the remaining doctests with `-Zmiri-strict-provenance`, which I think is a win.

r? `@thomcc`
2022-11-22 16:36:39 +05:30
Dylan DPC
20d6a44334
Rollup merge of #104464 - mati865:reduce-eh-overallocation-amd64, r=thomcc
Reduce exceptions overallocation on non Windows x86_64

Addressing https://github.com/rust-lang/rust/pull/103894#discussion_r1020950196
2022-11-22 16:36:37 +05:30
Ralf Jung
3a95e12c9b disable strict-provenance-violating doctests in Miri 2022-11-22 11:49:02 +01:00
Thom Chiovoloni
3099dfdd9f
Forbid inlining thread_local!'s __getit function on Windows 2022-11-22 02:09:47 -08:00
Manish Goregaokar
3683c43a05
Rollup merge of #103193 - krasimirgg:sysonce, r=Amanieu
mark sys_common::once::generic::Once::new const-stable

Attempt to address https://github.com/rust-lang/rust/issues/103191 by marking the impl const-stable.
Picked the declaration from the callsite:
21b246587c/library/std/src/sync/once.rs (L67)

This is similar to https://github.com/rust-lang/rust/pull/98457.

With this in, `python3 x.py build library/std --target x86_64-unknown-none` succeeds.
2022-11-22 01:26:07 -05:00
Manish Goregaokar
1625435fa4
Rollup merge of #102207 - CraftSpider:const-layout, r=scottmcm
Constify remaining `Layout` methods

Makes the methods on `Layout` that aren't yet unstably const, under the same feature and issue, #67521. Most of them required no changes, only non-trivial change is probably constifying `ValidAlignment` which may affect #102072
2022-11-22 01:26:07 -05:00
Manish Goregaokar
2f8dbe3797
Rollup merge of #101655 - dns2utf8:box_docs, r=dtolnay
Make the Box one-liner more descriptive

I would like to avoid a definition that relies on itself.

r? `@GuillaumeGomez`
2022-11-22 01:26:06 -05:00
Manish Goregaokar
81ea6105e2
Rollup merge of #95583 - scottmcm:deprecate-ptr-to-from-bits, r=dtolnay
Deprecate the unstable `ptr_to_from_bits` feature

I propose that we deprecate the (unstable!) `to_bits` and `from_bits` methods on raw pointers.  (With the intent to ~~remove them once `addr` has been around long enough to make the transition easy on people -- maybe another 6 weeks~~ remove them fairly soon after, as the strict and expose versions have been around for a while already.)

The APIs that came from the strict provenance explorations (#95228) are a more holistic version of these, and things like `.expose_addr()` work for the "that cast looks sketchy" case even if the full strict provenance stuff never happens.  (As a bonus, `addr` is even shorter than `to_bits`, though it is only applicable if people can use full strict provenance! `addr` is *not* a direct replacement for `to_bits`.)  So I think it's fine to move away from the `{to|from}_bits` methods, and encourage the others instead.

That also resolves the worry that was brought up (I forget where) that `q.to_bits()` and `(*q).to_bits()` both work if `q` is a pointer-to-floating-point, as they also have a `to_bits` method.

Tracking issue #91126
Code search: https://github.com/search?l=Rust&p=1&q=ptr_to_from_bits&type=Code

For potential pushback, some users in case they want to chime in
- `@RSSchermer` 365bb68541/arwa/src/html/custom_element.rs (L105)
- `@strax` 99616d1dbf/openexr/src/core/alloc.rs (L36)
- `@MiSawa` 577c622358/crates/kernel/src/timer.rs (L50)
2022-11-22 01:26:05 -05:00
Manish Goregaokar
1dd515f273
Rollup merge of #83608 - Kimundi:index_many, r=Mark-Simulacrum
Add slice methods for indexing via an array of indices.

Disclaimer: It's been a while since I contributed to the main Rust repo, apologies in advance if this is large enough already that it should've been an RFC.

---

# Update:

- Based on feedback, removed the `&[T]` variant of this API, and removed the requirements for the indices to be sorted.

# Description

This adds the following slice methods to `core`:

```rust
impl<T> [T] {
    pub unsafe fn get_many_unchecked_mut<const N: usize>(&mut self, indices: [usize; N]) -> [&mut T; N];
    pub fn get_many_mut<const N: usize>(&mut self, indices: [usize; N]) -> Option<[&mut T; N]>;
}
```

This allows creating multiple mutable references to disjunct positions in a slice, which previously required writing some awkward code with `split_at_mut()` or `iter_mut()`. For the bound-checked variant, the indices are checked against each other and against the bounds of the slice, which requires `N * (N + 1) / 2` comparison operations.

This has a proof-of-concept standalone implementation here: https://crates.io/crates/index_many

Care has been taken that the implementation passes miri borrow checks, and generates straight-forward assembly (though this was only checked on x86_64).

# Example

```rust
let v = &mut [1, 2, 3, 4];
let [a, b] = v.get_many_mut([0, 2]).unwrap();
std::mem::swap(a, b);
*v += 100;
assert_eq!(v, &[3, 2, 101, 4]);
```

# Codegen Examples

<details>
  <summary>Click to expand!</summary>

Disclaimer: Taken from local tests with the standalone implementation.

## Unchecked Indexing:

```rust
pub unsafe fn example_unchecked(slice: &mut [usize], indices: [usize; 3]) -> [&mut usize; 3] {
    slice.get_many_unchecked_mut(indices)
}
```

```nasm
example_unchecked:
 mov     rcx, qword, ptr, [r9]
 mov     r8, qword, ptr, [r9, +, 8]
 mov     r9, qword, ptr, [r9, +, 16]
 lea     rcx, [rdx, +, 8*rcx]
 lea     r8, [rdx, +, 8*r8]
 lea     rdx, [rdx, +, 8*r9]
 mov     qword, ptr, [rax], rcx
 mov     qword, ptr, [rax, +, 8], r8
 mov     qword, ptr, [rax, +, 16], rdx
 ret
```

## Checked Indexing (Option):

```rust
pub unsafe fn example_option(slice: &mut [usize], indices: [usize; 3]) -> Option<[&mut usize; 3]> {
    slice.get_many_mut(indices)
}
```

```nasm
 mov     r10, qword, ptr, [r9, +, 8]
 mov     rcx, qword, ptr, [r9, +, 16]
 cmp     rcx, r10
 je      .LBB0_7
 mov     r9, qword, ptr, [r9]
 cmp     rcx, r9
 je      .LBB0_7
 cmp     rcx, r8
 jae     .LBB0_7
 cmp     r10, r9
 je      .LBB0_7
 cmp     r9, r8
 jae     .LBB0_7
 cmp     r10, r8
 jae     .LBB0_7
 lea     r8, [rdx, +, 8*r9]
 lea     r9, [rdx, +, 8*r10]
 lea     rcx, [rdx, +, 8*rcx]
 mov     qword, ptr, [rax], r8
 mov     qword, ptr, [rax, +, 8], r9
 mov     qword, ptr, [rax, +, 16], rcx
 ret
.LBB0_7:
 mov     qword, ptr, [rax], 0
 ret
```

## Checked Indexing (Panic):

```rust
pub fn example_panic(slice: &mut [usize], indices: [usize; 3]) -> [&mut usize; 3] {
    let len = slice.len();
    match slice.get_many_mut(indices) {
        Some(s) => s,
        None => {
            let tmp = indices;
            index_many::sorted_bound_check_failed(&tmp, len)
        }
    }
}
```

```nasm
example_panic:
 sub     rsp, 56
 mov     rax, qword, ptr, [r9]
 mov     r10, qword, ptr, [r9, +, 8]
 mov     r9, qword, ptr, [r9, +, 16]
 cmp     r9, r10
 je      .LBB0_6
 cmp     r9, rax
 je      .LBB0_6
 cmp     r9, r8
 jae     .LBB0_6
 cmp     r10, rax
 je      .LBB0_6
 cmp     rax, r8
 jae     .LBB0_6
 cmp     r10, r8
 jae     .LBB0_6
 lea     rax, [rdx, +, 8*rax]
 lea     r8, [rdx, +, 8*r10]
 lea     rdx, [rdx, +, 8*r9]
 mov     qword, ptr, [rcx], rax
 mov     qword, ptr, [rcx, +, 8], r8
 mov     qword, ptr, [rcx, +, 16], rdx
 mov     rax, rcx
 add     rsp, 56
 ret
.LBB0_6:
 mov     qword, ptr, [rsp, +, 32], rax
 mov     qword, ptr, [rsp, +, 40], r10
 mov     qword, ptr, [rsp, +, 48], r9
 lea     rcx, [rsp, +, 32]
 mov     edx, 3
 call    index_many::bound_check_failed
 ud2
```
</details>

# Extensions

There are multiple optional extensions to this.

## Indexing With Ranges

This could easily be expanded to allow indexing with `[I; N]` where `I: SliceIndex<Self>`.  I wanted to keep the initial implementation simple, so I didn't include it yet.

## Panicking Variant

We could also add this method:

```rust
impl<T> [T] {
    fn index_many_mut<const N: usize>(&mut self, indices: [usize; N]) -> [&mut T; N];
}
```

This would work similar to the regular index operator and panic with out-of-bound indices. The advantage would be that we could more easily ensure good codegen with a useful panic message, which is non-trivial with the `Option` variant.

This is implemented in the standalone implementation, and used as basis for the codegen examples here and there.
2022-11-22 01:26:05 -05:00
David Tolnay
70cee5af4b
Touch up Box<T> one-liner 2022-11-21 15:28:41 -08:00
David Tolnay
6d943af735
Rustc_deprecated attribute superseded by deprecated 2022-11-21 15:18:36 -08:00
David Tolnay
a9e92be1f9
Bump ptr_to_from_bits deprecation to Rust 1.67 2022-11-21 15:10:59 -08:00
Matthias Krüger
04e8ebe3f2
Rollup merge of #104692 - chbaker0:libtest-cfg-if, r=thomcc
Update test's cfg-if dependency to 1.0

This change was mistakenly left out of #103367

Finishes #103365
2022-11-22 00:01:12 +01:00
Matthias Krüger
3278dea67a
Rollup merge of #103396 - RalfJung:pinning-closure-captures, r=dtolnay
Pin::new_unchecked: discuss pinning closure captures

Regardless of how the discussion in https://github.com/rust-lang/rust/pull/102737 turns out, pinning closure captures is super subtle business and probably worth discussing separately.
2022-11-22 00:01:06 +01:00
Collin Baker
426296ecc3 Update test's cfg-if dependency to 1.0
This change was mistakenly left out of #103367
2022-11-21 16:43:34 -05:00
Ralf Jung
1a6966602a dont attempt strict provenance in SGX 2022-11-21 16:10:56 +01:00
Matthias Krüger
369e44943f
Rollup merge of #104420 - TethysSvensson:master, r=JohnTitor
Fix doc example for `wrapping_abs`

The `max` variable is unused. This change introduces the `min_plus` variable, to make the example similar to the one from `saturating_abs`. An alternative would be to remove the unused variable.
2022-11-21 14:11:09 +01:00
Matthias Krüger
846574828a
Rollup merge of #104643 - pnkfelix:examples-for-chunks-remainder, r=scottmcm
add examples to chunks remainder methods.

add examples to chunks remainder methods.

my motivation for adding the examples was to make it very clear that the state of the iterator (in terms of where its cursor lies) has no effect on what remainder returns.

Also fixed some links to rchunk remainder methods.
2022-11-20 23:50:30 +01:00
Matthias Krüger
9a9569698b
Rollup merge of #104641 - tshepang:grammar, r=Mark-Simulacrum
replace unusual grammar
2022-11-20 23:50:29 +01:00
Matthias Krüger
b3d491696b
Rollup merge of #104634 - RalfJung:core-arch, r=Mark-Simulacrum
move core::arch into separate file

This works around https://github.com/rust-lang/rust/issues/104633 which otherwise leads to warnings in miri-test-libstd.
2022-11-20 23:50:29 +01:00
Matthias Krüger
ff72187b06
Rollup merge of #104632 - RalfJung:core-test-strict-provenance, r=thomcc
avoid non-strict-provenance casts in libcore tests

r? `@thomcc`
2022-11-20 23:50:28 +01:00
Matthias Krüger
6a722aa170
Rollup merge of #104461 - mati865:gnullvm-aarch64-fixup, r=Mark-Simulacrum
Fix building of `aarch64-pc-windows-gnullvm`

That change had been lost during rebase of my last PR (https://github.com/rust-lang/rust/pull/103894).
2022-11-20 23:50:26 +01:00
Matthias Krüger
b4513ce6f8
Rollup merge of #101310 - zachs18:rc_get_unchecked_mut_docs_soundness, r=Mark-Simulacrum
Clarify and restrict when `{Arc,Rc}::get_unchecked_mut` is allowed.

(Tracking issue for `{Arc,Rc}::get_unchecked_mut`: #63292)

(I'm using `Rc` in this comment, but it applies for `Arc` all the same).

As currently documented, `Rc::get_unchecked_mut` can lead to unsoundness when multiple `Rc`/`Weak` pointers to the same allocation exist. The current documentation only requires that other `Rc`/`Weak` pointers to the same allocation "must not be dereferenced for the duration of the returned borrow". This can lead to unsoundness in (at least) two ways: variance, and `Rc<str>`/`Rc<[u8]>` aliasing. ([playground link](https://play.rust-lang.org/?version=nightly&mode=debug&edition=2021&gist=d7e2d091c389f463d121630ab0a37320)).

This PR changes the documentation of `Rc::get_unchecked_mut` to restrict usage to when all `Rc<T>`/`Weak<T>` have the exact same `T` (including lifetimes). I believe this is sufficient to prevent unsoundness, while still allowing `get_unchecked_mut` to be called on an aliased `Rc` as long as the safety contract is upheld by the caller.

## Alternatives

* A less strict, but still sound alternative would be to say that the caller must only write values which are valid for all aliased `Rc`/`Weak` inner types. (This was [mentioned](https://github.com/rust-lang/rust/issues/63292#issuecomment-568284090) in the tracking issue). This may be too complicated to clearly express in the documentation.
* A more strict alternative would be to say that there must not be any aliased `Rc`/`Weak` pointers, i.e. it is required that get_mut would return `Some(_)`. (This was also mentioned in the tracking issue). There is at least one codebase that this would cause to become unsound ([here](be5a164d77/src/memtable.rs (L166)), where additional locking is used to ensure unique access to an aliased `Rc<T>`;  I saw this because it was linked on the tracking issue).
2022-11-20 23:50:26 +01:00
Rune Tynan
8998711d9b Only one feature gate needed 2022-11-20 17:10:47 -05:00
Rune Tynan
07911879d2 Use ? instead of match 2022-11-20 15:01:22 -05:00
Rune Tynan
a5fecc6905 Fix issue number 2022-11-20 15:01:21 -05:00
Rune Tynan
7972b8aa37 Add derive_const feature 2022-11-20 15:01:21 -05:00
Rune Tynan
6f2dcac78b Update with derive_const 2022-11-20 15:01:21 -05:00
Rune Tynan
414e84a2f7 Add stability for alignment 2022-11-20 15:01:21 -05:00
Rune Tynan
9f4b4e46a3 constify remaining layout methods
Remove bad impl for Eq

Update Cargo.lock and fix last ValidAlign
2022-11-20 15:01:21 -05:00
Ralf Jung
7f5adddb25 enable fuzzy_provenance_casts lint in libstd 2022-11-20 19:23:28 +01:00
Ralf Jung
644a5a34dd enable fuzzy_provenance_casts lint in liballoc 2022-11-20 19:12:18 +01:00
Matthias Krüger
db5f005f35
Rollup merge of #104568 - RalfJung:realloc, r=Amanieu
clarify that realloc refreshes pointer provenance even when the allocation remains in-place

This [matches what C does](https://en.cppreference.com/w/c/memory/realloc):

> The original pointer ptr is invalidated and any access to it is undefined behavior (even if reallocation was in-place).

Cc `@rust-lang/wg-allocators`
2022-11-20 18:21:48 +01:00
Matthias Krüger
379d3365fd
Rollup merge of #104558 - thomcc:unalign-diriter, r=ChrisDenton
Don't assume `FILE_ID_BOTH_DIR_INFO` will be aligned

Fixes #104530. See that issue for info.

r? `@ChrisDenton`
2022-11-20 18:21:47 +01:00
Matthias Krüger
ddb12348ca
Rollup merge of #104537 - HintringerFabian:docs_default_min_stack_size, r=the8472
fix std::thread docs are unclear regarding stack sizes

Improves the documentation about the default stack size of a spawned thread
Fixes #102671
2022-11-20 18:21:47 +01:00
Felix S. Klock II
98993af828 add examples to chunks remainder methods. Also fixed some links to rchunk remainder methods. 2022-11-20 11:43:23 -05:00
Marvin Löbel
3fe37b8c6e Add get_many_mut methods to slice 2022-11-20 11:19:11 -05:00
Tshepang Mbambo
bebe5db517 replace unusual grammar 2022-11-20 17:28:34 +02:00
Ralf Jung
428ab59fb7 enable fuzzy_provenance_casts in libcore+tests 2022-11-20 16:04:16 +01:00
bors
911cbf8e46 Auto merge of #104617 - RalfJung:miri, r=RalfJung
update Miri

r? `@thomcc` for the lib changes (removing a `cfg(miri)` that is no longer needed)
2022-11-20 12:57:48 +00:00
Tethys Svensson
00bf999fcf Incorporate review feedback 2022-11-20 12:30:14 +01:00
Ralf Jung
c043a0e7d6 cfg(miri) no longer needed in sys/unix/time.rs 2022-11-20 12:13:48 +01:00
Ralf Jung
e19bc6eb80 move core::arch into separate file 2022-11-20 10:28:14 +01:00
Fabian Hintringer
0f9384603a Improve documentation of Stack size 2022-11-20 09:58:30 +01:00