Commit Graph

2860 Commits

Author SHA1 Message Date
Lukas Bergdoll
71bb0e72ce Port sort-research-rs test suite Rust stdlib tests
This commit is a followup to https://github.com/rust-lang/rust/pull/124032. It
replaces the tests that test the various sort functions in the standard library
with a test-suite developed as part of
https://github.com/Voultapher/sort-research-rs. The current tests suffer a
couple of problems:

- They don't cover important real world patterns that the implementations take
  advantage of and execute special code for.
- The input lengths tested miss out on code paths. For example, important safety
  property tests never reach the quicksort part of the implementation.
- The miri side is often limited to `len <= 20` which means it very thoroughly
  tests the insertion sort, which accounts for 19 out of 1.5k LoC.
- They are split into to core and alloc, causing code duplication and uneven
  coverage.
- The randomness is not repeatable, as it
  relies on `std:#️⃣:RandomState::new().build_hasher()`.

Most of these issues existed before
https://github.com/rust-lang/rust/pull/124032, but they are intensified by it.
One thing that is new and requires additional testing, is that the new sort
implementations specialize based on type properties. For example `Freeze` and
non `Freeze` execute different code paths.

Effectively there are three dimensions that matter:

- Input type
- Input length
- Input pattern

The ported test-suite tests various properties along all three dimensions,
greatly improving test coverage. It side-steps the miri issue by preferring
sampled approaches. For example the test that checks if after a panic the set of
elements is still the original one, doesn't do so for every single possible
panic opportunity but rather it picks one at random, and performs this test
across a range of input length, which varies the panic point across them. This
allows regular execution to easily test inputs of length 10k, and miri execution
up to 100 which covers significantly more code. The randomness used is tied to a
fixed - but random per process execution - seed. This allows for fully
repeatable tests and fuzzer like exploration across multiple runs.

Structure wise, the tests are previously found in the core integration tests for
`sort_unstable` and alloc unit tests for `sort`. The new test-suite was
developed to be a purely black-box approach, which makes integration testing the
better place, because it can't accidentally rely on internal access. Because
unwinding support is required the tests can't be in core, even if the
implementation is, so they are now part of the alloc integration tests. Are
there architectures that can only build and test core and not alloc? If so, do
such platforms require sort testing? For what it's worth the current
implementation state passes miri `--target mips64-unknown-linux-gnuabi64` which
is big endian.

The test-suite also contains tests for properties that were and are given by the
current and previous implementations, and likely relied upon by users but
weren't tested. For example `self_cmp` tests that the two parameters `a` and `b`
passed into the comparison function are never references to the same object,
which if the user is sorting for example a `&mut [Mutex<i32>]` could lead to a
deadlock.

Instead of using the hashed caller location as rand seed, it uses seconds since
unix epoch / 10, which given timestamps in the CI should be reasonably easy to
reproduce, but also allows fuzzer like space exploration.
2024-09-30 15:05:30 +02:00
Guillaume Gomez
6799b80c79
Rollup merge of #130416 - BatmanAoD:130122-sort-by-docs, r=Mark-Simulacrum
resolve #130122: reword 'sort-by' edge-conditions documentation

See #130122 for rationale & preliminary discussion.
2024-09-29 12:37:51 +02:00
bors
55cb7359c7 Auto merge of #123778 - jhorstmann:optimize-upper-lower-auto-vectorization, r=the8472
Improve autovectorization of to_lowercase / to_uppercase functions

Refactor the code in the `convert_while_ascii` helper function to make it more suitable for auto-vectorization and also process the full ascii prefix of the string. The generic case conversion logic will only be invoked starting from the first non-ascii character.

The runtime on a microbenchmark with a small ascii-only input decreases from ~55ns to ~18ns per iteration. The new implementation also reduces the amount of unsafe code and encapsulates all unsafe inside the helper function.

Fixes #123712
2024-09-28 23:56:37 +00:00
Trevor Gross
fd36e8b0ec Update compiler_builtins to 0.1.130
This includes the following which add `__divtf3` and `__powtf2`, and do
some feature cleanup:

- https://github.com/rust-lang/compiler-builtins/pull/622
- https://github.com/rust-lang/compiler-builtins/pull/692
- https://github.com/rust-lang/compiler-builtins/pull/614
- https://github.com/rust-lang/compiler-builtins/pull/694

The `cc` bump [1] was previously included but was reverted due to
problems updating.

[1]: https://github.com/rust-lang/compiler-builtins/pull/690
2024-09-28 11:25:47 -04:00
Jubilee
1e882537d4
Rollup merge of #130875 - folkertdev:naked-asm-bootstrap, r=tgross35
update `compiler-builtins` to 0.1.126

this requires the addition of a bootstrap variant of the new `naked_asm!` macro

r? `@tgross35`

extracted from https://github.com/rust-lang/rust/pull/128651
2024-09-26 22:20:55 -07:00
Folkert de Vries
42542d8cda update compiler_builtins to 0.1.126 2024-09-26 09:54:28 +02:00
Josh Stone
f4d9d1a0ea Use &raw in the standard library
Since the stabilization in #127679 has reached stage0, 1.82-beta, we can
start using `&raw` freely, and even the soft-deprecated `ptr::addr_of!`
and `ptr::addr_of_mut!` can stop allowing the unstable feature.

I intentionally did not change any documentation or tests, but the rest
of those macro uses are all now using `&raw const` or `&raw mut` in the
standard library.
2024-09-25 17:03:20 -07:00
Jörn Horstmann
e393f56d37 Improve autovectorization of to_lowercase / to_uppercase functions
Refactor the code in the `convert_while_ascii` helper function to make
it more suitable for auto-vectorization and also process the full ascii
prefix of the string. The generic case conversion logic will only be
invoked starting from the first non-ascii character.

The runtime on microbenchmarks with ascii-only inputs improves between
1.5x for short and 4x for long inputs on x86_64 and aarch64.

The new implementation also encapsulates all unsafe inside the
`convert_while_ascii` function.

Fixes #123712
2024-09-23 11:31:29 +02:00
Matthias Krüger
510fc3432e
Rollup merge of #129550 - kornelski:boxasstr, r=joshtriplett,dtolnay
Add str.as_str() for easy Deref to string slices

Working with `Box<str>` is cumbersome, because in places like `iter.filter()` it can end up being `&Box<str>` or even `&&Box<str>`, and such type doesn't always get auto-dereferenced as expected.

Dereferencing such box to `&str` requires ugly syntax like `&**boxed_str` or `&***boxed_str`, with the exact amount of `*`s.

`Box<str>` is [not easily comparable with other string types](https://github.com/rust-lang/rust/pull/129852) via `PartialEq`. `Box<str>` won't work for lookups in types like `HashSet<String>`, because `Borrow<String>` won't take types like `&Box<str>`. OTOH `set.contains(s.as_str())` works nicely regardless of levels of indirection.

`String` has a simple solution for this: the `as_str()` method, and `Box<str>` should too.
2024-09-23 06:45:32 +02:00
Michael Goulet
c682aa162b Reformat using the new identifier sorting from rustfmt 2024-09-22 19:11:29 -04:00
Kyle J Strand
e7e0dc70fa reword edge-conditions documentation on all slice 'sort' functions; resolves #130122 2024-09-22 16:51:33 -06:00
Michael Goulet
493852ccd6
Rollup merge of #130408 - okaneco:into_lossy_refactor, r=Noratrieb
Avoid re-validating UTF-8 in `FromUtf8Error::into_utf8_lossy`

Part of the unstable feature `string_from_utf8_lossy_owned` - #129436

Refactor `FromUtf8Error::into_utf8_lossy` to copy valid UTF-8 bytes into the buffer, avoiding double validation of bytes.
Add tests that mirror the `String::from_utf8_lossy` tests.
2024-09-21 15:18:56 -04:00
okaneco
b94c5a169b Avoid re-validating UTF-8 in FromUtf8Error::into_utf8_lossy
Refactor `into_utf8_lossy` to copy valid UTF-8 bytes into the buffer,
avoiding double validation of bytes.
Add tests that mirror the `String::from_utf8_lossy` tests
2024-09-20 20:56:07 -04:00
bors
da889684c8 Auto merge of #130631 - GuillaumeGomez:rollup-jpgy1iv, r=GuillaumeGomez
Rollup of 7 pull requests

Successful merges:

 - #128209 (Remove macOS 10.10 dynamic linker bug workaround)
 - #130526 (Begin experimental support for pin reborrowing)
 - #130611 (Address diagnostics regression for `const_char_encode_utf8`.)
 - #130614 (Add arm64e-apple-tvos target)
 - #130617 (bail if there are too many non-region infer vars in the query response)
 - #130619 (Fix scraped examples height)
 - #130624 (Add `Vec::as_non_null`)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-20 19:51:45 +00:00
bors
5ba6db1b64 Auto merge of #124895 - obeis:static-mut-hidden-ref, r=compiler-errors
Disallow hidden references to mutable static

Closes #123060

Tracking:
- https://github.com/rust-lang/rust/issues/123758
2024-09-20 17:25:34 +00:00
Tim (Theemathas) Chirananthavat
ff86269368 Add Vec::as_non_null 2024-09-20 22:19:53 +07:00
Matthias Krüger
569153a432
Rollup merge of #130553 - GnomedDev:remove-clippy-paths, r=compiler-errors
[Clippy] Get rid of most `std` `match_def_path` usage, swap to diagnostic items.

Part of https://github.com/rust-lang/rust-clippy/issues/5393.

This was going to remove all `std` paths, but `SeekFrom` has issues being cleanly replaced with a diagnostic item as the paths are for variants, which currently cannot be diagnostic items.

This also, as a last step, categories the paths to help with future path removals.
2024-09-19 20:37:07 +02:00
Kornel
3dcb5a3962
Add str.as_str() for easy dereferencing of Box<str> 2024-09-19 16:25:56 +01:00
GnomedDev
5f85f73f63
[Clippy] Swap unnecessary_owned_empty_strings to use diagnostic item instead of path 2024-09-19 13:13:43 +01:00
GnomedDev
89532c0f30
[Clippy] Swap unnecessary_to_owned to use diagnostic item instead of path 2024-09-19 13:13:42 +01:00
GnomedDev
25da0e2e5d
[Clippy] Swap manual_while_let_some to use diagnostic items instead of paths 2024-09-19 13:13:42 +01:00
GnomedDev
15240a93c9
[Clippy] Swap repeat_vec_with_capacity to use diagnostic item instead of path 2024-09-19 13:13:42 +01:00
GnomedDev
846ae57fc1
[Clippy] Swap VecArgs::hir to use diagnostic items instead of paths 2024-09-19 13:13:40 +01:00
GnomedDev
28f4c8293a
[Clippy] Swap single_char_add_str/format_push_string to use diagnostic items instead of paths 2024-09-19 13:13:20 +01:00
GnomedDev
5e4716888a
[Clippy] Swap option_as_ref_deref to use diagnostic items instead of paths 2024-09-19 13:13:19 +01:00
GnomedDev
a786be5d06
[Clippy] Swap map_entry to use diagnostic items instead of paths 2024-09-19 08:26:37 +01:00
ultrabear
63f14b3a1e
remove feature attributes as const_maybe_uninit_as_mut_ptr is stabilized 2024-09-18 20:22:10 -07:00
Jubilee
4bd9de5512
Rollup merge of #130522 - GnomedDev:clippy-manual-retain-paths, r=compiler-errors
[Clippy] Swap `manual_retain` to use diagnostic items instead of paths

Part of https://github.com/rust-lang/rust-clippy/issues/5393, just a chore.
2024-09-18 14:32:28 -07:00
GnomedDev
a18564c198
[Clippy] Swap manual_retain to use diagnostic items instead of paths 2024-09-18 17:20:44 +01:00
Ben Kimock
46761442b0 read_volatile __rust_no_alloc_shim_is_unstable in alloc_zeroed 2024-09-17 22:26:21 -04:00
Matthias Krüger
f6fd305282
Rollup merge of #129674 - matthewpipie:rc-arc-new-cyclic-in, r=dtolnay
Add new_cyclic_in for Rc and Arc

Currently, new_cyclic_in does not exist for Rc and Arc. This is an oversight according to https://github.com/rust-lang/wg-allocators/issues/132.

This PR adds new_cyclic_in for Rc and Arc. The implementation is almost the exact same as new_cyclic with some small differences to make it allocator-specific. new_cyclic's implementation has been replaced with a call to `new_cyclic_in(data_fn, Global)`.

Remaining questions:
* ~~Is requiring Allocator to be Clone OK? According to https://github.com/rust-lang/wg-allocators/issues/88, Allocators should be cheap to clone. I'm just hesitant to add unnecessary constraints, though I don't see an obvious workaround for this function since many called functions in new_cyclic_in expect an owned Allocator. I see Allocator.by_ref() as an option, but that doesn't work on when creating Weak { ptr: init_ptr, alloc: alloc.clone() }, because the type of Weak then becomes Weak<T, &A> which is incompatible.~~ Fixed, thank you `@zakarumych!` This PR no longer requires the allocator to be Clone.
* Currently, new_cyclic_in's documentation is almost entirely copy-pasted from new_cyclic, with minor tweaks to make it more accurate (e.g. Rc<T> -> Rc<T, A>). The example section is removed to mitigate redundancy and instead redirects to cyclic_in. Is this appropriate?
* ~~The comments in new_cyclic_in (and much of the implementation) are also copy-pasted from new_cyclic. Would it be better to make a helper method new_cyclic_in_internal that both functions call, with either Global or the custom allocator? I'm not sure if that's even possible, since the internal method would have to return Arc<T, Global> and I don't know if it's possible to "downcast" that to an Arc<T>. Maybe transmute would work here?~~ Done, thanks `@zakarumych`
* Arc::new_cyclic is #[inline], but Rc::new_cyclic is not. Which is preferred?
* nit: does it matter where in the impl block new_cyclic_in is defined?
2024-09-17 20:45:50 +02:00
matthewpipie
6750f042ca
Update library/alloc/src/sync.rs
Co-authored-by: David Tolnay <dtolnay@gmail.com>
2024-09-16 20:05:15 -05:00
Matthias Krüger
df3cf91b63
Rollup merge of #129439 - okaneco:vec_string_lossy, r=Noratrieb
Implement feature `string_from_utf8_lossy_owned` for lossy conversion from `Vec<u8>` to `String` methods

Accepted ACP: https://github.com/rust-lang/libs-team/issues/116
Tracking issue: #129436

Implement feature for lossily converting from `Vec<u8>` to `String`
- Add `String::from_utf8_lossy_owned`
- Add `FromUtf8Error::into_utf8_lossy`

---
Related to #64727, but unsure whether to mark it "fixed" by this PR.
That issue partly asks for in-place replacement of the original allocation. We fulfill the other half of that request with these functions.

closes #64727
2024-09-15 16:01:36 +02:00
Matthias Krüger
011289c9d4
Rollup merge of #129195 - RalfJung:const-mut-refs, r=fee1-dead
Stabilize `&mut` (and `*mut`) as well as `&Cell` (and `*const Cell`) in const

This stabilizes `const_mut_refs` and `const_refs_to_cell`. That allows a bunch of new things in const contexts:
- Mentioning `&mut` types
- Creating `&mut` and `*mut` values
- Creating `&T` and `*const T` values where `T` contains interior mutability
- Dereferencing `&mut` and `*mut` values (both for reads and writes)

The same rules as at runtime apply: mutating immutable data is UB. This includes mutation through pointers derived from shared references; the following is diagnosed with a hard error:
```rust
#[allow(invalid_reference_casting)]
const _: () = {
    let mut val = 15;
    let ptr = &val as *const i32 as *mut i32;
    unsafe { *ptr = 16; }
};
```

The main limitation that is enforced is that the final value of a const (or non-`mut` static) may not contain `&mut` values nor interior mutable `&` values. This is necessary because the memory those references point to becomes *read-only* when the constant is done computing, so (interior) mutable references to such memory would be pretty dangerous. We take a multi-layered approach here to ensuring no mutable references escape the initializer expression:
- A static analysis rejects (interior) mutable references when the referee looks like it may outlive the current MIR body.
- To be extra sure, this static check is complemented by a "safety net" of dynamic checks. ("Dynamic" in the sense of "running during/after const-evaluation, e.g. at runtime of this code" -- in contrast to "static" which works entirely by looking at the MIR without evaluating it.)
  - After the final value is computed, we do a type-driven traversal of the entire value, and if we find any `&mut` or interior-mutable `&` we error out.
  - However, the type-driven traversal cannot traverse `union` or raw pointers, so there is a second dynamic check where if the final value of the const contains any pointer that was not derived from a shared reference, we complain. This is currently a future-compat lint, but will become an ICE in #128543. On the off-chance that it's actually possible to trigger this lint on stable, I'd prefer if we could make it an ICE before stabilizing const_mut_refs, but it's not a hard blocker. This part of the "safety net" is only active for mutable references since with shared references, it has false positives.

Altogether this should prevent people from leaking (interior) mutable references out of the const initializer.

While updating the tests I learned that surprisingly, this code gets rejected:
```rust
const _: Vec<i32> = {
    let mut x = Vec::<i32>::new(); //~ ERROR destructor of `Vec<i32>` cannot be evaluated at compile-time
    let r = &mut x;
    let y = x;
    y
};
```
The analysis that rejects destructors in `const` is very conservative when it sees an `&mut` being created to `x`, and then considers `x` to be always live. See [here](https://github.com/rust-lang/rust/issues/65394#issuecomment-541499219) for a longer explanation. `const_precise_live_drops` will solve this, so I consider this problem to be tracked by https://github.com/rust-lang/rust/issues/73255.

Cc `@rust-lang/wg-const-eval` `@rust-lang/lang`
Cc https://github.com/rust-lang/rust/issues/57349
Cc https://github.com/rust-lang/rust/issues/80384
2024-09-15 11:55:45 +02:00
Ralf Jung
49316f871c also stabilize const_refs_to_cell 2024-09-15 10:20:47 +02:00
Ralf Jung
3175cc2814 stabilize const_mut_refs 2024-09-15 09:51:32 +02:00
Stuart Cook
c11505f218
Rollup merge of #130061 - theemathas:box_vec_non_null, r=MarkSimulacrum,workingjubilee
Add `NonNull` convenience methods to `Box` and `Vec`

Implements the ACP: https://github.com/rust-lang/libs-team/issues/418.

The docs for the added methods are mostly copied from the existing methods that use raw pointers instead of `NonNull`.

I'm new to this "contributing to rustc" thing, so I'm sorry if I did something wrong. In particular, I don't know what the process is for creating a new unstable feature. Please advise me if I should do something. Thank you.
2024-09-15 12:14:55 +10:00
Tim (Theemathas) Chirananthavat
811ee38ff0 Add tracking issue number for box_vec_non_null 2024-09-15 01:11:18 +07:00
Obei Sideg
3b0ce1bc33
Update tests for hidden references to mutable static 2024-09-13 14:10:56 +03:00
Stuart Cook
368718961c
Rollup merge of #130245 - RalfJung:miri-alloc-backtrace, r=Amanieu
make basic allocation functions track_caller in Miri for nicer backtraces

This matches what we did with basic pointer and atomic operations.
2024-09-13 19:37:59 +10:00
bors
2e8db5e9e3 Auto merge of #130281 - matthiaskrgr:rollup-1b2ibs8, r=matthiaskrgr
Rollup of 5 pull requests

Successful merges:

 - #130101 (some const cleanup: remove unnecessary attributes, add const-hack indications)
 - #130208 (Introduce `'ra` lifetime name.)
 - #130263 (coverage: Simplify creation of sum counters)
 - #130273 (more eagerly discard constraints on overflow)
 - #130276 (Add test for nalgebra hang in coherence)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-12 18:27:55 +00:00
Matthias Krüger
4428d6f363
Rollup merge of #130101 - RalfJung:const-cleanup, r=fee1-dead
some const cleanup: remove unnecessary attributes, add const-hack indications

I learned that we use `FIXME(const-hack)` on top of the "const-hack" label. That seems much better since it marks the right place in the code and moves around with the code. So I went through the PRs with that label and added appropriate FIXMEs in the code. IMO this means we can then remove the label -- Cc ``@rust-lang/wg-const-eval.``

I also noticed some const stability attributes that don't do anything useful, and removed them.

r? ``@fee1-dead``
2024-09-12 19:03:41 +02:00
bors
8c0ec05f7d Auto merge of #129992 - alexcrichton:update-compiler-builtins, r=tgross35
Update compiler-builtins to 0.1.125

This commit updates the compiler-builtins crate from 0.1.123 to 0.1.125. The changes in this update are:

* https://github.com/rust-lang/compiler-builtins/pull/682
* https://github.com/rust-lang/compiler-builtins/pull/678
* https://github.com/rust-lang/compiler-builtins/pull/685
2024-09-12 15:28:40 +00:00
Ralf Jung
03e8c95809 make basic allocation functions track_caller in Miri for nicer backtraces 2024-09-11 22:38:21 +02:00
bors
6f7229c4da Auto merge of #129403 - scottmcm:only-array-simd, r=compiler-errors
Ban non-array SIMD

Nearing the end of https://github.com/rust-lang/compiler-team/issues/621 !

Currently blocked on ~~https://github.com/rust-lang/compiler-builtins/pull/673~~ ~~https://github.com/rust-lang/compiler-builtins/pull/674~~ ~~https://github.com/rust-lang/rust/pull/129400~~ ~~https://github.com/rust-lang/rust/pull/129481~~ for windows.
2024-09-10 22:47:40 +00:00
bors
33855f80d4 Auto merge of #130025 - Urgau:missing_docs-expect, r=petrochenkov
Also emit `missing_docs` lint with `--test` to fulfil expectations

This PR removes the "test harness" suppression of the `missing_docs` lint to be able to fulfil `#[expect]` (expectations) as it is now "relevant".

I think the goal was to maybe avoid false-positive while linting on public items under `#[cfg(test)]` but with effective visibility we should no longer have any false-positive.

Another possibility would be to query the lint level and only emit the lint if it's of expect level, but that is even more hacky.

Fixes https://github.com/rust-lang/rust/issues/130021

try-job: x86_64-gnu-aux
2024-09-10 14:54:09 +00:00
Scott McMurray
d2309c2a9d Ban non-array SIMD 2024-09-09 19:39:43 -07:00
Urgau
843708a32e Add missing #[allow(missing_docs)] on hack functions in alloc 2024-09-09 13:44:09 +02:00
Ralf Jung
332fa6aa6e add FIXME(const-hack) 2024-09-08 23:08:40 +02:00
Eduardo Sánchez Muñoz
5f3fdd14df Remove needless returns detected by clippy in libraries 2024-09-08 21:51:00 +02:00