Commit Graph

360 Commits

Author SHA1 Message Date
bors
f1e691da2e Auto merge of #86138 - FabianWolff:issue-85871, r=nikomatsakis
Check whether the closure's owner is an ADT in thir-unsafeck

This pull request fixes #85871. The code in `rustc_mir_build/src/check_unsafety.rs` incorrectly assumes that a closure's owner always has a body, but only functions, closures, and constants have bodies, whereas a closure can also appear inside a struct or enum:
```rust
struct S {
    arr: [(); match || 1 { _ => 42 }]
}

enum E {
    A([(); { || 1; 42 }])
}
```
This pull request fixes the resulting ICE by checking whether the closure's owner is an ADT and only deferring to `thir_check_unsafety(owner)` if it isn't.
2021-06-23 21:35:46 +00:00
Yuki Okushi
8ec4e7dfdd
Rollup merge of #86517 - camsteffen:unused-unsafe-async, r=LeSeulArtichaut
Fix `unused_unsafe` around `await`

Enables `unused_unsafe` lint for `unsafe { future.await }`.

The existing test for this is `unsafe { println!() }`, so I assume that `println!` used to contain compiler-generated unsafe but this is no longer true, and so the existing test is broken. I replaced the test with `unsafe { ...await }`. I believe `await` is currently the only instance of compiler-generated unsafe.

Reverts some parts of #85421, but the issue predates that PR.
2021-06-22 20:01:05 +09:00
Cameron Steffen
b07bb6d698 Fix unused_unsafe with compiler-generated unsafe 2021-06-21 17:25:45 -05:00
bors
150fad30ea Auto merge of #86460 - JohnTitor:use-static-in-pattern-err, r=oli-obk
Refactor `PatternError` structure

Now we emit the `StaticInPattern` error precisely.
Fixes #68395
r? `@oli-obk`
2021-06-19 19:46:02 +00:00
bors
9cf05f3614 Auto merge of #86378 - Smittyvb:thir-walker-pat, r=LeSeulArtichaut
Add pattern walking support to THIR walker

Suggested in https://github.com/rust-lang/rust/pull/85263#issuecomment-861906730, this splits off the support for pattern walking in THIR from #85263. This has no observable effect on THIR unsafety checking, since it is not currently possible to trigger unsafety from the THIR checker using the additional patterns or constants that are now walked. THIR patterns are walked in source code order.

r? `@LeSeulArtichaut`
2021-06-19 05:44:11 +00:00
Yuki Okushi
e44e65e888
Assert is_associated_const when resolving 2021-06-19 13:55:24 +09:00
Yuki Okushi
bc243a7f55
Refactor PatternError structure 2021-06-19 11:47:15 +09:00
bors
312b894cc1 Auto merge of #85421 - Smittyvb:rm_pushpop_unsafe, r=matthewjasper
Remove some last remants of {push,pop}_unsafe!

These macros have already been removed, but there was still some code handling these macros. That code is now removed.
2021-06-18 14:17:53 +00:00
Smitty
281dd6d6e0 Explicitly write out all fields 2021-06-17 10:17:35 -04:00
Smitty
1d5accabf1 simplify borrowing 2021-06-17 10:15:02 -04:00
Smitty
210e46bf24 Add pattern walking support to THIR walker 2021-06-16 16:36:43 -04:00
LeSeulArtichaut
5e802e5e97 Box ExprKind::Adt 2021-06-13 17:03:11 +02:00
Fabian Wolff
433c1aec21 Check whether the closure's owner has a body before deferring to it in thir-unsafeck 2021-06-08 22:09:35 +02:00
Smitty
45c55540a8 Remove some last remants of {push,pop}_unsafe!
These macros have already been removed, but there was still some code
handling these macros. That code is now removed.
2021-06-06 17:04:03 -04:00
Yuki Okushi
36f1ed6de2
Rollup merge of #85850 - bjorn3:less_feature_gates, r=jyn514
Remove unused feature gates

The first commit removes a usage of a feature gate, but I don't expect it to be controversial as the feature gate was only used to workaround a limitation of rust in the past. (closures never being `Clone`)

The second commit uses `#[allow_internal_unstable]` to avoid leaking the `trusted_step` feature gate usage from inside the index newtype macro. It didn't work for the `min_specialization` feature gate though.

The third commit removes (almost) all feature gates from the compiler that weren't used anyway.
2021-06-04 13:42:54 +09:00
bors
a93699f20a Auto merge of #85952 - JohnTitor:rollup-r00gu9q, r=JohnTitor
Rollup of 13 pull requests

Successful merges:

 - #83362 (Stabilize `vecdeque_binary_search`)
 - #85706 (Turn off frame pointer elimination on all Apple platforms. )
 - #85724 (Fix issue 85435 by restricting Fake Read precision)
 - #85852 (Clarify meaning of MachineApplicable suggestions.)
 - #85877 (Intra doc link-ify a reference to a function)
 - #85880 (convert assertion on rvalue::threadlocalref to delay bug)
 - #85896 (Add test for forward declared const param defaults)
 - #85897 (Update I-unsound label for triagebot)
 - #85900 (Use pattern matching instead of checking lengths explicitly)
 - #85911 (Avoid a clone of output_filenames.)
 - #85926 (Update cargo)
 - #85934 (Add `Ty::is_union` predicate)
 - #85935 (Validate type of locals used as indices)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
2021-06-03 08:02:39 +00:00
Yuki Okushi
34f1275880
Rollup merge of #85724 - sexxi-goose:rox-fix-issue-85435, r=nikomatsakis
Fix issue 85435 by restricting Fake Read precision

This PR fixes the root bug of issue #85435 by restricting Fake Read precision in closures and removing the feature gate introduced in PR #85564. More info [here](https://github.com/rust-lang/rust/issues/85561#issuecomment-846223784) and [here](https://github.com/rust-lang/rust/issues/85561#issuecomment-847270533).

Closes #85561

r? ``@nikomatsakis``
2021-06-03 14:35:29 +09:00
bors
016e9b5e33 Auto merge of #84988 - alexcrichton:safe-target-feature-wasm, r=joshtriplett
rustc: Allow safe #[target_feature] on wasm

This commit updates the compiler's handling of the `#[target_feature]`
attribute when applied to functions on WebAssembly-based targets. The
compiler in general requires that any functions with `#[target_feature]`
are marked as `unsafe` as well, but this commit relaxes the restriction
for WebAssembly targets where the attribute can be applied to safe
functions as well.

The reason this is done is that the motivation for this feature of the
compiler is not applicable for WebAssembly targets. In general the
`#[target_feature]` attribute is used to enhance target CPU features
enabled beyond the basic level for the rest of the compilation. If done
improperly this means that your program could execute an instruction
that the CPU you happen to be running on does not understand. This is
considered undefined behavior where it is unknown what will happen (e.g.
it's not a deterministic `SIGILL`).

For WebAssembly, however, the target is different. It is not possible
for a running WebAssembly program to execute an instruction that the
engine does not understand. If this were the case then the program would
not have validated in the first place and would not run at all. Even if
this were allowed in some hypothetical future where engines have some
form of runtime feature detection (which they do not right now) any
implementation of such a feature would generate a trap if a module
attempts to execute an instruction the module does not understand. This
deterministic trap behavior would still not fall into the category of
undefined behavior because the trap is deterministic.

For these reasons the `#[target_feature]` attribute is now allowed on
safe functions, but only for WebAssembly targets. This notably enables
the wasm-SIMD intrinsics proposed for stabilization in #74372 to be
marked as safe generally instead of today where they're all `unsafe` due
to the historical implementation of `#[target_feature]` in the compiler.
2021-06-03 05:12:31 +00:00
bjorn3
312f964478 Remove unused feature gates 2021-05-31 13:55:43 +02:00
bors
9a72afa7dd Auto merge of #83772 - jhpratt:revamp-step-trait, r=Mark-Simulacrum
Make `Step` trait safe to implement

This PR makes a few modifications to the `Step` trait that I believe better position it for stabilization in the short term. In particular,

1. `unsafe trait TrustedStep` is introduced, indicating that the implementation of `Step` for a given type upholds all stated invariants (which have remained unchanged). This is gated behind a new `trusted_step` feature, as stabilization is realistically blocked on min_specialization.
2. The `Step` trait is internally specialized on the `TrustedStep` trait, which avoids a serious performance regression.
3. `TrustedLen` is implemented for `T: TrustedStep` as the latter's invariants subsume the former's.
4. The `Step` trait is no longer `unsafe`, as the invariants must not be relied upon by unsafe code (unless the type implements `TrustedStep`).
5. `TrustedStep` is implemented for all types that implement `Step` in the standard library and compiler.
6. The `step_trait_ext` feature is merged into the `step_trait` feature. I was unable to find any reasoning for the features being split; the `_unchecked` methods need not necessarily be stabilized at the same time, but I think it is useful to have them under the same feature flag.

All existing implementations of `Step` will be broken, as it is not possible to `unsafe impl` a safe trait. Given this trait only exists on nightly, I feel this breakage is acceptable. The blanket `impl<T: Step> TrustedLen for T` will likely cause some minor breakage, but this should be covered by the equivalent impl for `TrustedStep`.

Hopefully these changes are sufficient to place `Step` in decent position for stabilization, which would allow user-defined types to be used with `a..b` syntax.
2021-05-30 01:21:39 +00:00
Alex Crichton
7fed92b3a4 rustc: Allow safe #[target_feature] on wasm
This commit updates the compiler's handling of the `#[target_feature]`
attribute when applied to functions on WebAssembly-based targets. The
compiler in general requires that any functions with `#[target_feature]`
are marked as `unsafe` as well, but this commit relaxes the restriction
for WebAssembly targets where the attribute can be applied to safe
functions as well.

The reason this is done is that the motivation for this feature of the
compiler is not applicable for WebAssembly targets. In general the
`#[target_feature]` attribute is used to enhance target CPU features
enabled beyond the basic level for the rest of the compilation. If done
improperly this means that your program could execute an instruction
that the CPU you happen to be running on does not understand. This is
considered undefined behavior where it is unknown what will happen (e.g.
it's not a deterministic `SIGILL`).

For WebAssembly, however, the target is different. It is not possible
for a running WebAssembly program to execute an instruction that the
engine does not understand. If this were the case then the program would
not have validated in the first place and would not run at all. Even if
this were allowed in some hypothetical future where engines have some
form of runtime feature detection (which they do not right now) any
implementation of such a feature would generate a trap if a module
attempts to execute an instruction the module does not understand. This
deterministic trap behavior would still not fall into the category of
undefined behavior because the trap is deterministic.

For these reasons the `#[target_feature]` attribute is now allowed on
safe functions, but only for WebAssembly targets. This notably enables
the wasm-SIMD intrinsics proposed for stabilization in #74372 to be
marked as safe generally instead of today where they're all `unsafe` due
to the historical implementation of `#[target_feature]` in the compiler.
2021-05-28 12:57:35 -07:00
Roxane
382338fe75 Remove feature gate 2021-05-27 17:58:35 -04:00
LeSeulArtichaut
6c4f40dee1 Make closures inherit their parent's "safety context" 2021-05-27 16:50:48 +02:00
Dylan DPC
9d4a6449db
Rollup merge of #85564 - pnkfelix:issue-85435-readd-capture-disjoint-fields-gate, r=nikomatsakis
readd capture disjoint fields gate

This readds a feature gate guard that was added in PR #83521. (Basically, there were unintended consequences to the code exposed by removing the feature gate guard.)

The root bug still remains to be resolved, as discussed in issue #85561. This is just a band-aid suitable for a beta backport.

Cc issue #85435

Note that the latter issue is unfixed until we backport this (or another fix) to 1.53 beta
2021-05-27 03:02:08 +02:00
Jacob Pratt
bc2f0fb5a9
Specialize implementations
Implementations in stdlib are now optimized as they were before.
2021-05-26 18:07:09 -04:00
LeSeulArtichaut
f7916b4c9e Fix unused_unsafe in THIR unsafeck 2021-05-25 20:11:29 +02:00
LeSeulArtichaut
b0835410bb Handle unsafe_op_in_unsafe_fn properly in THIR unsafeck 2021-05-25 20:11:29 +02:00
Guillaume Gomez
ad72247833
Rollup merge of #85605 - ptrojahn:closure_struct, r=matthewjasper
Replace Local::new(1) with CAPTURE_STRUCT_LOCAL
2021-05-25 13:05:14 +02:00
bors
a7890c7952 Auto merge of #84985 - pietroalbini:bootstrap-1.54, r=Mark-Simulacrum
Bump bootstrap compiler to beta 1.53.0

This PR bumps the bootstrap compiler to version 1.53.0 beta, as part of our usual release process (this was supposed to be Wednesday's step, but creating the beta release took longer than expected).

The PR also includes the "Bootstrap: skip rustdoc fingerprint for building docs" commit, see the reasoning [on Zulip](https://zulip-archive.rust-lang.org/241545trelease/88450153betabootstrap.html).

r? `@Mark-Simulacrum`
2021-05-25 05:48:00 +00:00
bors
d568d63b1f Auto merge of #85273 - LeSeulArtichaut:thir-query, r=nikomatsakis
Make building THIR a stealable query

This PR creates a stealable `thir_body` query so that we can build the THIR only once for THIR unsafeck and MIR build.

Blocked on #83842.
r? `@nikomatsakis`
2021-05-25 03:07:03 +00:00
Pietro Albini
9e22b844dd remove cfg(bootstrap) 2021-05-24 11:07:48 -04:00
LeSeulArtichaut
af3d9a3aa3 Make thir_check_unsafety itself responsible for checking gate 2021-05-24 15:09:33 +02:00
LeSeulArtichaut
13e7b237fd Add comments about stealing THIR in mir_build 2021-05-24 15:05:20 +02:00
LeSeulArtichaut
3559565e07 Replace more "NULL" with "null" 2021-05-24 12:59:33 +02:00
Paul Trojahn
0a80cc4d83 Replace Local::new(1) with CAPTURE_STRUCT_LOCAL 2021-05-23 18:36:23 +02:00
Ralf Jung
585141b219 support creating mutable allocations from byte slices 2021-05-23 12:37:16 +02:00
LeSeulArtichaut
3f31044d90 Handle typeck errors properly 2021-05-22 16:21:36 +02:00
LeSeulArtichaut
6dfdea9800 Make the THIR unsafeck use the thir_body query 2021-05-22 16:21:33 +02:00
LeSeulArtichaut
6f64eb1fe6 Make THIR building a stealable query 2021-05-22 14:36:22 +02:00
LeSeulArtichaut
bd80018159 Move THIR structure definitions to rustc_middle 2021-05-22 14:36:22 +02:00
Felix S. Klock II
1f130fbff8 Revert portion of PR #83521 that injected issue #85435 (and thus exposed underlying issue #85561). 2021-05-21 14:55:09 -04:00
LeSeulArtichaut
0e1afc4501 Check for use of mutable/extern statics in THIR unsafeck 2021-05-21 19:51:53 +02:00
LeSeulArtichaut
6b327aaa08 Check for ptr-to-int casts in const functions in THIR unsafeck 2021-05-21 18:31:44 +02:00
LeSeulArtichaut
592fecbafb Check for initialization of layout-restricted types 2021-05-21 18:29:51 +02:00
LeSeulArtichaut
d7787bbaef Check for calls to functions with #[target_feature] in THIR unsafeck 2021-05-20 00:06:32 +02:00
LeSeulArtichaut
27fe959c2c Check for raw pointer dereference in THIR unsafeck 2021-05-20 00:01:05 +02:00
bors
f94942d842 Auto merge of #83842 - LeSeulArtichaut:thir-vec, r=nikomatsakis
Store THIR in `IndexVec`s instead of an `Arena`

This is a necessary step to store the THIR in a query: #85273. See [relevant discussion on Zulip](https://rust-lang.zulipchat.com/#narrow/stream/278509-project-thir-unsafeck/topic/THIR-dependent.20queries.20design).

r? `@ghost` cc `@cjgillot` `@nikomatsakis`
2021-05-19 18:41:23 +00:00
LeSeulArtichaut
7093a21e27 Adapt the THIR visitor to the vec-stored THIR 2021-05-19 16:03:41 +02:00
LeSeulArtichaut
dc3eabd487 Store THIR in IndexVecs instead of an Arena 2021-05-19 16:03:35 +02:00
LeSeulArtichaut
62044b2fab Remove remnants of BorrowOfPackedField 2021-05-17 19:32:58 +02:00