Commit Graph

39501 Commits

Author SHA1 Message Date
bors
d696a27c13 Auto merge of #130415 - matthiaskrgr:rollup-xhsu9oq, r=matthiaskrgr
Rollup of 3 pull requests

Successful merges:

 - #130151 (Use a small runner for msvc-ext2 job)
 - #130394 (const: don't ICE when encountering a mutable ref to immutable memory)
 - #130409 (tests: more ice tests)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-15 22:37:06 +00:00
Ralf Jung
7dfffe7e70 const: don't ICE when encountering a mutable ref to immutable memory 2024-09-15 22:53:04 +02:00
Matthias Krüger
b3686b56c2
Rollup merge of #130384 - workingjubilee:document-what-abi-and-pref-align-is, r=compiler-errors
compiler: Document AbiAndPrefAlign

The mere existence of this struct is confusing, and the second field doubly so. It's easy to mistake the "preferred" alignment as semantically relevant somehow. Insofar as I am aware, it is not, and certainly not for Rust code.
2024-09-15 20:55:13 +02:00
Matthias Krüger
0daa636b93
Rollup merge of #129897 - RalfJung:soft-float-ignored, r=Urgau
deprecate -Csoft-float because it is unsound (and not fixable)

See  https://github.com/rust-lang/rust/issues/129893 for details. The general sentiment there seems to be that this flag has no use and sound alternatives exist, so let's add this warning and see if anyone out there disagrees.

Also show a different warning on targets where it does nothing (as documented since https://github.com/rust-lang/rust/pull/36261): it seems to correspond to `-mfloat-abi` in GCC/clang, which is an ARM-specific option. To be really sure it does nothing, only forward the flag to LLVM for eabihf targets. This should not change behavior but makes me sleep better ;)
2024-09-15 20:55:12 +02:00
Matthias Krüger
96195a5e24
Rollup merge of #130342 - RalfJung:slice-idx-overflow, r=saethlin
interpret, miri: fix dealing with overflow during slice indexing and allocation

This is mostly to fix https://github.com/rust-lang/rust/issues/130284.

I then realized we're using somewhat sketchy arguments for a similar multiplication in `copy`/`copy_nonoverlapping`/`write_bytes`,  so I made them all share the same function that checks exactly the right thing. (The intrinsics would previously fail on allocations larger than `1 << 47` bytes... which are theoretically possible maybe? Anyway it seems conceptually wrong to use any other bound than `isize::MAX` here.)
2024-09-15 16:01:38 +02:00
Matthias Krüger
18a93ca65e
Rollup merge of #130293 - gurry:130142-lint-level-issue, r=cjgillot
Fix lint levels not getting overridden by attrs on `Stmt` nodes

Fixes #130142. See comments on the issue for context.

r? `@cjgillot`
2024-09-15 16:01:37 +02:00
Matthias Krüger
6ac598a472
Rollup merge of #129828 - RalfJung:miri-data-race, r=saethlin
miri: treat non-memory local variables properly for data race detection

Fixes https://github.com/rust-lang/miri/issues/3242

Miri has an optimization where some local variables are not represented in memory until something forces them to be stored in memory (most notably, creating a pointer/reference to the local will do that). However, for a subsystem triggering on memory accesses -- such as the data race detector -- this means that the memory access seems to happen only when the local is moved to memory, instead of at the time that it actually happens. This can lead to UB reports in programs that do not actually have UB.

This PR fixes that by adding machine hooks for reads and writes to such efficiently represented local variables. The data race system tracks those very similar to how it would track reads and writes to addressable memory, and when a local is moved to memory, the clocks get overwritten with the information stored for the local.
2024-09-15 16:01:36 +02:00
bors
dde7d6649e Auto merge of #130390 - matthiaskrgr:rollup-evbfwe2, r=matthiaskrgr
Rollup of 5 pull requests

Successful merges:

 - #129195 (Stabilize `&mut` (and `*mut`) as well as `&Cell` (and `*const Cell`) in const)
 - #130118 (move Option::unwrap_unchecked into const_option feature gate)
 - #130295 (Fix target-cpu fpu features on Armv8-R.)
 - #130371 (Correctly account for niche-optimized tags in rustc_transmute)
 - #130381 (library: Compute Rust exception class from its string repr)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-15 11:19:28 +00:00
Matthias Krüger
9ed667f8ed
Rollup merge of #130371 - saethlin:transmutability-enum-ice, r=compiler-errors
Correctly account for niche-optimized tags in rustc_transmute

This is a bit hacky, but it fixes the ICE and makes it possible to run the safe transmute check on every `mem::transmute` check we instantiate. I want to write a lint that needs to do that, but this stands well on its own.

cc `@jswrenn` here's the fix I alluded to yesterday :)

Fixes #123693
2024-09-15 11:55:47 +02:00
Matthias Krüger
3225bd5f96
Rollup merge of #130295 - chrisnc:armv8r-feature-fix, r=workingjubilee
Fix target-cpu fpu features on Armv8-R.

This is a follow-up to #123159, but applied to Armv8-R.

This required https://github.com/llvm/llvm-project/pull/88287 to work properly. Now that this change exists in rustc's llvm, we can fix Armv8-R's default fpu features. In Armv8-R's case, the default features from LLVM for floating-point are sufficient, because there is no integer-only variant of this architecture.
2024-09-15 11:55:46 +02:00
Matthias Krüger
011289c9d4
Rollup merge of #129195 - RalfJung:const-mut-refs, r=fee1-dead
Stabilize `&mut` (and `*mut`) as well as `&Cell` (and `*const Cell`) in const

This stabilizes `const_mut_refs` and `const_refs_to_cell`. That allows a bunch of new things in const contexts:
- Mentioning `&mut` types
- Creating `&mut` and `*mut` values
- Creating `&T` and `*const T` values where `T` contains interior mutability
- Dereferencing `&mut` and `*mut` values (both for reads and writes)

The same rules as at runtime apply: mutating immutable data is UB. This includes mutation through pointers derived from shared references; the following is diagnosed with a hard error:
```rust
#[allow(invalid_reference_casting)]
const _: () = {
    let mut val = 15;
    let ptr = &val as *const i32 as *mut i32;
    unsafe { *ptr = 16; }
};
```

The main limitation that is enforced is that the final value of a const (or non-`mut` static) may not contain `&mut` values nor interior mutable `&` values. This is necessary because the memory those references point to becomes *read-only* when the constant is done computing, so (interior) mutable references to such memory would be pretty dangerous. We take a multi-layered approach here to ensuring no mutable references escape the initializer expression:
- A static analysis rejects (interior) mutable references when the referee looks like it may outlive the current MIR body.
- To be extra sure, this static check is complemented by a "safety net" of dynamic checks. ("Dynamic" in the sense of "running during/after const-evaluation, e.g. at runtime of this code" -- in contrast to "static" which works entirely by looking at the MIR without evaluating it.)
  - After the final value is computed, we do a type-driven traversal of the entire value, and if we find any `&mut` or interior-mutable `&` we error out.
  - However, the type-driven traversal cannot traverse `union` or raw pointers, so there is a second dynamic check where if the final value of the const contains any pointer that was not derived from a shared reference, we complain. This is currently a future-compat lint, but will become an ICE in #128543. On the off-chance that it's actually possible to trigger this lint on stable, I'd prefer if we could make it an ICE before stabilizing const_mut_refs, but it's not a hard blocker. This part of the "safety net" is only active for mutable references since with shared references, it has false positives.

Altogether this should prevent people from leaking (interior) mutable references out of the const initializer.

While updating the tests I learned that surprisingly, this code gets rejected:
```rust
const _: Vec<i32> = {
    let mut x = Vec::<i32>::new(); //~ ERROR destructor of `Vec<i32>` cannot be evaluated at compile-time
    let r = &mut x;
    let y = x;
    y
};
```
The analysis that rejects destructors in `const` is very conservative when it sees an `&mut` being created to `x`, and then considers `x` to be always live. See [here](https://github.com/rust-lang/rust/issues/65394#issuecomment-541499219) for a longer explanation. `const_precise_live_drops` will solve this, so I consider this problem to be tracked by https://github.com/rust-lang/rust/issues/73255.

Cc `@rust-lang/wg-const-eval` `@rust-lang/lang`
Cc https://github.com/rust-lang/rust/issues/57349
Cc https://github.com/rust-lang/rust/issues/80384
2024-09-15 11:55:45 +02:00
bors
1ae268816c Auto merge of #130148 - RalfJung:interpret-get_ptr_alloc_mut, r=saethlin
interpret: get_ptr_alloc_mut: lookup allocation only once

I don't think this will make a big perf difference, but it makes this function symmetric with `get_ptr_alloc` -- and it's always nice to successfully solve a borrow checker puzzle like this. ;)
2024-09-15 08:59:26 +00:00
Ralf Jung
f16f09db63 interpret: get_ptr_alloc_mut: lookup allocation only once 2024-09-15 10:21:19 +02:00
Ralf Jung
49316f871c also stabilize const_refs_to_cell 2024-09-15 10:20:47 +02:00
Ralf Jung
544a6a7df3 const_refs_to_cell: dont let mutable references sneak past the interior mutability check 2024-09-15 09:51:34 +02:00
Ralf Jung
9ad5728593 clean up const checking of mutable references 2024-09-15 09:51:34 +02:00
Ralf Jung
3175cc2814 stabilize const_mut_refs 2024-09-15 09:51:32 +02:00
Ralf Jung
268f6cf558 also use compute_size_in_bytes for relevant multiplications in Miri 2024-09-15 09:21:43 +02:00
Jubilee Young
7b02be8abc compiler: Document AbiAndPrefAlign 2024-09-14 22:45:25 -07:00
Chris Copeland
1a0ba01177
Fix target-cpu fpu features on Armv8-R.
This is a follow-up to #123159, but applied to Armv8-R.

This required https://github.com/llvm/llvm-project/pull/88287 to work
properly. Now that this change exists in rustc's llvm, we can fix
Armv8-R's default fpu features. In Armv8-R's case, the default features
from LLVM for floating-point are sufficient, because there is no
integer-only variant of this architecture.
2024-09-14 21:39:23 -07:00
Stuart Cook
12fb8e45c2
Rollup merge of #130353 - Zalathar:lint-zero, r=jieyouxu
Make some lint doctests compatible with `--stage=0`

Currently, running `x test compiler --stage=0` (with `rust.parallel-compiler=false` to avoid other problems) results in two failures, because these lint doctests aren't compatible with the current stage0 compiler.

In theory, the more “correct” solution would be to wrap the opening triple-backtick line in  `#[cfg_attr(not(bootstrap), doc = "..."]`. However, that causes a few practical problems:
- `tidy` doesn't understand that syntax, and miscounts the number of backticks in the comment block.
- `lint-docs` doesn't understand that syntax, and thinks it's trying to declare the lint name.
- Working around the above problems would cause more work and more confusion for whoever does the next bootstrap beta bump.

So instead this PR adds some bootstrap gates inside the individual doctests, which end up producing the desired behaviour, and are straightforward to remove.
2024-09-15 12:14:57 +10:00
bors
4f1be92153 Auto merge of #129753 - folkertdev:stabilize-const-extern-fn, r=RalfJung
stabilize `const_extern_fn`

closes https://github.com/rust-lang/rust/issues/64926

tracking issue: https://github.com/rust-lang/rust/issues/64926
reference PR: https://github.com/rust-lang/reference/pull/1596

## Stabilizaton Report

### Summary

Using `const extern "Rust"` and `const extern "C"` was already stabilized (since version 1.62.0, see https://github.com/rust-lang/rust/pull/95346). This PR stabilizes the other calling conventions: it is now possible to write  `const unsafe extern "calling-convention" fn` and `const extern "calling-convention" fn` for any supported calling convention:

```rust
const extern "C-unwind" fn foo1(val: u8) -> u8 { val + 1}
const extern "stdcall" fn foo2(val: u8) -> u8 { val + 1}
const unsafe extern "C-unwind" fn bar1(val: bool) -> bool { !val }
const unsafe extern "stdcall" fn bar2(val: bool) -> bool { !val }
```

This can be used to const-ify an `extern fn`, or conversely, to make a `const fn` callable from external code.

r? T-lang

cc `@RalfJung`
2024-09-14 23:47:59 +00:00
Ben Kimock
2ac554b73a Correctly account for niche-optimized tags 2024-09-14 17:52:03 -04:00
bors
9b72238eb8 Auto merge of #128543 - RalfJung:const-interior-mut, r=fee1-dead
const-eval interning: accept interior mutable pointers in final value

…but keep rejecting mutable references

This fixes https://github.com/rust-lang/rust/issues/121610 by no longer firing the lint when there is a pointer with interior mutability in the final value of the constant. On stable, such pointers can be created with code like:
```rust
pub enum JsValue {
    Undefined,
    Object(Cell<bool>),
}
impl Drop for JsValue {
    fn drop(&mut self) {}
}
// This does *not* get promoted since `JsValue` has a destructor.
// However, the outer scope rule applies, still giving this 'static lifetime.
const UNDEFINED: &JsValue = &JsValue::Undefined;
```
It's not great to accept such values since people *might* think that it is legal to mutate them with unsafe code. (This is related to how "infectious" `UnsafeCell` is, which is a [wide open question](https://github.com/rust-lang/unsafe-code-guidelines/issues/236).) However, we [explicitly document](https://doc.rust-lang.org/reference/behavior-considered-undefined.html) that things created by `const` are immutable. Furthermore, we also accept the following even more questionable code without any lint today:
```rust
let x: &'static Option<Cell<i32>> = &None;
```
This is even more questionable since it does *not* involve a `const`, and yet still puts the data into immutable memory. We could view this as promotion [potentially introducing UB](https://github.com/rust-lang/unsafe-code-guidelines/issues/493). However, we've accepted this since ~forever and it's [too late to reject this now](https://github.com/rust-lang/rust/pull/122789); the pattern is just too useful.

So basically, if you think that `UnsafeCell` should be tracked fully precisely, then you should want the lint we currently emit to be removed, which this PR does. If you think `UnsafeCell` should "infect" surrounding `enum`s, the big problem is really https://github.com/rust-lang/unsafe-code-guidelines/issues/493 which does not trigger the lint -- the cases the lint triggers on are actually the "harmless" ones as there is an explicit surrounding `const` explaining why things end up being immutable.

What all this goes to show is that the hard error added in https://github.com/rust-lang/rust/pull/118324 (later turned into the future-compat lint that I am now suggesting we remove) was based on some wrong assumptions, at least insofar as it concerns shared references. Furthermore, that lint does not help at all for the most problematic case here where the potential UB is completely implicit. (In fact, the lint is actively in the way of [my preferred long-term strategy](https://github.com/rust-lang/unsafe-code-guidelines/issues/493#issuecomment-2028674105) for dealing with this UB.) So I think we should go back to square one and remove that error/lint for shared references. For mutable references, it does seem to work as intended, so we can keep it. Here it serves as a safety net in case the static checks that try to contain mutable references to the inside of a const initializer are not working as intended; I therefore made the check ICE to encourage users to tell us if that safety net is triggered.

Closes https://github.com/rust-lang/rust/issues/122153 by removing the lint.

Cc `@rust-lang/opsem` `@rust-lang/lang`
2024-09-14 21:11:04 +00:00
bors
5fe0e40e05 Auto merge of #130357 - fmease:rollup-j3ej4q0, r=fmease
Rollup of 6 pull requests

Successful merges:

 - #130017 (coverage: Extract `executor::block_on` from several async coverage tests)
 - #130268 (simd_shuffle: require index argument to be a vector)
 - #130290 (Stabilize entry_insert)
 - #130294 (Lifetime cleanups)
 - #130343 (docs: Enable required feature for 'closure_returning_async_block' lint)
 - #130349 (Fix `Parser::break_up_float`'s right span)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-14 16:18:12 +00:00
León Orell Valerian Liehr
2b40fdbb28
Rollup merge of #130349 - ShE3py:break_up_float, r=fmease
Fix `Parser::break_up_float`'s right span

```rs
use std::mem::offset_of;

fn main() {
    offset_of!((u8,), 0.0);
}
```
Before:
```
error[E0609]: no field `0` on type `u8`
    --> ./main.rs:4:25
     |
4    |       offset_of!((u8,), 0.0);
     |  _____--------------------^-
     | |     |
     | |     in this macro invocation
5    | | }
...    |
     |
     = note: this error originates in the macro `offset_of` (in Nightly builds, run with -Z macro-backtrace for more info)

error: aborting due to 1 previous error
```
After:
```
error[E0609]: no field `0` on type `u8`
 --> ./main.rs:4:25
  |
4 |     offset_of!((u8,), 0.0);
  |                         ^

error: aborting due to 1 previous error
```

---
`@rustbot` label +A-parser +D-imprecise-spans
2024-09-14 18:12:14 +02:00
León Orell Valerian Liehr
d1701a5334
Rollup merge of #130343 - Fayti1703:patch-correct-async-block-lint-doc, r=compiler-errors
docs: Enable required feature for 'closure_returning_async_block' lint

Failing to do this results in the lint example output complaining about the lint not existing instead of the thing the lint is supposed to be complaining about.

See <https://doc.rust-lang.org/rustc/lints/listing/allowed-by-default.html#closure-returning-async-block>:
![image](https://github.com/user-attachments/assets/78bae16f-3fb6-4d6d-b8aa-768b477cd187)
2024-09-14 18:12:13 +02:00
León Orell Valerian Liehr
03e8b6bbfa
Rollup merge of #130294 - nnethercote:more-lifetimes, r=lcnr
Lifetime cleanups

The last commit is very opinionated, let's see how we go.

r? `@oli-obk`
2024-09-14 18:12:13 +02:00
León Orell Valerian Liehr
a9dcd7f25d
Rollup merge of #130268 - RalfJung:simd-shuffle-idx-vector, r=compiler-errors
simd_shuffle: require index argument to be a vector

Remove some codegen hacks by forcing the SIMD shuffle `index` argument to be a vector, which means (thanks to https://github.com/rust-lang/rust/pull/128537) that it will automatically be passed as an immediate in LLVM. The only special-casing we still have is for the extra sanity-checks we add that ensure that the indices are all in-bounds. (And the GCC backend needs to do a bunch of work since the Rust intrinsic is modeled after what LLVM expects, which seems to be quite different from what GCC expects.)

Fixes https://github.com/rust-lang/rust/issues/128738, see that issue for more context.
2024-09-14 18:12:10 +02:00
Folkert de Vries
a528f4ecd9 stabilize const_extern_fn 2024-09-14 18:07:06 +02:00
bors
e7386b361d Auto merge of #128299 - DianQK:clone-copy, r=cjgillot
Simplify the canonical clone method and the copy-like forms to copy

Fixes #128081.

The optimized clone method ends up as the following MIR:

```
_2 = copy ((*_1).0: i32);
_3 = copy ((*_1).1: u64);
_4 = copy ((*_1).2: [i8; 3]);
_0 = Foo { a: move _2, b: move _3, c: move _4 };
```

We can transform this to:

```
_0 = copy (*_1);
```

r? `@cjgillot`
2024-09-14 13:30:30 +00:00
Zalathar
14ed979cdf Make some lint doctests compatible with --stage=0 2024-09-14 23:18:49 +10:00
Ralf Jung
60ee1b7ac6 simd_shuffle: require index argument to be a vector 2024-09-14 14:43:24 +02:00
Lieselotte
4cb5849f01
Refactor Parser::break_up_float 2024-09-14 13:17:16 +02:00
Gurinder Singh
fd3ee92c6d Fix lint levels not getting overridden by attrs on Stmt nodes 2024-09-14 16:12:00 +05:30
Lieselotte
3d20c810b0
Fix Parser::break_up_float's right span 2024-09-14 12:41:25 +02:00
Stuart Cook
73f684f3c5
Rollup merge of #130334 - madsmtm:macos-sdkroot-ignore, r=jieyouxu
Fix `SDKROOT` ignore on macOS

`rustc` has code to detect when `SDKROOT` is obviously set for the wrong platform, so that it can choose to ignore it. This is a pretty important feature for Cargo build scripts and proc macros, since you will often have `SDKROOT` set to an iOS platform there.

However, the code was checking for an old SDK version name `"macosx10.15"` that was previously configured by `add_apple_sdk`, but nowadays configured to the correct `"macosx"`. I think this error was introduced in part https://github.com/rust-lang/rust/pull/77202 and in https://github.com/rust-lang/rust/pull/100286.

Fixes part of https://github.com/rust-lang/rust/issues/80817 (linking with `-Clinker=ld` now works), though more work is still needed in this area, see also https://github.com/rust-lang/rust/issues/129432.

``@rustbot`` label O-macos A-cross
2024-09-14 20:22:41 +10:00
Stuart Cook
517e7ce37f
Rollup merge of #130311 - heiseish:issue-70849-fix, r=fmease
(fix) conflicting negative impl marker

## Context

This MR fixes the error message for conflicting negative trait impls by adding the corresponding the polarity marker to the trait name.

## Issues

- closes #70849

r​? `@fmease`
2024-09-14 20:22:41 +10:00
Lieselotte
003da02352
Add ErrorGuaranteed to DestructuredFloat::Error 2024-09-14 12:16:23 +02:00
Fayti1703
14285e9804
docs: Enable required feature for 'closure_returning_async_block' lint
Failing to do this results in the lint example output complaining
about the lint not existing instead of the thing the lint is supposed
to be complaining about.
2024-09-14 10:43:26 +02:00
Ralf Jung
3b806d337c interpret: fix dealing with overflow during slice indexing 2024-09-14 10:00:07 +02:00
bors
f9567d0f2b Auto merge of #128991 - Nadrieril:rustfix-unreachable-pattern, r=compiler-errors
Add a machine-applicable suggestion to "unreachable pattern"
2024-09-14 07:04:57 +00:00
DianQK
c16c22cc9c
Simplify the canonical clone method to copy
The optimized clone method ends up as the following MIR:

```
_2 = copy ((*_1).0: i32);
_3 = copy ((*_1).1: u64);
_4 = copy ((*_1).2: [i8; 3]);
_0 = Foo { a: move _2, b: move _3, c: move _4 };
```

We can transform this to:

```
_0 = copy (*_1);
```
2024-09-14 13:30:35 +08:00
Mads Marquart
56844c797a Fix SDKROOT ignore on macOS 2024-09-14 04:28:38 +02:00
Stuart Cook
89dd3f91a8
Rollup merge of #130317 - compiler-errors:no-ord, r=jackh726
`ProjectionElem` and `UnOp`/`BinOp` dont need to be `PartialOrd`/`Ord`

These types don't really admit a natural ordering and no code seems to rely on it, so let's remove it.
2024-09-14 11:53:13 +10:00
Stuart Cook
04e744e77d
Rollup merge of #130199 - compiler-errors:by-move, r=cjgillot
Don't call closure_by_move_body_def_id on FnOnce async closures in MIR validation

Refactors the check in #129847 to not unncessarily call the `closure_by_move_body_def_id` query for async closures that don't *need* a by-move body.

Fixes #130167
2024-09-14 11:53:12 +10:00
Giang Dao
b0db3a7bed (fix) conflicting negative impl marker and add tests 2024-09-14 09:25:06 +08:00
bors
0609062a91 Auto merge of #130312 - matthiaskrgr:rollup-ihwsc91, r=matthiaskrgr
Rollup of 6 pull requests

Successful merges:

 - #129320 (Fix crash when labeling arguments for call_once and friends)
 - #130266 (target: default to the medium code model on LoongArch targets)
 - #130297 (Dataflow cleanups)
 - #130299 (Add set_dcx to ParseSess)
 - #130301 (some fixes for clashing_extern_declarations lint)
 - #130305 (Clippy: consider msrv for const context for const_float_bits_conv)

r? `@ghost`
`@rustbot` modify labels: rollup
2024-09-13 19:21:37 +00:00
Nadrieril
1f69638400 Add a machine-applicable suggestion to "unreachable pattern" 2024-09-13 21:01:29 +02:00
Michael Goulet
c8233a4c6f ProjectionElem and UnOp/BinOp dont need to be PartialOrd/Ord 2024-09-13 14:17:32 -04:00