mirror of
https://github.com/rust-lang/rust.git
synced 2025-04-30 12:07:40 +00:00
a122dde217
If a type has unsafe fields, its safety invariants are not simply the conjunction of its field types' safety invariants. Consequently, it's invalid to reason about the safety properties of these types in a purely structural manner — i.e., the manner in which `auto` traits are implemented. Makes progress towards #132922.
63 lines
1.3 KiB
Rust
63 lines
1.3 KiB
Rust
//@ compile-flags: --crate-type=lib
|
|
//@ aux-build: unsafe-fields-crate-dep.rs
|
|
|
|
extern crate unsafe_fields_crate_dep;
|
|
|
|
use unsafe_fields_crate_dep::WithUnsafeField;
|
|
|
|
fn new_without_unsafe() -> WithUnsafeField {
|
|
WithUnsafeField {
|
|
//~^ ERROR
|
|
unsafe_field: 0,
|
|
safe_field: 0,
|
|
}
|
|
}
|
|
|
|
fn operate_on_safe_field(s: &mut WithUnsafeField) {
|
|
s.safe_field = 2;
|
|
&s.safe_field;
|
|
s.safe_field;
|
|
}
|
|
|
|
fn set_unsafe_field(s: &mut WithUnsafeField) {
|
|
unsafe {
|
|
s.unsafe_field = 2;
|
|
}
|
|
}
|
|
|
|
fn read_unsafe_field(s: &WithUnsafeField) -> u32 {
|
|
unsafe { s.unsafe_field }
|
|
}
|
|
|
|
fn ref_unsafe_field(s: &WithUnsafeField) -> &u32 {
|
|
unsafe { &s.unsafe_field }
|
|
}
|
|
|
|
fn destructure(s: &WithUnsafeField) {
|
|
unsafe {
|
|
let WithUnsafeField { safe_field, unsafe_field } = s;
|
|
}
|
|
}
|
|
|
|
fn set_unsafe_field_without_unsafe(s: &mut WithUnsafeField) {
|
|
s.unsafe_field = 2;
|
|
//~^ ERROR
|
|
}
|
|
|
|
fn read_unsafe_field_without_unsafe(s: &WithUnsafeField) -> u32 {
|
|
s.unsafe_field
|
|
//~^ ERROR
|
|
}
|
|
|
|
fn ref_unsafe_field_without_unsafe(s: &WithUnsafeField) -> &u32 {
|
|
&s.unsafe_field
|
|
//~^ ERROR
|
|
}
|
|
|
|
fn destructure_without_unsafe(s: &WithUnsafeField) {
|
|
let WithUnsafeField { safe_field, unsafe_field } = s;
|
|
//~^ ERROR
|
|
|
|
let WithUnsafeField { safe_field, .. } = s;
|
|
}
|