Add new safety enum for inner extern items #124455
Conversation
rustbot
added
S-waiting-on-review
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
2 times, most recently
from
a01142f
to
0a2dee6
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
0a2dee6
to
2cb0865
Compare
|
Some changes occurred in compiler/rustc_codegen_cranelift cc @bjorn3 |
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
2cb0865
to
903fe08
Compare
|
Some changes occurred in src/librustdoc/clean/types.rs cc @camelid Some changes occurred in compiler/rustc_codegen_gcc |
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
903fe08
to
7eb2f20
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
7eb2f20
to
5da6fe9
Compare
|
Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
5da6fe9
to
10e8413
Compare
|
Some changes occurred in src/tools/rustfmt cc @rust-lang/rustfmt |
|
Why aren't we expanding the |
My reasoning was not only this but also so things can be a bit safer as we won't need to handle |
|
I'm having second thoughts about naming this |
| #[derive(HashStable_Generic)] | ||
| pub enum FnSafety { | ||
| Unsafe(Span), | ||
| Default, |
There was a problem hiding this comment.
Maybe name this Inherited or FromContext. Without an explanation it's not obvious what this is supposed to be
There was a problem hiding this comment.
Yeah, I've used Default as a way of saying no safety explicitly written means is going to take a default value.
Another possible name could be Implicit.
Out of all the values mentioned I slightly prefer Default but I don't mind changing it neither.
Another name we are using is Normal which I also think is not great, but it is another option.
Let's see if somebody else have some thought about this.
Yea, just naming it |
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
10e8413
to
84138b2
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
84138b2
to
16bf3a7
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
2 times, most recently
from
fdee834
to
bd43f67
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
bd43f67
to
0256365
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
2 times, most recently
from
3824cb3
to
6b76cac
Compare
spastorino
changed the title
|
☔ The latest upstream changes (presumably #124621) made this pull request unmergeable. Please resolve the merge conflicts. |
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
6b76cac
to
e36f233
Compare
This comment has been minimized.
This comment has been minimized.
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
e36f233
to
478644e
Compare
|
☔ The latest upstream changes (presumably #123602) made this pull request unmergeable. Please resolve the merge conflicts. |
| @@ -913,10 +913,16 @@ pub enum Mutability { | |||
| Mut, | |||
| } | |||
|
|
|||
| #[derive(Copy, Clone, Debug, Eq, PartialEq)] | |||
| pub enum Unsafe { | |||
There was a problem hiding this comment.
Can you please add documentation to these two enumerations? It isn't clear to me why we need two different enumerations here.
| #[derive(Copy, Clone, Debug, Eq, PartialEq)] | ||
| pub enum Safety { | ||
| Unsafe, | ||
| Normal, | ||
| Default, |
There was a problem hiding this comment.
Don't we already know if a function / static is safe or unsafe by the time we are translating to StableMIR? If so, wouldn't it be better to keep Unsafe / Safe (Normal)?
I'm assuming that the way this is designed today, the Default value will require users to perform an extra query to know the context where this Fn / Static was declared to know whether it is safe or not.
There was a problem hiding this comment.
BTW, this is just a suggestion. I know this is a big change already. If it makes sense, maybe just add a fixme comment for us to improve this later. Thanks
spastorino
force-pushed
the
add-new-fnsafety-enum
branch
from
478644e
to
6e798b4
Compare
|
I think is better if for now we just do #125077 |
…=jackh726 Rename Unsafe to Safety Alternative to rust-lang#124455, which is to just have one Safety enum to use everywhere, this opens the posibility of adding `ast::Safety::Safe` that's useful for unsafe extern blocks. This leaves us today with: ```rust enum ast::Safety { Unsafe(Span), Default, // Safe (going to be added for unsafe extern blocks) } enum hir::Safety { Unsafe, Safe, } ``` We would convert from `ast::Safety::Default` into the right Safety level according the context.
…=jackh726 Rename Unsafe to Safety Alternative to rust-lang#124455, which is to just have one Safety enum to use everywhere, this opens the posibility of adding `ast::Safety::Safe` that's useful for unsafe extern blocks. This leaves us today with: ```rust enum ast::Safety { Unsafe(Span), Default, // Safe (going to be added for unsafe extern blocks) } enum hir::Safety { Unsafe, Safe, } ``` We would convert from `ast::Safety::Default` into the right Safety level according the context.
…-blocks, r=compiler-errors Stabilize unsafe extern blocks (RFC 3484) # Stabilization report ## Summary This is a tracking issue for the RFC 3484: Unsafe Extern Blocks We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use. RFC: rust-lang/rfcs#3484 Tracking issue: rust-lang#123743 ## What is stabilized ### Summary of stabilization We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results. ```rust unsafe extern { // sqrt (from libm) may be called with any `f64` pub safe fn sqrt(x: f64) -> f64; // strlen (from libc) requires a valid pointer, // so we mark it as being an unsafe fn pub unsafe fn strlen(p: *const c_char) -> usize; // this function doesn't say safe or unsafe, so it defaults to unsafe pub fn free(p: *mut core::ffi::c_void); pub safe static IMPORTANT_BYTES: [u8; 256]; pub safe static LINES: SyncUnsafeCell<i32>; } ``` ## Tests The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`. ## History - rust-lang#124482 - rust-lang#124455 - rust-lang#125077 - rust-lang#125522 - rust-lang#126738 - rust-lang#126749 - rust-lang#126755 - rust-lang#126757 - rust-lang#126758 - rust-lang#126756 - rust-lang#126973 - rust-lang#127535 - rust-lang/rustfmt#6204 ## Unresolved questions I am not aware of any unresolved questions.
…-blocks, r=compiler-errors Stabilize unsafe extern blocks (RFC 3484) # Stabilization report ## Summary This is a tracking issue for the RFC 3484: Unsafe Extern Blocks We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use. RFC: rust-lang/rfcs#3484 Tracking issue: rust-lang#123743 ## What is stabilized ### Summary of stabilization We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results. ```rust unsafe extern { // sqrt (from libm) may be called with any `f64` pub safe fn sqrt(x: f64) -> f64; // strlen (from libc) requires a valid pointer, // so we mark it as being an unsafe fn pub unsafe fn strlen(p: *const c_char) -> usize; // this function doesn't say safe or unsafe, so it defaults to unsafe pub fn free(p: *mut core::ffi::c_void); pub safe static IMPORTANT_BYTES: [u8; 256]; pub safe static LINES: SyncUnsafeCell<i32>; } ``` ## Tests The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`. ## History - rust-lang#124482 - rust-lang#124455 - rust-lang#125077 - rust-lang#125522 - rust-lang#126738 - rust-lang#126749 - rust-lang#126755 - rust-lang#126757 - rust-lang#126758 - rust-lang#126756 - rust-lang#126973 - rust-lang#127535 - rust-lang/rustfmt#6204 ## Unresolved questions I am not aware of any unresolved questions.
Rollup merge of rust-lang#127921 - spastorino:stabilize-unsafe-extern-blocks, r=compiler-errors Stabilize unsafe extern blocks (RFC 3484) # Stabilization report ## Summary This is a tracking issue for the RFC 3484: Unsafe Extern Blocks We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use. RFC: rust-lang/rfcs#3484 Tracking issue: rust-lang#123743 ## What is stabilized ### Summary of stabilization We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results. ```rust unsafe extern { // sqrt (from libm) may be called with any `f64` pub safe fn sqrt(x: f64) -> f64; // strlen (from libc) requires a valid pointer, // so we mark it as being an unsafe fn pub unsafe fn strlen(p: *const c_char) -> usize; // this function doesn't say safe or unsafe, so it defaults to unsafe pub fn free(p: *mut core::ffi::c_void); pub safe static IMPORTANT_BYTES: [u8; 256]; pub safe static LINES: SyncUnsafeCell<i32>; } ``` ## Tests The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`. ## History - rust-lang#124482 - rust-lang#124455 - rust-lang#125077 - rust-lang#125522 - rust-lang#126738 - rust-lang#126749 - rust-lang#126755 - rust-lang#126757 - rust-lang#126758 - rust-lang#126756 - rust-lang#126973 - rust-lang#127535 - rust-lang/rustfmt#6204 ## Unresolved questions I am not aware of any unresolved questions.
This is in preparation for unsafe extern blocks that adds a
safevariant for functions inside extern blocks.r? @compiler-errors