Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rollup of 17 pull requests #76988

Closed
wants to merge 61 commits into from
Closed

Rollup of 17 pull requests #76988

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
b1375cd
Deny unsafe op in unsafe fns without the unsafe keyword, first part f…
poliorcetics Jul 10, 2020
3a22b21
Finished documenting all unsafe op inside unsafe fn
poliorcetics Jul 10, 2020
ee289d2
Improve some SAFETY comments following suggestions
poliorcetics Aug 29, 2020
a06edda
Fix segfault if pthread_getattr_np fails
tavianator Sep 9, 2020
a684153
Only call pthread_attr_destroy() after getattr_np() succeeds on all l…
tavianator Sep 9, 2020
8f27e3c
Make some methods of `Pin` unstable const
CDirkx Sep 12, 2020
e5447a2
Fix #76432
simonvandel Sep 13, 2020
9c5d0c1
MIR pass to remove unneeded drops on types not needing drop
simonvandel Sep 13, 2020
9d47ecf
Suggestion from review
simonvandel Sep 14, 2020
eede953
Only get ImplKind::Impl once
tesuji Sep 10, 2020
ed6c7ef
Use enum for status of non-const ops
ecstatic-morse Sep 2, 2020
c3607bd
Use helper function for searching `allow_internal_unstable`
ecstatic-morse Sep 2, 2020
e4edc16
Give name to extra `Span` in `LiveDrop` error
ecstatic-morse Sep 2, 2020
81b3b66
Error if an unstable const eval feature is used in a stable const fn
ecstatic-morse Sep 3, 2020
1e1257b
Bless `miri-unleashed` tests
ecstatic-morse Sep 16, 2020
abc7167
Test that `const_precise_live_drops` can't be depended upon stably
ecstatic-morse Sep 16, 2020
7e24136
Pass --target to lint docs
Mark-Simulacrum Sep 16, 2020
bd4e0af
Build rustdoc for cross-compiled targets
Mark-Simulacrum Sep 16, 2020
7b5d983
Remove redundant to_string
zzau13 Sep 17, 2020
363aff0
Add test for x.py build cross-compilation
Mark-Simulacrum Sep 17, 2020
28cfa97
Simplify panic_if_treat_err_as_bug avoiding allocations
zzau13 Sep 18, 2020
4675a31
Use intra-doc links in core/src/iter when possible
poliorcetics Sep 18, 2020
bffd211
Finish moving to intra doc links for std::sync
poliorcetics Sep 18, 2020
982ec0d
Fix broken link
poliorcetics Sep 18, 2020
b534d9f
Fix broken link
poliorcetics Sep 18, 2020
e3c6e46
Make some methods of `Pin<&mut T>` unstable const
CDirkx Sep 18, 2020
673935f
Get LocalDefId from source instead of passing in
simonvandel Sep 19, 2020
30dd6cf
The optimization should also apply for DropAndReplace
simonvandel Sep 19, 2020
804f673
cleanup cfg after optimization
simonvandel Sep 19, 2020
924cd13
Added benchmarks for BinaryHeap
SkiFire13 Sep 5, 2020
af1e363
Set sift=true only when PeekMut yields a mutable reference
SkiFire13 Aug 26, 2020
ca15e9d
Fix time complexity in BinaryHeap::peek_mut docs
SkiFire13 Sep 19, 2020
2a00dda
miri: correctly deal with `ConstKind::Bound`
lcnr Sep 10, 2020
6734230
do not ICE on `ty::Bound` in Layout::compute
lcnr Sep 11, 2020
65b3419
update stderr file
lcnr Sep 20, 2020
cebbd9f
Use as_nanos in bench.rs and base.rs
est31 Sep 20, 2020
43193dc
Use as_secs_f64 in profiling.rs
est31 Sep 20, 2020
4bc0e55
Replace write_fmt with write!
est31 Sep 20, 2020
0e56b52
Fix accordingly to review
poliorcetics Sep 20, 2020
08b85a6
use iter:: before free functions
poliorcetics Sep 20, 2020
8169989
Add non-`unsafe` `.get_mut()` for `UnsafeCell`
danielhenrymantilla Sep 19, 2020
5886c38
Replace unneeded `unsafe` calls to `.get()` with calls to `.get_mut()`
danielhenrymantilla Sep 19, 2020
aaddcdb
Fix nits
poliorcetics Sep 20, 2020
c9c8fb8
Add sample defaults for config.toml
jyn514 Sep 12, 2020
7e86f01
Rollup merge of #74225 - poliorcetics:std-thread-unsafe-op-in-unsafe-…
Dylan-DPC Sep 21, 2020
d125cba
Rollup merge of #75974 - SkiFire13:peekmut-opt-sift, r=LukasKalbertodt
Dylan-DPC Sep 21, 2020
d4f73be
Rollup merge of #76521 - tavianator:fix-pthread-getattr-destroy, r=Am…
Dylan-DPC Sep 21, 2020
27b30cd
Rollup merge of #76581 - lcnr:bound-too-generic, r=eddyb
Dylan-DPC Sep 21, 2020
f820b58
Rollup merge of #76628 - jyn514:default-config-files, r=Mark-Simulacrum
Dylan-DPC Sep 21, 2020
b6d50d1
Rollup merge of #76655 - CDirkx:const-pin, r=ecstatic-morse
Dylan-DPC Sep 21, 2020
cc7258a
Rollup merge of #76659 - simonvandel:76432, r=oli-obk
Dylan-DPC Sep 21, 2020
4c51474
Rollup merge of #76673 - simonvandel:remove-unneeded-drops, r=oli-obk
Dylan-DPC Sep 21, 2020
0da8ede
Rollup merge of #76783 - lzutao:rd_impl_kind, r=GuillaumeGomez
Dylan-DPC Sep 21, 2020
a9d2a35
Rollup merge of #76799 - Mark-Simulacrum:fix-cross-compile-dist, r=al…
Dylan-DPC Sep 21, 2020
eb25717
Rollup merge of #76807 - ecstatic-morse:const-checking-staged-api, r=…
Dylan-DPC Sep 21, 2020
153813c
Rollup merge of #76846 - botika:master, r=davidtwco
Dylan-DPC Sep 21, 2020
de4f13c
Rollup merge of #76867 - poliorcetics:intra-doc-core-iter, r=jyn514
Dylan-DPC Sep 21, 2020
0f5f2e4
Rollup merge of #76868 - poliorcetics:intra-doc-std-sync, r=jyn514
Dylan-DPC Sep 21, 2020
4e37c22
Rollup merge of #76936 - danielhenrymantilla:unsafecell_get_mut, r=Ra…
Dylan-DPC Sep 21, 2020
423919f
Rollup merge of #76958 - est31:ns, r=oli-obk
Dylan-DPC Sep 21, 2020
94ad5d1
Rollup merge of #76959 - est31:write, r=oli-obk
Dylan-DPC Sep 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 97 additions & 33 deletions library/std/src/thread/local.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,15 +288,23 @@ mod lazy {
}

pub unsafe fn get(&self) -> Option<&'static T> {
(*self.inner.get()).as_ref()
// SAFETY: The caller must ensure no reference is ever handed out to
// the inner cell nor mutable reference to the Option<T> inside said
// cell. This make it safe to hand a reference, though the lifetime
// of 'static is itself unsafe, making the get method unsafe.
unsafe { (*self.inner.get()).as_ref() }
}

/// The caller must ensure that no reference is active: this method
/// needs unique access.
pub unsafe fn initialize<F: FnOnce() -> T>(&self, init: F) -> &'static T {
// Execute the initialization up front, *then* move it into our slot,
// just in case initialization fails.
let value = init();
let ptr = self.inner.get();

// SAFETY:
//
// note that this can in theory just be `*ptr = Some(value)`, but due to
// the compiler will currently codegen that pattern with something like:
//
Expand All @@ -309,22 +317,36 @@ mod lazy {
// value (an aliasing violation). To avoid setting the "I'm running a
// destructor" flag we just use `mem::replace` which should sequence the
// operations a little differently and make this safe to call.
let _ = mem::replace(&mut *ptr, Some(value));

// After storing `Some` we want to get a reference to the contents of
// what we just stored. While we could use `unwrap` here and it should
// always work it empirically doesn't seem to always get optimized away,
// which means that using something like `try_with` can pull in
// panicking code and cause a large size bloat.
match *ptr {
Some(ref x) => x,
None => hint::unreachable_unchecked(),
//
// The precondition also ensures that we are the only one accessing
// `self` at the moment so replacing is fine.
unsafe {
let _ = mem::replace(&mut *ptr, Some(value));
}

// SAFETY: With the call to `mem::replace` it is guaranteed there is
// a `Some` behind `ptr`, not a `None` so `unreachable_unchecked`
// will never be reached.
unsafe {
// After storing `Some` we want to get a reference to the contents of
// what we just stored. While we could use `unwrap` here and it should
// always work it empirically doesn't seem to always get optimized away,
// which means that using something like `try_with` can pull in
// panicking code and cause a large size bloat.
match *ptr {
Some(ref x) => x,
None => hint::unreachable_unchecked(),
}
}
}

/// The other methods hand out references while taking &self.
/// As such, callers of this method must ensure no `&` and `&mut` are
/// available and used at the same time.
#[allow(unused)]
pub unsafe fn take(&mut self) -> Option<T> {
(*self.inner.get()).take()
// SAFETY: See doc comment for this method.
unsafe { (*self.inner.get()).take() }
}
}
}
Expand Down Expand Up @@ -413,9 +435,18 @@ pub mod fast {
}

pub unsafe fn get<F: FnOnce() -> T>(&self, init: F) -> Option<&'static T> {
match self.inner.get() {
Some(val) => Some(val),
None => self.try_initialize(init),
// SAFETY: See the definitions of `LazyKeyInner::get` and
// `try_initialize` for more informations.
//
// The caller must ensure no mutable references are ever active to
// the inner cell or the inner T when this is called.
// The `try_initialize` is dependant on the passed `init` function
// for this.
unsafe {
match self.inner.get() {
Some(val) => Some(val),
None => self.try_initialize(init),
}
}
}

Expand All @@ -428,8 +459,10 @@ pub mod fast {
// LLVM issue: https://bugs.llvm.org/show_bug.cgi?id=41722
#[inline(never)]
unsafe fn try_initialize<F: FnOnce() -> T>(&self, init: F) -> Option<&'static T> {
if !mem::needs_drop::<T>() || self.try_register_dtor() {
Some(self.inner.initialize(init))
// SAFETY: See comment above (this function doc).
if !mem::needs_drop::<T>() || unsafe { self.try_register_dtor() } {
// SAFETY: See comment above (his function doc).
Some(unsafe { self.inner.initialize(init) })
} else {
None
}
Expand All @@ -441,8 +474,12 @@ pub mod fast {
unsafe fn try_register_dtor(&self) -> bool {
match self.dtor_state.get() {
DtorState::Unregistered => {
// dtor registration happens before initialization.
register_dtor(self as *const _ as *mut u8, destroy_value::<T>);
// SAFETY: dtor registration happens before initialization.
// Passing `self` as a pointer while using `destroy_value<T>`
// is safe because the function will build a pointer to a
// Key<T>, which is the type of self and so find the correct
// size.
unsafe { register_dtor(self as *const _ as *mut u8, destroy_value::<T>) };
self.dtor_state.set(DtorState::Registered);
true
}
Expand All @@ -458,13 +495,21 @@ pub mod fast {
unsafe extern "C" fn destroy_value<T>(ptr: *mut u8) {
let ptr = ptr as *mut Key<T>;

// SAFETY:
//
// The pointer `ptr` has been built just above and comes from
// `try_register_dtor` where it is originally a Key<T> coming from `self`,
// making it non-NUL and of the correct type.
//
// Right before we run the user destructor be sure to set the
// `Option<T>` to `None`, and `dtor_state` to `RunningOrHasRun`. This
// causes future calls to `get` to run `try_initialize_drop` again,
// which will now fail, and return `None`.
let value = (*ptr).inner.take();
(*ptr).dtor_state.set(DtorState::RunningOrHasRun);
drop(value);
unsafe {
let value = (*ptr).inner.take();
(*ptr).dtor_state.set(DtorState::RunningOrHasRun);
drop(value);
}
}
}

Expand Down Expand Up @@ -501,21 +546,30 @@ pub mod os {
Key { os: OsStaticKey::new(Some(destroy_value::<T>)), marker: marker::PhantomData }
}

/// It is a requirement for the caller to ensure that no mutable
/// reference is active when this method is called.
pub unsafe fn get(&'static self, init: fn() -> T) -> Option<&'static T> {
let ptr = self.os.get() as *mut Value<T>;
// SAFETY: See the documentation for this method.
let ptr = unsafe { self.os.get() as *mut Value<T> };
if ptr as usize > 1 {
if let Some(ref value) = (*ptr).inner.get() {
// SAFETY: the check ensured the pointer is safe (its destructor
// is not running) + it is coming from a trusted source (self).
if let Some(ref value) = unsafe { (*ptr).inner.get() } {
return Some(value);
}
}
self.try_initialize(init)
// SAFETY: At this point we are sure we have no value and so
// initializing (or trying to) is safe.
unsafe { self.try_initialize(init) }
}

// `try_initialize` is only called once per os thread local variable,
// except in corner cases where thread_local dtors reference other
// thread_local's, or it is being recursively initialized.
unsafe fn try_initialize(&'static self, init: fn() -> T) -> Option<&'static T> {
let ptr = self.os.get() as *mut Value<T>;
// SAFETY: No mutable references are ever handed out meaning getting
// the value is ok.
let ptr = unsafe { self.os.get() as *mut Value<T> };
if ptr as usize == 1 {
// destructor is running
return None;
Expand All @@ -526,29 +580,39 @@ pub mod os {
// local copy, so do that now.
let ptr: Box<Value<T>> = box Value { inner: LazyKeyInner::new(), key: self };
let ptr = Box::into_raw(ptr);
self.os.set(ptr as *mut u8);
// SAFETY: At this point we are sure there is no value inside
// ptr so setting it will not affect anyone else.
unsafe {
self.os.set(ptr as *mut u8);
}
ptr
} else {
// recursive initialization
ptr
};

Some((*ptr).inner.initialize(init))
// SAFETY: ptr has been ensured as non-NUL just above an so can be
// dereferenced safely.
unsafe { Some((*ptr).inner.initialize(init)) }
}
}

unsafe extern "C" fn destroy_value<T: 'static>(ptr: *mut u8) {
// SAFETY:
//
// The OS TLS ensures that this key contains a NULL value when this
// destructor starts to run. We set it back to a sentinel value of 1 to
// ensure that any future calls to `get` for this thread will return
// `None`.
//
// Note that to prevent an infinite loop we reset it back to null right
// before we return from the destructor ourselves.
let ptr = Box::from_raw(ptr as *mut Value<T>);
let key = ptr.key;
key.os.set(1 as *mut u8);
drop(ptr);
key.os.set(ptr::null_mut());
unsafe {
let ptr = Box::from_raw(ptr as *mut Value<T>);
let key = ptr.key;
key.os.set(1 as *mut u8);
drop(ptr);
key.os.set(ptr::null_mut());
}
}
}
28 changes: 20 additions & 8 deletions library/std/src/thread/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@
//! [`with`]: LocalKey::with

#![stable(feature = "rust1", since = "1.0.0")]
#![deny(unsafe_op_in_unsafe_fn)]

#[cfg(all(test, not(target_os = "emscripten")))]
mod tests;
Expand Down Expand Up @@ -456,14 +457,23 @@ impl Builder {
imp::Thread::set_name(name);
}

thread_info::set(imp::guard::current(), their_thread);
// SAFETY: the stack guard passed is the one for the current thread.
// This means the current thread's stack and the new thread's stack
// are properly set and protected from each other.
thread_info::set(unsafe { imp::guard::current() }, their_thread);
let try_result = panic::catch_unwind(panic::AssertUnwindSafe(|| {
crate::sys_common::backtrace::__rust_begin_short_backtrace(f)
}));
*their_packet.get() = Some(try_result);
// SAFETY: `their_packet` as been built just above and moved by the
// closure (it is an Arc<...>) and `my_packet` will be stored in the
// same `JoinInner` as this closure meaning the mutation will be
// safe (not modify it and affect a value far away).
unsafe { *their_packet.get() = Some(try_result) };
};

Ok(JoinHandle(JoinInner {
// SAFETY:
//
// `imp::Thread::new` takes a closure with a `'static` lifetime, since it's passed
// through FFI or otherwise used with low-level threading primitives that have no
// notion of or way to enforce lifetimes.
Expand All @@ -475,12 +485,14 @@ impl Builder {
// Similarly, the `sys` implementation must guarantee that no references to the closure
// exist after the thread has terminated, which is signaled by `Thread::join`
// returning.
native: Some(imp::Thread::new(
stack_size,
mem::transmute::<Box<dyn FnOnce() + 'a>, Box<dyn FnOnce() + 'static>>(Box::new(
main,
)),
)?),
native: unsafe {
Some(imp::Thread::new(
stack_size,
mem::transmute::<Box<dyn FnOnce() + 'a>, Box<dyn FnOnce() + 'static>>(
Box::new(main),
),
)?)
},
thread: my_thread,
packet: Packet(my_packet),
}))
Expand Down