Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not allow safe/unsafe on static and fn items #126758

Merged
merged 1 commit into from
Jun 22, 2024

Conversation

spastorino
Copy link
Member

@spastorino spastorino commented Jun 20, 2024

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jun 20, 2024
@rust-log-analyzer

This comment has been minimized.

@spastorino spastorino force-pushed the avoid-safe-outside-unsafe-blocks branch from 8711347 to 8cef2ba Compare June 20, 2024 19:31
Copy link
Member

@compiler-errors compiler-errors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't gate safe on cfg'd out code, so this still passes:

#[cfg(FALSE)]
safe fn foo() {}

I'm not sure if that was intentional, since I thought you intended to put this up as an alternative to #126757. If that's not the case, then you can ignore this.

This also doesn't consider other positions where safety may show up, like:

  • Impl items and trait items
  • Function pointers

@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 20, 2024
@compiler-errors
Copy link
Member

edited my review comment a bit since i'm not sure what the relationship between #126757 and this PR is supposed to be.

@spastorino spastorino force-pushed the avoid-safe-outside-unsafe-blocks branch from 8cef2ba to edf32cf Compare June 20, 2024 21:05
@spastorino spastorino force-pushed the avoid-safe-outside-unsafe-blocks branch 2 times, most recently from df6aa7a to e70d112 Compare June 20, 2024 21:28
@spastorino spastorino force-pushed the avoid-safe-outside-unsafe-blocks branch from e70d112 to 3d6d9e2 Compare June 20, 2024 21:39
@traviscross traviscross changed the title Do not allow safe usafe on static and fn items Do not allow safe/unsafe on static and fn items Jun 21, 2024
@traviscross traviscross added the F-unsafe_extern_blocks `#![feature(unsafe_extern_blocks)]` label Jun 21, 2024
@spastorino
Copy link
Member Author

@rustbot ready

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 21, 2024
@compiler-errors
Copy link
Member

@bors r+ rollup

@bors
Copy link
Contributor

bors commented Jun 21, 2024

📌 Commit 3d6d9e2 has been approved by compiler-errors

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 21, 2024
workingjubilee added a commit to workingjubilee/rustc that referenced this pull request Jun 21, 2024
…fe-blocks, r=compiler-errors

Do not allow safe/unsafe on static and fn items

Fixes rust-lang#126749

r? `@compiler-errors`

Tracking:

- rust-lang#123743
bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 21, 2024
…kingjubilee

Rollup of 9 pull requests

Successful merges:

 - rust-lang#124101 (Add PidFd::{kill, wait, try_wait})
 - rust-lang#126125 (Improve conflict marker recovery)
 - rust-lang#126481 (Add `powerpc-unknown-openbsd` maintaince status)
 - rust-lang#126613 (Print the tested value in int_log tests)
 - rust-lang#126617 (Expand `avx512_target_feature` to include VEX variants)
 - rust-lang#126707 (Pass target to inaccessible-temp-dir rmake test)
 - rust-lang#126712 (Migrate `relocation-model`, `error-writing-dependencies` and `crate-name-priority` `run-make` tests to rmake)
 - rust-lang#126757 (Properly gate `safe` keyword in pre-expansion)
 - rust-lang#126758 (Do not allow safe/unsafe on static and fn items)

r? `@ghost`
`@rustbot` modify labels: rollup
@spastorino spastorino force-pushed the avoid-safe-outside-unsafe-blocks branch from 3d6d9e2 to 22831ed Compare June 21, 2024 12:12
@spastorino
Copy link
Member Author

@bors r=compiler-errors

@bors
Copy link
Contributor

bors commented Jun 21, 2024

📌 Commit 22831ed has been approved by compiler-errors

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 21, 2024
@ytmimi
Copy link
Contributor

ytmimi commented Jun 21, 2024

@compiler-errors @spastorino is this going to cause issues with https://github.com/rust-lang/rustfmt/pull/6204/files#r1648395270? Specifically I'm wondering about the test case that uses safe on the static TEST1 item.

@compiler-errors
Copy link
Member

No -- this is validation that only happens when you try to compile the code.

@ytmimi
Copy link
Contributor

ytmimi commented Jun 21, 2024

Awesome. Thanks for the quick response. Just wanted to make sure that this wouldn't cause issues for the upcoming sync

bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 21, 2024
…-blocks, r=compiler-errors

Do not allow safe/unsafe on static and fn items

Fixes rust-lang#126749

r? `@compiler-errors`

Tracking:

- rust-lang#123743
@bors
Copy link
Contributor

bors commented Jun 21, 2024

⌛ Testing commit 22831ed with merge 9cf721a...

@bors
Copy link
Contributor

bors commented Jun 21, 2024

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jun 21, 2024
@rust-log-analyzer
Copy link
Collaborator

A job failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)
  SDKROOT: /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.sdk
  AR: ar
##[endgroup]
curl: (28) Operation too slow. Less than 100 bytes/sec transferred the last 5 seconds
Error: Failure while executing; `/usr/bin/env /usr/local/Homebrew/Library/Homebrew/shims/shared/curl --disable --cookie /dev/null --globoff --user-agent Homebrew/4.3.5\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 13.6.7\)\ curl/8.4.0 --header Accept-Language:\ en --fail --progress-bar --silent --remote-time --output /Users/runner/Library/Caches/Homebrew/api/cask.jws.json --location --disable --cookie /dev/null --globoff --show-error --user-agent Homebrew/4.3.5\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 13.6.7\)\ curl/8.4.0 --header Accept-Language:\ en --fail --progress-bar --silent --compressed --speed-limit 100 --speed-time 5 https://formulae.brew.sh/api/cask.jws.json` exited with 28. Here's the output:


##[error]Failure while executing; `/usr/bin/env /usr/local/Homebrew/Library/Homebrew/shims/shared/curl --disable --cookie /dev/null --globoff --user-agent Homebrew/4.3.5\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 13.6.7\)\ curl/8.4.0 --header Accept-Language:\ en --fail --progress-bar --silent --remote-time --output /Users/runner/Library/Caches/Homebrew/api/cask.jws.json --location --disable --cookie /dev/null --globoff --show-error --user-agent Homebrew/4.3.5\ \(Macintosh\;\ Intel\ Mac\ OS\ X\ 13.6.7\)\ curl/8.4.0 --header Accept-Language:\ en --fail --progress-bar --silent --compressed --speed-limit 100 --speed-time 5 https://formulae.brew.sh/api/cask.jws.json` exited with 28. Here's the output:
##[error]Process completed with exit code 1.
Post job cleanup.
[command]/usr/local/bin/git version
git version 2.45.2

@compiler-errors
Copy link
Member

@bors retry

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 21, 2024
@bors
Copy link
Contributor

bors commented Jun 22, 2024

⌛ Testing commit 22831ed with merge fcae626...

@bors
Copy link
Contributor

bors commented Jun 22, 2024

☀️ Test successful - checks-actions
Approved by: compiler-errors
Pushing fcae626 to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Jun 22, 2024
@bors bors merged commit fcae626 into rust-lang:master Jun 22, 2024
7 checks passed
@rustbot rustbot added this to the 1.81.0 milestone Jun 22, 2024
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (fcae626): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results (primary -4.3%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)
- - 0
Regressions ❌
(secondary)
- - 0
Improvements ✅
(primary)
-4.3% [-4.3%, -4.3%] 1
Improvements ✅
(secondary)
- - 0
All ❌✅ (primary) -4.3% [-4.3%, -4.3%] 1

Cycles

This benchmark run did not return any relevant results for this metric.

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 697.477s -> 693.147s (-0.62%)
Artifact size: 326.87 MiB -> 326.88 MiB (0.00%)

jaisnan pushed a commit to jaisnan/rust-dev that referenced this pull request Jul 29, 2024
Update Rust toolchain from nightly-2024-06-22 to nightly-2024-06-23
without any other source changes.
This is an automatically generated pull request. If any of the CI checks
fail, manual intervention is required. In such a case, review the
changes at https://github.com/rust-lang/rust from
rust-lang@c1b336c
up to
rust-lang@3cb521a.
The log for this commit range is:
rust-lang@3cb521a434 Auto merge of
rust-lang#126761 - GuillaumeGomez:unsafe_extern_blocks, r=spastorino
rust-lang@a0f01c3c10 Auto merge of
rust-lang#126838 - matthiaskrgr:rollup-qkop22o, r=matthiaskrgr
rust-lang@dc9a08f535 Rollup merge of
rust-lang#126552 - fee1-dead-contrib:rmfx, r=compiler-errors
rust-lang@162120b4fa Rollup merge of
rust-lang#126318 - Kobzol:bootstrap-perf, r=onur-ozkan
rust-lang@f3ced9d540 Rollup merge of
rust-lang#126140 - eduardosm:stabilize-fs_try_exists, r=Amanieu
rust-lang@f944afe380 Auto merge of
rust-lang#116113 - kpreid:arcmut, r=dtolnay
rust-lang@88c3db57e4 Generalize
`{Rc,Arc}::make_mut()` to unsized types.
rust-lang@a9a4830d25 Replace
`WriteCloneIntoRaw` with `CloneToUninit`.
rust-lang@ec201b8650 Add
`core::clone::CloneToUninit`.
rust-lang@81da6a6d40 Make `effects` an
incomplete feature
rust-lang@ac47dbad50 Auto merge of
rust-lang#126824 - GuillaumeGomez:rollup-sybv8o7, r=GuillaumeGomez
rust-lang@d265538016 Rollup merge of
rust-lang#126823 - GuillaumeGomez:migrate-run-make-inline-always-many-cgu,
r=Kobzol
rust-lang@25bcc7d130 Rollup merge of
rust-lang#126731 - Kobzol:bootstrap-cmd-refactor, r=onur-ozkan
rust-lang@399c5cabdd Rollup merge of
rust-lang#126723 - estebank:dot-dot-dot, r=Nadrieril
rust-lang@3ed2cd74b5 Rollup merge of
rust-lang#126686 - fmease:dump-preds-n-item-bounds, r=compiler-errors
rust-lang@07e8b3ac01 Rollup merge of
rust-lang#126555 - beetrees:f16-inline-asm-arm, r=Amanieu
rust-lang@d03d6c0fea Auto merge of
rust-lang#126750 - scottmcm:less-unlikely, r=jhpratt
rust-lang@e7dfd4a913 Migrate
`run-make/inline-always-many-cgu` to `rmake.rs`
rust-lang@d9962bb4d8 Make `read_dir`
method take a mutable callback
rust-lang@f1b0d54ca9 Auto merge of
rust-lang#126816 - weihanglo:update-cargo, r=weihanglo
rust-lang@0bd58d8122 Apply review
comments.
rust-lang@250586cb2e Wrap std `Output` in
`CommandOutput`
rust-lang@f0aceed540 Auto merge of
rust-lang#126817 - workingjubilee:rollup-0rg0k55, r=workingjubilee
rust-lang@38bd7a0fcb Add
`#[rustc_dump_{predicates,item_bounds}]`
rust-lang@1916b3d57f Rollup merge of
rust-lang#126811 - compiler-errors:tidy-ftl, r=estebank
rust-lang@539090e5cd Rollup merge of
rust-lang#126809 - estebank:wording-tweak, r=oli-obk
rust-lang@b9ab6c3501 Rollup merge of
rust-lang#126798 - miguelfrde:master, r=tmandry
rust-lang@9498d5cf2f Rollup merge of
rust-lang#126787 - Strophox:get-bytes, r=RalfJung
rust-lang@1f9793f1aa Rollup merge of
rust-lang#126722 - adwinwhite:ptr_fn_abi, r=celinval
rust-lang@84b0922565 Rollup merge of
rust-lang#126712 - Oneirical:bootest-constestllation, r=jieyouxu
rust-lang@e7956cd994 Rollup merge of
rust-lang#126530 - beetrees:f16-inline-asm-riscv, r=Amanieu
rust-lang@10e1f5d212 Auto merge of
rust-lang#124101 - the8472:pidfd-methods, r=cuviper
rust-lang@2c65a24b8c Update cargo
rust-lang@fcae62649e Auto merge of
rust-lang#126758 - spastorino:avoid-safe-outside-unsafe-blocks, r=compiler-errors
rust-lang@ffd72b1700 Fix remaining cases
rust-lang@ea681ef281 Add a tidy rule to
make sure that diagnostics don't end in periods
rust-lang@8abf149bde to extract a pidfd
we must consume the child
rust-lang@0787c7308c Add PidFd::{kill,
wait, try_wait}
rust-lang@5d5892e966 Remove stray `.`
from error message
rust-lang@d94a40516e
[fuchsia-test-runner] Remove usage of kw_only
rust-lang@771e44ebd3 Add `f16` inline ASM
support for RISC-V
rust-lang@753fb070bb Add `f16` inline ASM
support for 32-bit ARM
rust-lang@22831ed117 Do not allow safe
usafe on static and fn items
rust-lang@a6a83d3d4e bless tests
rust-lang@b512bf6f77 add as_ptr to trait
AllocBytes, fix 2 impls; add pub fn get_bytes_unchecked_raw in
allocation.rs; add pub fn get_alloc_bytes_unchecked_raw[_mut] in
memory.rs
rust-lang@02aaea1803 update intrinsic
const param counting
rust-lang@3b14b756d8 Remove
`feature(effects)` from the standard library
rust-lang@a314f7363a Stop using
`unlikely` in `strict_*` methods
rust-lang@225796a2df Add method to get
`FnAbi` of function pointer
rust-lang@630c3adb14 Add regression test
for `unsafe_extern_blocks`
rust-lang@bb9a3ef90c Implement
`unsafe_extern_blocks` feature in rustdoc
rust-lang@3c0a4bc915 rewrite
crate-name-priority to rmake
rust-lang@bc12972bcd Slightly refactor
the dumping of HIR analysis data
rust-lang@3fe4d134dd Appease `clippy`
rust-lang@c15293407f Remove unused import
rust-lang@5c4318d02c Implement `run_cmd`
in terms of `run_tracked`
rust-lang@0de7b92cc6 Remove
`run_delaying_failure`
rust-lang@e933cfb13c Remove
`run_quiet_delaying_failure`
rust-lang@949e667d3f Remove `run_quiet`
rust-lang@a12f541a18 Implement new
command execution logic
rust-lang@9fd7784b97 Fix `...` in
multline code-skips in suggestions
rust-lang@f22b5afa6a rewrite
error-writing-dependencies to rmake
rust-lang@75ee1d74a9 rewrite
relocation-model to rmake
rust-lang@87d2e61428 Add `x perf` command
for profiling the compiler using `rustc-perf`
rust-lang@fd44aca2aa Copy `rustc-fake`
binary when building the `rustc-perf` tool
rust-lang@9e0b76201b Add `RustcPerf`
bootstrap tool
rust-lang@9ec178df0b Add `cargo_args` to
`ToolBuild`
rust-lang@6a04dfe78c Rename
`std::fs::try_exists` to `std::fs::exists` and stabilize fs_try_exists

Co-authored-by: celinval <35149715+celinval@users.noreply.github.com>
tgross35 added a commit to tgross35/rust that referenced this pull request Aug 3, 2024
…-blocks, r=compiler-errors

Stabilize unsafe extern blocks (RFC 3484)

# Stabilization report

## Summary

This is a tracking issue for the RFC 3484: Unsafe Extern Blocks

We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use.

RFC: rust-lang/rfcs#3484
Tracking issue: rust-lang#123743

## What is stabilized

### Summary of stabilization

We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results.

```rust
unsafe extern {
    // sqrt (from libm) may be called with any `f64`
    pub safe fn sqrt(x: f64) -> f64;

    // strlen (from libc) requires a valid pointer,
    // so we mark it as being an unsafe fn
    pub unsafe fn strlen(p: *const c_char) -> usize;

    // this function doesn't say safe or unsafe, so it defaults to unsafe
    pub fn free(p: *mut core::ffi::c_void);

    pub safe static IMPORTANT_BYTES: [u8; 256];

    pub safe static LINES: SyncUnsafeCell<i32>;
}
```

## Tests

The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`.

## History

- rust-lang#124482
- rust-lang#124455
- rust-lang#125077
- rust-lang#125522
- rust-lang#126738
- rust-lang#126749
- rust-lang#126755
- rust-lang#126757
- rust-lang#126758
- rust-lang#126756
- rust-lang#126973
- rust-lang#127535
- rust-lang/rustfmt#6204

## Unresolved questions

I am not aware of any unresolved questions.
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Aug 3, 2024
…-blocks, r=compiler-errors

Stabilize unsafe extern blocks (RFC 3484)

# Stabilization report

## Summary

This is a tracking issue for the RFC 3484: Unsafe Extern Blocks

We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use.

RFC: rust-lang/rfcs#3484
Tracking issue: rust-lang#123743

## What is stabilized

### Summary of stabilization

We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results.

```rust
unsafe extern {
    // sqrt (from libm) may be called with any `f64`
    pub safe fn sqrt(x: f64) -> f64;

    // strlen (from libc) requires a valid pointer,
    // so we mark it as being an unsafe fn
    pub unsafe fn strlen(p: *const c_char) -> usize;

    // this function doesn't say safe or unsafe, so it defaults to unsafe
    pub fn free(p: *mut core::ffi::c_void);

    pub safe static IMPORTANT_BYTES: [u8; 256];

    pub safe static LINES: SyncUnsafeCell<i32>;
}
```

## Tests

The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`.

## History

- rust-lang#124482
- rust-lang#124455
- rust-lang#125077
- rust-lang#125522
- rust-lang#126738
- rust-lang#126749
- rust-lang#126755
- rust-lang#126757
- rust-lang#126758
- rust-lang#126756
- rust-lang#126973
- rust-lang#127535
- rust-lang/rustfmt#6204

## Unresolved questions

I am not aware of any unresolved questions.
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request Aug 3, 2024
Rollup merge of rust-lang#127921 - spastorino:stabilize-unsafe-extern-blocks, r=compiler-errors

Stabilize unsafe extern blocks (RFC 3484)

# Stabilization report

## Summary

This is a tracking issue for the RFC 3484: Unsafe Extern Blocks

We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use.

RFC: rust-lang/rfcs#3484
Tracking issue: rust-lang#123743

## What is stabilized

### Summary of stabilization

We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results.

```rust
unsafe extern {
    // sqrt (from libm) may be called with any `f64`
    pub safe fn sqrt(x: f64) -> f64;

    // strlen (from libc) requires a valid pointer,
    // so we mark it as being an unsafe fn
    pub unsafe fn strlen(p: *const c_char) -> usize;

    // this function doesn't say safe or unsafe, so it defaults to unsafe
    pub fn free(p: *mut core::ffi::c_void);

    pub safe static IMPORTANT_BYTES: [u8; 256];

    pub safe static LINES: SyncUnsafeCell<i32>;
}
```

## Tests

The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`.

## History

- rust-lang#124482
- rust-lang#124455
- rust-lang#125077
- rust-lang#125522
- rust-lang#126738
- rust-lang#126749
- rust-lang#126755
- rust-lang#126757
- rust-lang#126758
- rust-lang#126756
- rust-lang#126973
- rust-lang#127535
- rust-lang/rustfmt#6204

## Unresolved questions

I am not aware of any unresolved questions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
F-unsafe_extern_blocks `#![feature(unsafe_extern_blocks)]` merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

safe keyword is allowed in all function contexts
9 participants