Commit graph

3441 commits

Author SHA1 Message Date
Dylan DPC
1660b4b70c
Rollup merge of #97851 - saethlin:use-repr-c, r=thomcc
Use repr(C) when depending on struct layout in ptr tests

The test depends on the layout of this struct `Pair`, so it should use `repr(C)` instead of the default `repr(Rust)`.
2022-06-08 07:37:33 +02:00
Ben Kimock
5dd5244423 Use repr(C) when depending on struct layout in ptr tests 2022-06-07 19:24:09 -04:00
Dylan DPC
a9c4a7e1aa
Rollup merge of #95948 - Nilstrieb:improve-cstr-safety-docs, r=RalfJung
Improve the safety docs for `CStr`

Namely, the two functions `from_ptr` and `from_bytes_with_nul_unchecked`.
Before, these functions didn't state the requirements clearly enough,
and I was not immediately able to find them like for other functions.

This doesn't change the content of the docs, but simply rewords them for
clarity.

note: I'm not entirely sure about the '`ptr` must be valid for reads of `u8`.', there might be room for improvement for this (and maybe for the other docs as well 😄)
2022-06-07 17:25:42 +02:00
Nilstrieb
0dda42bc14 Improve the safety docs for CStr
Namely, the two functions `from_ptr` and `from_bytes_with_nul_unchecked`.
Before, this functions didn't state the requirements clearly enough,
and I was not immediately able to find them like for other functions.

This doesn't change the content of the docs, but simply rewords them for
clarity.
2022-06-07 16:42:26 +02:00
Matthias Krüger
1bf1932453
Rollup merge of #97764 - RalfJung:strict, r=dtolnay
use strict provenance APIs

The stdlib was adjusted to avoid bare int2ptr casts, but recently some casts of that sort have sneaked back in. Let's fix that. :)
2022-06-06 08:37:04 +02:00
bors
760237ff78 Auto merge of #97710 - RalfJung:ptr-addr, r=thomcc
implement ptr.addr() via transmute

As per the discussion in https://github.com/rust-lang/unsafe-code-guidelines/issues/286, the semantics for ptr-to-int transmutes that we are going with for now is to make them strip provenance without exposing it. That's exactly what `ptr.addr()` does! So we can implement `ptr.addr()` via `transmute`. This also means that once https://github.com/rust-lang/rust/pull/97684 lands, Miri can distinguish `ptr.addr()` from `ptr.expose_addr()`, and the following code will correctly be called out as having UB (if permissive provenance mode is enabled, which will become the default once the [implementation is complete](https://github.com/rust-lang/miri/issues/2133)):

```rust
fn main() {
    let x: i32 = 3;
    let x_ptr = &x as *const i32;

    let x_usize: usize = x_ptr.addr();
    // Cast back an address that did *not* get exposed.
    let ptr = std::ptr::from_exposed_addr::<i32>(x_usize);
    assert_eq!(unsafe { *ptr }, 3); //~ ERROR Undefined Behavior: dereferencing pointer failed
}
```

This completes the Miri implementation of the new distinctions introduced by strict provenance. :)

Cc `@Gankra` -- for now I left in your `FIXME(strict_provenance_magic)` saying these should be intrinsics, but I do not necessarily agree that they should be. Or if we have an intrinsic, I think it should behave exactly like the `transmute` does, which makes one wonder why the intrinsic should be needed.
2022-06-06 01:03:26 +00:00
Ralf Jung
4a41c35742 use strict provenance APIs 2022-06-05 11:50:48 -04:00
Ralf Jung
4291332175 implement ptr.addr() via transmute 2022-06-03 16:45:35 -04:00
Ralf Jung
4990021082 test const_copy to make sure bytewise pointer copies are working 2022-06-03 09:20:42 -04:00
Dylan DPC
025cf96615
Rollup merge of #97366 - WaffleLapkin:stabilize_array_slice_from_ref, r=dtolnay
Stabilize `{slice,array}::from_ref`

This PR stabilizes the following APIs as `const` functions in Rust `1.63`:
```rust
// core::array
pub const fn from_ref<T>(s: &T) -> &[T; 1];

// core::slice
pub const fn from_ref<T>(s: &T) -> &[T];
```

Note that the `mut` versions are not stabilized as unique references (`&mut _`) are [unstable in const context].

FCP: https://github.com/rust-lang/rust/issues/90206#issuecomment-1134586665

r? rust-lang/libs-api `@rustbot` label +T-libs-api -T-libs

[unstable in const context]: https://github.com/rust-lang/rust/issues/57349
2022-06-03 11:18:23 +02:00
Dylan DPC
0b2d48e5af
Rollup merge of #97420 - WaffleLapkin:no_oxford_casts_qqq, r=Mark-Simulacrum
Be a little nicer with casts when formatting `fn` pointers

This removes a `fn(...) -> ...` -> `usize` -> `*const ()` -> `usize` cast. cc #95489.
2022-06-02 15:26:57 +02:00
Yuki Okushi
3ed9bbe970
Rollup merge of #95594 - the8472:raw_slice_methods, r=yaahc
Additional `*mut [T]` methods

Split out from #94247

This adds the following methods to raw slices that already exist on regular slices

* `*mut [T]::is_empty`
* `*mut [T]::split_at_mut`
* `*mut [T]::split_at_mut_unchecked`

These methods reduce the amount of unsafe code needed to migrate `ChunksMut` and related iterators
to raw slices (#94247)

r? `@m-ou-se`
2022-06-02 06:44:25 +09:00
Yuki Okushi
e1d2e65463
Rollup merge of #97498 - ijchen:master, r=Mark-Simulacrum
Corrected EBNF grammar for from_str

Hello! This is my first time contributing to an open-source project. I'm excited to have the chance to contribute to the rust community 🥳

I noticed an issue with the documentation for `from_str` in `f32` and `f64`. It states that "All strings that adhere to the following [EBNF](https://www.w3.org/TR/REC-xml/#sec-notation) grammar when lowercased will result in an `Ok` being returned. I believe this is incorrect for the string `"."`, which is valid for the given EBNF grammar, but does not result in an `Ok` being returned ([playground](https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=09f891aa87963a56d3b0d715d8cbc2b4)). I have simplified the grammar in a way which fixes that, but is otherwise identical.

Previously, the `Number` part of the EBNF grammar had an option for `'.' Digit*`, which would include the string `"."`. This is not valid, and does not return an Ok as stated. The corrected version removes this, and still allows for the `'.' Digit+` case with the already existing `Digit* '.' Digit+` case.
2022-06-01 23:36:49 +09:00
Maybe Waffle
2aef6c5436 Fixup feature name to be more consistent with others
`slice_from_mut_ptr_range_const` -> `const_slice_from_mut_ptr_range`,
we usually have `const` in the front.
2022-05-31 23:12:28 +04:00
bors
0a43923a86 Auto merge of #97419 - WaffleLapkin:const_from_ptr_range, r=oli-obk
Make `from{,_mut}_ptr_range` const

This PR makes the following APIs `const`:
```rust
// core::slice

pub const unsafe fn from_ptr_range<'a, T>(range: Range<*const T>) -> &'a [T];
pub const unsafe fn from_mut_ptr_range<'a, T>(range: Range<*mut T>) -> &'a mut [T];
```

Tracking issue: #89792.
Feature for `from_ptr_range` as a `const fn`: `slice_from_ptr_range_const`.
Feature for `from_mut_ptr_range` as a `const fn`: `slice_from_mut_ptr_range_const`.

r? `@oli-obk`
2022-05-31 14:55:33 +00:00
bors
dcbd5f5134 Auto merge of #97526 - Nilstrieb:unicode-is-printable-fastpath, r=joshtriplett
Add unicode fast path to `is_printable`

Before, it would enter the full expensive check even for normal ascii characters. Now, it skips the check for the ascii characters in `32..127`. This range was checked manually from the current behavior.

I ran the `tracing` test suite in miri, and it was really slow. I looked at a profile, and miri spent most of the time in `core::char::methods::escape_debug_ext`, where half of that was dominated by `core::unicode::printable::is_printable`. So I optimized it here.

The tracing profile:
![The tracing profile](https://user-images.githubusercontent.com/48135649/170883650-23876e7b-3fd1-4e8b-9001-47672e06d914.svg)
2022-05-31 09:34:00 +00:00
Nilstrieb
3358a41acb Add unicode fast path to is_printable
Before, it would enter the full expensive check even for normal ascii
characters. Now, it skips the check for the ascii characters in
`32..127`. This range was checked manually from the current behavior.
2022-05-31 10:51:35 +02:00
Dylan DPC
efd2519e10
Rollup merge of #97569 - thomcc:fill_with_isnt_memset, r=Amanieu
Remove `memset` alias from `fill_with`.

In https://rust-lang.zulipchat.com/#narrow/stream/219381-t-libs/topic/Unsafe.20and.20Safe.20versions.20of.20APIs.20both.20getting.20the.20same.20alias/near/284413029 `@Amanieu` pointed out that we had this, which is not really right.

In our guidelines we say that we will "not add an alias for a function that's only somewhat similar or related", which applies here. Memset doesn't take a closure, not even conceptually.
2022-05-31 07:57:37 +02:00
Thom Chiovoloni
de3ac3c3f8
Remove memset alias from fill_with. 2022-05-30 16:26:00 -07:00
Lukas
e565bb0326 Update mut_ptr.rs 2022-05-31 00:41:39 +02:00
Lukas
7a9c13985e
Update intrinsics.rs 2022-05-30 22:38:29 +00:00
Dylan DPC
a352ad500d
Rollup merge of #97545 - thomcc:sip-comment-safety, r=Dylan-DPC
Reword safety comments in core/hash/sip.rs

In https://rust-lang.zulipchat.com/#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/Is.20there.20any.20way.20to.20soundly.20do.20a.20masked.20out-of-bounds.20read.3F/near/284329248 it came up that this is using an atypical (and somewhat vague) phrasing of the safety requirement, so this slightly rewords it.
2022-05-30 14:33:53 +02:00
Dylan DPC
0ed320bdb9
Rollup merge of #97494 - est31:remove_box_alloc_tests, r=Dylan-DPC
Use Box::new() instead of box syntax in library tests

The tests inside `library/*` have no reason to use `box` syntax as they have 0 performance relevance. Therefore, we can safely remove them (instead of having to use alternatives like the one in #97293).
2022-05-30 14:33:48 +02:00
Maybe Waffle
10ee6f8e06 Rename slice_from_ptr_range_const -> const_slice_from_ptr_range
This is in line with other `const fn` features.
2022-05-30 15:44:56 +04:00
Maybe Waffle
19caa8c89b Make from{,_mut}_ptr_range const
- `from_ptr_range` uses `#![feature(slice_from_ptr_range_const)]`
- `from_mut_ptr_range` uses `#![feature(slice_from_mut_ptr_range_const)]`
2022-05-30 15:44:55 +04:00
bors
5c780b98d1 Auto merge of #96964 - oli-obk:const_trait_mvp, r=compiler-errors
Replace `#[default_method_body_is_const]` with `#[const_trait]`

pulled out of #96077

related issues:  #67792 and #92158

cc `@fee1-dead`

This is groundwork to only allowing `impl const Trait` for traits that are marked with `#[const_trait]`. This is necessary to prevent adding a new default method from becoming a breaking change (as it could be a non-const fn).
2022-05-30 09:19:03 +00:00
Deadbeef
257f06587c Remove #[default..] and add #[const_trait] 2022-05-30 08:52:24 +00:00
Thom Chiovoloni
eeacb4403c
Reword safety comments in core/hash/sip.rs 2022-05-30 01:06:08 -07:00
bors
bef2b7cd1c Auto merge of #97214 - Mark-Simulacrum:stage0-bump, r=pietroalbini
Finish bumping stage0

It looks like the last time had left some remaining cfg's -- which made me think
that the stage0 bump was actually successful. This brings us to a released 1.62
beta though.

This now brings us to cfg-clean, with the exception of check-cfg-features in bootstrap;
I'd prefer to leave that for a separate PR at this time since it's likely to be more tricky.

cc https://github.com/rust-lang/rust/pull/97147#issuecomment-1132845061

r? `@pietroalbini`
2022-05-29 16:28:21 +00:00
Maybe Waffle
ac5c15d6be Remove (fn(...) -> ...) -> usize -> *const () -> usize cast 2022-05-29 13:11:51 +04:00
est31
cdb8e64bc7 Use Box::new() instead of box syntax in core tests 2022-05-29 01:44:11 +02:00
Guillaume Gomez
774d7ced10
Rollup merge of #97482 - RalfJung:ptr-invalid, r=thomcc
ptr::invalid is not equivalent to a int2ptr cast

I just realized I forgot to update these docs when adding `from_exposed_addr`.
Right now the docs say `invalid` and `from_exposed_addr` are both equivalent to a cast, and that is clearly not what we want.

Cc ``@Gankra``
2022-05-29 01:12:33 +02:00
Isaac Chen
0484cfb6a9
Corrected EBNF grammar for from_str
Previously, the `Number` part of the EBNF grammar had an option for `'.' Digit*`, which would include the string "." (a single decimal point). This is not valid, and does not return an Ok as stated. The corrected version removes this, and still allows for the `'.' Digit+` case with the already existing `Digit* '.' Digit+` case.
2022-05-28 18:24:34 -04:00
Ralf Jung
852777eff1 note to future self 2022-05-28 18:15:04 +02:00
Ralf Jung
ad33519455 ptr::invalid is not equivalent to a int2ptr cast 2022-05-28 12:39:36 +02:00
Dylan DPC
880d3ea3c2
Rollup merge of #97034 - fee1-dead-contrib:layout-hash, r=dtolnay
Implement `Hash` for `core::alloc::Layout`

This was brought up on [reddit](https://www.reddit.com/r/rust/comments/uoypui/the_standard_library_types_are_good_except_when/), and I don't see why Layout shouldn't implement `Hash`. Feel free to comment if I am wrong though :)
2022-05-28 08:45:51 +02:00
Dylan DPC
837cd9e26c
Rollup merge of #94640 - Pointerbender:issue-71146-partial-stabilization, r=yaahc
Partially stabilize `(const_)slice_ptr_len` feature by stabilizing `NonNull::len`

This PR partially stabilizes features `const_slice_ptr_len` and `slice_ptr_len` by only stabilizing `NonNull::len`. This partial stabilization is tracked under features `slice_ptr_len_nonnull` and `const_slice_ptr_len_nonnull`, for which this PR can serve as the tracking issue.

To summarize the discussion from #71146 leading up to this partial stabilization request:

It's currently a bit footgunny to obtain the length of a raw slice pointer, stabilization of `NonNull:len` will help with removing these footguns. Some example footguns are:

```rust
/// # Safety
/// The caller must ensure that `ptr`:
/// 1. does not point to memory that was previously allocated but is now deallocated;
/// 2. is within the bounds of a single allocated object;
/// 3. does not to point to a slice for which the length exceeds `isize::MAX` bytes;
/// 4. points to a properly aligned address;
/// 5. does not point to uninitialized memory;
/// 6. does not point to a mutably borrowed memory location.
pub unsafe fn ptr_len<T>(ptr: core::ptr::NonNull<[T]>) -> usize {
   (&*ptr.as_ptr()).len()
}
```

A slightly less complicated version (but still more complicated than it needs to be):

```rust
/// # Safety
/// The caller must ensure that the start of `ptr`:
/// 1. does not point to memory that was previously allocated but is now deallocated;
/// 2. must be within the bounds of a single allocated object.
pub unsafe fn ptr_len<T>(ptr: NonNull<[T]>) -> usize {
   (&*(ptr.as_ptr() as *const [()])).len()
}
```

This PR does not stabilize `<*const [T]>::len` and  `<*mut [T]>::len` because the tracking issue #71146 list a potential blocker for these methods, but this blocker [does not apply](https://github.com/rust-lang/rust/issues/71146#issuecomment-808735714) to `NonNull::len`.

We should probably also ping the [Constant Evaluation WG](https://github.com/rust-lang/const-eval) since this PR includes a `#[rustc_allow_const_fn_unstable(const_slice_ptr_len)]`. My instinct here is that this will probably be okay because the pointer is not actually dereferenced and `len()` does not touch the address component of the pointer, but would be best to double check :)

One potential down-side was raised that stabilizing `NonNull::len` could lead to encouragement of coding patterns like:

```
pub fn ptr_len<T>(ptr: *mut [T]) -> usize {
   NonNull::new(ptr).unwrap().len()
}
```

which unnecessarily assert non-nullness. However, these are much less of a footgun than the above examples and this should be resolved when `slice_ptr_len` fully stabilizes eventually.
2022-05-28 08:45:50 +02:00
Mark Rousskov
b454991ac4 Finish bumping stage0
It looks like the last time had left some remaining cfg's -- which made me think
that the stage0 bump was actually successful. This brings us to a released 1.62
beta though.
2022-05-27 07:36:17 -04:00
bors
9a42c6509d Auto merge of #97444 - compiler-errors:rollup-2gvdav6, r=compiler-errors
Rollup of 3 pull requests

Successful merges:

 - #96051 (Use rounding in float to Duration conversion methods)
 - #97066 (rustdoc: Remove `ItemFragment(Kind)`)
 - #97436 (Update `triagebot.toml` for macos ping group)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
2022-05-27 03:27:04 +00:00
Michael Goulet
e3813e46a2
Rollup merge of #96051 - newpavlov:duration_rounding, r=nagisa,joshtriplett
Use rounding in float to Duration conversion methods

Closes #96045
2022-05-26 20:15:07 -07:00
Артём Павлов [Artyom Pavlov]
6495963d5a fmt 2022-05-27 05:15:22 +03:00
Артём Павлов [Artyom Pavlov]
38609cd8a9 fix nanos overflow for f64 2022-05-27 04:59:01 +03:00
Artyom Pavlov
06af3a63a5
add debug asserts 2022-05-27 00:22:56 +00:00
Vadim Petrochenkov
5bf23f64cc libcore: Add iter::from_generator which is like iter::from_fn, but for coroutines instead of functions 2022-05-27 01:51:31 +03:00
Matthias Krüger
82beeabf54
Rollup merge of #96033 - yaahc:expect-elaboration, r=scottmcm
Add section on common message styles for Result::expect

Based on a question from https://github.com/rust-lang/project-error-handling/issues/50#issuecomment-1092339937

~~One thing I haven't decided on yet, should I duplicate this section on `Option::expect`, link to this section, or move it somewhere else and link to that location from both docs?~~: I ended up moving the section to `std::error` and referencing it from both `Result::expect` and `Option::expect`'s docs.

I think this section, when combined with the similar update I made on [`std::panic!`](https://doc.rust-lang.org/nightly/std/macro.panic.html#when-to-use-panic-vs-result) implies that we should possibly more aggressively encourage and support the "expect as precondition" style described in this section. The consensus among the libs team seems to be that panic should be used for bugs, not expected potential failure modes. The "expect as error message" style seems to align better with the panic for unrecoverable errors style where they're seen as normal errors where the only difference is a desire to kill the current execution unit (aka erlang style error handling). I'm wondering if we should be providing a panic hook similar to `human-panic` or more strongly recommending the "expect as precondition" style of expect message.
2022-05-26 20:59:40 +02:00
Jane Lusby
ef879c680e fix broken doctest 2022-05-25 12:20:48 -07:00
Jane Lusby
720e987ac0 update option and result references to expect message docs 2022-05-25 11:37:39 -07:00
bors
9fed13030c Auto merge of #94954 - SimonSapin:null-thin3, r=yaahc
Extend ptr::null and null_mut to all thin (including extern) types

Fixes https://github.com/rust-lang/rust/issues/93959

This change was accepted in https://rust-lang.github.io/rfcs/2580-ptr-meta.html

Note that this changes the signature of **stable** functions. The change should be backward-compatible, but it is **insta-stable** since it cannot (easily, at all?) be made available only through a `#![feature(…)]` opt-in.

The RFC also proposed the same change for `NonNull::dangling`, which makes sense it terms of its signature but not in terms of its implementation. `dangling` uses `align_of()` as an address. But what `align_of()` should be for extern types or whether it should be allowed at all remains an open question.

This commit depends on https://github.com/rust-lang/rust/pull/93977, which is not yet part of the bootstrap compiler. So `#[cfg]` is used to only apply the change in stage 1+. As far a I know bounds cannot be made conditional with `#[cfg]`, so the entire functions are duplicated. This is unfortunate but temporary.

Since this duplication makes it less obvious in the diff, the new definitions differ in:

* More permissive bounds (`Thin` instead of implied `Sized`)
* Different implementation
* Having `rustc_allow_const_fn_unstable(const_fn_trait_bound)`
* Having `rustc_allow_const_fn_unstable(ptr_metadata)`
2022-05-25 13:58:51 +00:00
Dylan DPC
ca269b1e79
Rollup merge of #97233 - c410-f3r:assert-lib, r=scottmcm
[RFC 2011] Library code

CC https://github.com/rust-lang/rust/pull/96496

Based on https://github.com/dtolnay/case-studies/tree/master/autoref-specialization.

Basically creates two traits with the same method name. One trait is generic over any `T` and the other is specialized to any `T: Printable`.

The compiler will then call the corresponding trait method through auto reference.

```rust
fn main() {
    let mut a = Capture::new();
    let mut b = Capture::new();

    (&Wrapper(&1i32)).try_capture(&mut a); // `try_capture` from `TryCapturePrintable`
    (&Wrapper(&vec![1i32])).try_capture(&mut b); // `try_capture` from `TryCaptureGeneric`

    assert_eq!(format!("{:?}", a), "1");
    assert_eq!(format!("{:?}", b), "N/A");
}
```

r? `@scottmcm`
2022-05-25 10:48:29 +02:00
Dylan DPC
fbb17777fe
Rollup merge of #97026 - Nilstrieb:make-atomic-debug-relaxed, r=scottmcm
Change orderings of `Debug` for the Atomic types to `Relaxed`.

This reduces synchronization between threads when debugging the atomic types.  Reducing the synchronization means that executions with and without the debug calls will be more consistent, making it easier to debug.

We discussed this on the Rust Community Discord with `@ibraheemdev` before.
2022-05-25 07:31:42 +02:00