-
Notifications
You must be signed in to change notification settings - Fork 12.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stabilize unsafe extern blocks (RFC 3484) #127921
Stabilize unsafe extern blocks (RFC 3484) #127921
Conversation
r? @nnethercote rustbot has assigned @nnethercote. Use |
r? @traviscross I wasn't sure if I should leave this as a draft but would leave all this up to t-lang. |
This comment has been minimized.
This comment has been minimized.
8e21e78
to
9a8888c
Compare
We don't need back compat when |
Well ... is not really about backwards compatibility and when I wrote this, I kind of knew that I wasn't properly explaining myself. What I meant was ... if we were to flip default safety to safe, it would not only be surprising but would may also led to end with something that was unsafe being safe when you migrate. extern "C" {
fn foo();
// foo is unsafe
} When I migrate my code I do ... unsafe extern "C" {
fn foo();
// now foo is safe
} if the semantics of not providing safety is now being safe this would be a disaster. This is what I meant in that text, but written really poorly :). If you want to suggest an edit, I'd be happy to apply it. |
This comment was marked as resolved.
This comment was marked as resolved.
It is best to avoid the phrase "backwards compatibility", as it is clear that it means different things to different people. For some, it means to keep code that currently exists compiling. For others, they primarily mean preserving functional equivalence if the code is recompiled, but not necessarily allowing it to still compile (e.g. rejecting unsound code). For others, it means offering easy migration to a new paradigm that does not have surprising results. |
This comment was marked as resolved.
This comment was marked as resolved.
Is it possible to write |
This comment was marked as resolved.
This comment was marked as resolved.
@spastorino Would you please update your stabilization report to explain the finer-grained implementation choices that have been made? e.g. why ...and is |
...yes, without a feature gate, on a recent nightly? And beta? https://rust.godbolt.org/z/qdcreaqrh ...Could the stabilization report also explain why we decided to accept |
#127943 fixes that last part. It was accidental afaict. |
@workingjubilee, first I've updated the stabilization report to avoid mentioning backwards compatibility and explained in terms of avoiding surprising effects.
I did a short summary because I didn't want to repeat most of what is said in the RFC. Related to this very specific thing, from the RFC:
|
@bors r+ |
…-blocks, r=compiler-errors Stabilize unsafe extern blocks (RFC 3484) # Stabilization report ## Summary This is a tracking issue for the RFC 3484: Unsafe Extern Blocks We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use. RFC: rust-lang/rfcs#3484 Tracking issue: rust-lang#123743 ## What is stabilized ### Summary of stabilization We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results. ```rust unsafe extern { // sqrt (from libm) may be called with any `f64` pub safe fn sqrt(x: f64) -> f64; // strlen (from libc) requires a valid pointer, // so we mark it as being an unsafe fn pub unsafe fn strlen(p: *const c_char) -> usize; // this function doesn't say safe or unsafe, so it defaults to unsafe pub fn free(p: *mut core::ffi::c_void); pub safe static IMPORTANT_BYTES: [u8; 256]; pub safe static LINES: SyncUnsafeCell<i32>; } ``` ## Tests The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`. ## History - rust-lang#124482 - rust-lang#124455 - rust-lang#125077 - rust-lang#125522 - rust-lang#126738 - rust-lang#126749 - rust-lang#126755 - rust-lang#126757 - rust-lang#126758 - rust-lang#126756 - rust-lang#126973 - rust-lang#127535 - rust-lang/rustfmt#6204 ## Unresolved questions I am not aware of any unresolved questions.
Rollup of 6 pull requests Successful merges: - rust-lang#127095 (Migrate `reproducible-build-2` and `stable-symbol-names` `run-make` tests to rmake) - rust-lang#127921 (Stabilize unsafe extern blocks (RFC 3484)) - rust-lang#128466 (Update the stdarch submodule) - rust-lang#128530 (Implement `UncheckedIterator` directly for `RepeatN`) - rust-lang#128581 (Assert that all attributes are actually checked via `CheckAttrVisitor` and aren't accidentally usable on completely unrelated HIR nodes) - rust-lang#128603 (Update run-make/used to use `any_symbol_contains`) Failed merges: - rust-lang#128410 (Migrate `remap-path-prefix-dwarf` `run-make` test to rmake) r? `@ghost` `@rustbot` modify labels: rollup
…iaskrgr Rollup of 7 pull requests Successful merges: - rust-lang#127921 (Stabilize unsafe extern blocks (RFC 3484)) - rust-lang#128283 (bootstrap: fix bug preventing the use of custom targets) - rust-lang#128530 (Implement `UncheckedIterator` directly for `RepeatN`) - rust-lang#128551 (chore: refactor backtrace style in panic) - rust-lang#128573 (Simplify `body` usage in rustdoc) - rust-lang#128581 (Assert that all attributes are actually checked via `CheckAttrVisitor` and aren't accidentally usable on completely unrelated HIR nodes) - rust-lang#128603 (Update run-make/used to use `any_symbol_contains`) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#127921 - spastorino:stabilize-unsafe-extern-blocks, r=compiler-errors Stabilize unsafe extern blocks (RFC 3484) # Stabilization report ## Summary This is a tracking issue for the RFC 3484: Unsafe Extern Blocks We are stabilizing `#![feature(unsafe_extern_blocks)]`, as described in [Unsafe Extern Blocks RFC 3484](rust-lang/rfcs#3484). This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use. RFC: rust-lang/rfcs#3484 Tracking issue: rust-lang#123743 ## What is stabilized ### Summary of stabilization We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results. ```rust unsafe extern { // sqrt (from libm) may be called with any `f64` pub safe fn sqrt(x: f64) -> f64; // strlen (from libc) requires a valid pointer, // so we mark it as being an unsafe fn pub unsafe fn strlen(p: *const c_char) -> usize; // this function doesn't say safe or unsafe, so it defaults to unsafe pub fn free(p: *mut core::ffi::c_void); pub safe static IMPORTANT_BYTES: [u8; 256]; pub safe static LINES: SyncUnsafeCell<i32>; } ``` ## Tests The relevant tests are in `tests/ui/rust-2024/unsafe-extern-blocks`. ## History - rust-lang#124482 - rust-lang#124455 - rust-lang#125077 - rust-lang#125522 - rust-lang#126738 - rust-lang#126749 - rust-lang#126755 - rust-lang#126757 - rust-lang#126758 - rust-lang#126756 - rust-lang#126973 - rust-lang#127535 - rust-lang/rustfmt#6204 ## Unresolved questions I am not aware of any unresolved questions.
@rust-timer build 6841bd3 |
This comment has been minimized.
This comment has been minimized.
Finished benchmarking commit (6841bd3): comparison URL. Overall result: ❌ regressions - ACTION NEEDEDBenchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf. Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @bors rollup=never Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)This benchmark run did not return any relevant results for this metric. CyclesResults (primary -1.5%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 758.56s -> 757.756s (-0.11%) |
Probably has to do with the ungated edition check for extern block spans. I don't think this can be fixed 🤔 |
Understood, thanks. I'll mark the rollup as triaged then. @rustbot label: +perf-regression-triaged |
…-style-guide, r=compiler-errors Add unsafe to extern blocks in style guide This goes after this is merged: - rust-lang#127921 r? `@traviscross` Tracking: - rust-lang#123743
…-style-guide, r=compiler-errors Add unsafe to extern blocks in style guide This goes after this is merged: - rust-lang#127921 r? ``@traviscross`` Tracking: - rust-lang#123743
Rollup merge of rust-lang#127922 - spastorino:unsafe-extern-blocks-in-style-guide, r=compiler-errors Add unsafe to extern blocks in style guide This goes after this is merged: - rust-lang#127921 r? ``@traviscross`` Tracking: - rust-lang#123743
…ide, r=compiler-errors Add unsafe to extern blocks in style guide This goes after this is merged: - rust-lang/rust#127921 r? ``@traviscross`` Tracking: - rust-lang/rust#123743
Stabilization report
Summary
This is a tracking issue for the RFC 3484: Unsafe Extern Blocks
We are stabilizing
#![feature(unsafe_extern_blocks)]
, as described in Unsafe Extern Blocks RFC 3484. This feature makes explicit that declaring an extern block is unsafe. Starting in Rust 2024, all extern blocks must be marked as unsafe. In all editions, items within unsafe extern blocks may be marked as safe to use.RFC: rust-lang/rfcs#3484
Tracking issue: #123743
What is stabilized
Summary of stabilization
We now need extern blocks to be marked as unsafe and items inside can also have safety modifiers (unsafe or safe), by default items with no modifiers are unsafe to offer easy migration without surprising results.
Tests
The relevant tests are in
tests/ui/rust-2024/unsafe-extern-blocks
.History
unsafe
blocks do not fireunsafe_code
lint #126738safe
keyword is allowed in all function contexts #126749safe
keyword is not feature-gated #126755safe
keyword in pre-expansion #126757Unresolved questions
I am not aware of any unresolved questions.