Access to mutable static within items inside unsafe blocks leads to poor user experience

[DanielShaulov]

The following produces an error about needing an unsafe block while already being in an unsafe block. It should produce an error about not being able to use a static value in another static.

struct A{
    x: u32
}

fn main() {
    unsafe {
        static mut NUM: u32 = 7;
        static a: A = A {
            x: NUM
        };
    }
}

https://is.gd/OgeJ7e

[TimNN]

So I think there are two issues here:

One is mostly an ordering issue - which checks should be done first - by the compiler. That is, should the compiler first check for the required unsafe or should it first check that statics cannot be used in other statics.

The second is whether expressions inside of items defined inside of unsafe blocks should be considered as being inside an unsafe block:

fn foo() {
    unsafe {
        static FOO: Foo = /* is this considered to be in an unsafe block? */;

        fn bar() {
            /* is this considered to be in an unsafe block? */;
        }
    }
}

unsafe fn unsafe_foo() {
    static FOO: Foo = /* is this considered to be in an unsafe block? */;

    fn bar() {
        /* is this considered to be in an unsafe block? */;
    }
}

As far I know, these kinds of expressions are currently not considered to be inside of an unsafe block.

I don't know whether anyone really thought about that behaviour when items inside of blocks were added to the language (although my initial guess, without any research, would be that this was probably not considered, since this is a pretty uncommon patter I believe, I would not have thought of writing code like this).

Whether the current behaviour should be considered the correct behaviour or not I don't know, I can see arguments for both sides, although I would intuitively lean more towards the current behaviour.

[DanielShaulov]

The following compiles:

struct A{
    x: u8
}

fn main() {
    let x: *const u8 = 0 as *const u8;
    unsafe {
        let a = A{
            x: *x
        };
    }
}

What is the difference between initializing a static struct and a regular one?

[TimNN]

let a = ... is an expression / statement.

static A: Foo = ... is (the definition of) an item.

Items are basically anything you can write outside of a function (type's, traits, impl's, static's, const's, ..., for details see the reference).

An item defined inside of a block / function is basically the same as if the item was defined outside the function / block with "special" name that is only available inside the block / function where the item was defined.

So initialising a "static struct" basically happens outside the function (and any unsafe blocks) they were defined in.

[TimNN]

To quote the reference on items inside of functions / blocks (emphasis mine):

Declaring an item — a function, enumeration, struct, type, static, trait, implementation or module — locally within a statement block is simply a way of restricting its scope to a narrow region containing all of its uses; it is otherwise identical in meaning to declaring the item outside the statement block.

[DanielShaulov]

OK, that makes sense, thanks for the clarification. I don't think this behavior should change.

It might be helpful to detect that an unsafe behavior is occurring inside a new item inside an unsafe block and give a note that the unsafe block doesn't extend there.

Other than that, this issue can be closed.

[Mark-Simulacrum]

Marking as a diagnostics issue, to fix this we need to improve the error about unsafe blocks not affecting items in them.

[petrochenkov]

Copying from #47864:

Interestingly, before Rust 1.6 unsafe blocks worked syntactically and the code was accepted - https://godbolt.org/g/7mv1jQ.
This probably changed accidentally when items were outlined into side tables in HIR.

[workingjubilee]

This example now does the following callout:

   Compiling playground v0.0.1 (/playground)
warning: unnecessary `unsafe` block
 --> src/main.rs:6:5
  |
6 |     unsafe {
  |     ^^^^^^ unnecessary `unsafe` block
  |
  = note: `#[warn(unused_unsafe)]` on by default

error[E0133]: use of mutable static is unsafe and requires unsafe function or block
 --> src/main.rs:9:16
  |
6 |     unsafe {
  |     ------ items do not inherit unsafety from separate enclosing items
...
9 |             x: NUM
  |                ^^^ use of mutable static
  |
  = note: mutable statics can be mutated by multiple threads: aliasing violations or data races will cause undefined behavior

[workingjubilee]

That was added in 1.67 by #103964