Safe Transmute: Revise safety analysis #121681
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
|
Some changes occurred to the core trait solver cc @rust-lang/initiative-trait-system-refactor |
jswrenn
force-pushed
the
nix-visibility-analysis
branch
from
13675b8
to
c944090
Compare
This comment has been minimized.
This comment has been minimized.
Migrate to a simplified safety analysis that does not use visibility. Closes rust-lang/project-safe-transmute#15
jswrenn
force-pushed
the
nix-visibility-analysis
branch
from
c944090
to
23ab1bd
Compare
rustbot
added
A-testsuite
| /// type and field privacy of the destination type (and sometimes of the source type, too). | ||
| /// When `true`, the compiler assumes that *you* have ensured that no | ||
| /// unsoundness will arise from violating the safety invariants of the | ||
| /// destination type (and sometimes of the source type, too). | ||
| pub safety: bool, |
There was a problem hiding this comment.
This is kind of a bikeshed, but I'd prefer if we made this name more precise. Specifically, these are user safety invariants, i.e. the set of invariants not reflected above.
There was a problem hiding this comment.
There's some ongoing discussion on naming among project safe transmute. Virtually every aspect of the naming is up for debate right now. In the interest of keeping names stable across discussions, I'd like to postpone bikeshedding names until we're closer to stabilization. When that conversation does occur, it will probably be with heavy deference to whatever terminology is preferred by t-opsem.
7 tasks
compiler-errors
approved these changes
Feb 29, 2024
|
@bors r+ rollup |
bors
added
S-waiting-on-bors
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 29, 2024
…iaskrgr Rollup of 8 pull requests Successful merges: - rust-lang#121326 (Detect empty leading where clauses on type aliases) - rust-lang#121464 (rustc: Fix wasm64 metadata object files) - rust-lang#121681 (Safe Transmute: Revise safety analysis) - rust-lang#121753 (Add proper cfg to keep only one AlignmentEnum definition for different target_pointer_widths) - rust-lang#121782 (allow statics pointing to mutable statics) - rust-lang#121798 (Fix links in rustc doc) - rust-lang#121806 (add const test for ptr::metadata) - rust-lang#121809 (Remove doc aliases to PATH) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 1, 2024
Rollup merge of rust-lang#121681 - jswrenn:nix-visibility-analysis, r=compiler-errors Safe Transmute: Revise safety analysis This PR migrates `BikeshedIntrinsicFrom` to a simplified safety analysis (described [here](rust-lang/project-safe-transmute#15)) that does not rely on analyzing the visibility of types and fields. The revised analysis treats primitive types as safe, and user-defined types as potentially carrying safety invariants. If Rust gains explicit (un)safe fields, this PR is structured so that it will be fairly easy to thread support for those annotations into the analysis. Notably, this PR removes the `Context` type parameter from `BikeshedIntrinsicFrom`. Most of the files changed by this PR are just UI tests tweaked to accommodate the removed parameter. r? `@compiler-errors`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR migrates
BikeshedIntrinsicFromto a simplified safety analysis (described here) that does not rely on analyzing the visibility of types and fields.The revised analysis treats primitive types as safe, and user-defined types as potentially carrying safety invariants. If Rust gains explicit (un)safe fields, this PR is structured so that it will be fairly easy to thread support for those annotations into the analysis.
Notably, this PR removes the
Contexttype parameter fromBikeshedIntrinsicFrom. Most of the files changed by this PR are just UI tests tweaked to accommodate the removed parameter.r? @compiler-errors