From 2764673dca6badb2ef89450bbdd84b19c317a9c7 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 17 May 2020 19:37:44 +0200 Subject: [PATCH] abort_internal is safe --- src/libstd/alloc.rs | 2 +- src/libstd/process.rs | 2 +- src/libstd/sys/cloudabi/mod.rs | 7 +++++-- src/libstd/sys/hermit/mod.rs | 8 +++++--- src/libstd/sys/sgx/mod.rs | 4 ++-- src/libstd/sys/unix/mod.rs | 4 ++-- src/libstd/sys/vxworks/mod.rs | 4 ++-- src/libstd/sys/wasi/mod.rs | 4 ++-- src/libstd/sys/wasm/mod.rs | 4 ++-- src/libstd/sys/windows/mod.rs | 9 ++++++--- src/libstd/sys_common/util.rs | 4 +--- 11 files changed, 29 insertions(+), 23 deletions(-) diff --git a/src/libstd/alloc.rs b/src/libstd/alloc.rs index 9840cfa4304..38d223d84e9 100644 --- a/src/libstd/alloc.rs +++ b/src/libstd/alloc.rs @@ -279,7 +279,7 @@ pub fn rust_oom(layout: Layout) -> ! { let hook: fn(Layout) = if hook.is_null() { default_alloc_error_hook } else { unsafe { mem::transmute(hook) } }; hook(layout); - unsafe { crate::sys::abort_internal() } + crate::process::abort() } #[cfg(not(test))] diff --git a/src/libstd/process.rs b/src/libstd/process.rs index b457d190b95..f7e7a5abf8e 100644 --- a/src/libstd/process.rs +++ b/src/libstd/process.rs @@ -1620,7 +1620,7 @@ pub fn exit(code: i32) -> ! { /// [panic hook]: ../../std/panic/fn.set_hook.html #[stable(feature = "process_abort", since = "1.17.0")] pub fn abort() -> ! { - unsafe { crate::sys::abort_internal() }; + crate::sys::abort_internal(); } /// Returns the OS-assigned process identifier associated with this process. diff --git a/src/libstd/sys/cloudabi/mod.rs b/src/libstd/sys/cloudabi/mod.rs index e5f1dd98435..dde2b21c9bc 100644 --- a/src/libstd/sys/cloudabi/mod.rs +++ b/src/libstd/sys/cloudabi/mod.rs @@ -51,8 +51,11 @@ pub fn decode_error_kind(errno: i32) -> ErrorKind { } } -pub unsafe fn abort_internal() -> ! { - core::intrinsics::abort(); +pub fn abort_internal() -> ! { + #[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump + unsafe { + core::intrinsics::abort(); + } } pub use libc::strlen; diff --git a/src/libstd/sys/hermit/mod.rs b/src/libstd/sys/hermit/mod.rs index f739df88ea6..7bdc1be3b17 100644 --- a/src/libstd/sys/hermit/mod.rs +++ b/src/libstd/sys/hermit/mod.rs @@ -74,8 +74,10 @@ pub extern "C" fn floor(x: f64) -> f64 { unsafe { intrinsics::floorf64(x) } } -pub unsafe fn abort_internal() -> ! { - abi::abort(); +pub fn abort_internal() -> ! { + unsafe { + abi::abort(); + } } // FIXME: just a workaround to test the system @@ -88,7 +90,7 @@ pub fn hashmap_random_keys() -> (u64, u64) { #[cfg(not(test))] #[no_mangle] // NB. used by both libunwind and libpanic_abort -pub unsafe extern "C" fn __rust_abort() { +pub extern "C" fn __rust_abort() { abort_internal(); } diff --git a/src/libstd/sys/sgx/mod.rs b/src/libstd/sys/sgx/mod.rs index 83cee0cf35a..397dd496ae8 100644 --- a/src/libstd/sys/sgx/mod.rs +++ b/src/libstd/sys/sgx/mod.rs @@ -124,7 +124,7 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize { return n; } -pub unsafe fn abort_internal() -> ! { +pub fn abort_internal() -> ! { abi::usercalls::exit(true) } @@ -133,7 +133,7 @@ pub unsafe fn abort_internal() -> ! { #[cfg(not(test))] #[no_mangle] // NB. used by both libunwind and libpanic_abort -pub unsafe extern "C" fn __rust_abort() { +pub extern "C" fn __rust_abort() { abort_internal(); } diff --git a/src/libstd/sys/unix/mod.rs b/src/libstd/sys/unix/mod.rs index 0154609d939..b1688e74173 100644 --- a/src/libstd/sys/unix/mod.rs +++ b/src/libstd/sys/unix/mod.rs @@ -163,6 +163,6 @@ where // understandable error message like "Abort trap" rather than "Illegal // instruction" that intrinsics::abort would cause, as intrinsics::abort is // implemented as an illegal instruction. -pub unsafe fn abort_internal() -> ! { - libc::abort() +pub fn abort_internal() -> ! { + unsafe { libc::abort() } } diff --git a/src/libstd/sys/vxworks/mod.rs b/src/libstd/sys/vxworks/mod.rs index e23191c9431..0787e709898 100644 --- a/src/libstd/sys/vxworks/mod.rs +++ b/src/libstd/sys/vxworks/mod.rs @@ -108,6 +108,6 @@ where // understandable error message like "Abort trap" rather than "Illegal // instruction" that intrinsics::abort would cause, as intrinsics::abort is // implemented as an illegal instruction. -pub unsafe fn abort_internal() -> ! { - libc::abort() +pub fn abort_internal() -> ! { + unsafe { libc::abort() } } diff --git a/src/libstd/sys/wasi/mod.rs b/src/libstd/sys/wasi/mod.rs index 241d499ca3b..29fafaaa0b9 100644 --- a/src/libstd/sys/wasi/mod.rs +++ b/src/libstd/sys/wasi/mod.rs @@ -100,8 +100,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize { return n; } -pub unsafe fn abort_internal() -> ! { - libc::abort() +pub fn abort_internal() -> ! { + unsafe { libc::abort() } } pub fn hashmap_random_keys() -> (u64, u64) { diff --git a/src/libstd/sys/wasm/mod.rs b/src/libstd/sys/wasm/mod.rs index c115f756450..050e8099af4 100644 --- a/src/libstd/sys/wasm/mod.rs +++ b/src/libstd/sys/wasm/mod.rs @@ -81,8 +81,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize { return n; } -pub unsafe fn abort_internal() -> ! { - crate::arch::wasm32::unreachable() +pub fn abort_internal() -> ! { + unsafe { crate::arch::wasm32::unreachable() } } // We don't have randomness yet, but I totally used a random number generator to diff --git a/src/libstd/sys/windows/mod.rs b/src/libstd/sys/windows/mod.rs index d745e87a072..4098c6b3ee9 100644 --- a/src/libstd/sys/windows/mod.rs +++ b/src/libstd/sys/windows/mod.rs @@ -308,11 +308,14 @@ pub fn dur2timeout(dur: Duration) -> c::DWORD { // // https://docs.microsoft.com/en-us/cpp/intrinsics/fastfail #[allow(unreachable_code)] -pub unsafe fn abort_internal() -> ! { +pub fn abort_internal() -> ! { #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] - { + unsafe { llvm_asm!("int $$0x29" :: "{ecx}"(7) ::: volatile); // 7 is FAST_FAIL_FATAL_APP_EXIT crate::intrinsics::unreachable(); } - crate::intrinsics::abort(); + #[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump + unsafe { + crate::intrinsics::abort(); + } } diff --git a/src/libstd/sys_common/util.rs b/src/libstd/sys_common/util.rs index 00f7db4c037..9f7c3bd8795 100644 --- a/src/libstd/sys_common/util.rs +++ b/src/libstd/sys_common/util.rs @@ -16,9 +16,7 @@ pub fn dumb_print(args: fmt::Arguments<'_>) { pub fn abort(args: fmt::Arguments<'_>) -> ! { dumb_print(format_args!("fatal runtime error: {}\n", args)); - unsafe { - crate::sys::abort_internal(); - } + crate::sys::abort_internal(); } #[allow(dead_code)] // stack overflow detection not enabled on all platforms