Mark unsafe_pin_internals as incomplete.

This thus still makes it technically possible to enable the feature, and thus to trigger UB without `unsafe`, but this is fine since incomplete features are known to be potentially unsound (labelled "may not be safe"). This follows from the discussion at https://github.com/rust-lang/rust/pull/93176#discussion_r799413561
2022-01-24 01:34:46 +01:00 · 2022-01-24 01:34:46 +01:00 · c93968aee8
commit c93968aee8
parent 6df63cc148
4 changed files with 35 additions and 0 deletions
--- a/compiler/rustc_feature/src/active.rs
+++ b/compiler/rustc_feature/src/active.rs
@ -161,6 +161,9 @@ declare_features! (
    (active, staged_api, "1.0.0", None, None),
    /// Added for testing E0705; perma-unstable.
    (active, test_2018_feature, "1.31.0", None, Some(Edition::Edition2018)),
+    /// Allows non-`unsafe` —and thus, unsound— access to `Pin` constructions.
+    /// Marked `incomplete` since perma-unstable and unsound.
+    (incomplete, unsafe_pin_internals, "1.61.0", None, None),
    /// Use for stable + negative coherence and strict coherence depending on trait's
    /// rustc_strict_coherence value.
    (active, with_negative_coherence, "1.60.0", None, None),
--- a/compiler/rustc_span/src/symbol.rs
+++ b/compiler/rustc_span/src/symbol.rs
@ -1455,6 +1455,7 @@ symbols! {
        unsafe_block_in_unsafe_fn,
        unsafe_cell,
        unsafe_no_drop_flag,
+        unsafe_pin_internals,
        unsize,
        unsized_fn_params,
        unsized_locals,
--- a/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.rs
+++ b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.rs
@ -0,0 +1,17 @@
+// edition:2018
+#![forbid(incomplete_features, unsafe_code)]
+#![feature(unsafe_pin_internals)]
+//~^ ERROR the feature `unsafe_pin_internals` is incomplete and may not be safe to use
+
+use core::{marker::PhantomPinned, pin::Pin};
+
+/// The `unsafe_pin_internals` is indeed unsound.
+fn non_unsafe_pin_new_unchecked<T>(pointer: &mut T) -> Pin<&mut T> {
+    Pin { pointer }
+}
+
+fn main() {
+    let mut self_referential = PhantomPinned;
+    let _: Pin<&mut PhantomPinned> = non_unsafe_pin_new_unchecked(&mut self_referential);
+    core::mem::forget(self_referential); // move and disable drop glue!
+}
--- a/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr
+++ b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr
@ -0,0 +1,14 @@
+error: the feature `unsafe_pin_internals` is incomplete and may not be safe to use and/or cause compiler crashes
+  --> $DIR/feature-gate-unsafe_pin_internals.rs:3:12
+   |
+LL | #![feature(unsafe_pin_internals)]
+   |            ^^^^^^^^^^^^^^^^^^^^
+   |
+note: the lint level is defined here
+  --> $DIR/feature-gate-unsafe_pin_internals.rs:2:11
+   |
+LL | #![forbid(incomplete_features, unsafe_code)]
+   |           ^^^^^^^^^^^^^^^^^^^
+
+error: aborting due to previous error
+