Commit Graph

386 Commits

Author SHA1 Message Date
Jade
3cf820e17d rfc3052: Remove authors field from Cargo manifests
Since RFC 3052 soft deprecated the authors field anyway, hiding it from
crates.io, docs.rs, and making Cargo not add it by default, and it is
not generally up to date/useful information, we should remove it from
crates in this repo.
2021-07-29 14:56:05 -07:00
bors
eba3228b2a Auto merge of #86251 - Smittyvb:thir-tree-again, r=oli-obk
Support -Z unpretty=thir-tree again

Currently `-Z unpretty=thir-tree` is broken after some THIR refactorings. This re-implements it, making it easier to debug THIR-related issues.

We have to do analyzes before getting the THIR, since trying to create THIR from invalid HIR can ICE. But doing those analyzes requires the THIR to be built and stolen. We work around this by creating a separate query to construct the THIR tree string representation.

Closes https://github.com/rust-lang/project-thir-unsafeck/issues/8, fixes #85552.
2021-07-28 09:01:11 +00:00
bors
2faabf5793 Auto merge of #80367 - camelid:check_match-combine-loop, r=Nadrieril
Combine two loops in `check_match`

Suggested by Nadrieril in
https://github.com/rust-lang/rust/pull/79051#discussion_r548778186.

Opening to get a perf run. Hopefully this code doesn't require everything in the
first loop to be done before running the second! (It shouldn't though.)

cc `@Nadrieril`
2021-07-27 19:56:18 +00:00
bors
998cfe5aad Auto merge of #85305 - MarcusDunn:master, r=pnkfelix
Stabilize bindings_after_at

attempting to stabilze bindings_after_at [#65490](https://github.com/rust-lang/rust/issues/65490), im pretty new to the whole thing so any pointers are greatly appreciated.
2021-07-27 05:53:31 +00:00
Smitty
e8165e7f1b Support -Z unpretty=thir-tree again 2021-07-24 17:18:15 -04:00
LeSeulArtichaut
c5dda05e4e Implement AssignToDroppingUnionField in THIR unsafeck 2021-07-23 15:38:19 +02:00
Camelid
c3a03ae5b7 Combine two loops in check_match
Suggested by Nadrieril in
https://github.com/rust-lang/rust/pull/79051#discussion_r548778186.
2021-07-22 20:50:51 -07:00
Santiago Pastorino
ba1e13fa66
Revert "structural_match: non-structural-match ty closures"
Reverts #73353
2021-07-18 09:30:10 -03:00
bors
c78ebb7bdc Auto merge of #87123 - RalfJung:miri-provenance-overhaul, r=oli-obk
CTFE/Miri engine Pointer type overhaul

This fixes the long-standing problem that we are using `Scalar` as a type to represent pointers that might be integer values (since they point to a ZST). The main problem is that with int-to-ptr casts, there are multiple ways to represent the same pointer as a `Scalar` and it is unclear if "normalization" (i.e., the cast) already happened or not. This leads to ugly methods like `force_mplace_ptr` and `force_op_ptr`.
Another problem this solves is that in Miri, it would make a lot more sense to have the `Pointer::offset` field represent the full absolute address (instead of being relative to the `AllocId`). This means we can do ptr-to-int casts without access to any machine state, and it means that the overflow checks on pointer arithmetic are (finally!) accurate.

To solve this, the `Pointer` type is made entirely parametric over the provenance, so that we can use `Pointer<AllocId>` inside `Scalar` but use `Pointer<Option<AllocId>>` when accessing memory (where `None` represents the case that we could not figure out an `AllocId`; in that case the `offset` is an absolute address). Moreover, the `Provenance` trait determines if a pointer with a given provenance can be cast to an integer by simply dropping the provenance.

I hope this can be read commit-by-commit, but the first commit does the bulk of the work. It introduces some FIXMEs that are resolved later.
Fixes https://github.com/rust-lang/miri/issues/841
Miri PR: https://github.com/rust-lang/miri/pull/1851
r? `@oli-obk`
2021-07-17 15:26:27 +00:00
bors
f502bd3abd Auto merge of #86761 - Alexhuszagh:master, r=estebank
Update Rust Float-Parsing Algorithms to use the Eisel-Lemire algorithm.

# Summary

Rust, although it implements a correct float parser, has major performance issues in float parsing. Even for common floats, the performance can be 3-10x [slower](https://arxiv.org/pdf/2101.11408.pdf) than external libraries such as [lexical](https://github.com/Alexhuszagh/rust-lexical) and [fast-float-rust](https://github.com/aldanor/fast-float-rust).

Recently, major advances in float-parsing algorithms have been developed by Daniel Lemire, along with others, and implement a fast, performant, and correct float parser, with speeds up to 1200 MiB/s on Apple's M1 architecture for the [canada](0e2b5d163d/data/canada.txt) dataset, 10x faster than Rust's 130 MiB/s.

In addition, [edge-cases](https://github.com/rust-lang/rust/issues/85234) in Rust's [dec2flt](868c702d0c/library/core/src/num/dec2flt) algorithm can lead to over a 1600x slowdown relative to efficient algorithms. This is due to the use of Clinger's correct, but slow [AlgorithmM and Bellepheron](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.45.4152&rep=rep1&type=pdf), which have been improved by faster big-integer algorithms and the Eisel-Lemire algorithm, respectively.

Finally, this algorithm provides substantial improvements in the number of floats the Rust core library can parse. Denormal floats with a large number of digits cannot be parsed, due to use of the `Big32x40`, which simply does not have enough digits to round a float correctly. Using a custom decimal class, with much simpler logic, we can parse all valid decimal strings of any digit count.

```rust
// Issue in Rust's dec2fly.
"2.47032822920623272088284396434110686182e-324".parse::<f64>();   // Err(ParseFloatError { kind: Invalid })
```

# Solution

This pull request implements the Eisel-Lemire algorithm, modified from [fast-float-rust](https://github.com/aldanor/fast-float-rust) (which is licensed under Apache 2.0/MIT), along with numerous modifications to make it more amenable to inclusion in the Rust core library. The following describes both features in fast-float-rust and improvements in fast-float-rust for inclusion in core.

**Documentation**

Extensive documentation has been added to ensure the code base may be maintained by others, which explains the algorithms as well as various associated constants and routines. For example, two seemingly magical constants include documentation to describe how they were derived as follows:

```rust
    // Round-to-even only happens for negative values of q
    // when q ≥ −4 in the 64-bit case and when q ≥ −17 in
    // the 32-bitcase.
    //
    // When q ≥ 0,we have that 5^q ≤ 2m+1. In the 64-bit case,we
    // have 5^q ≤ 2m+1 ≤ 2^54 or q ≤ 23. In the 32-bit case,we have
    // 5^q ≤ 2m+1 ≤ 2^25 or q ≤ 10.
    //
    // When q < 0, we have w ≥ (2m+1)×5^−q. We must have that w < 2^64
    // so (2m+1)×5^−q < 2^64. We have that 2m+1 > 2^53 (64-bit case)
    // or 2m+1 > 2^24 (32-bit case). Hence,we must have 2^53×5^−q < 2^64
    // (64-bit) and 2^24×5^−q < 2^64 (32-bit). Hence we have 5^−q < 2^11
    // or q ≥ −4 (64-bit case) and 5^−q < 2^40 or q ≥ −17 (32-bitcase).
    //
    // Thus we have that we only need to round ties to even when
    // we have that q ∈ [−4,23](in the 64-bit case) or q∈[−17,10]
    // (in the 32-bit case). In both cases,the power of five(5^|q|)
    // fits in a 64-bit word.
    const MIN_EXPONENT_ROUND_TO_EVEN: i32;
    const MAX_EXPONENT_ROUND_TO_EVEN: i32;
```

This ensures maintainability of the code base.

**Improvements for Disguised Fast-Path Cases**

The fast path in float parsing algorithms attempts to use native, machine floats to represent both the significant digits and the exponent, which is only possible if both can be exactly represented without rounding. In practice, this means that the significant digits must be 53-bits or less and the then exponent must be in the range `[-22, 22]` (for an f64). This is similar to the existing dec2flt implementation.

However, disguised fast-path cases exist, where there are few significant digits and an exponent above the valid range, such as `1.23e25`. In this case, powers-of-10 may be shifted from the exponent to the significant digits, discussed at length in https://github.com/rust-lang/rust/issues/85198.

**Digit Parsing Improvements**

Typically, integers are parsed from string 1-at-a-time, requiring unnecessary multiplications which can slow down parsing. An approach to parse 8 digits at a time using only 3 multiplications is described in length [here](https://johnnylee-sde.github.io/Fast-numeric-string-to-int/). This leads to significant performance improvements, and is implemented for both big and little-endian systems.

**Unsafe Changes**

Relative to fast-float-rust, this library makes less use of unsafe functionality and clearly documents it. This includes the refactoring and documentation of numerous unsafe methods undesirably marked as safe. The original code would look something like this, which is deceptively marked as safe for unsafe functionality.

```rust
impl AsciiStr {
    #[inline]
    pub fn step_by(&mut self, n: usize) -> &mut Self {
        unsafe { self.ptr = self.ptr.add(n) };
        self
    }
}

...

#[inline]
fn parse_scientific(s: &mut AsciiStr<'_>) -> i64 {
    // the first character is 'e'/'E' and scientific mode is enabled
    let start = *s;
    s.step();
    ...
}
```

The new code clearly documents safety concerns, and does not mark unsafe functionality as safe, leading to better safety guarantees.

```rust
impl AsciiStr {
    /// Advance the view by n, advancing it in-place to (n..).
    pub unsafe fn step_by(&mut self, n: usize) -> &mut Self {
        // SAFETY: same as step_by, safe as long n is less than the buffer length
        self.ptr = unsafe { self.ptr.add(n) };
        self
    }
}

...

/// Parse the scientific notation component of a float.
fn parse_scientific(s: &mut AsciiStr<'_>) -> i64 {
    let start = *s;
    // SAFETY: the first character is 'e'/'E' and scientific mode is enabled
    unsafe {
        s.step();
    }
    ...
}
```

This allows us to trivially demonstrate the new implementation of dec2flt is safe.

**Inline Annotations Have Been Removed**

In the previous implementation of dec2flt, inline annotations exist practically nowhere in the entire module. Therefore, these annotations have been removed, which mostly does not impact [performance](https://github.com/aldanor/fast-float-rust/issues/15#issuecomment-864485157).

**Fixed Correctness Tests**

Numerous compile errors in `src/etc/test-float-parse` were present, due to deprecation of `time.clock()`, as well as the crate dependencies with `rand`. The tests have therefore been reworked as a [crate](https://github.com/Alexhuszagh/rust/tree/master/src/etc/test-float-parse), and any errors in `runtests.py` have been patched.

**Undefined Behavior**

An implementation of `check_len` which relied on undefined behavior (in fast-float-rust) has been refactored, to ensure that the behavior is well-defined. The original code is as follows:

```rust
    #[inline]
    pub fn check_len(&self, n: usize) -> bool {
        unsafe { self.ptr.add(n) <= self.end }
    }
```

And the new implementation is as follows:

```rust
    /// Check if the slice at least `n` length.
    fn check_len(&self, n: usize) -> bool {
        n <= self.as_ref().len()
    }
```

Note that this has since been fixed in [fast-float-rust](https://github.com/aldanor/fast-float-rust/pull/29).

**Inferring Binary Exponents**

Rather than explicitly store binary exponents, this new implementation infers them from the decimal exponent, reducing the amount of static storage required. This removes the requirement to store [611 i16s](868c702d0c/library/core/src/num/dec2flt/table.rs (L8)).

# Code Size

The code size, for all optimizations, does not considerably change relative to before for stripped builds, however it is **significantly** smaller prior to stripping the resulting binaries. These binary sizes were calculated on x86_64-unknown-linux-gnu.

**new**

Using rustc version 1.55.0-dev.

opt-level|size|size(stripped)
|:-:|:-:|:-:|
0|400k|300K
1|396k|292K
2|392k|292K
3|392k|296K
s|396k|292K
z|396k|292K

**old**

Using rustc version 1.53.0-nightly.

opt-level|size|size(stripped)
|:-:|:-:|:-:|
0|3.2M|304K
1|3.2M|292K
2|3.1M|284K
3|3.1M|284K
s|3.1M|284K
z|3.1M|284K

# Correctness

The dec2flt implementation passes all of Rust's unittests and comprehensive float parsing tests, along with numerous other tests such as Nigel Toa's comprehensive float [tests](https://github.com/nigeltao/parse-number-fxx-test-data) and Hrvoje Abraham  [strtod_tests](https://github.com/ahrvoje/numerics/blob/master/strtod/strtod_tests.toml). Therefore, it is unlikely that this algorithm will incorrectly round parsed floats.

# Issues Addressed

This will fix and close the following issues:

- resolves #85198
- resolves #85214
- resolves #85234
- fixes #31407
- fixes #31109
- fixes #53015
- resolves #68396
- closes https://github.com/aldanor/fast-float-rust/issues/15
2021-07-17 12:56:22 +00:00
Alex Huszagh
8752b40369 Changed dec2flt to use the Eisel-Lemire algorithm.
Implementation is based off fast-float-rust, with a few notable changes.

- Some unsafe methods have been removed.
- Safe methods with inherently unsafe functionality have been removed.
- All unsafe functionality is documented and provably safe.
- Extensive documentation has been added for simpler maintenance.
- Inline annotations on internal routines has been removed.
- Fixed Python errors in src/etc/test-float-parse/runtests.py.
- Updated test-float-parse to be a library, to avoid missing rand dependency.
- Added regression tests for #31109 and #31407 in core tests.
- Added regression tests for #31109 and #31407 in ui tests.
- Use the existing slice primitive to simplify shared dec2flt methods
- Remove Miri ignores from dec2flt, due to faster parsing times.

- resolves #85198
- resolves #85214
- resolves #85234
- fixes #31407
- fixes #31109
- fixes #53015
- resolves #68396
- closes https://github.com/aldanor/fast-float-rust/issues/15
2021-07-17 00:30:34 -05:00
Ralf Jung
7c720ce612 get rid of incorrect erase_for_fmt 2021-07-16 10:09:56 +02:00
Cameron Steffen
1537cd4fb1 Remove refs from pat slices 2021-07-15 16:09:57 -05:00
Ralf Jung
626605cea0 consistently treat None-tagged pointers as ints; get rid of some deprecated Scalar methods 2021-07-14 18:17:49 +02:00
bors
1f0db5e0a3 Auto merge of #86665 - FabianWolff:layout-field-thir-unsafeck, r=oli-obk
Implement Mutation- and BorrowOfLayoutConstrainedField in thir-unsafeck

Since nobody has so far claimed Mutation- and BorrowOfLayoutConstrainedField in rust-lang/project-thir-unsafeck#7, I have taken the liberty of implementing them in thir-unsafeck.

r? `@LeSeulArtichaut`
2021-07-13 04:38:39 +00:00
Fabian Wolff
79f0743b6f Fix ICE with unsized type in const pattern 2021-07-11 19:16:26 +02:00
Fabian Wolff
b0888614f1 Implement Mutation- and BorrowOfLayoutConstrainedField in thir-unsafeck 2021-07-10 16:33:00 +02:00
Ralf Jung
5f0dd6db94 remove const_raw_ptr_to_usize_cast feature 2021-07-10 12:08:58 +02:00
bors
240ff4c4a0 Auto merge of #85263 - Smittyvb:thir-unsafeck-union-field, r=oli-obk
Check for union field accesses in THIR unsafeck

see also #85259, #83129, https://github.com/rust-lang/project-thir-unsafeck/issues/7

r? `@LeSeulArtichaut`
2021-07-09 20:56:07 +00:00
Smitty
b86ed4a425 panic when trying to destructure union as enum 2021-07-09 15:22:12 -04:00
Smitty
74d0d74dae Check for union field accesses in THIR unsafeck 2021-07-09 13:51:28 -04:00
Fabian Wolff
d019c71df9 Fix double warning about illegal floating-point literal pattern 2021-07-05 18:10:34 +02:00
Aman Arora
10a37bf847 fixup! Editon 2021 enables precise capture 2021-06-27 21:46:55 -04:00
Aman Arora
b89ea96660 Editon 2021 enables precise capture 2021-06-27 21:44:33 -04:00
bors
f1e691da2e Auto merge of #86138 - FabianWolff:issue-85871, r=nikomatsakis
Check whether the closure's owner is an ADT in thir-unsafeck

This pull request fixes #85871. The code in `rustc_mir_build/src/check_unsafety.rs` incorrectly assumes that a closure's owner always has a body, but only functions, closures, and constants have bodies, whereas a closure can also appear inside a struct or enum:
```rust
struct S {
    arr: [(); match || 1 { _ => 42 }]
}

enum E {
    A([(); { || 1; 42 }])
}
```
This pull request fixes the resulting ICE by checking whether the closure's owner is an ADT and only deferring to `thir_check_unsafety(owner)` if it isn't.
2021-06-23 21:35:46 +00:00
Yuki Okushi
8ec4e7dfdd
Rollup merge of #86517 - camsteffen:unused-unsafe-async, r=LeSeulArtichaut
Fix `unused_unsafe` around `await`

Enables `unused_unsafe` lint for `unsafe { future.await }`.

The existing test for this is `unsafe { println!() }`, so I assume that `println!` used to contain compiler-generated unsafe but this is no longer true, and so the existing test is broken. I replaced the test with `unsafe { ...await }`. I believe `await` is currently the only instance of compiler-generated unsafe.

Reverts some parts of #85421, but the issue predates that PR.
2021-06-22 20:01:05 +09:00
Cameron Steffen
b07bb6d698 Fix unused_unsafe with compiler-generated unsafe 2021-06-21 17:25:45 -05:00
bors
150fad30ea Auto merge of #86460 - JohnTitor:use-static-in-pattern-err, r=oli-obk
Refactor `PatternError` structure

Now we emit the `StaticInPattern` error precisely.
Fixes #68395
r? `@oli-obk`
2021-06-19 19:46:02 +00:00
bors
9cf05f3614 Auto merge of #86378 - Smittyvb:thir-walker-pat, r=LeSeulArtichaut
Add pattern walking support to THIR walker

Suggested in https://github.com/rust-lang/rust/pull/85263#issuecomment-861906730, this splits off the support for pattern walking in THIR from #85263. This has no observable effect on THIR unsafety checking, since it is not currently possible to trigger unsafety from the THIR checker using the additional patterns or constants that are now walked. THIR patterns are walked in source code order.

r? `@LeSeulArtichaut`
2021-06-19 05:44:11 +00:00
Yuki Okushi
e44e65e888
Assert is_associated_const when resolving 2021-06-19 13:55:24 +09:00
Yuki Okushi
bc243a7f55
Refactor PatternError structure 2021-06-19 11:47:15 +09:00
bors
312b894cc1 Auto merge of #85421 - Smittyvb:rm_pushpop_unsafe, r=matthewjasper
Remove some last remants of {push,pop}_unsafe!

These macros have already been removed, but there was still some code handling these macros. That code is now removed.
2021-06-18 14:17:53 +00:00
Smitty
281dd6d6e0 Explicitly write out all fields 2021-06-17 10:17:35 -04:00
Smitty
1d5accabf1 simplify borrowing 2021-06-17 10:15:02 -04:00
Smitty
210e46bf24 Add pattern walking support to THIR walker 2021-06-16 16:36:43 -04:00
LeSeulArtichaut
5e802e5e97 Box ExprKind::Adt 2021-06-13 17:03:11 +02:00
Fabian Wolff
433c1aec21 Check whether the closure's owner has a body before deferring to it in thir-unsafeck 2021-06-08 22:09:35 +02:00
Smitty
45c55540a8 Remove some last remants of {push,pop}_unsafe!
These macros have already been removed, but there was still some code
handling these macros. That code is now removed.
2021-06-06 17:04:03 -04:00
marcusdunn
43d8854b56 removed unneeded brackets on import 2021-06-04 09:42:50 -07:00
marcusdunn
21dee3cbf8 removed conditional check on bindings_after_at and resulting dead code 2021-06-04 09:41:55 -07:00
Yuki Okushi
36f1ed6de2
Rollup merge of #85850 - bjorn3:less_feature_gates, r=jyn514
Remove unused feature gates

The first commit removes a usage of a feature gate, but I don't expect it to be controversial as the feature gate was only used to workaround a limitation of rust in the past. (closures never being `Clone`)

The second commit uses `#[allow_internal_unstable]` to avoid leaking the `trusted_step` feature gate usage from inside the index newtype macro. It didn't work for the `min_specialization` feature gate though.

The third commit removes (almost) all feature gates from the compiler that weren't used anyway.
2021-06-04 13:42:54 +09:00
bors
a93699f20a Auto merge of #85952 - JohnTitor:rollup-r00gu9q, r=JohnTitor
Rollup of 13 pull requests

Successful merges:

 - #83362 (Stabilize `vecdeque_binary_search`)
 - #85706 (Turn off frame pointer elimination on all Apple platforms. )
 - #85724 (Fix issue 85435 by restricting Fake Read precision)
 - #85852 (Clarify meaning of MachineApplicable suggestions.)
 - #85877 (Intra doc link-ify a reference to a function)
 - #85880 (convert assertion on rvalue::threadlocalref to delay bug)
 - #85896 (Add test for forward declared const param defaults)
 - #85897 (Update I-unsound label for triagebot)
 - #85900 (Use pattern matching instead of checking lengths explicitly)
 - #85911 (Avoid a clone of output_filenames.)
 - #85926 (Update cargo)
 - #85934 (Add `Ty::is_union` predicate)
 - #85935 (Validate type of locals used as indices)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
2021-06-03 08:02:39 +00:00
Yuki Okushi
34f1275880
Rollup merge of #85724 - sexxi-goose:rox-fix-issue-85435, r=nikomatsakis
Fix issue 85435 by restricting Fake Read precision

This PR fixes the root bug of issue #85435 by restricting Fake Read precision in closures and removing the feature gate introduced in PR #85564. More info [here](https://github.com/rust-lang/rust/issues/85561#issuecomment-846223784) and [here](https://github.com/rust-lang/rust/issues/85561#issuecomment-847270533).

Closes #85561

r? ``@nikomatsakis``
2021-06-03 14:35:29 +09:00
bors
016e9b5e33 Auto merge of #84988 - alexcrichton:safe-target-feature-wasm, r=joshtriplett
rustc: Allow safe #[target_feature] on wasm

This commit updates the compiler's handling of the `#[target_feature]`
attribute when applied to functions on WebAssembly-based targets. The
compiler in general requires that any functions with `#[target_feature]`
are marked as `unsafe` as well, but this commit relaxes the restriction
for WebAssembly targets where the attribute can be applied to safe
functions as well.

The reason this is done is that the motivation for this feature of the
compiler is not applicable for WebAssembly targets. In general the
`#[target_feature]` attribute is used to enhance target CPU features
enabled beyond the basic level for the rest of the compilation. If done
improperly this means that your program could execute an instruction
that the CPU you happen to be running on does not understand. This is
considered undefined behavior where it is unknown what will happen (e.g.
it's not a deterministic `SIGILL`).

For WebAssembly, however, the target is different. It is not possible
for a running WebAssembly program to execute an instruction that the
engine does not understand. If this were the case then the program would
not have validated in the first place and would not run at all. Even if
this were allowed in some hypothetical future where engines have some
form of runtime feature detection (which they do not right now) any
implementation of such a feature would generate a trap if a module
attempts to execute an instruction the module does not understand. This
deterministic trap behavior would still not fall into the category of
undefined behavior because the trap is deterministic.

For these reasons the `#[target_feature]` attribute is now allowed on
safe functions, but only for WebAssembly targets. This notably enables
the wasm-SIMD intrinsics proposed for stabilization in #74372 to be
marked as safe generally instead of today where they're all `unsafe` due
to the historical implementation of `#[target_feature]` in the compiler.
2021-06-03 05:12:31 +00:00
bjorn3
312f964478 Remove unused feature gates 2021-05-31 13:55:43 +02:00
bors
9a72afa7dd Auto merge of #83772 - jhpratt:revamp-step-trait, r=Mark-Simulacrum
Make `Step` trait safe to implement

This PR makes a few modifications to the `Step` trait that I believe better position it for stabilization in the short term. In particular,

1. `unsafe trait TrustedStep` is introduced, indicating that the implementation of `Step` for a given type upholds all stated invariants (which have remained unchanged). This is gated behind a new `trusted_step` feature, as stabilization is realistically blocked on min_specialization.
2. The `Step` trait is internally specialized on the `TrustedStep` trait, which avoids a serious performance regression.
3. `TrustedLen` is implemented for `T: TrustedStep` as the latter's invariants subsume the former's.
4. The `Step` trait is no longer `unsafe`, as the invariants must not be relied upon by unsafe code (unless the type implements `TrustedStep`).
5. `TrustedStep` is implemented for all types that implement `Step` in the standard library and compiler.
6. The `step_trait_ext` feature is merged into the `step_trait` feature. I was unable to find any reasoning for the features being split; the `_unchecked` methods need not necessarily be stabilized at the same time, but I think it is useful to have them under the same feature flag.

All existing implementations of `Step` will be broken, as it is not possible to `unsafe impl` a safe trait. Given this trait only exists on nightly, I feel this breakage is acceptable. The blanket `impl<T: Step> TrustedLen for T` will likely cause some minor breakage, but this should be covered by the equivalent impl for `TrustedStep`.

Hopefully these changes are sufficient to place `Step` in decent position for stabilization, which would allow user-defined types to be used with `a..b` syntax.
2021-05-30 01:21:39 +00:00
Alex Crichton
7fed92b3a4 rustc: Allow safe #[target_feature] on wasm
This commit updates the compiler's handling of the `#[target_feature]`
attribute when applied to functions on WebAssembly-based targets. The
compiler in general requires that any functions with `#[target_feature]`
are marked as `unsafe` as well, but this commit relaxes the restriction
for WebAssembly targets where the attribute can be applied to safe
functions as well.

The reason this is done is that the motivation for this feature of the
compiler is not applicable for WebAssembly targets. In general the
`#[target_feature]` attribute is used to enhance target CPU features
enabled beyond the basic level for the rest of the compilation. If done
improperly this means that your program could execute an instruction
that the CPU you happen to be running on does not understand. This is
considered undefined behavior where it is unknown what will happen (e.g.
it's not a deterministic `SIGILL`).

For WebAssembly, however, the target is different. It is not possible
for a running WebAssembly program to execute an instruction that the
engine does not understand. If this were the case then the program would
not have validated in the first place and would not run at all. Even if
this were allowed in some hypothetical future where engines have some
form of runtime feature detection (which they do not right now) any
implementation of such a feature would generate a trap if a module
attempts to execute an instruction the module does not understand. This
deterministic trap behavior would still not fall into the category of
undefined behavior because the trap is deterministic.

For these reasons the `#[target_feature]` attribute is now allowed on
safe functions, but only for WebAssembly targets. This notably enables
the wasm-SIMD intrinsics proposed for stabilization in #74372 to be
marked as safe generally instead of today where they're all `unsafe` due
to the historical implementation of `#[target_feature]` in the compiler.
2021-05-28 12:57:35 -07:00
Roxane
382338fe75 Remove feature gate 2021-05-27 17:58:35 -04:00
LeSeulArtichaut
6c4f40dee1 Make closures inherit their parent's "safety context" 2021-05-27 16:50:48 +02:00
Dylan DPC
9d4a6449db
Rollup merge of #85564 - pnkfelix:issue-85435-readd-capture-disjoint-fields-gate, r=nikomatsakis
readd capture disjoint fields gate

This readds a feature gate guard that was added in PR #83521. (Basically, there were unintended consequences to the code exposed by removing the feature gate guard.)

The root bug still remains to be resolved, as discussed in issue #85561. This is just a band-aid suitable for a beta backport.

Cc issue #85435

Note that the latter issue is unfixed until we backport this (or another fix) to 1.53 beta
2021-05-27 03:02:08 +02:00