miri engine: Stacked Borrows NG
For more refined tracking in miri, we do return untagged pointers from the memory abstraction after allocations and let the caller decide how to tag these.
Also refactor the `tag_(de)reference` hooks so they can be more easily called in the ref-to-place and place-to-ref methods, and reorder things in validation: validation calls ref-to-place which (when running in miri) triggers some checks, so we want to run it rather late and catch other problems first. We also do not need to redundantly check the ref to be allocated any more, the checks miri does anyway imply thath.
r? @oli-obk
Unchecked thread spawning
# Summary
Add an unsafe interface for spawning lifetime-unrestricted threads for
library authors to build less-contrived, less-hacky safe abstractions
on.
# Motivation
So a few years back scoped threads were entirely removed from the Rust
stdlib, the reason being that it was possible to leak the scoped thread's
join guards without resorting to unsafe code, which meant the concept
was not completely safe, either.
Only a maximally-restrictive safe API for thread spawning was kept in the
stdlib, that requires `'static` lifetime bounds on both the thread closure
and its return type.
A number of 3rd party libraries sprung up to offer their implementations
for safe scoped threads implementations.
These work by essentially hiding the join guards from the user, thus
forcing them to join at the end of an (internal) function scope.
However, since these libraries have to use the maximally restrictive
thread spawning API, they have to resort to some very contrived manipulations
and subversions of Rust's type system to basically achieve what this commit does
with some minimal restructuring of the current code and exposing a new unsafe
function signature for spawning threads without lifetime restrictions.
Obviously this is unsafe, but its main use would be to allow library authors
to write safe abstractions with and around it.
To further illustrate my point, here's a quick summary of the hoops that,
for instance `crossbeam`, has to jump through to spawn a lifetime unrestricted
thread, all of which would not be necessary if an unsafe API existed as part
of the stdlib:
1. Allocate an `Arc<Option<T>>` on the heap where the result with type
`T: 'a` will go (in practice requires `Mutex` or `UnsafeCell` as well).
2. Wrap the desired thread closure with lifetime bound `'a` into another
closure (also `..: 'a`) that returns `()`, executes the inner closure and
writes its result into the pre-allocated `Option<T>`.
3. Box the wrapping closure, cast it to a trait object (`FnBox`) and
(unsafely) transmute its lifetime bound from `'a` to `'static`.
So while this new `spawn_unchecked` function is certainly not very relevant
for general use, since scoped threads are so common I think it makes sense
to expose an interface for libraries implementing these to build on.
The changes implemented are also very minimal: The current `spawn` function
(which internally contains unsafe code) is moved into an unsafe `spawn_unchecked`
function, which the safe function then wraps around.
# Issues
- ~~so far, no documentation for the new function (yet)~~
- the name of the function might be controversial, as `*_unchecked` more commonly
indicates that some sort of runtime check is omitted (`unrestricted` may be
more fitting)
- if accepted, it might make sense to add a freestanding `thread::spawn_unchecked`
function similar to the current `thread::spawn` for convenience.
Delayed CTFE backtraces
This renames the env var that controls CTFE backtraces from `MIRI_BACKTRACE` to `RUST_CTFE_BACKTRACE` so that we can use `MIRI_BACKTRACE` in the miri tool to only show backtraces of the main miri execution.
It also makes `RUST_CTFE_BACKTRACE` only show backtraces that actually get rendered as errors, instead of showing them eagerly when the `Err` happens. The current behavior is near useless in miri because it shows about one gazillion backtraces for errors that we later catch and do not care about. However, @oli-obk likes the current behavior for rustc CTFE work so it is still available via `RUST_CTFE_BACKTRACE=immediate`.
NOTE: This is based on top of https://github.com/rust-lang/rust/pull/53821. Only [the last three commits](https://github.com/oli-obk/rust/compare/sanity_query...RalfJung:ctfe-backtrace) are new.
Fixes https://github.com/rust-lang/rust/issues/53355
Rollup of 11 pull requests
Successful merges:
- #55148 (Implement FromStr for PathBuf)
- #55185 (path suggestions in Rust 2018 should point out the change in semantics)
- #55191 (Fix sub-variant doc display)
- #55199 (Impl items have generics)
- #55244 (Don't rerun MIR passes when inlining)
- #55252 (Add MaybeUninit::new)
- #55257 (Allow extern statics with an extern type)
- #55389 (Remove unnecessary mut in iterator.find_map documentation example, R…)
- #55406 (Update string.rs)
- #55412 (Fix an ICE in the min_const_fn analysis)
- #55421 (Add ManuallyDrop::take)
path suggestions in Rust 2018 should point out the change in semantics
Fixes#55130.
This commit extends existing path suggestions to link to documentation
on the changed semantics of `use` in Rust 2018.
Add ManuallyDrop::take
Tracking issue: #55422
Proposed in this form in https://internals.rust-lang.org/t/mini-rfc-manuallydrop-take/8679,
see that thread for some history.
A small convenience wrapper for `ManuallyDrop` that makes a pattern (taking ownership of the contained data in drop) more obvious.
Fix ordering of nested modules in non-mod.rs mods
Flatten relative offset into directory path before adding inline
(mod x { ... }) module names to the current directory path.
Fix#55094
The env var is now RUST_CTFE_BACKTRACE. Similar to RUST_BACKTRACE, it usually
only prints a backtrace when the error actually surfaces, not when it happens.
This makes a difference when we catch errors.
As per @oli-obk's request, one can set RUST_CTFE_BACKTRACE=immediate to get the
backtrace shown immediately.
Don't rerun MIR passes when inlining
Fixes#50411
r? @nikomatsakis
I updated your commit message with additional details. Let me know if any of that is incorrect. I also added the appropriate `compile-flags` directive to the test.
Thanks for you help on this!
cc @RalfJung related to your PR #55086
Partial implementation of uniform paths 2.0 to land before beta
Reimplementation of uniform paths using in-scope resolution rather than canaries is a minor breaking change due to stricter future-proofing, so it needs to be landed before beta or backported later.
I hope to implement at least something until beta so we have less to backport.
r? @Mark-Simulacrum
We avoid an ICE by checking for an empty meta-item list before we
index into the meta-items, and leave commentary about where we'd like
to issue unused-attributes lints in the future. Note that empty lint
attributes are already accepted by the stable compiler; generalizing
this to weird reason-only lint attributes seems like the
conservative/consilient generalization.
Vadim Petrochenkov suggested this in review ("an error? just to be
conservative"), and it turns out to be convenient from the
implementer's perspective: in the initial proposed implementation (or
`HEAD~2`, as some might prefer to call it), we were doing an entire
whole iteration over the meta items just to find the reason (before
iterating over them to set the actual lint levels). This way, we can
just peek at the end rather than adding that extra loop (or
restructuring the existing code). The RFC doesn't seem to take a
position on this, and there's some precedent for restricting things to
be at the end of a sequence (we only allow `..` at the end of a struct
pattern, even if it would be possible to let it appear anywhere in the
sequence).
Implement by-value object safety
This PR implements **by-value object safety**, which is part of unsized rvalues #48055. That means, with `#![feature(unsized_locals)]`, you can call a method `fn foo(self, ...)` on trait objects. One aim of this is to enable `Box<FnOnce>` in the near future.
The difficulty here is this: when constructing a vtable for a trait `Foo`, we can't just put the function `<T as Foo>::foo` into the table. If `T` is no larger than `usize`, `self` is usually passed directly. However, as the caller of the vtable doesn't know the concrete `Self` type, we want a variant of `<T as Foo>::foo` where `self` is always passed by reference.
Therefore, when the compiler encounters such a method to be generated as a vtable entry, it produces a newly introduced instance called `InstanceDef::VtableShim(def_id)` (that wraps the original instance). the shim just derefs the receiver and calls the original method. We give different symbol names for the shims by appending `::{{vtable-shim}}` to the symbol path (and also adding vtable-shimness as an ingredient to the symbol hash).
r? @eddyb
This is just for the `reason =` name-value meta-item; the
`#[expect(lint)]` attribute also described in the RFC is a problem for
another day.
The place where we were directly calling `emit()` on a match block
(whose arms returned a mutable reference to a diagnostic-builder) was
admittedly cute, but no longer plausibly natural after adding the
if-let to the end of the `LintSource::Node` arm.
This regards #54503.
NLL: cast causes failure to promote to static
Fixes#55288. See commit messages for more details.
r? @oli-obk
cc @nikomatsakis
cc @pnkfelix
cc @RalfJung
This commit refactors `PlaceContext` to split it into four different
smaller enums based on if the context represents a mutating use,
non-mutating use, maybe-mutating use or a non-use (this is based on the
recommendation from @oli-obk on Zulip[1]).
This commit then introduces a `PlaceContext::AscribeUserTy` variant.
`StatementKind::AscribeUserTy` is now correctly mapped to
`PlaceContext::AscribeUserTy` instead of `PlaceContext::Validate`.
`PlaceContext::AscribeUserTy` can also now be correctly categorized as a
non-use which fixes an issue with constant promotion in statics after a
cast introduces a `AscribeUserTy` statement.
[1]: https://rust-lang.zulipchat.com/#narrow/stream/122657-wg-nll/subject/.2355288.20cast.20fails.20to.20promote.20to.20'static/near/136536949
Do not allow moving out of thread local under ast borrowck
AST borrowck failed to prevent moving out of a thread-local static.
This was broken. And it also (sometimes?) caused an ICE during drop elaboration.
Fix#47215Fix#54797
Handle bindings in substructure of patterns with type ascriptions
This attempts to follow the outline described by @nikomatsakis [here](https://github.com/rust-lang/rust/issues/47184#issuecomment-420041056). Its a bit more complicated than expected for two reasons:
1. In general it handles sets of type ascriptions, because such ascriptions can be nested within patterns
2. It has a separate types in the HAIR, `PatternTypeProjections` and `PatternTypeProjection`, which are analogues to the corresponding types in the MIR.
The main reason I added the new HAIR types was because I am worried that the current implementation is inefficent, and asymptotically so: It makes copies of vectors as it descends the patterns, even when those accumulated vectors are never used.
Longer term, I would like to used a linked tree structure for the `PatternTypeProjections` and `PatternTypeProjection`, and save the construction of standalone vectors for the MIR types. I didn't want to block landing this on that hypoethetical revision; but I figured I could at least make the future change easier by differentiating between the two types now.
Oh, one more thing: This doesn't attempt to handle `ref x` (in terms of ensuring that any necessary types are ascribed to `x` in that scenario as well). We should open an issue to investigate supporting that as well. But I didn't want to block this PR on that future work.
Fix#54570