Clean fix for #96223
Okay, so here we are (hopefully) 👍Closes#96223
Thanks a lot to `@jackh726` for your help and explanation 🙏
- Modified `InferCtxt::mk_trait_obligation_with_new_self_ty` to take as argument a `Binder<(TraitPredicate, Ty)>` instead of a `Binder<TraitPredicate>` and a separate `Ty` with no bound vars.
- Modified all call places to avoid calling `Binder::no_bounds_var` or `Binder::skip_binder` when it is not safe.
r? `@jackh726`
Make HashMap fall back to RtlGenRandom if BCryptGenRandom fails
With PR #84096, Rust `std::collections::hash_map::RandomState` changed from using `RtlGenRandom()` ([msdn](https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom)) to `BCryptGenRandom()` ([msdn](https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom)) as its source of secure randomness after much discussion ([here](https://github.com/rust-random/getrandom/issues/65#issuecomment-753634074), among other places).
Unfortunately, after that PR landed, Mozilla Firefox started experiencing fairly-rare crashes during startup while attempting to initialize the `env_logger` crate. ([docs for env_logger](https://docs.rs/env_logger/latest/env_logger/)) The root issue is that on some machines, `BCryptGenRandom()` will fail with an `Access is denied. (os error 5)` error message. ([Bugzilla issue 1754490](https://bugzilla.mozilla.org/show_bug.cgi?id=1754490)) (Discussion in issue #94098)
Note that this is happening upon startup of Firefox's unsandboxed Main Process, so this behavior is different and separate from previous issues ([like this](https://bugzilla.mozilla.org/show_bug.cgi?id=1746254)) where BCrypt DLLs were blocked by process sandboxing. In the case of sandboxing, we knew we were doing something abnormal and expected that we'd have to resort to abnormal measures to make it work.
However, in this case we are in a regular unsandboxed process just trying to initialize `env_logger` and getting a panic. We suspect that this may be caused by a virus scanner or some other security software blocking the loading of the BCrypt DLLs, but we're not completely sure as we haven't been able to replicate locally.
It is also possible that Firefox is not the only software affected by this; we just may be one of the pieces of Rust software that has the telemetry and crash reporting necessary to catch it.
I have read some of the historical discussion around using `BCryptGenRandom()` in Rust code, and I respect the decision that was made and agree that it was a good course of action, so I'm not trying to open a discussion about a return to `RtlGenRandom()`. Instead, I'd like to suggest that perhaps we use `RtlGenRandom()` as a "fallback RNG" in the case that BCrypt doesn't work.
This pull request implements this fallback behavior. I believe this would improve the robustness of this essential data structure within the standard library, and I see only 2 potential drawbacks:
1. Slight added overhead: It should be quite minimal though. The first call to `sys::rand::hashmap_random_keys()` will incur a bit of initialization overhead, and every call after will incur roughly 2 non-atomic global reads and 2 easily predictable branches. Both should be negligible compared to the actual cost of generating secure random numbers
2. `RtlGenRandom()` is deprecated by Microsoft: Technically true, but as mentioned in [this comment on GoLang](https://github.com/golang/go/issues/33542#issuecomment-626124873), this API is ubiquitous in Windows software and actually removing it would break lots of things. Also, Firefox uses it already in [our C++ code](https://searchfox.org/mozilla-central/rev/5f88c1d6977e03e22d3420d0cdf8ad0113c2eb31/mfbt/RandomNum.cpp#25), and [Chromium uses it in their code as well](https://source.chromium.org/chromium/chromium/src/+/main:base/rand_util_win.cc) (which transitively means that Microsoft uses it in their own web browser, Edge). If there did come a time when Microsoft truly removes this API, it should be easy enough for Rust to simply remove the fallback in the code I've added here
Mention traits and types involved in unstable trait upcasting
Fixes#95972 by printing the traits being upcasted and the types being coerced that cause that upcasting...
---
the poor span mentioned in the original issue has nothing to do with trait upcasting diagnostic here...
> The original example I had that made me run into this issue had an even longer expression there (multiple chained
iterator methods) which just got all highlighted as one big block saying "somewhere here trait coercion is used and it's not allowed".
I don't think I can solve that issue in general without fixing the ObligationCauseCode and span that gets passed into Coerce.
Suggest dereferencing non-lval mutable reference on assignment
1. Adds deref suggestions for LHS of assignment (or assign-binop) when it implements `DerefMut`
2. Fixes missing deref suggestions for LHS when it isn't a place expr
Fixes#46276Fixes#93980
interpret/validity: reject references to uninhabited types
According to https://doc.rust-lang.org/reference/behavior-considered-undefined.html, this is definitely UB. And we can check this without actually looking up anything in memory, we just need the reference value and its type, making this a great candidate for a validity invariant IMO and my favorite resolution of https://github.com/rust-lang/unsafe-code-guidelines/issues/77.
With this PR, Miri with `-Zmiri-check-number-validity` implements all my preferred options for what the validity invariants of our types could be. :)
CTFE has been doing recursive checking anyway, so this is backwards compatible but might change the error output. I will submit a PR with the new Miri tests soon.
r? `@oli-obk`
Add tmm_reg clobbers
This adds support for naming the 8 tile registers from intel AMX as clobbers from `asm!` invocations on x86_64 (only). It does not add the registers as input or output operands.
rustdoc-json: Fix HRTBs for WherePredicate::BoundPredicate
Information about HRTBs are already present for `GenericBound:: TraitBound` and `FunctionPointer`. This PR adds HRTB info also to `WherePredicate::BoundPredicate`.
Use the same field name and type as for the other ones (`generic_params: Vec<GenericParamDef>`). I have verified that this gives rustdoc JSON clients the data they need and in a format that is easy to work with (see https://github.com/Enselic/public-api/pull/92).
I will be happy to add tests for this change (and bump `FORMAT_VERSION` which I just realized I forgot), but it is always nice to get one round of feedback first, so that I don't put a lot of effort into tests that then have to be discarded.
`@rustbot` modify labels: +T-rustdoc +A-rustdoc-json
Simplify rustdoc search test
Previously, rustdoc search attempted to parse search.js and extract out only certain methods and variables.
This change makes search.js and search-index.js loadable as [CommonJS modules](https://nodejs.org/api/modules.html#modules-commonjs-modules), so they can be loaded directly.
As part of that change, I had to separate execSearch from interacting with the DOM. This wound up being a nice cleanup that made more explicit what inputs it was taking.
I removed search.js' dependency on storage.js by moving hasOwnPropertyRustdoc directly into search.js, and replacing onEach with forEach in a path that is called by the tester.
r? `@GuillaumeGomez`
Demo: https://rustdoc.crud.net/jsha/rustdoc-search-refactor/std/?search=foo
- Modified `InferCtxt::mk_trait_obligation_with_new_self_ty` to take as
argument a `Binder<(TraitPredicate, Ty)>` instead of a
`Binder<TraitPredicate>` and a separate `Ty` with no bound vars.
- Modified all call places to avoid calling `Binder::no_bounds_var` or
`Binder::skip_binder` when it is not safe.
Previously, search.js relied on the DOM and the `window` object. It can now be
loaded in the absence of the DOM, for instance by Node. The same is true of
search-index.js.
This allows removing a lot of code from src/tools/rustdoc-js/tester.js that
tried to parse search.js and extract specific functions that were needed for
testing.
Prevent unwinding when `-C panic=abort` is used regardless declared ABI
Ensures that Rust code will abort with `-C panic=abort` regardless ABI used.
```rust
extern "C-unwind" {
fn may_unwind();
}
// Will be nounwind with `-C panic=abort`, despite `C-unwind` ABI.
pub unsafe extern "C-unwind" fn rust_item_that_can_unwind() {
may_unwind();
}
```
Current behaviour is that unwind will propagate through. While the current behaviour won't cause unsoundness it is inconsistent with the text reading of [RFC2945](https://rust-lang.github.io/rfcs/2945-c-unwind-abi.html).
I tweaked `fn_can_unwind` instead of tweaking `AbortUnwindingCalls` because this approach would allow Rust (non-direct) callers to also see that this function is nounwind, so it can prevent excessive landing pads generation.
For more discussions: https://rust-lang.zulipchat.com/#narrow/stream/210922-project-ffi-unwind/topic/soundness.20in.20mixed.20panic.20mode.
cc `@alexcrichton,` `@BatmanAoD`
r? `@Amanieu`
`@rustbot` label: T-compiler T-lang F-c_unwind
Change `Successors` to `impl Iterator<Item = BasicBlock>`
This PR fixes the FIXME in `compiler\rustc_middle\src\mir\mod.rs`.
This can omit several `&`, `*` or `cloned` operations on Successros' generated elements
Change `Successors` to `impl Iterator<Item = BasicBlock>`
This PR fixes the FIXME in `compiler\rustc_middle\src\mir\mod.rs`.
This can omit several `&`, `*` or `cloned` operations on Successros' generated elements
Allow `unused_macro_rules` in path tests
PR #96150 adds a new lint to warn about unused macro rules (arms/matchers). This causes errors in `library/std/src/path/tests.rs` on the `x86_64-fortanix-unknown-sgx` platform. This PR fixes compilation errors on that platform by allowing unused macro rules.
