-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check WF of source type's signature on fn pointer cast #129021
Conversation
@bors try |
…=<try> Check WF of source type's signature on fn pointer cast TODO: description r? lcnr
@@ -1,15 +1,10 @@ | |||
//@ check-pass | |||
//@ known-bug: #25860 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I should probably rewrite this test to continue being a known-bug?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just make it higher-ranked in one more arg or sth...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, and also add "regression test for X"
☀️ Try build successful - checks-actions |
@craterbot check |
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
aa3574c
to
042df19
Compare
changes to the core type system |
042df19
to
86a3123
Compare
☔ The latest upstream changes (presumably #129092) made this pull request unmergeable. Please resolve the merge conflicts. |
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
🎉 Experiment
|
@craterbot check crates=https://crater-reports.s3.amazonaws.com/pr-129021/retry-regressed-list.txt p=1 There seems to be no legitimate regressions, just a bunch of unsound copies of cve-rs. Lots of "no more space on disk" and segfaults that seem normal with crater, but let's give this another pass just to shake those off. |
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
86a3123
to
512ae20
Compare
This comment has been minimized.
This comment has been minimized.
512ae20
to
b9acb52
Compare
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
6729b8d
to
67804c5
Compare
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. This will be merged soon. |
@bors r=lcnr |
… r=lcnr Check WF of source type's signature on fn pointer cast This PR patches the implied bounds holes slightly for rust-lang#129005, rust-lang#25860. Like most implied bounds related unsoundness fixes, this isn't complete w.r.t. higher-ranked function signatures, but I believe it implements a pretty good heuristic for now. ### What does this do? This PR makes a partial patch for a soundness hole in a `FnDef` -> `FnPtr` "reifying" pointer cast where we were never checking that the signature we are casting *from* is actually well-formed. Because of this, and because `FnDef` doesn't require its signature to be well-formed (just its predicates must hold), we are essentially allowed to "cast away" implied bounds that are assumed within the body of the `FnDef`: ``` fn foo<'a, 'b, T>(_: &'a &'b (), v: &'b T) -> &'a T { v } fn bad<'short, T>(x: &'short T) -> &'static T { let f: fn(_, &'short T) -> &'static T = foo; f(&&(), x) } ``` In this example, subtyping ends up casting the `_` type (which should be `&'static &'short ()`) to some other type that no longer serves as a "witness" to the lifetime relationship `'short: 'static` which would otherwise be required for this call to be WF. This happens regardless of if `foo`'s lifetimes are early- or late-bound. This PR implements two checks: 1. We check that the signature of the `FnDef` is well-formed *before* casting it. This ensures that there is at least one point in the MIR where we ensure that the `FnDef`'s implied bounds are actually satisfied by the caller. 2. Implements a special case where if we're casting from a higher-ranked `FnDef` to a non-higher-ranked, we instantiate the binder of the `FnDef` with *infer vars* and ensure that it is a supertype of the target of the cast. The (2.) is necessary to validate that these pointer casts are valid for higher-ranked `FnDef`. Otherwise, the example above would still pass even if `help`'s `'a` lifetime were late-bound. ### Further work The WF checks for function calls are scattered all over the MIR. We check the WF of args in call terminators, we check the WF of `FnDef` when we create a `const` operand referencing it, and we check the WF of the return type in rust-lang#115538, to name a few. One way to make this a bit cleaner is to simply extend rust-lang#115538 to always check that the signature is WF for `FnDef` types. I may do this as a follow-up, but I wanted to keep this simple since this leads to some pretty bad NLL diagnostics regressions, and AFAICT this solution is *complete enough*. ### Crater triage Done here: rust-lang#129021 (comment) r? lcnr
… r=lcnr Check WF of source type's signature on fn pointer cast This PR patches the implied bounds holes slightly for rust-lang#129005, rust-lang#25860. Like most implied bounds related unsoundness fixes, this isn't complete w.r.t. higher-ranked function signatures, but I believe it implements a pretty good heuristic for now. ### What does this do? This PR makes a partial patch for a soundness hole in a `FnDef` -> `FnPtr` "reifying" pointer cast where we were never checking that the signature we are casting *from* is actually well-formed. Because of this, and because `FnDef` doesn't require its signature to be well-formed (just its predicates must hold), we are essentially allowed to "cast away" implied bounds that are assumed within the body of the `FnDef`: ``` fn foo<'a, 'b, T>(_: &'a &'b (), v: &'b T) -> &'a T { v } fn bad<'short, T>(x: &'short T) -> &'static T { let f: fn(_, &'short T) -> &'static T = foo; f(&&(), x) } ``` In this example, subtyping ends up casting the `_` type (which should be `&'static &'short ()`) to some other type that no longer serves as a "witness" to the lifetime relationship `'short: 'static` which would otherwise be required for this call to be WF. This happens regardless of if `foo`'s lifetimes are early- or late-bound. This PR implements two checks: 1. We check that the signature of the `FnDef` is well-formed *before* casting it. This ensures that there is at least one point in the MIR where we ensure that the `FnDef`'s implied bounds are actually satisfied by the caller. 2. Implements a special case where if we're casting from a higher-ranked `FnDef` to a non-higher-ranked, we instantiate the binder of the `FnDef` with *infer vars* and ensure that it is a supertype of the target of the cast. The (2.) is necessary to validate that these pointer casts are valid for higher-ranked `FnDef`. Otherwise, the example above would still pass even if `help`'s `'a` lifetime were late-bound. ### Further work The WF checks for function calls are scattered all over the MIR. We check the WF of args in call terminators, we check the WF of `FnDef` when we create a `const` operand referencing it, and we check the WF of the return type in rust-lang#115538, to name a few. One way to make this a bit cleaner is to simply extend rust-lang#115538 to always check that the signature is WF for `FnDef` types. I may do this as a follow-up, but I wanted to keep this simple since this leads to some pretty bad NLL diagnostics regressions, and AFAICT this solution is *complete enough*. ### Crater triage Done here: rust-lang#129021 (comment) r? lcnr
…kingjubilee Rollup of 14 pull requests Successful merges: - rust-lang#128919 (Add an internal lint that warns when accessing untracked data) - rust-lang#129021 (Check WF of source type's signature on fn pointer cast) - rust-lang#129472 (fix ICE when `asm_const` and `const_refs_to_static` are combined) - rust-lang#129653 (clarify that addr_of creates read-only pointers) - rust-lang#129775 (bootstrap: Try to track down why `initial_libdir` sometimes fails) - rust-lang#129781 (Make `./x.py <cmd> compiler/<crate>` aware of the crate's features) - rust-lang#129939 (explain why Rvalue::Len still exists) - rust-lang#129942 (copy rustc rustlib artifacts from ci-rustc) - rust-lang#129944 (Add compat note for trait solver change) - rust-lang#129947 (Add digit separators in `Duration` examples) - rust-lang#129955 (Temporarily remove fmease from the review rotation) - rust-lang#129957 (forward linker option to lint-docs) - rust-lang#129969 (Make `Ty::boxed_ty` return an `Option`) - rust-lang#129995 (Remove wasm32-wasip2's tier 2 status from release notes) r? `@ghost` `@rustbot` modify labels: rollup
…iaskrgr Rollup of 6 pull requests Successful merges: - rust-lang#129021 (Check WF of source type's signature on fn pointer cast) - rust-lang#129781 (Make `./x.py <cmd> compiler/<crate>` aware of the crate's features) - rust-lang#129963 (Inaccurate `{Path,OsStr}::to_string_lossy()` documentation) - rust-lang#129969 (Make `Ty::boxed_ty` return an `Option`) - rust-lang#129995 (Remove wasm32-wasip2's tier 2 status from release notes) - rust-lang#130013 (coverage: Count await when the Future is immediately ready ) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#129021 - compiler-errors:ptr-cast-outlives, r=lcnr Check WF of source type's signature on fn pointer cast This PR patches the implied bounds holes slightly for rust-lang#129005, rust-lang#25860. Like most implied bounds related unsoundness fixes, this isn't complete w.r.t. higher-ranked function signatures, but I believe it implements a pretty good heuristic for now. ### What does this do? This PR makes a partial patch for a soundness hole in a `FnDef` -> `FnPtr` "reifying" pointer cast where we were never checking that the signature we are casting *from* is actually well-formed. Because of this, and because `FnDef` doesn't require its signature to be well-formed (just its predicates must hold), we are essentially allowed to "cast away" implied bounds that are assumed within the body of the `FnDef`: ``` fn foo<'a, 'b, T>(_: &'a &'b (), v: &'b T) -> &'a T { v } fn bad<'short, T>(x: &'short T) -> &'static T { let f: fn(_, &'short T) -> &'static T = foo; f(&&(), x) } ``` In this example, subtyping ends up casting the `_` type (which should be `&'static &'short ()`) to some other type that no longer serves as a "witness" to the lifetime relationship `'short: 'static` which would otherwise be required for this call to be WF. This happens regardless of if `foo`'s lifetimes are early- or late-bound. This PR implements two checks: 1. We check that the signature of the `FnDef` is well-formed *before* casting it. This ensures that there is at least one point in the MIR where we ensure that the `FnDef`'s implied bounds are actually satisfied by the caller. 2. Implements a special case where if we're casting from a higher-ranked `FnDef` to a non-higher-ranked, we instantiate the binder of the `FnDef` with *infer vars* and ensure that it is a supertype of the target of the cast. The (2.) is necessary to validate that these pointer casts are valid for higher-ranked `FnDef`. Otherwise, the example above would still pass even if `help`'s `'a` lifetime were late-bound. ### Further work The WF checks for function calls are scattered all over the MIR. We check the WF of args in call terminators, we check the WF of `FnDef` when we create a `const` operand referencing it, and we check the WF of the return type in rust-lang#115538, to name a few. One way to make this a bit cleaner is to simply extend rust-lang#115538 to always check that the signature is WF for `FnDef` types. I may do this as a follow-up, but I wanted to keep this simple since this leads to some pretty bad NLL diagnostics regressions, and AFAICT this solution is *complete enough*. ### Crater triage Done here: rust-lang#129021 (comment) r? lcnr
`cve-rs` does not compile in nightly due to rust-lang/rust#129021 and this change will be landed in Rust 1.83. This PR fixes it.
Pkgsrc changes compared to rust182: * Remove patches related to rust-lang/rust#130110, which is now integrated upstream. * Remove patch to vendor/cc-1.0.79, now integrated in the current vendored cc crate. * Checksum updates. TODO: * Cross-compilation fails ref. rust-lang/rust#133629 Upstream changes: Version 1.83.0 (2024-11-28) ========================== Language -------- - [Stabilize `&mut`, `*mut`, `&Cell`, and `*const Cell` in const.] (rust-lang/rust#129195) - [Allow creating references to statics in `const` initializers.] (rust-lang/rust#129759) - [Implement raw lifetimes and labels (`'r#ident`).] (rust-lang/rust#126452) - [Define behavior when atomic and non-atomic reads race.] (rust-lang/rust#128778) - [Non-exhaustive structs may now be empty.] (rust-lang/rust#128934) - [Disallow implicit coercions from places of type `!`] (rust-lang/rust#129392) - [`const extern` functions can now be defined for other calling conventions.] (rust-lang/rust#129753) - [Stabilize `expr_2021` macro fragment specifier in all editions.] (rust-lang/rust#129972) - [The `non_local_definitions` lint now fires on less code and warns by default.] (rust-lang/rust#127117) Compiler -------- - [Deprecate unsound `-Csoft-float` flag.] (rust-lang/rust#129897) - Add many new tier 3 targets: - [`aarch64_unknown_nto_qnx700`] (rust-lang/rust#127897) - [`arm64e-apple-tvos`] (rust-lang/rust#130614) - [`armv7-rtems-eabihf`] (rust-lang/rust#127021) - [`loongarch64-unknown-linux-ohos`] (rust-lang/rust#130750) - [`riscv32-wrs-vxworks` and `riscv64-wrs-vxworks`] (rust-lang/rust#130549) - [`riscv32{e|em|emc}-unknown-none-elf`] (rust-lang/rust#130555) - [`x86_64-unknown-hurd-gnu`] (rust-lang/rust#128345) - [`x86_64-unknown-trusty`] (rust-lang/rust#130453) Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [Implement `PartialEq` for `ExitCode`.] (rust-lang/rust#127633) - [Document that `catch_unwind` can deal with foreign exceptions without UB, although the exact behavior is unspecified.] (rust-lang/rust#128321) - [Implement `Default` for `HashMap`/`HashSet` iterators that don't already have it.] (rust-lang/rust#128711) - [Bump Unicode to version 16.0.0.] (rust-lang/rust#130183) - [Change documentation of `ptr::add`/`sub` to not claim equivalence with `offset`.] (rust-lang/rust#130229). Stabilized APIs --------------- - [`BufRead::skip_until`] (https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.skip_until) - [`ControlFlow::break_value`] (https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.break_value) - [`ControlFlow::continue_value`] (https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.continue_value) - [`ControlFlow::map_break`] (https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.map_break) - [`ControlFlow::map_continue`] (https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.map_continue) - [`DebugList::finish_non_exhaustive`] (https://doc.rust-lang.org/stable/core/fmt/struct.DebugList.html#method.finish_non_exhaustive) - [`DebugMap::finish_non_exhaustive`] (https://doc.rust-lang.org/stable/core/fmt/struct.DebugMap.html#method.finish_non_exhaustive) - [`DebugSet::finish_non_exhaustive`] (https://doc.rust-lang.org/stable/core/fmt/struct.DebugSet.html#method.finish_non_exhaustive) - [`DebugTuple::finish_non_exhaustive`] (https://doc.rust-lang.org/stable/core/fmt/struct.DebugTuple.html#method.finish_non_exhaustive) - [`ErrorKind::ArgumentListTooLong`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ArgumentListTooLong) - [`ErrorKind::Deadlock`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.Deadlock) - [`ErrorKind::DirectoryNotEmpty`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.DirectoryNotEmpty) - [`ErrorKind::ExecutableFileBusy`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ExecutableFileBusy) - [`ErrorKind::FileTooLarge`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.FileTooLarge) - [`ErrorKind::HostUnreachable`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.HostUnreachable) - [`ErrorKind::IsADirectory`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.IsADirectory) - [`ErrorKind::NetworkDown`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NetworkDown) - [`ErrorKind::NetworkUnreachable`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NetworkUnreachable) - [`ErrorKind::NotADirectory`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NotADirectory) - [`ErrorKind::NotSeekable`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NotSeekable) - [`ErrorKind::ReadOnlyFilesystem`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ReadOnlyFilesystem) - [`ErrorKind::ResourceBusy`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ResourceBusy) - [`ErrorKind::StaleNetworkFileHandle`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.StaleNetworkFileHandle) - [`ErrorKind::StorageFull`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.StorageFull) - [`ErrorKind::TooManyLinks`] (https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.TooManyLinks) - [`Option::get_or_insert_default`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.get_or_insert_default) - [`Waker::data`] (https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.data) - [`Waker::new`] (https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.new) - [`Waker::vtable`] (https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.vtable) - [`char::MIN`] (https://doc.rust-lang.org/stable/core/primitive.char.html#associatedconstant.MIN) - [`hash_map::Entry::insert_entry`] (https://doc.rust-lang.org/stable/std/collections/hash_map/enum.Entry.html#method.insert_entry) - [`hash_map::VacantEntry::insert_entry`] (https://doc.rust-lang.org/stable/std/collections/hash_map/struct.VacantEntry.html#method.insert_entry) These APIs are now stable in const contexts: - [`Cell::into_inner`] (https://doc.rust-lang.org/stable/core/cell/struct.Cell.html#method.into_inner) - [`Duration::as_secs_f32`] (https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.as_secs_f32) - [`Duration::as_secs_f64`] (https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.as_secs_f64) - [`Duration::div_duration_f32`] (https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.div_duration_f32) - [`Duration::div_duration_f64`] (https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.div_duration_f64) - [`MaybeUninit::as_mut_ptr`] (https://doc.rust-lang.org/stable/core/mem/union.MaybeUninit.html#method.as_mut_ptr) - [`NonNull::as_mut`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.as_mut) - [`NonNull::copy_from`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_from) - [`NonNull::copy_from_nonoverlapping`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_from_nonoverlapping) - [`NonNull::copy_to`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_to) - [`NonNull::copy_to_nonoverlapping`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_to_nonoverlapping) - [`NonNull::slice_from_raw_parts`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`NonNull::write`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write) - [`NonNull::write_bytes`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write_bytes) - [`NonNull::write_unaligned`] (https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write_unaligned) - [`OnceCell::into_inner`] (https://doc.rust-lang.org/stable/core/cell/struct.OnceCell.html#method.into_inner) - [`Option::as_mut`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.as_mut) - [`Option::expect`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.expect) - [`Option::replace`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.replace) - [`Option::take`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.take) - [`Option::unwrap`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.unwrap) - [`Option::unwrap_unchecked`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.unwrap_unchecked) - [`Option::<&_>::copied`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.copied) - [`Option::<&mut _>::copied`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.copied-1) - [`Option::<Option<_>>::flatten`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.flatten) - [`Option::<Result<_, _>>::transpose`] (https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.transpose) - [`RefCell::into_inner`] (https://doc.rust-lang.org/stable/core/cell/struct.RefCell.html#method.into_inner) - [`Result::as_mut`] (https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.as_mut) - [`Result::<&_, _>::copied`] (https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.copied) - [`Result::<&mut _, _>::copied`] (https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.copied-1) - [`Result::<Option<_>, _>::transpose`] (https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.transpose) - [`UnsafeCell::get_mut`] (https://doc.rust-lang.org/stable/core/cell/struct.UnsafeCell.html#method.get_mut) - [`UnsafeCell::into_inner`] (https://doc.rust-lang.org/stable/core/cell/struct.UnsafeCell.html#method.into_inner) - [`array::from_mut`] (https://doc.rust-lang.org/stable/core/array/fn.from_mut.html) - [`char::encode_utf8`] (https://doc.rust-lang.org/stable/core/primitive.char.html#method.encode_utf8) - [`{float}::classify`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.classify) - [`{float}::is_finite`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_finite) - [`{float}::is_infinite`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_infinite) - [`{float}::is_nan`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_nan) - [`{float}::is_normal`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_normal) - [`{float}::is_sign_negative`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_sign_negative) - [`{float}::is_sign_positive`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_sign_positive) - [`{float}::is_subnormal`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_subnormal) - [`{float}::from_bits`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_bits) - [`{float}::from_be_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_be_bytes) - [`{float}::from_le_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_le_bytes) - [`{float}::from_ne_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_ne_bytes) - [`{float}::to_bits`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_bits) - [`{float}::to_be_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_be_bytes) - [`{float}::to_le_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_le_bytes) - [`{float}::to_ne_bytes`] (https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_ne_bytes) - [`mem::replace`] (https://doc.rust-lang.org/stable/core/mem/fn.replace.html) - [`ptr::replace`] (https://doc.rust-lang.org/stable/core/ptr/fn.replace.html) - [`ptr::slice_from_raw_parts_mut`] (https://doc.rust-lang.org/stable/core/ptr/fn.slice_from_raw_parts_mut.html) - [`ptr::write`] (https://doc.rust-lang.org/stable/core/ptr/fn.write.html) - [`ptr::write_unaligned`] (https://doc.rust-lang.org/stable/core/ptr/fn.write_unaligned.html) - [`<*const _>::copy_to`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to) - [`<*const _>::copy_to_nonoverlapping`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to_nonoverlapping) - [`<*mut _>::copy_from`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_from) - [`<*mut _>::copy_from_nonoverlapping`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_from_nonoverlapping) - [`<*mut _>::copy_to`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to-1) - [`<*mut _>::copy_to_nonoverlapping`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to_nonoverlapping-1) - [`<*mut _>::write`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write) - [`<*mut _>::write_bytes`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write_bytes) - [`<*mut _>::write_unaligned`] (https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write_unaligned) - [`slice::from_mut`] (https://doc.rust-lang.org/stable/core/slice/fn.from_mut.html) - [`slice::from_raw_parts_mut`] (https://doc.rust-lang.org/stable/core/slice/fn.from_raw_parts_mut.html) - [`<[_]>::first_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.first_mut) - [`<[_]>::last_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.last_mut) - [`<[_]>::first_chunk_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.first_chunk_mut) - [`<[_]>::last_chunk_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.last_chunk_mut) - [`<[_]>::split_at_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut) - [`<[_]>::split_at_mut_checked`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut_checked) - [`<[_]>::split_at_mut_unchecked`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut_unchecked) - [`<[_]>::split_first_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_first_mut) - [`<[_]>::split_last_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_last_mut) - [`<[_]>::split_first_chunk_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_first_chunk_mut) - [`<[_]>::split_last_chunk_mut`] (https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_last_chunk_mut) - [`str::as_bytes_mut`] (https://doc.rust-lang.org/stable/core/primitive.str.html#method.as_bytes_mut) - [`str::as_mut_ptr`] (https://doc.rust-lang.org/stable/core/primitive.str.html#method.as_mut_ptr) - [`str::from_utf8_unchecked_mut`] (https://doc.rust-lang.org/stable/core/str/fn.from_utf8_unchecked_mut.html) Cargo ----- - [Introduced a new `CARGO_MANIFEST_PATH` environment variable, similar to `CARGO_MANIFEST_DIR` but pointing directly to the manifest file.] (rust-lang/cargo#14404) - [Added `package.autolib` to the manifest, allowing `[lib]` auto-discovery to be disabled.] (rust-lang/cargo#14591) - [Declare support level for each crate in Cargo's Charter / crate docs.] (rust-lang/cargo#14600) - [Declare new Intentional Artifacts as 'small' changes.] (rust-lang/cargo#14599) Rustdoc ------- - [The sidebar / hamburger menu table of contents now includes the `# headers` from the main item's doc comment] (rust-lang/rust#120736). This is similar to a third-party feature provided by the rustdoc-search-enhancements browser extension. Compatibility Notes ------------------- - [Warn against function pointers using unsupported ABI strings.] (rust-lang/rust#128784) - [Check well-formedness of the source type's signature in fn pointer casts.] (rust-lang/rust#129021) This partly closes a soundness hole that comes when casting a function item to function pointer - [Use equality instead of subtyping when resolving type dependent paths.] (rust-lang/rust#129073) - Linking on macOS now correctly includes Rust's default deployment target. Due to a linker bug, you might have to pass `MACOSX_DEPLOYMENT_TARGET` or fix your `#[link]` attributes to point to the correct frameworks. See <rust-lang/rust#129369>. - [Rust will now correctly raise an error for `repr(Rust)` written on non-`struct`/`enum`/`union` items, since it previous did not have any effect.] (rust-lang/rust#129422) - The future incompatibility lint `deprecated_cfg_attr_crate_type_name` [has been made into a hard error] (rust-lang/rust#129670). It was used to deny usage of `#![crate_type]` and `#![crate_name]` attributes in `#![cfg_attr]`, which required a hack in the compiler to be able to change the used crate type and crate name after cfg expansion. Users can use `--crate-type` instead of `#![cfg_attr(..., crate_type = "...")]` and `--crate-name` instead of `#![cfg_attr(..., crate_name = "...")]` when running `rustc`/`cargo rustc` on the command line. Use of those two attributes outside of `#![cfg_attr]` continue to be fully supported. - Until now, paths into the sysroot were always prefixed with `/rustc/$hash` in diagnostics, codegen, backtrace, e.g. ``` thread 'main' panicked at 'hello world', map-panic.rs:2:50 stack backtrace: 0: std::panicking::begin_panic at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:616:12 1: map_panic::main::{{closure}} at ./map-panic.rs:2:50 2: core::option::Option<T>::map at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/option.rs:929:29 3: map_panic::main at ./map-panic.rs:2:30 4: core::ops::function::FnOnce::call_once at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/ops/function.rs:248:5 note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. ``` [RFC 3127 said] (https://rust-lang.github.io/rfcs/3127-trim-paths.html#changing-handling-of-sysroot-path-in-rustc) > We want to change this behaviour such that, when `rust-src` source files can be discovered, the virtual path is discarded and therefore the local path will be embedded, unless there is a `--remap-path-prefix` that causes this local path to be remapped in the usual way. [#129687](rust-lang/rust#129687) implements this behaviour, when `rust-src` is present at compile time, `rustc` replaces `/rustc/$hash` with a real path into the local `rust-src` component with best effort. To sanitize this, users must explicitly supply `--remap-path-prefix=<path to rust-src>=foo` or not have the `rust-src` component installed. - The allow-by-default `missing_docs` lint used to disable itself when invoked through `rustc --test`/`cargo test`, resulting in `#[expect(missing_docs)]` emitting false positives due to the expectation being wrongly unfulfilled. This behavior [has now been removed] (rust-lang/rust#130025), which allows `#[expect(missing_docs)]` to be fulfilled in all scenarios, but will also report new `missing_docs` diagnostics for publicly reachable `#[cfg(test)]` items, [integration test] (https://doc.rust-lang.org/cargo/reference/cargo-targets.html#integration-tests) crate-level documentation, and publicly reachable items in integration tests. - [The `armv8r-none-eabihf` target now uses the Armv8-R required set of floating-point features.] (rust-lang/rust#130295) - [Fix a soundness bug where rustc wouldn't detect unconstrained higher-ranked lifetimes in a `dyn Trait`'s associated types that occur due to supertraits.] (rust-lang/rust#130367) - [Update the minimum external LLVM version to 18.] (rust-lang/rust#130487) - [Remove `aarch64-fuchsia` and `x86_64-fuchsia` target aliases in favor of `aarch64-unknown-fuchsia` and `x86_64-unknown-fuchsia` respectively.] (rust-lang/rust#130657) - [The ABI-level exception class of a Rust panic is now encoded with native-endian bytes, so it is legible in hex dumps.] (rust-lang/rust#130897) - [Visual Studio 2013 is no longer supported for MSVC targets.] (rust-lang/rust#131070) - [The sysroot no longer contains the `std` dynamic library in its top-level `lib/` dir.] (rust-lang/rust#131188)
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [rust](https://github.com/rust-lang/rust) | minor | `1.82.0` -> `1.83.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>rust-lang/rust (rust)</summary> ### [`v1.83.0`](https://github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1830-2024-11-28) [Compare Source](rust-lang/rust@1.82.0...1.83.0) \========================== <a id="1.83.0-Language"></a> ## Language - [Stabilize `&mut`, `*mut`, `&Cell`, and `*const Cell` in const.](rust-lang/rust#129195) - [Allow creating references to statics in `const` initializers.](rust-lang/rust#129759) - [Implement raw lifetimes and labels (`'r#ident`).](rust-lang/rust#126452) - [Define behavior when atomic and non-atomic reads race.](rust-lang/rust#128778) - [Non-exhaustive structs may now be empty.](rust-lang/rust#128934) - [Disallow implicit coercions from places of type `!`](rust-lang/rust#129392) - [`const extern` functions can now be defined for other calling conventions.](rust-lang/rust#129753) - [Stabilize `expr_2021` macro fragment specifier in all editions.](rust-lang/rust#129972) - [The `non_local_definitions` lint now fires on less code and warns by default.](rust-lang/rust#127117) <a id="1.83.0-Compiler"></a> ## Compiler - [Deprecate unsound `-Csoft-float` flag.](rust-lang/rust#129897) - Add many new tier 3 targets: - [`aarch64_unknown_nto_qnx700`](rust-lang/rust#127897) - [`arm64e-apple-tvos`](rust-lang/rust#130614) - [`armv7-rtems-eabihf`](rust-lang/rust#127021) - [`loongarch64-unknown-linux-ohos`](rust-lang/rust#130750) - [`riscv32-wrs-vxworks` and `riscv64-wrs-vxworks`](rust-lang/rust#130549) - [`riscv32{e|em|emc}-unknown-none-elf`](rust-lang/rust#130555) - [`x86_64-unknown-hurd-gnu`](rust-lang/rust#128345) - [`x86_64-unknown-trusty`](rust-lang/rust#130453) Refer to Rust's \[platform support page]\[platform-support-doc] for more information on Rust's tiered platform support. <a id="1.83.0-Libraries"></a> ## Libraries - [Implement `PartialEq` for `ExitCode`.](rust-lang/rust#127633) - [Document that `catch_unwind` can deal with foreign exceptions without UB, although the exact behavior is unspecified.](rust-lang/rust#128321) - [Implement `Default` for `HashMap`/`HashSet` iterators that don't already have it.](rust-lang/rust#128711) - [Bump Unicode to version 16.0.0.](rust-lang/rust#130183) - [Change documentation of `ptr::add`/`sub` to not claim equivalence with `offset`.](rust-lang/rust#130229) <a id="1.83.0-Stabilized-APIs"></a> ## Stabilized APIs - [`BufRead::skip_until`](https://doc.rust-lang.org/stable/std/io/trait.BufRead.html#method.skip_until) - [`ControlFlow::break_value`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.break_value) - [`ControlFlow::continue_value`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.continue_value) - [`ControlFlow::map_break`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.map_break) - [`ControlFlow::map_continue`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.map_continue) - [`DebugList::finish_non_exhaustive`](https://doc.rust-lang.org/stable/core/fmt/struct.DebugList.html#method.finish_non_exhaustive) - [`DebugMap::finish_non_exhaustive`](https://doc.rust-lang.org/stable/core/fmt/struct.DebugMap.html#method.finish_non_exhaustive) - [`DebugSet::finish_non_exhaustive`](https://doc.rust-lang.org/stable/core/fmt/struct.DebugSet.html#method.finish_non_exhaustive) - [`DebugTuple::finish_non_exhaustive`](https://doc.rust-lang.org/stable/core/fmt/struct.DebugTuple.html#method.finish_non_exhaustive) - [`ErrorKind::ArgumentListTooLong`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ArgumentListTooLong) - [`ErrorKind::Deadlock`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.Deadlock) - [`ErrorKind::DirectoryNotEmpty`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.DirectoryNotEmpty) - [`ErrorKind::ExecutableFileBusy`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ExecutableFileBusy) - [`ErrorKind::FileTooLarge`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.FileTooLarge) - [`ErrorKind::HostUnreachable`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.HostUnreachable) - [`ErrorKind::IsADirectory`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.IsADirectory) - [`ErrorKind::NetworkDown`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NetworkDown) - [`ErrorKind::NetworkUnreachable`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NetworkUnreachable) - [`ErrorKind::NotADirectory`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NotADirectory) - [`ErrorKind::NotSeekable`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.NotSeekable) - [`ErrorKind::ReadOnlyFilesystem`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ReadOnlyFilesystem) - [`ErrorKind::ResourceBusy`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.ResourceBusy) - [`ErrorKind::StaleNetworkFileHandle`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.StaleNetworkFileHandle) - [`ErrorKind::StorageFull`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.StorageFull) - [`ErrorKind::TooManyLinks`](https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.TooManyLinks) - [`Option::get_or_insert_default`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.get_or_insert_default) - [`Waker::data`](https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.data) - [`Waker::new`](https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.new) - [`Waker::vtable`](https://doc.rust-lang.org/stable/core/task/struct.Waker.html#method.vtable) - [`char::MIN`](https://doc.rust-lang.org/stable/core/primitive.char.html#associatedconstant.MIN) - [`hash_map::Entry::insert_entry`](https://doc.rust-lang.org/stable/std/collections/hash_map/enum.Entry.html#method.insert_entry) - [`hash_map::VacantEntry::insert_entry`](https://doc.rust-lang.org/stable/std/collections/hash_map/struct.VacantEntry.html#method.insert_entry) These APIs are now stable in const contexts: - [`Cell::into_inner`](https://doc.rust-lang.org/stable/core/cell/struct.Cell.html#method.into_inner) - [`Duration::as_secs_f32`](https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.as_secs_f32) - [`Duration::as_secs_f64`](https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.as_secs_f64) - [`Duration::div_duration_f32`](https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.div_duration_f32) - [`Duration::div_duration_f64`](https://doc.rust-lang.org/stable/core/time/struct.Duration.html#method.div_duration_f64) - [`MaybeUninit::as_mut_ptr`](https://doc.rust-lang.org/stable/core/mem/union.MaybeUninit.html#method.as_mut_ptr) - [`NonNull::as_mut`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.as_mut) - [`NonNull::copy_from`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_from) - [`NonNull::copy_from_nonoverlapping`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_from_nonoverlapping) - [`NonNull::copy_to`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_to) - [`NonNull::copy_to_nonoverlapping`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.copy_to_nonoverlapping) - [`NonNull::slice_from_raw_parts`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.slice_from_raw_parts) - [`NonNull::write`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write) - [`NonNull::write_bytes`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write_bytes) - [`NonNull::write_unaligned`](https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.write_unaligned) - [`OnceCell::into_inner`](https://doc.rust-lang.org/stable/core/cell/struct.OnceCell.html#method.into_inner) - [`Option::as_mut`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.as_mut) - [`Option::expect`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.expect) - [`Option::replace`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.replace) - [`Option::take`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.take) - [`Option::unwrap`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.unwrap) - [`Option::unwrap_unchecked`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.unwrap_unchecked) - [`Option::<&_>::copied`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.copied) - [`Option::<&mut _>::copied`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.copied-1) - [`Option::<Option<_>>::flatten`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.flatten) - [`Option::<Result<_, _>>::transpose`](https://doc.rust-lang.org/stable/core/option/enum.Option.html#method.transpose) - [`RefCell::into_inner`](https://doc.rust-lang.org/stable/core/cell/struct.RefCell.html#method.into_inner) - [`Result::as_mut`](https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.as_mut) - [`Result::<&_, _>::copied`](https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.copied) - [`Result::<&mut _, _>::copied`](https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.copied-1) - [`Result::<Option<_>, _>::transpose`](https://doc.rust-lang.org/stable/core/result/enum.Result.html#method.transpose) - [`UnsafeCell::get_mut`](https://doc.rust-lang.org/stable/core/cell/struct.UnsafeCell.html#method.get_mut) - [`UnsafeCell::into_inner`](https://doc.rust-lang.org/stable/core/cell/struct.UnsafeCell.html#method.into_inner) - [`array::from_mut`](https://doc.rust-lang.org/stable/core/array/fn.from_mut.html) - [`char::encode_utf8`](https://doc.rust-lang.org/stable/core/primitive.char.html#method.encode_utf8) - [`{float}::classify`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.classify) - [`{float}::is_finite`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_finite) - [`{float}::is_infinite`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_infinite) - [`{float}::is_nan`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_nan) - [`{float}::is_normal`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_normal) - [`{float}::is_sign_negative`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_sign_negative) - [`{float}::is_sign_positive`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_sign_positive) - [`{float}::is_subnormal`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.is_subnormal) - [`{float}::from_bits`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_bits) - [`{float}::from_be_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_be_bytes) - [`{float}::from_le_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_le_bytes) - [`{float}::from_ne_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.from_ne_bytes) - [`{float}::to_bits`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_bits) - [`{float}::to_be_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_be_bytes) - [`{float}::to_le_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_le_bytes) - [`{float}::to_ne_bytes`](https://doc.rust-lang.org/stable/core/primitive.f64.html#method.to_ne_bytes) - [`mem::replace`](https://doc.rust-lang.org/stable/core/mem/fn.replace.html) - [`ptr::replace`](https://doc.rust-lang.org/stable/core/ptr/fn.replace.html) - [`ptr::slice_from_raw_parts_mut`](https://doc.rust-lang.org/stable/core/ptr/fn.slice_from_raw_parts_mut.html) - [`ptr::write`](https://doc.rust-lang.org/stable/core/ptr/fn.write.html) - [`ptr::write_unaligned`](https://doc.rust-lang.org/stable/core/ptr/fn.write_unaligned.html) - [`<*const _>::copy_to`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to) - [`<*const _>::copy_to_nonoverlapping`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to_nonoverlapping) - [`<*mut _>::copy_from`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_from) - [`<*mut _>::copy_from_nonoverlapping`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_from_nonoverlapping) - [`<*mut _>::copy_to`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to-1) - [`<*mut _>::copy_to_nonoverlapping`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.copy_to_nonoverlapping-1) - [`<*mut _>::write`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write) - [`<*mut _>::write_bytes`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write_bytes) - [`<*mut _>::write_unaligned`](https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.write_unaligned) - [`slice::from_mut`](https://doc.rust-lang.org/stable/core/slice/fn.from_mut.html) - [`slice::from_raw_parts_mut`](https://doc.rust-lang.org/stable/core/slice/fn.from_raw_parts_mut.html) - [`<[_]>::first_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.first_mut) - [`<[_]>::last_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.last_mut) - [`<[_]>::first_chunk_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.first_chunk_mut) - [`<[_]>::last_chunk_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.last_chunk_mut) - [`<[_]>::split_at_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut) - [`<[_]>::split_at_mut_checked`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut_checked) - [`<[_]>::split_at_mut_unchecked`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut_unchecked) - [`<[_]>::split_first_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_first_mut) - [`<[_]>::split_last_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_last_mut) - [`<[_]>::split_first_chunk_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_first_chunk_mut) - [`<[_]>::split_last_chunk_mut`](https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_last_chunk_mut) - [`str::as_bytes_mut`](https://doc.rust-lang.org/stable/core/primitive.str.html#method.as_bytes_mut) - [`str::as_mut_ptr`](https://doc.rust-lang.org/stable/core/primitive.str.html#method.as_mut_ptr) - [`str::from_utf8_unchecked_mut`](https://doc.rust-lang.org/stable/core/str/fn.from_utf8\_unchecked_mut.html) <a id="1.83.0-Cargo"></a> ## Cargo - [Introduced a new `CARGO_MANIFEST_PATH` environment variable, similar to `CARGO_MANIFEST_DIR` but pointing directly to the manifest file.](rust-lang/cargo#14404) - [Added `package.autolib` to the manifest, allowing `[lib]` auto-discovery to be disabled.](rust-lang/cargo#14591) - [Declare support level for each crate in Cargo's Charter / crate docs.](rust-lang/cargo#14600) - [Declare new Intentional Artifacts as 'small' changes.](rust-lang/cargo#14599) <a id="1.83-Rustdoc"></a> ## Rustdoc - [The sidebar / hamburger menu table of contents now includes the `# headers` from the main item's doc comment](rust-lang/rust#120736). This is similar to a third-party feature provided by the rustdoc-search-enhancements browser extension. <a id="1.83.0-Compatibility-Notes"></a> ## Compatibility Notes - [Warn against function pointers using unsupported ABI strings.](rust-lang/rust#128784) - [Check well-formedness of the source type's signature in fn pointer casts.](rust-lang/rust#129021) This partly closes a soundness hole that comes when casting a function item to function pointer - [Use equality instead of subtyping when resolving type dependent paths.](rust-lang/rust#129073) - Linking on macOS now correctly includes Rust's default deployment target. Due to a linker bug, you might have to pass `MACOSX_DEPLOYMENT_TARGET` or fix your `#[link]` attributes to point to the correct frameworks. See [#​129369](rust-lang/rust#129369). - [Rust will now correctly raise an error for `repr(Rust)` written on non-`struct`/`enum`/`union` items, since it previous did not have any effect.](rust-lang/rust#129422) - The future incompatibility lint `deprecated_cfg_attr_crate_type_name` [has been made into a hard error](rust-lang/rust#129670). It was used to deny usage of `#![crate_type]` and `#![crate_name]` attributes in `#![cfg_attr]`, which required a hack in the compiler to be able to change the used crate type and crate name after cfg expansion. Users can use `--crate-type` instead of `#![cfg_attr(..., crate_type = "...")]` and `--crate-name` instead of `#![cfg_attr(..., crate_name = "...")]` when running `rustc`/`cargo rustc` on the command line. Use of those two attributes outside of `#![cfg_attr]` continue to be fully supported. - Until now, paths into the sysroot were always prefixed with `/rustc/$hash` in diagnostics, codegen, backtrace, e.g. thread 'main' panicked at 'hello world', map-panic.rs:2:50 stack backtrace: 0: std::panicking::begin_panic at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:616:12 1: map_panic::main::{{closure}} at ./map-panic.rs:2:50 2: core::option::Option<T>::map at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/option.rs:929:29 3: map_panic::main at ./map-panic.rs:2:30 4: core::ops::function::FnOnce::call_once at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/ops/function.rs:248:5 note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. [RFC 3127 said](https://rust-lang.github.io/rfcs/3127-trim-paths.html#changing-handling-of-sysroot-path-in-rustc) > We want to change this behaviour such that, when `rust-src` source files can be discovered, the virtual path is discarded and therefore the local path will be embedded, unless there is a `--remap-path-prefix` that causes this local path to be remapped in the usual way. [#​129687](rust-lang/rust#129687) implements this behaviour, when `rust-src` is present at compile time, `rustc` replaces `/rustc/$hash` with a real path into the local `rust-src` component with best effort. To sanitize this, users must explicitly supply `--remap-path-prefix=<path to rust-src>=foo` or not have the `rust-src` component installed. - The allow-by-default `missing_docs` lint used to disable itself when invoked through `rustc --test`/`cargo test`, resulting in `#[expect(missing_docs)]` emitting false positives due to the expectation being wrongly unfulfilled. This behavior [has now been removed](rust-lang/rust#130025), which allows `#[expect(missing_docs)]` to be fulfilled in all scenarios, but will also report new `missing_docs` diagnostics for publicly reachable `#[cfg(test)]` items, [integration test](https://doc.rust-lang.org/cargo/reference/cargo-targets.html#integration-tests) crate-level documentation, and publicly reachable items in integration tests. - [The `armv8r-none-eabihf` target now uses the Armv8-R required set of floating-point features.](rust-lang/rust#130295) - [Fix a soundness bug where rustc wouldn't detect unconstrained higher-ranked lifetimes in a `dyn Trait`'s associated types that occur due to supertraits.](rust-lang/rust#130367) - [Update the minimum external LLVM version to 18.](rust-lang/rust#130487) - [Remove `aarch64-fuchsia` and `x86_64-fuchsia` target aliases in favor of `aarch64-unknown-fuchsia` and `x86_64-unknown-fuchsia` respectively.](rust-lang/rust#130657) - [The ABI-level exception class of a Rust panic is now encoded with native-endian bytes, so it is legible in hex dumps.](rust-lang/rust#130897) - [Visual Studio 2013 is no longer supported for MSVC targets.](rust-lang/rust#131070) - [The sysroot no longer contains the `std` dynamic library in its top-level `lib/` dir.](rust-lang/rust#131188) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
This PR patches the implied bounds holes slightly for #129005, #25860.
Like most implied bounds related unsoundness fixes, this isn't complete w.r.t. higher-ranked function signatures, but I believe it implements a pretty good heuristic for now.
What does this do?
This PR makes a partial patch for a soundness hole in a
FnDef
->FnPtr
"reifying" pointer cast where we were never checking that the signature we are casting from is actually well-formed. Because of this, and becauseFnDef
doesn't require its signature to be well-formed (just its predicates must hold), we are essentially allowed to "cast away" implied bounds that are assumed within the body of theFnDef
:In this example, subtyping ends up casting the
_
type (which should be&'static &'short ()
) to some other type that no longer serves as a "witness" to the lifetime relationship'short: 'static
which would otherwise be required for this call to be WF. This happens regardless of iffoo
's lifetimes are early- or late-bound.This PR implements two checks:
FnDef
is well-formed before casting it. This ensures that there is at least one point in the MIR where we ensure that theFnDef
's implied bounds are actually satisfied by the caller.FnDef
to a non-higher-ranked, we instantiate the binder of theFnDef
with infer vars and ensure that it is a supertype of the target of the cast.The (2.) is necessary to validate that these pointer casts are valid for higher-ranked
FnDef
. Otherwise, the example above would still pass even ifhelp
's'a
lifetime were late-bound.Further work
The WF checks for function calls are scattered all over the MIR. We check the WF of args in call terminators, we check the WF of
FnDef
when we create aconst
operand referencing it, and we check the WF of the return type in #115538, to name a few.One way to make this a bit cleaner is to simply extend #115538 to always check that the signature is WF for
FnDef
types. I may do this as a follow-up, but I wanted to keep this simple since this leads to some pretty bad NLL diagnostics regressions, and AFAICT this solution is complete enough.Crater triage
Done here: #129021 (comment)
r? lcnr