Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove allowing static_mut_refs lint #131439

Merged
merged 1 commit into from
Jan 1, 2025
Merged

Remove allowing static_mut_refs lint #131439

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions compiler/rustc_driver_impl/src/signal_handler.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//! Primarily used to extract a backtrace from stack overflow

use std::alloc::{Layout, alloc};
use std::{fmt, mem, ptr};
use std::{fmt, mem, ptr, slice};

use rustc_interface::util::{DEFAULT_STACK_SIZE, STACK_SIZE};

Expand Down Expand Up @@ -35,20 +35,22 @@ macro raw_errln($tokens:tt) {
}

/// Signal handler installed for SIGSEGV
// FIXME(static_mut_refs): Do not allow `static_mut_refs` lint
#[allow(static_mut_refs)]
extern "C" fn print_stack_trace(_: libc::c_int) {
///
/// # Safety
///
/// Caller must ensure that this function is not re-entered.
unsafe extern "C" fn print_stack_trace(_: libc::c_int) {
const MAX_FRAMES: usize = 256;
// Reserve data segment so we don't have to malloc in a signal handler, which might fail
// in incredibly undesirable and unexpected ways due to e.g. the allocator deadlocking
static mut STACK_TRACE: [*mut libc::c_void; MAX_FRAMES] = [ptr::null_mut(); MAX_FRAMES];
let stack = unsafe {
// Reserve data segment so we don't have to malloc in a signal handler, which might fail
// in incredibly undesirable and unexpected ways due to e.g. the allocator deadlocking
static mut STACK_TRACE: [*mut libc::c_void; MAX_FRAMES] = [ptr::null_mut(); MAX_FRAMES];
// Collect return addresses
let depth = libc::backtrace(STACK_TRACE.as_mut_ptr(), MAX_FRAMES as i32);
let depth = libc::backtrace(&raw mut STACK_TRACE as _, MAX_FRAMES as i32);
if depth == 0 {
return;
}
&STACK_TRACE.as_slice()[0..(depth as _)]
slice::from_raw_parts(&raw const STACK_TRACE as _, depth as _)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like neither of these fixes the underlying issue that we likely shouldn't be using a static mut here... It just side-steps the lint by using raw pointers which for some reason we don't lint on.

Copy link
Contributor Author

@mu001999 mu001999 Oct 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. But I didn't see other ways to implement this. And we can guarantee that using raw pointers here is correct, right?

Copy link
Contributor

@traviscross traviscross Oct 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

by using raw pointers which for some reason we don't lint on.

We don't lint against raw pointers because that's often what we're trying to push people toward (among other options). We lint against references because it's easier to get that wrong without realizing. E.g., it's fine to have aliasing pointers to some data as long as you're careful to not race the accesses, but it's never fine to have aliasing live mutable references. But taking potentially long-lived references to mutable statics makes it really easy to do that accidentally.

To make this particular case safer, I'd probably move STACK_TRACE into that let stack = unsafe { .. } block. Then it can't be directly accessed later while the reference to it via that slice is live, which is the main danger.

Probably I'd also expect this function to be unsafe extern "C" fn .. since there's a safety requirement here that must be upheld by callers (the function is not reentrant). Not sure if there's some practical reason preventing that here.

Assuming that safety invariant is upheld, the use of static mut here, as revised, seems fine to me in the context of what we were trying to achieve as a lang matter. This is plausibly the kind of use case that argues against deprecating static mut entirely (see #53639).

};

// Just a stack trace is cryptic. Explain what we're doing.
Expand Down
2 changes: 0 additions & 2 deletions library/panic_unwind/src/seh.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,8 +288,6 @@ cfg_if::cfg_if! {
}
}

// FIXME(static_mut_refs): Do not allow `static_mut_refs` lint
#[allow(static_mut_refs)]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you check whether the library builds on stage 2? This should definitely still trigger the lint here since we haven't (afaict?) changed anything.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found no reference used in this function's body, so I removed it and just try to build on stage 2 on my linux device.
But I just found it needs #[cfg(all(target_env = "msvc", not(target_arch = "arm")))], so I will test it on another windows device later today.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried ./x b library/panic_unwind --stage 3 and it succeed:

Building bootstrap
    Finished `dev` profile [unoptimized] target(s) in 0.17s
Building stage0 library artifacts (x86_64-pc-windows-msvc)
    Finished `release` profile [optimized + debuginfo] target(s) in 0.23s
Building compiler artifacts (stage0 -> stage1, x86_64-pc-windows-msvc)
    Finished `release` profile [optimized + debuginfo] target(s) in 1.09s
Creating a sysroot for stage1 compiler (use `rustup toolchain link 'name' build/host/stage1`)
Building stage1 library artifacts (x86_64-pc-windows-msvc)
    Finished `release` profile [optimized + debuginfo] target(s) in 0.36s
Building compiler artifacts (stage1 -> stage2, x86_64-pc-windows-msvc)
    Finished `release` profile [optimized + debuginfo] target(s) in 0.83s
Creating a sysroot for stage2 compiler (use `rustup toolchain link 'name' build/host/stage2`)
Uplifting library (stage1 -> stage2)
Uplifting rustc (stage1 -> stage3)
Creating a sysroot for stage3 compiler (use `rustup toolchain link 'name' build/host/stage3`)
Uplifting library (stage1 -> stage3)
Build completed successfully in 0:00:10

pub unsafe fn panic(data: Box<dyn Any + Send>) -> u32 {
use core::intrinsics::atomic_store_seqcst;

Expand Down
Loading