Allow calling `const unsafe fn` in `const fn` behind a feature gate #55635

oli-obk · 2018-11-02T23:23:11Z

Centril

Tests look mostly good :)

Centril · 2018-11-02T23:51:50Z

src/test/ui/consts/min_const_fn/min_const_fn_unsafe_feature_gate.rs

+}
+// not ok
+const unsafe fn foo8_2() -> i32 {
+    foo4() //~ ERROR not allowed in const fn


The error message doesn't seem great here; the user isn't made aware that it can be fixed by wrapping in unsafe { ... } so knowing how to fix it sort of depends on having been introduced to the tracking issue / PR.

It may indeed be worth having an extra note like:

= note: unsafe actions within a `const unsafe fn` still require an `unsafe` block

src/test/ui/consts/min_const_fn/min_const_fn_unsafe.stderr

src/test/ui/consts/min_const_fn/min_const_fn_unsafe_feature_gate.rs

Centril · 2018-11-03T00:12:55Z

Passing the review over to Ralf;

r? @RalfJung

src/test/ui/consts/min_const_fn/min_const_fn_unsafe_feature_gate.rs

src/librustc/ty/constness.rs

RalfJung · 2018-11-03T09:34:58Z

This doesn't actually allow any new operations in unsafe const fn, right? It just allows marking them as unsafe?

Unfortunately most of this is code that I am not at all familiar with, so I cannot judge the side-effects this may have. @Centril does that mean you would r+ and just want to get my opinion as well?

@oli-obk I am a bit confused why there are two places where it makes the body of an unsafe fn not behave like an unsafe block: In librustc_mir/build/mod.rs and in librustc_mir/transform/check_unsafety.rs. Why is that?

oli-obk · 2018-11-03T09:59:07Z

check_unsafety can actually bug! out for const fn where the body is treated as unsafe, I'll fix that.

Centril · 2018-11-03T09:59:10Z

@RalfJung

This doesn't actually allow any new operations in unsafe const fn, right? It just allows marking them as unsafe?

The intention is that calling const unsafe fns should now be allowed in unsafe { ... } in const unsafe? fn.

Unfortunately most of this is code that I am not at all familiar with, so I cannot judge the side-effects this may have. @Centril does that mean you would r+ and just want to get my opinion as well?

I mainly want someone who is more familiar with the compiler internals than me (e.g. you) to review the code and see that it is correct and such; but if you are not familiar with the code maybe let's pass it to a third person (e.g. eddyb) to also check it?

oli-obk · 2018-11-03T10:05:44Z

cc @arielb1 who wrote the original unsafety checker for MIR

src/test/ui/consts/min_const_fn/min_const_fn_unsafe_feature_gate.rs

src/librustc_mir/transform/check_unsafety.rs

src/libsyntax/feature_gate.rs

RalfJung · 2018-11-03T12:36:33Z

if you are not familiar with the code maybe let's pass it to a third person (e.g. eddyb) to also check it?

The unsafety checker I can at least read because it works on MIR (but I wouldn't call that familiarity); the is_min_const_fn etc. stuff and the HIR things I have no idea about at all.

src/librustc_mir/transform/check_unsafety.rs

src/test/ui/unsafe/ranged_ints.stderr

src/librustc_mir/transform/check_unsafety.rs

eddyb · 2018-11-04T19:17:26Z

src/libcore/nonzero.rs

 #[repr(transparent)]
-pub(crate) struct NonZero<T>(pub(crate) T);
+pub(crate) struct NonZero<T: Freeze>(pub(crate) T);


Glad this is not exported anymore!

src/librustc_mir/transform/check_unsafety.rs

bors · 2018-12-04T14:16:29Z

⌛ Testing commit cb71752 with merge 2ba23a2...

@Centril

Allow calling `const unsafe fn` in `const fn` behind a feature gate cc #55607 r? @Centril

bors · 2018-12-04T15:36:14Z

💔 Test failed - status-travis

rust-highfive · 2018-12-04T15:36:16Z

The job x86_64-gnu-tools of your PR failed on Travis (raw log). Through arcane magic we have determined that the following fragments from the build log may contain information about the problem.

Click to expand the log.

[00:02:24]    Compiling rustc_tsan v0.0.0 (/checkout/src/librustc_tsan)
[00:02:24]    Compiling rustc_lsan v0.0.0 (/checkout/src/librustc_lsan)
[00:02:25]    Compiling rustc_asan v0.0.0 (/checkout/src/librustc_asan)
[00:02:25]    Compiling rustc_msan v0.0.0 (/checkout/src/librustc_msan)
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     |
[00:02:34]     |
[00:02:34] 73  |                       $Ty(unsafe { NonZero(n) })
[00:02:34]     |                           ^^^^^^ unnecessary `unsafe` block
[00:02:34] ...
[00:02:34] 110 | / nonzero_integers! {
[00:02:34] 111 | |     NonZeroU8(u8);
[00:02:34] 112 | |     NonZeroU16(u16);
[00:02:34] 113 | |     NonZeroU32(u32);
[00:02:34] 116 | |     NonZeroUsize(usize);
[00:02:34] 117 | | }
[00:02:34]     | |_- in this macro invocation
[00:02:34]     |
[00:02:34]     |
[00:02:34]     = note: #[warn(unused_unsafe)] on by default
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     |
[00:02:34]     |
[00:02:34] 73  |                       $Ty(unsafe { NonZero(n) })
[00:02:34]     |                           ^^^^^^ unnecessary `unsafe` block
[00:02:34] ...
[00:02:34] 110 | / nonzero_integers! {
[00:02:34] 111 | |     NonZeroU8(u8);
[00:02:34] 112 | |     NonZeroU16(u16);
[00:02:34] 113 | |     NonZeroU32(u32);
[00:02:34] 116 | |     NonZeroUsize(usize);
[00:02:34] 117 | | }
[00:02:34]     | |_- in this macro invocation
[00:02:34] 
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     |
[00:02:34]     |
[00:02:34] 81  |                           Some($Ty(unsafe { NonZero(n) }))
[00:02:34]     |                                    ^^^^^^ unnecessary `unsafe` block
[00:02:34] ...
[00:02:34] 110 | / nonzero_integers! {
[00:02:34] 111 | |     NonZeroU8(u8);
[00:02:34] 112 | |     NonZeroU16(u16);
[00:02:34] 113 | |     NonZeroU32(u32);
[00:02:34] 116 | |     NonZeroUsize(usize);
[00:02:34] 117 | | }
[00:02:34]     | |_- in this macro invocation
[00:02:34] 
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:2762:36
[00:02:34]      |
[00:02:34] 2762 |             Some(Unique { pointer: unsafe { NonZero(ptr as _) }, _marker: PhantomData })
[00:02:34]      |                                    ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:2818:27
[00:02:34]      |
[00:02:34] 2818 |         Unique { pointer: unsafe { NonZero(reference as _) }, _marker: PhantomData }
[00:02:34]      |                           ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:2825:27
[00:02:34]      |
[00:02:34] 2825 |         Unique { pointer: unsafe { NonZero(reference as _) }, _marker: PhantomData }
[00:02:34]      |                           ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:2898:28
[00:02:34]      |
[00:02:34] 2898 |         NonNull { pointer: unsafe { NonZero(ptr as _) } }
[00:02:34]      |                            ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:3028:28
[00:02:34]      |
[00:02:34] 3028 |         NonNull { pointer: unsafe { NonZero(reference as _) } }
[00:02:34]      |                            ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]     --> src/libcore/ptr.rs:3036:28
[00:02:34]      |
[00:02:34] 3036 |         NonNull { pointer: unsafe { NonZero(reference as _) } }
[00:02:34]      |                            ^^^^^^ unnecessary `unsafe` block
[00:02:34] 
[00:02:34] warning: unnecessary `unsafe` block
[00:02:34]    |
[00:02:34]    |
[00:02:34] 27 |         unsafe { NonZero(self.0) }
[00:02:34]    |         ^^^^^^ unnecessary `unsafe` block
[00:02:39] [RUSTC-TIMING] core test:false 24.101
[00:02:41] [RUSTC-TIMING] compiler_builtins test:false 1.844
[00:02:41]    Compiling libc v0.0.0 (/checkout/src/rustc/libc_shim)
[00:02:41]    Compiling alloc v0.0.0 (/checkout/src/liballoc)
---
[01:09:42] [RUSTC-TIMING] arena test:false 0.926
[01:09:42]    Compiling rustc-ap-syntax_pos v297.0.0
[01:09:44] [RUSTC-TIMING] git2_curl test:false 2.904
[01:09:44]    Compiling cargo v0.33.0 (/checkout/src/tools/cargo)
[01:09:45] error[E0133]: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block
[01:09:45]    --> /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/rustc-ap-rustc_target-297.0.0/abi/mod.rs:830:1
[01:09:45]     |
[01:09:45] 830 | / newtype_index! {
[01:09:45] 831 | |     pub struct VariantIdx { .. }
[01:09:45] 832 | | }
[01:09:45]     | |_^ initializing type with `rustc_layout_scalar_valid_range` attr
[01:09:45]     |
[01:09:45]     = note: initializing a layout restricted type's field with a value outside the valid range is undefined behavior
[01:09:45] 
[01:09:45] 
[01:09:45] error[E0133]: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block
[01:09:45]    --> /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/rustc-ap-rustc_target-297.0.0/abi/mod.rs:830:1
[01:09:45]     |
[01:09:45] 830 | / newtype_index! {
[01:09:45] 831 | |     pub struct VariantIdx { .. }
[01:09:45] 832 | | }
[01:09:45]     | |_^ initializing type with `rustc_layout_scalar_valid_range` attr
[01:09:45]     |
[01:09:45]     = note: initializing a layout restricted type's field with a value outside the valid range is undefined behavior
[01:09:45] 
[01:09:45] error: aborting due to 2 previous errors
[01:09:45] 
[01:09:45] For more information about this error, try `rustc --explain E0133`.
---
[01:12:59]    Compiling rustc-ap-arena v297.0.0
[01:12:59]    Compiling rustc-ap-rustc_target v297.0.0
[01:12:59] [RUSTC-TIMING] arena test:false 0.528
[01:12:59]    Compiling rustc-ap-syntax_pos v297.0.0
[01:13:02] error[E0133]: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block
[01:13:02]    --> /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/rustc-ap-rustc_target-297.0.0/abi/mod.rs:830:1
[01:13:02]     |
[01:13:02] 830 | / newtype_index! {
[01:13:02] 831 | |     pub struct VariantIdx { .. }
[01:13:02] 832 | | }
[01:13:02]     | |_^ initializing type with `rustc_layout_scalar_valid_range` attr
[01:13:02]     |
[01:13:02]     = note: initializing a layout restricted type's field with a value outside the valid range is undefined behavior
[01:13:02] 
[01:13:02] 
[01:13:02] error[E0133]: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block
[01:13:02]    --> /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/rustc-ap-rustc_target-297.0.0/abi/mod.rs:830:1
[01:13:02]     |
[01:13:02] 830 | / newtype_index! {
[01:13:02] 831 | |     pub struct VariantIdx { .. }
[01:13:02] 832 | | }
[01:13:02]     | |_^ initializing type with `rustc_layout_scalar_valid_range` attr
[01:13:02]     |
[01:13:02]     = note: initializing a layout restricted type's field with a value outside the valid range is undefined behavior
[01:13:02] 
[01:13:02] error: aborting due to 2 previous errors
[01:13:02] 
[01:13:02] For more information about this error, try `rustc --explain E0133`.
---
[01:16:14] failures:
[01:16:14] 
[01:16:14] ---- [compile-fail] compile-fail/validity/nonzero.rs stdout ----
[01:16:14] 
[01:16:14] error: tests/compile-fail/validity/nonzero.rs:10: unexpected error: '10:19: 10:29: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block [E0133]'
[01:16:14] 
[01:16:14] error: tests/compile-fail/validity/nonzero.rs:10: expected error not found: encountered 0, but expected something greater or equal to 1
[01:16:14] error: 1 unexpected errors found, 1 expected errors not found
[01:16:14] status: exit code: 1
[01:16:14] status: exit code: 1
[01:16:14] command: "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2-tools-bin/miri" "tests/compile-fail/validity/nonzero.rs" "-L" "/tmp/compiletestvu0kh1" "--target=x86_64-unknown-linux-gnu" "--error-format" "json" "-C" "prefer-dynamic" "-o" "/tmp/compiletestvu0kh1/validity/nonzero.stage-id" "--sysroot" "/checkout/obj/build/x86_64-unknown-linux-gnu/stage2" "-Dwarnings" "-Dunused" "--edition" "2018" "-L" "/tmp/compiletestvu0kh1/validity/nonzero.stage-id.aux" "-A" "unused"
[01:16:14] unexpected errors (from JSON output): [
[01:16:14]     Error {
[01:16:14]         line_num: 10,
[01:16:14]         kind: Some(
[01:16:14]         kind: Some(
[01:16:14]             Error
[01:16:14]         ),
[01:16:14]         msg: "10:19: 10:29: initializing type with `rustc_layout_scalar_valid_range` attr is unsafe and requires unsafe function or block [E0133]"
[01:16:14] ]
[01:16:14] 
[01:16:14] not found errors (from test file): [
[01:16:14]     Error {
[01:16:14]     Error {
[01:16:14]         line_num: 10,
[01:16:14]         kind: Some(
[01:16:14]             Error
[01:16:14]         ),
[01:16:14]         msg: "encountered 0, but expected something greater or equal to 1"
[01:16:14] ]
[01:16:14] 
[01:16:14] thread '[compile-fail] compile-fail/validity/nonzero.rs' panicked at 'explicit panic', /cargo/registry/src/git.luolix.top-1ecc6299db9ec823/compiletest_rs-0.3.17/src/runtest.rs:1098:13
[01:16:14] note: Run with `RUST_BACKTRACE=1` for a backtrace.
---
travis_time:end:094631be:start=1543937712944865554,finish=1543937712951008419,duration=6142865
travis_fold:end:after_failure.3
travis_fold:start:after_failure.4
travis_time:start:00efd01b
$ ln -s . checkout && for CORE in obj/cores/core.*; do EXE=$(echo $CORE | sed 's|obj/cores/core\.[0-9]*\.!checkout!\(.*\)|\1|;y|!|/|'); if [ -f "$EXE" ]; then printf travis_fold":start:crashlog\n\033[31;1m%s\033[0m\n" "$CORE"; gdb --batch -q -c "$CORE" "$EXE" -iex 'set auto-load off' -iex 'dir src/' -iex 'set sysroot .' -ex bt -ex q; echo travis_fold":"end:crashlog; fi; done || true
travis_fold:end:after_failure.4
travis_fold:start:after_failure.5
travis_time:start:00a40e95
travis_time:start:00a40e95
$ cat ./obj/build/x86_64-unknown-linux-gnu/native/asan/build/lib/asan/clang_rt.asan-dynamic-i386.vers || true
cat: ./obj/build/x86_64-unknown-linux-gnu/native/asan/build/lib/asan/clang_rt.asan-dynamic-i386.vers: No such file or directory
travis_fold:end:after_failure.5
travis_fold:start:after_failure.6
travis_time:start:075b2172
$ dmesg | grep -i kill

I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact @TimNN. (Feature Requests)

oli-obk · 2018-12-04T15:55:32Z

Uh... @alexcrichton @nrc what is the correct procedure for landing something that breaks a rustc-ap-* crate needed for cargo?

alexcrichton · 2018-12-04T16:02:59Z

@oli-obk in theory there's no procedure as we just publish a new version of rustc-ap-syntax every night, whatever the nightly happened to be released with. I've just fixed a bug where it stopped running for a week or so, so maybe that's all that was needed?

Does that help? I fear I may be missing context about what's actually needed here

oli-obk · 2018-12-04T16:07:33Z

I made a breaking change to librustc_data_structures, which in turn broke rustc-ap-syntax_pos.

From your statement it sounds like that's normally fine, so it might be that that in turn would have broken rls, and since we're in publishing week, we can't break tools.

I am currently investigating if I can work around it by a targeted application of #[allow_internal_unstable].

alexcrichton · 2018-12-04T16:12:37Z

Hm that's odd because that breakage should be impossible, the rustc-ap-syntax_pos crate depend on rustc-ap-rustc_data_structures, not the in-tree copy. Is the breakage in the logs above or elsewhere?

oli-obk · 2018-12-04T16:15:24Z

Is the breakage in the logs above or elsewhere?

It's in the logs above.... But I think I know the issue: I changed language semantics for the forever-unstable feature rustc_layout_scalar_valid_range attributes. Using them requires unsafe now.

alexcrichton · 2018-12-04T19:23:04Z

Ah yes indeed! If that breaks crates on crates.io that's fine, it just means that until the release happens (where we require the RLS compiles) this won't be able to land. After the release though this can land, it'll break the RLS, and then the RLS will update to a newer version of the crate on crates.io as it's naturally published.

kennytm · 2018-12-06T09:07:00Z

@bors retry

bors · 2018-12-06T10:18:25Z

⌛ Testing commit cb71752 with merge 128a1fa...

@Centril

Allow calling `const unsafe fn` in `const fn` behind a feature gate cc #55607 r? @Centril

bors · 2018-12-06T12:41:25Z

☀️ Test successful - status-appveyor, status-travis
Approved by: nikomatsakis
Pushing 128a1fa to master...

rust-highfive · 2018-12-06T12:42:46Z

📣 Toolstate changed by #55635!

Tested on commit 128a1fa.
Direct link to PR: #55635

💔 miri on windows: test-pass → test-fail (cc @oli-obk @RalfJung @eddyb, @rust-lang/infra).
💔 miri on linux: test-pass → test-fail (cc @oli-obk @RalfJung @eddyb, @rust-lang/infra).
💔 rls on windows: test-pass → build-fail (cc @nrc @Xanewok, @rust-lang/infra).
💔 rls on linux: test-pass → build-fail (cc @nrc @Xanewok, @rust-lang/infra).
💔 rustfmt on windows: test-pass → build-fail (cc @nrc, @rust-lang/infra).
💔 rustfmt on linux: test-pass → build-fail (cc @nrc, @rust-lang/infra).

@oli-obk

Tested on commit rust-lang/rust@128a1fa. Direct link to PR: <rust-lang/rust#55635> 💔 miri on windows: test-pass → test-fail (cc @oli-obk @RalfJung @eddyb, @rust-lang/infra). 💔 miri on linux: test-pass → test-fail (cc @oli-obk @RalfJung @eddyb, @rust-lang/infra). 💔 rls on windows: test-pass → build-fail (cc @nrc @Xanewok, @rust-lang/infra). 💔 rls on linux: test-pass → build-fail (cc @nrc @Xanewok, @rust-lang/infra). 💔 rustfmt on windows: test-pass → build-fail (cc @nrc, @rust-lang/infra). 💔 rustfmt on linux: test-pass → build-fail (cc @nrc, @rust-lang/infra).

src/libcore/num/mod.rs

rust-highfive assigned Centril Nov 2, 2018

rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Nov 2, 2018

Centril mentioned this pull request Nov 3, 2018

Tracking issue for unsafe operations in const fn #55607

Closed

4 tasks

Centril reviewed Nov 3, 2018

View reviewed changes

rust-highfive assigned RalfJung and unassigned Centril Nov 3, 2018