Implement MIR lowering for unsafe binders #130514
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
PG-exploit-mitigations
compiler-errors
changed the title
7 tasks
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
☔ The latest upstream changes (presumably #130724) made this pull request unmergeable. Please resolve the merge conflicts. |
compiler-errors
force-pushed
the
unsafe-binders
branch
from
3aa766a to
ce3fbcb
Compare
This comment has been minimized.
This comment has been minimized.
|
☔ The latest upstream changes (presumably #127117) made this pull request unmergeable. Please resolve the merge conflicts. |
Dylan-DPC
added
S-experimental
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Dec 13, 2024
…, r=oli-obk Add AST support for unsafe binders I'm splitting up rust-lang#130514 into pieces. It's impossible for me to keep up with a huge PR like that. I'll land type system support for this next, probably w/o MIR lowering, which will come later. r? `@oli-obk` cc `@BoxyUwU` and `@lcnr` who also may want to look at this, though this PR doesn't do too much yet
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Dec 14, 2024
Rollup merge of rust-lang#134140 - compiler-errors:unsafe-binders-ast, r=oli-obk Add AST support for unsafe binders I'm splitting up rust-lang#130514 into pieces. It's impossible for me to keep up with a huge PR like that. I'll land type system support for this next, probably w/o MIR lowering, which will come later. r? `@oli-obk` cc `@BoxyUwU` and `@lcnr` who also may want to look at this, though this PR doesn't do too much yet
compiler-errors
force-pushed
the
unsafe-binders
branch
from
ce3fbcb to
fab3984
Compare
This comment has been minimized.
This comment has been minimized.
flip1995
pushed a commit
to flip1995/rust
that referenced
this pull request
Dec 15, 2024
…, r=oli-obk Add AST support for unsafe binders I'm splitting up rust-lang#130514 into pieces. It's impossible for me to keep up with a huge PR like that. I'll land type system support for this next, probably w/o MIR lowering, which will come later. r? `@oli-obk` cc `@BoxyUwU` and `@lcnr` who also may want to look at this, though this PR doesn't do too much yet
|
☔ The latest upstream changes (presumably #134414) made this pull request unmergeable. Please resolve the merge conflicts. |
bors
added
the
S-waiting-on-author
compiler-errors
force-pushed
the
unsafe-binders
branch
from
9c432eb to
b0f3844
Compare
This comment has been minimized.
This comment has been minimized.
|
☔ The latest upstream changes (presumably #134326) made this pull request unmergeable. Please resolve the merge conflicts. |
compiler-errors
force-pushed
the
unsafe-binders
branch
2 times, most recently
from
bfe01d2 to
50d4440
Compare
compiler-errors
commented
Jan 31, 2025
compiler-errors
commented
Jan 31, 2025
| @@ -0,0 +1,41 @@ | |||
| //@ known-bug: unknown | |||
There was a problem hiding this comment.
This test will (after I add a new trait instead of using Copy) demonstrate that we reason about moves correctly with unsafe binders.
oli-obk
reviewed
Jan 31, 2025
oli-obk
reviewed
Jan 31, 2025
oli-obk
reviewed
Jan 31, 2025
| @@ -66,6 +66,10 @@ impl<'tcx> Iterator for Prefixes<'tcx> { | |||
| self.next = Some(cursor_base); | |||
| return Some(cursor); | |||
| } | |||
| ProjectionElem::UnwrapUnsafeBinder(_) => { | |||
| self.next = Some(cursor_base); | |||
| return Some(cursor); | |||
There was a problem hiding this comment.
Why not just roll over unwrapunsafebinder just like with opaquecast?
There was a problem hiding this comment.
On the contrary, why is it valid to ignore this projection elem? I want to make sure I'm visiting it when tracking moves, right? Or am I misunderstanding how these prefixes are used?
In my brain, unsafe binders are equivalent to structs with a single field, so we should be treating this much like a field elem.
There was a problem hiding this comment.
These are just used for improving diagnostics, to be able to inform ppl when to split their borrows. It is useful to handle field accesses here, because borrowck can understand that any projection that goes through a field does not conflict with a projection that goes through another field. I unfortunately can't figure out how to make it care about the unsafe wrapper at all, so... 🤷 let's go with this and figure things out when we actually are using unsafe binders a lot and see some real world examples and conflicts.
compiler-errors
force-pushed
the
unsafe-binders
branch
from
3700fe8 to
442b9a9
Compare
|
@bors r+ |
bors
added
S-waiting-on-bors
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Feb 1, 2025
…oli-obk Implement MIR lowering for unsafe binders This is the final bit of the unsafe binders puzzle. It implements MIR, CTFE, and codegen for unsafe binders, and enforces that (for now) they are `Copy`. Later on, I'll introduce a new trait that relaxes this requirement to being "is `Copy` or `ManuallyDrop<T>`" which more closely models how we treat union fields. Namely, wrapping unsafe binders is now `Rvalue::WrapUnsafeBinder`, which acts much like an `Rvalue::Aggregate`. Unwrapping unsafe binders are implemented as a MIR projection `ProjectionElem::UnwrapUnsafeBinder`, which acts much like `ProjectionElem::Field`. Tracking: - rust-lang#130516
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 1, 2025
…iaskrgr Rollup of 7 pull requests Successful merges: - rust-lang#130514 (Implement MIR lowering for unsafe binders) - rust-lang#135684 (docs: Documented Send and Sync requirements for Mutex + MutexGuard) - rust-lang#135760 (Add `unchecked_disjoint_bitor` per ACP373) - rust-lang#136154 (Use +secure-plt for powerpc-unknown-linux-gnu{,spe}) - rust-lang#136309 (set rustc dylib on manually constructed rustc command) - rust-lang#136339 (CompileTest: Add Directives to Ignore `arm-unknown-*` Targets) - rust-lang#136368 (Make comma separated lists of anything easier to make for errors) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 1, 2025
…iaskrgr Rollup of 6 pull requests Successful merges: - rust-lang#130514 (Implement MIR lowering for unsafe binders) - rust-lang#135684 (docs: Documented Send and Sync requirements for Mutex + MutexGuard) - rust-lang#136307 (Implement all mix/max functions in a (hopefully) more optimization amendable way) - rust-lang#136360 (Stabilize `once_wait`) - rust-lang#136364 (document that ptr cmp is unsigned) - rust-lang#136374 (Add link attribute for Enzyme's LLVMRust FFI) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 1, 2025
…iaskrgr Rollup of 6 pull requests Successful merges: - rust-lang#130514 (Implement MIR lowering for unsafe binders) - rust-lang#135684 (docs: Documented Send and Sync requirements for Mutex + MutexGuard) - rust-lang#136307 (Implement all mix/max functions in a (hopefully) more optimization amendable way) - rust-lang#136360 (Stabilize `once_wait`) - rust-lang#136364 (document that ptr cmp is unsigned) - rust-lang#136374 (Add link attribute for Enzyme's LLVMRust FFI) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Feb 1, 2025
Rollup merge of rust-lang#130514 - compiler-errors:unsafe-binders, r=oli-obk Implement MIR lowering for unsafe binders This is the final bit of the unsafe binders puzzle. It implements MIR, CTFE, and codegen for unsafe binders, and enforces that (for now) they are `Copy`. Later on, I'll introduce a new trait that relaxes this requirement to being "is `Copy` or `ManuallyDrop<T>`" which more closely models how we treat union fields. Namely, wrapping unsafe binders is now `Rvalue::WrapUnsafeBinder`, which acts much like an `Rvalue::Aggregate`. Unwrapping unsafe binders are implemented as a MIR projection `ProjectionElem::UnwrapUnsafeBinder`, which acts much like `ProjectionElem::Field`. Tracking: - rust-lang#130516
flip1995
pushed a commit
to flip1995/rust
that referenced
this pull request
Feb 6, 2025
…oli-obk Implement MIR lowering for unsafe binders This is the final bit of the unsafe binders puzzle. It implements MIR, CTFE, and codegen for unsafe binders, and enforces that (for now) they are `Copy`. Later on, I'll introduce a new trait that relaxes this requirement to being "is `Copy` or `ManuallyDrop<T>`" which more closely models how we treat union fields. Namely, wrapping unsafe binders is now `Rvalue::WrapUnsafeBinder`, which acts much like an `Rvalue::Aggregate`. Unwrapping unsafe binders are implemented as a MIR projection `ProjectionElem::UnwrapUnsafeBinder`, which acts much like `ProjectionElem::Field`. Tracking: - rust-lang#130516
bjorn3
pushed a commit
to bjorn3/rust
that referenced
this pull request
Feb 7, 2025
…oli-obk Implement MIR lowering for unsafe binders This is the final bit of the unsafe binders puzzle. It implements MIR, CTFE, and codegen for unsafe binders, and enforces that (for now) they are `Copy`. Later on, I'll introduce a new trait that relaxes this requirement to being "is `Copy` or `ManuallyDrop<T>`" which more closely models how we treat union fields. Namely, wrapping unsafe binders is now `Rvalue::WrapUnsafeBinder`, which acts much like an `Rvalue::Aggregate`. Unwrapping unsafe binders are implemented as a MIR projection `ProjectionElem::UnwrapUnsafeBinder`, which acts much like `ProjectionElem::Field`. Tracking: - rust-lang#130516
carolynzech
added a commit
to carolynzech/kani
that referenced
this pull request
Feb 10, 2025
- unsafe binders, c.f. rust-lang/rust#130514
carolynzech
added a commit
to carolynzech/kani
that referenced
this pull request
Feb 10, 2025
- unsafe binders, c.f. rust-lang/rust#130514
github-merge-queue bot
pushed a commit
to model-checking/kani
that referenced
this pull request
Feb 11, 2025
Upgrade toolchain to 2/10. I **highly recommend** reviewing this PR commit-by-commit. The description in each commit message links to the upstream PRs that prompted those particular changes. ## Callouts - 2/1 had a lot of formatting changes. I split the commits for that day into formatting changes and functionality changes accordingly. - 2/5 introduced a regression in our delayed UB instrumentation, so I made a new fixme test. See #3881 for details. ## Culprit PRs: rust-lang/rust#134424 rust-lang/rust#130514 rust-lang/rust#135748 rust-lang/rust#136590 rust-lang/rust#135318 rust-lang/rust#135265 rust-lang/rust@bcb8565 rust-lang/rust#136471 rust-lang/rust#136645 Resolves #3863 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.
github-actions bot
pushed a commit
to tautschnig/verify-rust-std
that referenced
this pull request
Mar 11, 2025
…, r=oli-obk Add AST support for unsafe binders I'm splitting up rust-lang#130514 into pieces. It's impossible for me to keep up with a huge PR like that. I'll land type system support for this next, probably w/o MIR lowering, which will come later. r? `@oli-obk` cc `@BoxyUwU` and `@lcnr` who also may want to look at this, though this PR doesn't do too much yet
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the final bit of the unsafe binders puzzle. It implements MIR, CTFE, and codegen for unsafe binders, and enforces that (for now) they are
Copy. Later on, I'll introduce a new trait that relaxes this requirement to being "isCopyorManuallyDrop<T>" which more closely models how we treat union fields.Namely, wrapping unsafe binders is now
Rvalue::WrapUnsafeBinder, which acts much like anRvalue::Aggregate. Unwrapping unsafe binders are implemented as a MIR projectionProjectionElem::UnwrapUnsafeBinder, which acts much likeProjectionElem::Field.Tracking: