-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safe Transmute: Revise safety analysis #121681
Conversation
Some changes occurred to the core trait solver cc @rust-lang/initiative-trait-system-refactor |
13675b8
to
c944090
Compare
This comment has been minimized.
This comment has been minimized.
Migrate to a simplified safety analysis that does not use visibility. Closes rust-lang/project-safe-transmute#15
c944090
to
23ab1bd
Compare
/// type and field privacy of the destination type (and sometimes of the source type, too). | ||
/// When `true`, the compiler assumes that *you* have ensured that no | ||
/// unsoundness will arise from violating the safety invariants of the | ||
/// destination type (and sometimes of the source type, too). | ||
pub safety: bool, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is kind of a bikeshed, but I'd prefer if we made this name more precise. Specifically, these are user safety invariants, i.e. the set of invariants not reflected above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's some ongoing discussion on naming among project safe transmute. Virtually every aspect of the naming is up for debate right now. In the interest of keeping names stable across discussions, I'd like to postpone bikeshedding names until we're closer to stabilization. When that conversation does occur, it will probably be with heavy deference to whatever terminology is preferred by t-opsem.
@bors r+ rollup |
…iaskrgr Rollup of 8 pull requests Successful merges: - rust-lang#121326 (Detect empty leading where clauses on type aliases) - rust-lang#121464 (rustc: Fix wasm64 metadata object files) - rust-lang#121681 (Safe Transmute: Revise safety analysis) - rust-lang#121753 (Add proper cfg to keep only one AlignmentEnum definition for different target_pointer_widths) - rust-lang#121782 (allow statics pointing to mutable statics) - rust-lang#121798 (Fix links in rustc doc) - rust-lang#121806 (add const test for ptr::metadata) - rust-lang#121809 (Remove doc aliases to PATH) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#121681 - jswrenn:nix-visibility-analysis, r=compiler-errors Safe Transmute: Revise safety analysis This PR migrates `BikeshedIntrinsicFrom` to a simplified safety analysis (described [here](rust-lang/project-safe-transmute#15)) that does not rely on analyzing the visibility of types and fields. The revised analysis treats primitive types as safe, and user-defined types as potentially carrying safety invariants. If Rust gains explicit (un)safe fields, this PR is structured so that it will be fairly easy to thread support for those annotations into the analysis. Notably, this PR removes the `Context` type parameter from `BikeshedIntrinsicFrom`. Most of the files changed by this PR are just UI tests tweaked to accommodate the removed parameter. r? `@compiler-errors`
This PR migrates
BikeshedIntrinsicFrom
to a simplified safety analysis (described here) that does not rely on analyzing the visibility of types and fields.The revised analysis treats primitive types as safe, and user-defined types as potentially carrying safety invariants. If Rust gains explicit (un)safe fields, this PR is structured so that it will be fairly easy to thread support for those annotations into the analysis.
Notably, this PR removes the
Context
type parameter fromBikeshedIntrinsicFrom
. Most of the files changed by this PR are just UI tests tweaked to accommodate the removed parameter.r? @compiler-errors