Giter VIP home page Giter VIP logo

Comments (11)

gfaster avatar gfaster commented on July 26, 2024 1

see #123758

It seems like #114447 even floats this idea exactly.

It has been in general our expressed preference over time that you use static FLAG: UnsafeCell<bool> = false;

Not being able to use UnsafeCell directly in statics isn't so nice since it isn't Sync, but there's #95439 for that. That being said, maybe I ought to write a Clippy lint for some of those alternatives, particularly for flag booleans.

I should clarify that I just ran into this when writing some code for a demonstration, so direct replacements aren't exactly applicable. Regardless, I believe the inconsistency stands.

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024 1

I think that might be just descriptive (of the problem being discussed here).

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024 1

Oh! Oh, I see, the way that this is defined is that naming a static generates an *mut Static and then derefs it, creating the appropriate place expression.

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024 1

PR up at #125834

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

Making addr_of! and addr_of_mut! safe when used on a static mut would make the behavior consistent with UnsafeCell::get, which has identical safety concerns in a multithreaded environment.

It has been in general our expressed preference over time that you use static FLAG: UnsafeCell<bool> = false; (or perhaps static FLAG: AtomicBool = AtomicBool::new(false);, which is also an UnsafeCell) as static mut is quite counterintuitive in many different ways.

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

see #123758

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

Hmm, it seems we don't take into account this around here:

rust/compiler/rustc_mir_build/src/check_unsafety.rs

Lines 452 to 464 in ada5e2c

ExprKind::Deref { arg } => {
if let ExprKind::StaticRef { def_id, .. } | ExprKind::ThreadLocalRef(def_id) =
self.thir[arg].kind
{
if self.tcx.is_mutable_static(def_id) {
self.requires_unsafe(expr.span, UseOfMutableStatic);
} else if self.tcx.is_foreign_item(def_id) {
self.requires_unsafe(expr.span, UseOfExternStatic);
}
} else if self.thir[arg].ty.is_unsafe_ptr() {
self.requires_unsafe(expr.span, DerefOfRawPointer);
}
}

Simple fix. I think?

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

Hmm, looking at things more closely, I don't see why it's a Deref. That should be an ExprKind::AddressOf...?

from rust.

gfaster avatar gfaster commented on July 26, 2024

#95439 (comment) claims that arithmetic on static mut is unsafe. I'm not sure why that would be - can addr_of! violate LLVM's noalias?

Maybe something like this causes problems?

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

well, that was an unexpected THIR desugaring.

Expr {
    ty: *const bool
    temp_lifetime: Some(Node(1))
    span: /home/jubilee/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:2203:5: 2203:22 (#4)
    kind: 
    Scope {
        region_scope: Node(3)
        lint_level: Explicit(HirId(DefId(0:4 ~ static_mut[60a8]::main).3))
        value:
            Expr {
                ty: *const bool
                temp_lifetime: Some(Node(1))
                span: /home/jubilee/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:2203:5: 2203:22 (#4)
                kind: 
                    AddressOf {
                        mutability: Not
                        arg:
                            Expr {
                                ty: bool
                                temp_lifetime: Some(Remainder { block: 68, first_statement_index: 0})
                                span: static_mut.rs:3:41: 3:45 (#0)
                                kind: 
                                    Scope {
                                        region_scope: Node(4)
                                        lint_level: Explicit(HirId(DefId(0:4 ~ static_mut[60a8]::main).4))
                                        value:
                                            Expr {
                                                ty: bool
                                                temp_lifetime: Some(Remainder { block: 68, first_statement_index: 0})
                                                span: static_mut.rs:3:41: 3:45 (#0)
                                                kind: 
                                                    Deref {
                                                        Expr {
                                                            ty: *mut bool
                                                            temp_lifetime: Some(Remainder { block: 68, first_statement_index: 0})
                                                            span: static_mut.rs:3:41: 3:45 (#0)
                                                            kind: 
                                                                StaticRef {
                                                                    def_id: DefId(0:3 ~ static_mut[60a8]::FLAG)
                                                                    ty: *mut bool
                                                                    alloc_id: alloc1
                                                                }
                                                        }
                                                    }
                                            }
                                    }
                            }
                    }
            }
        }
    }

from rust.

workingjubilee avatar workingjubilee commented on July 26, 2024

I wanted to say that the compiler should fix it by choosing a different lowering for naming STATIC_MUT, but that doesn't seem like anything reasonable to implement Soon, so I implemented my original thought of complicating the unsafety check.

from rust.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.