-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Un-unsafe the StableOrd
trait
#126326
Un-unsafe the StableOrd
trait
#126326
Conversation
Whilst incorrect implementations of this trait can cause miscompilation, they cannot cause memory unsafety in rustc.
Yes, I agree that this shouldn't be It would be nice though if we had some kind of |
Perhaps just add an associated |
However none of these approaches prevent the type later being modified to then have fields that break the invariant. Perhaps a more robust approach would be to define it as an auto-trait that is unimplemented for types that are unstable across compilations? |
This feels very similar to the proposed the |
|
That seems as effective as marking as unsafe, at least 👍 |
If we can reliably define that set of types, that would be the best solution. |
However, we also have to take the implementation of |
I'll experiment. @rustbot author |
Indeed, for the current definition of However, if the definition of trait StructuralPartialOrd {} // implemented by derive(PartialOrd)
auto trait StableAcrossCompilations {} // negative impls TBD
trait StableOrd: StableAcrossCompilations + StructuralPartialOrd + Ord {}
impl<T: ?Sized + StableAcrossCompilations + StructuralPartialOrd + Ord> StableOrd for T {} Types that are currently Furthermore we could adjust the As regards negative implementations of the
My immediate thought is that negative implementations would have to be provided for raw pointers and Questions:
|
i feel like this is overcomplicated it. keeping it as-is as a normal trait and maybe having a "I promise it's fine" const should be more than enough. |
Added an associated `const THIS_IMPLEMENTATION_HAS_BEEN_TRIPLE_CHECKED` to the `StableOrd` trait to ensure that implementors carefully consider whether the trait's contract is upheld, as incorrect implementations can cause miscompilations.
@rustbot ready |
Feel free to r=me, unless @Nilstrieb has any further comments. |
i don't! |
Thanks for cleaning this up, @eggyal 🙂 |
…elwoerister Un-unsafe the `StableOrd` trait Whilst incorrect implementations of this trait can cause miscompilation, they cannot cause memory unsafety in rustc. [Discussed on Zulip](https://rust-lang.zulipchat.com/#narrow/stream/182449-t-compiler.2Fhelp/topic/Policy.20of.20.60unsafe.60.20within.20the.20compiler). cc [MCP 533](rust-lang/compiler-team#533), rust-lang#105175, `@michaelwoerister` r? `@Nilstrieb`
…mpiler-errors Rollup of 9 pull requests Successful merges: - rust-lang#126326 (Un-unsafe the `StableOrd` trait) - rust-lang#126618 (Mark assoc tys live only if the corresponding trait is live) - rust-lang#126724 (Fix a span in `parse_ty_bare_fn`.) - rust-lang#126746 (Deny `use<>` for RPITITs) - rust-lang#126868 (not use offset when there is not ends with brace) - rust-lang#126884 (Do not ICE when suggesting dereferencing closure arg) - rust-lang#126915 (Don't suggest awaiting in closure patterns) - rust-lang#126916 (Specify target specific linker for `riscv64gc-gnu` job) - rust-lang#126926 (Tweak a confusing comment in `create_match_candidates`) r? `@ghost` `@rustbot` modify labels: rollup
☀️ Test successful - checks-actions |
Finished benchmarking commit (c290e9d): comparison URL. Overall result: ❌ regressions - no action needed@rustbot label: -perf-regression Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)Results (primary 2.4%, secondary 6.0%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResults (secondary 3.8%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 692.703s -> 694.374s (0.24%) |
Whilst incorrect implementations of this trait can cause miscompilation, they cannot cause memory unsafety in rustc.
Discussed on Zulip.
cc MCP 533, #105175, @michaelwoerister
r? @Nilstrieb