Stream: t-compiler/major changes

Topic: refactor the unsafe checking to work on t… compiler-team#402


triagebot (Jan 21 2021 at 21:25, on Zulip):

A new proposal has been announced: refactor the unsafe checking to work on the THIR #402. It will be announced at the next meeting to try and draw attention to it, but usually MCPs are not discussed during triage meetings. If you think this would benefit from discussion amongst the team, consider proposing a design meeting.

nikomatsakis (Jan 21 2021 at 21:25, on Zulip):

Note: assuming we decide to do this, I'd want to work with someone on the implementation.

nagisa (Jan 21 2021 at 22:47, on Zulip):

That seems… reasonable enough.

nagisa (Jan 21 2021 at 22:47, on Zulip):

(the proposal, I mean)

nagisa (Jan 21 2021 at 22:48, on Zulip):

Though it seems to me that we aren't necessarily constrained to checking unsafe in one place

nagisa (Jan 21 2021 at 22:48, on Zulip):

if there are still things that make sense to check in MIR, I don't see why we wouldn't keep it that way.

oli (Jan 22 2021 at 08:36, on Zulip):

the linked issue (https://github.com/rust-lang/rust/issues/80059) is not about dead code afaict, so the description confused me a bit here

oli (Jan 22 2021 at 08:38, on Zulip):

I do have to admit that there are other reasons I like doing unsafety checking on the THIR beyond that the code becomes simpler and we get a tree like checking: unsafety checking accesses to (extern) static (mut) items finally becomes non-hacky again

RalfJ (Jan 22 2021 at 08:43, on Zulip):

Regarding packed fields, note that "borrowing the fields of packed structs" is not unsafe, it is UB. It should not be allowed anywhere. The only reason we permit it is past mistakes and backwards compatibility. Also see https://github.com/rust-lang/rust/issues/27060.

RalfJ (Jan 22 2021 at 08:43, on Zulip):

Once https://github.com/rust-lang/rust/pull/72270 is made an err-by-default future-incompat lint, unsafety checking will not have to be concerned with borrows of packed fields any more.

RalfJ (Jan 22 2021 at 08:44, on Zulip):

unsafety checking accesses to (extern) static (mut) items finally becomes non-hacky again

arguably that's a definiciency of the way we represent statics in MIR (and IIRC we had some ideas for improvements?)

RalfJ (Jan 22 2021 at 08:45, on Zulip):

That said, MIR is just not a very safe language -- e.g. indexing and division can raise UB, so a "proper" safety check would have to ensure that the appropriate bounds and null-checks have been done before the operation

Léo Lanteri Thauvin (Jan 22 2021 at 21:56, on Zulip):

I would be happy to mentor, but I am looking for someone to do the implementation work!

I had a little bit of free time today and I was kind of curious, so I read some docs and tinkered around with the code. I could maybe help with the implementation if needed?

RalfJ (Jan 24 2021 at 12:08, on Zulip):

So, where do I have to put comments like this to make sure they do not get lost?

nikomatsakis (Jan 26 2021 at 17:56, on Zulip):

@Léo Lanteri Thauvin that would be most welcome!

nikomatsakis (Jan 26 2021 at 17:56, on Zulip):

@oli sounds like you would be willing to second :)

nikomatsakis (Jan 26 2021 at 17:56, on Zulip):

@RalfJ I will update the mcp issue

triagebot (Jan 26 2021 at 17:57, on Zulip):

@T-compiler: Proposal #402 has been seconded, and will be approved in 10 days if no objections are raised.

RalfJ (Jan 27 2021 at 13:50, on Zulip):

nikomatsakis said:

RalfJ I will update the mcp issue

thanks!

to be clear, what I meant by this comment is that unsafety checking (long-term) need not be concerned with borrows-to-packed-fields. so "we want to enforce some condition on borrows" is not a good argument, since it's not something unsafety checking should even be doing.

nikomatsakis (Jan 28 2021 at 15:38, on Zulip):

@Léo Lanteri Thauvin are you still interested in working on this? We should find a time to sync up a bit and share context

Léo Lanteri Thauvin (Jan 28 2021 at 15:39, on Zulip):

That would be awesome :)

nikomatsakis (Jan 28 2021 at 15:54, on Zulip):

What probably works is to try and do a 1h sync meeting over zoom -- presuming voice is ok for you -- that we can record

Léo Lanteri Thauvin (Jan 28 2021 at 15:56, on Zulip):

That would work for me :+1:

Léo Lanteri Thauvin (Jan 28 2021 at 15:58, on Zulip):

I usually have more time on Wednesdays and Thursdays

Léo Lanteri Thauvin (Feb 08 2021 at 13:49, on Zulip):

@nikomatsakis Friendly ping, just in case you forgot

Léo Lanteri Thauvin (Feb 08 2021 at 13:50, on Zulip):

This is not urgent by any means however, so if you don't have time, just tell me so, I can wait :D

nikomatsakis (Feb 08 2021 at 13:50, on Zulip):

Hi :)

nikomatsakis (Feb 08 2021 at 13:50, on Zulip):

Thanks for the reminder.

triagebot (Feb 10 2021 at 10:49, on Zulip):

This proposal has been accepted: #402.

Last update: May 07 2021 at 07:15UTC