A new proposal has been announced: refactor the unsafe checking to work on the THIR #402. It will be announced at the next meeting to try and draw attention to it, but usually MCPs are not discussed during triage meetings. If you think this would benefit from discussion amongst the team, consider proposing a design meeting.
Note: assuming we decide to do this, I'd want to work with someone on the implementation.
That seems… reasonable enough.
(the proposal, I mean)
Though it seems to me that we aren't necessarily constrained to checking unsafe in one place
if there are still things that make sense to check in MIR, I don't see why we wouldn't keep it that way.
the linked issue (https://github.com/rust-lang/rust/issues/80059) is not about dead code afaict, so the description confused me a bit here
I do have to admit that there are other reasons I like doing unsafety checking on the THIR beyond that the code becomes simpler and we get a tree like checking: unsafety checking accesses to (extern) static (mut) items finally becomes non-hacky again
Regarding packed fields, note that "borrowing the fields of packed structs" is not unsafe, it is UB. It should not be allowed anywhere. The only reason we permit it is past mistakes and backwards compatibility. Also see https://github.com/rust-lang/rust/issues/27060.
Once https://github.com/rust-lang/rust/pull/72270 is made an err-by-default future-incompat lint, unsafety checking will not have to be concerned with borrows of packed fields any more.
unsafety checking accesses to (extern) static (mut) items finally becomes non-hacky again
arguably that's a definiciency of the way we represent statics in MIR (and IIRC we had some ideas for improvements?)
That said, MIR is just not a very safe language -- e.g. indexing and division can raise UB, so a "proper" safety check would have to ensure that the appropriate bounds and null-checks have been done before the operation
I would be happy to mentor, but I am looking for someone to do the implementation work!
I had a little bit of free time today and I was kind of curious, so I read some docs and tinkered around with the code. I could maybe help with the implementation if needed?
So, where do I have to put comments like this to make sure they do not get lost?
@Léo Lanteri Thauvin that would be most welcome!
@oli sounds like you would be willing to second :)
@RalfJ I will update the mcp issue
@T-compiler: Proposal #402 has been seconded, and will be approved in 10 days if no objections are raised.
RalfJ I will update the mcp issue
to be clear, what I meant by this comment is that unsafety checking (long-term) need not be concerned with borrows-to-packed-fields. so "we want to enforce some condition on borrows" is not a good argument, since it's not something unsafety checking should even be doing.
@Léo Lanteri Thauvin are you still interested in working on this? We should find a time to sync up a bit and share context
That would be awesome :)
What probably works is to try and do a 1h sync meeting over zoom -- presuming voice is ok for you -- that we can record
That would work for me :+1:
I usually have more time on Wednesdays and Thursdays
@nikomatsakis Friendly ping, just in case you forgot
This is not urgent by any means however, so if you don't have time, just tell me so, I can wait :D
Thanks for the reminder.
This proposal has been accepted: #402.