-
Notifications
You must be signed in to change notification settings - Fork 13.9k
Initial UnsafePinned
implementation [Part 1: Libs]
#137043
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
UnsafePinned
impl [Part 1: Libs]UnsafePinned
implementation [Part 1: Libs]
e823a89
to
97308a2
Compare
tests/ui/rfcs/rfc-3467-unsafe-pinned/unsafe-pinned-hides-niche.rs
Outdated
Show resolved
Hide resolved
tests/ui/rfcs/rfc-3467-unsafe-pinned/unsafe-pinned-hides-niche.rs
Outdated
Show resolved
Hide resolved
tests/ui/rfcs/rfc-3467-unsafe-pinned/unsafe-pinned-hides-niche.rs
Outdated
Show resolved
Hide resolved
Cc @rust-lang/libs-api, this unstably adds the interfaces from the accepted RFC https://rust-lang.github.io/rfcs/3467-unsafe-pinned.html. |
24af599
to
9ec74c7
Compare
This comment has been minimized.
This comment has been minimized.
9ec74c7
to
74efc47
Compare
This comment has been minimized.
This comment has been minimized.
74efc47
to
c42e42c
Compare
☔ The latest upstream changes (presumably #138366) made this pull request unmergeable. Please resolve the merge conflicts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This API appears to match RFC 3467 so I think it is good to go. The docs could probably use elaboration at some point, but that should be fine to defer until the feature is fully available.
r=me with one doc request and conflicts resolved.
Cc @WaffleLapkin @RalfJung if you have anything else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me 👍🏻
compiler changes LGTM. |
@rustbot author for #137043 (review) |
Reminder, once the PR becomes ready for a review, use |
Also probably best to keep it licensed as |
…ompiler-errors Re-remove `AdtFlags::IS_ANONYMOUS` Removed in rust-lang#138296. I accidentally re-added it in rust-lang#137043 while resolving merge conflicts. This PR re-removes it. r? `@compiler-errors` (sorry)
The existing !Unpin hacks in place should prevent miscompliations. Miri currently disables protectors when retagging such types, so it won't be able to catch any violations. That being said, you can use the wrapper in its current state for writing code (and I have), it just may not be optimized as well or checked by miri.
Miri disables retagging entirely for these types, not just protectors.
And it uses the same logic for this as codegen, so if Miri does not complain there should be no miscompilations. (Unless someone changed one of those checks and forgot to change the other...)
We'll make first Miri and then codegen stricter some time after this lands.
|
…ompiler-errors Re-remove `AdtFlags::IS_ANONYMOUS` Removed in rust-lang#138296. I accidentally re-added it in rust-lang#137043 while resolving merge conflicts. This PR re-removes it. r? ``@compiler-errors`` (sorry)
…ross35,RalfJung,WaffleLapkin Initial `UnsafePinned` implementation [Part 1: Libs] Initial libs changes necessary to unblock further work on [RFC 3467](https://rust-lang.github.io/rfcs/3467-unsafe-pinned.html). Tracking issue: rust-lang#125735 This PR is split off from rust-lang#136964, and includes just the libs changes: - `UnsafePinned` struct - private `UnsafeUnpin` structural auto trait - Lang items for both - Compiler changes necessary to block niches on `UnsafePinned` This PR does not change codegen, miri, the existing `!Unpin` hack, or anything else. That work is to be split into later PRs. --- cc ``@RalfJung`` ``@Noratrieb`` ``@rustbot`` label F-unsafe_pinned T-libs-api
Rollup merge of rust-lang#140025 - Sky9x:re-remove-adtflags-anon, r=compiler-errors Re-remove `AdtFlags::IS_ANONYMOUS` Removed in rust-lang#138296. I accidentally re-added it in rust-lang#137043 while resolving merge conflicts. This PR re-removes it. r? ``@compiler-errors`` (sorry)
`UnsafePinned<T>` is useful for cases where a value might be shared with C code but not directly used by it. In particular this is added for storing additional data in the `MiscDeviceRegistration` which will be shared between `fops->open` and the containing struct. Similar to `Opaque` but guarantees that the value is always initialized and that the inner value is dropped when `UnsafePinned` is dropped. This was originally proposed for the IRQ abstractions [0] and is also useful for other where the inner data may be aliased, but is always valid and automatic `Drop` is desired. Since then the `UnsafePinned` type was added to upstream Rust [1] by Sky as a unstable feature, therefore this patch implements the subset of the upstream API for the `UnsafePinned` type required for additional data in `MiscDeviceRegistration` and in the implementation of the `Opaque` type. Some differences to the upstream type definition are required in the kernel implementation, because upstream type uses some compiler changes to opt out of certain optimizations, this is documented in the documentation and a comment on the `UnsafePinned` type. The documentation on is based on the upstream rust documentation with minor modifications for the kernel implementation. Link: https://lore.kernel.org/rust-for-linux/CAH5fLgiOASgjoYKFz6kWwzLaH07DqP2ph+3YyCDh2+gYqGpABA@mail.gmail.com [0] Link: rust-lang/rust#137043 [1] Suggested-by: Alice Ryhl <[email protected]> Reviewed-by: Gerald Wisböck <[email protected]> Reviewed-by: Alice Ryhl <[email protected]> Co-developed-by: Sky <[email protected]> Signed-off-by: Sky <[email protected]> Signed-off-by: Christian Schrefl <[email protected]>
`UnsafePinned<T>` is useful for cases where a value might be shared with C code but not directly used by it. In particular this is added for storing additional data in the `MiscDeviceRegistration` which will be shared between `fops->open` and the containing struct. Similar to `Opaque` but guarantees that the value is always initialized and that the inner value is dropped when `UnsafePinned` is dropped. This was originally proposed for the IRQ abstractions [0] and is also useful for other where the inner data may be aliased, but is always valid and automatic `Drop` is desired. Since then the `UnsafePinned` type was added to upstream Rust [1] by Sky as a unstable feature, therefore this patch implements the subset of the upstream API for the `UnsafePinned` type required for additional data in `MiscDeviceRegistration` and in the implementation of the `Opaque` type. Some differences to the upstream type definition are required in the kernel implementation, because upstream type uses some compiler changes to opt out of certain optimizations, this is documented in the documentation and a comment on the `UnsafePinned` type. The documentation on is based on the upstream rust documentation with minor modifications for the kernel implementation. Link: https://lore.kernel.org/rust-for-linux/CAH5fLgiOASgjoYKFz6kWwzLaH07DqP2ph+3YyCDh2+gYqGpABA@mail.gmail.com [0] Link: rust-lang/rust#137043 [1] Suggested-by: Alice Ryhl <[email protected]> Reviewed-by: Gerald Wisböck <[email protected]> Reviewed-by: Alice Ryhl <[email protected]> Co-developed-by: Sky <[email protected]> Signed-off-by: Sky <[email protected]> Signed-off-by: Christian Schrefl <[email protected]>
`UnsafePinned<T>` is useful for cases where a value might be shared with C code but not directly used by it. In particular this is added for storing additional data in the `MiscDeviceRegistration` which will be shared between `fops->open` and the containing struct. Similar to `Opaque` but guarantees that the value is always initialized and that the inner value is dropped when `UnsafePinned` is dropped. This was originally proposed for the IRQ abstractions [0] and is also useful for other where the inner data may be aliased, but is always valid and automatic `Drop` is desired. Since then the `UnsafePinned` type was added to upstream Rust [1] by Sky as a unstable feature, therefore this patch implements the subset of the upstream API for the `UnsafePinned` type required for additional data in `MiscDeviceRegistration` and in the implementation of the `Opaque` type. Some differences to the upstream type definition are required in the kernel implementation, because upstream type uses some compiler changes to opt out of certain optimizations, this is documented in the documentation and a comment on the `UnsafePinned` type. The documentation on is based on the upstream rust documentation with minor modifications for the kernel implementation. Link: https://lore.kernel.org/rust-for-linux/CAH5fLgiOASgjoYKFz6kWwzLaH07DqP2ph+3YyCDh2+gYqGpABA@mail.gmail.com [0] Link: rust-lang/rust#137043 [1] Suggested-by: Alice Ryhl <[email protected]> Reviewed-by: Gerald Wisböck <[email protected]> Reviewed-by: Alice Ryhl <[email protected]> Co-developed-by: Sky <[email protected]> Signed-off-by: Sky <[email protected]> Signed-off-by: Christian Schrefl <[email protected]>
`UnsafePinned<T>` is useful for cases where a value might be shared with C code but not directly used by it. In particular this is added for storing additional data in the `MiscDeviceRegistration` which will be shared between `fops->open` and the containing struct. Similar to `Opaque` but guarantees that the value is always initialized and that the inner value is dropped when `UnsafePinned` is dropped. This was originally proposed for the IRQ abstractions [0] and is also useful for other where the inner data may be aliased, but is always valid and automatic `Drop` is desired. Since then the `UnsafePinned` type was added to upstream Rust [1] by Sky as a unstable feature, therefore this patch implements the subset of the upstream API for the `UnsafePinned` type required for additional data in `MiscDeviceRegistration` and in the implementation of the `Opaque` type. Some differences to the upstream type definition are required in the kernel implementation, because upstream type uses some compiler changes to opt out of certain optimizations, this is documented in the documentation and a comment on the `UnsafePinned` type. The documentation on is based on the upstream rust documentation with minor modifications for the kernel implementation. Link: https://lore.kernel.org/rust-for-linux/CAH5fLgiOASgjoYKFz6kWwzLaH07DqP2ph+3YyCDh2+gYqGpABA@mail.gmail.com [0] Link: rust-lang/rust#137043 [1] Suggested-by: Alice Ryhl <[email protected]> Reviewed-by: Gerald Wisböck <[email protected]> Reviewed-by: Alice Ryhl <[email protected]> Co-developed-by: Sky <[email protected]> Signed-off-by: Sky <[email protected]> Signed-off-by: Christian Schrefl <[email protected]>
Initial libs changes necessary to unblock further work on RFC 3467.
Tracking issue: #125735
This PR is split off from #136964, and includes just the libs changes:
UnsafePinned
structUnsafeUnpin
structural auto traitUnsafePinned
This PR does not change codegen, miri, the existing
!Unpin
hack, or anything else. That work is to be split into later PRs.cc @RalfJung @Noratrieb
@rustbot label F-unsafe_pinned T-libs-api