Ensure copy* intrinsics also perform the static self-init checks #142575
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
oli-obk
added
the
relnotes
|
Adding relnotes as this will break stable code if someone wrote such code in the last year, but there is absolutely no reason to do so, so not even gonna crater it. |
|
It's a soundness fix and is only reachable by having incorrect unsafe code that should be rejected by const eval anyway, right? Then we're justified in "break first, figure out how to migrate smoothly later". |
|
In theory, this could also affect code where there's correct unsafe code in one crate, and there's incorrect safe code in another crate misusing the first crate. |
RalfJung
reviewed
Jun 17, 2025
RalfJung
reviewed
Jun 17, 2025
oli-obk
force-pushed
the
sneaky-self-init
branch
from
16daf7d to
04f835f
Compare
RalfJung
reviewed
Jun 19, 2025
Comment on lines
1416
to
1422
| // Do our own "do not read from static items while initializing them" checks | ||
| if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) { | ||
| M::before_alloc_read(self, alloc_id)?; | ||
| } | ||
|
|
||
| // For the overlapping case, it is crucial that we trigger the read hook | ||
| // before the write hook -- the aliasing model cares about the order. |
There was a problem hiding this comment.
Suggested change
| // Do our own "do not read from static items while initializing them" checks | |
| if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) { | |
| M::before_alloc_read(self, alloc_id)?; | |
| } | |
| // For the overlapping case, it is crucial that we trigger the read hook | |
| // before the write hook -- the aliasing model cares about the order. | |
| // Trigger read hooks. | |
| // For the overlapping case, it is crucial that we trigger the read hooks | |
| // before the write hook -- the aliasing model cares about the order. | |
| if let Ok((alloc_id, ..)) = self.ptr_try_get_alloc_id(src, size.bytes() as i64) { | |
| M::before_alloc_read(self, alloc_id)?; | |
| } |
The core interpreter doesn't know what the hook does, so it seems odd to refer to to the static item recursion check.
oli-obk
force-pushed
the
sneaky-self-init
branch
from
04f835f to
cfc22cf
Compare
|
@bors r=RalfJung |
bors
added
S-waiting-on-bors
bors
added a commit
that referenced
this pull request
Jun 20, 2025
Rollup of 9 pull requests Successful merges: - #142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.) - #142491 (Rework #[cold] attribute parser) - #142494 (Fix missing docs in `rustc_attr_parsing`) - #142495 (Better template for `#[repr]` attributes) - #142497 (Fix random failure when JS code is executed when the whole file was not read yet) - #142575 (Ensure copy* intrinsics also perform the static self-init checks) - #142650 (Refactor Translator) - #142713 (mbe: Refactor transcription) - #142755 (rustdoc: Remove `FormatRenderer::cache`) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
that referenced
this pull request
Jun 20, 2025
Rollup of 9 pull requests Successful merges: - #142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.) - #142491 (Rework #[cold] attribute parser) - #142494 (Fix missing docs in `rustc_attr_parsing`) - #142495 (Better template for `#[repr]` attributes) - #142497 (Fix random failure when JS code is executed when the whole file was not read yet) - #142575 (Ensure copy* intrinsics also perform the static self-init checks) - #142650 (Refactor Translator) - #142713 (mbe: Refactor transcription) - #142755 (rustdoc: Remove `FormatRenderer::cache`) r? `@ghost` `@rustbot` modify labels: rollup
github-actions bot
pushed a commit
to rust-lang/rustc-dev-guide
that referenced
this pull request
Jun 23, 2025
Rollup of 9 pull requests Successful merges: - rust-lang/rust#142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.) - rust-lang/rust#142491 (Rework #[cold] attribute parser) - rust-lang/rust#142494 (Fix missing docs in `rustc_attr_parsing`) - rust-lang/rust#142495 (Better template for `#[repr]` attributes) - rust-lang/rust#142497 (Fix random failure when JS code is executed when the whole file was not read yet) - rust-lang/rust#142575 (Ensure copy* intrinsics also perform the static self-init checks) - rust-lang/rust#142650 (Refactor Translator) - rust-lang/rust#142713 (mbe: Refactor transcription) - rust-lang/rust#142755 (rustdoc: Remove `FormatRenderer::cache`) r? `@ghost` `@rustbot` modify labels: rollup
flip1995
pushed a commit
to flip1995/rust-clippy
that referenced
this pull request
Jun 26, 2025
Rollup of 9 pull requests Successful merges: - rust-lang/rust#142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.) - rust-lang/rust#142491 (Rework #[cold] attribute parser) - rust-lang/rust#142494 (Fix missing docs in `rustc_attr_parsing`) - rust-lang/rust#142495 (Better template for `#[repr]` attributes) - rust-lang/rust#142497 (Fix random failure when JS code is executed when the whole file was not read yet) - rust-lang/rust#142575 (Ensure copy* intrinsics also perform the static self-init checks) - rust-lang/rust#142650 (Refactor Translator) - rust-lang/rust#142713 (mbe: Refactor transcription) - rust-lang/rust#142755 (rustdoc: Remove `FormatRenderer::cache`) r? `@ghost` `@rustbot` modify labels: rollup
GuillaumeGomez
added a commit
to GuillaumeGomez/rust
that referenced
this pull request
Jun 27, 2025
…ic-write, r=oli-obk const-eval: error when initializing a static writes to that static Fixes rust-lang#142404 by also calling the relevant hook for writes, not just reads. To avoid erroring during the actual write of the initial value, we neuter the hook when popping the final stack frame. Calling the hook during writes requires changing its signature since we cannot pass in the entire interpreter any more. While doing this I also realized a gap in rust-lang#142575 for zero-sized copies on the read side, so I fixed that and added a test. r? `@oli-obk`
rust-timer
added a commit
that referenced
this pull request
Jun 27, 2025
Rollup merge of #143084 - RalfJung:const-eval-recursive-static-write, r=oli-obk const-eval: error when initializing a static writes to that static Fixes #142404 by also calling the relevant hook for writes, not just reads. To avoid erroring during the actual write of the initial value, we neuter the hook when popping the final stack frame. Calling the hook during writes requires changing its signature since we cannot pass in the entire interpreter any more. While doing this I also realized a gap in #142575 for zero-sized copies on the read side, so I fixed that and added a test. r? `@oli-obk`
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Jun 28, 2025
… r=oli-obk const-eval: error when initializing a static writes to that static Fixes rust-lang/rust#142404 by also calling the relevant hook for writes, not just reads. To avoid erroring during the actual write of the initial value, we neuter the hook when popping the final stack frame. Calling the hook during writes requires changing its signature since we cannot pass in the entire interpreter any more. While doing this I also realized a gap in rust-lang/rust#142575 for zero-sized copies on the read side, so I fixed that and added a test. r? `@oli-obk`
tautschnig
pushed a commit
to model-checking/verify-rust-std
that referenced
this pull request
Jul 3, 2025
Rollup of 9 pull requests Successful merges: - rust-lang#142331 (Add `trim_prefix` and `trim_suffix` methods for both `slice` and `str` types.) - rust-lang#142491 (Rework #[cold] attribute parser) - rust-lang#142494 (Fix missing docs in `rustc_attr_parsing`) - rust-lang#142495 (Better template for `#[repr]` attributes) - rust-lang#142497 (Fix random failure when JS code is executed when the whole file was not read yet) - rust-lang#142575 (Ensure copy* intrinsics also perform the static self-init checks) - rust-lang#142650 (Refactor Translator) - rust-lang#142713 (mbe: Refactor transcription) - rust-lang#142755 (rustdoc: Remove `FormatRenderer::cache`) r? `@ghost` `@rustbot` modify labels: rollup
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Aug 11, 2025
Pkgsrc changes: * Adjust patches to adapt to upstream changes and new versions. * assosicated checksums Upstream changes relative to 1.88.0: Version 1.89.0 (2025-08-07) ========================== Language -------- - [Stabilize explicitly inferred const arguments (`feature(generic_arg_infer)`)] (rust-lang/rust#141610) - [Add a warn-by-default `mismatched_lifetime_syntaxes` lint.] (rust-lang/rust#138677) This lint detects when the same lifetime is referred to by different syntax categories between function arguments and return values, which can be confusing to read, especially in unsafe code. This lint supersedes the warn-by-default `elided_named_lifetimes` lint. - [Expand `unpredictable_function_pointer_comparisons` to also lint on function pointer comparisons in external macros] (rust-lang/rust#134536) - [Make the `dangerous_implicit_autorefs` lint deny-by-default] (rust-lang/rust#141661) - [Stabilize the avx512 target features] (rust-lang/rust#138940) - [Stabilize `kl` and `widekl` target features for x86] (rust-lang/rust#140766) - [Stabilize `sha512`, `sm3` and `sm4` target features for x86] (rust-lang/rust#140767) - [Stabilize LoongArch target features `f`, `d`, `frecipe`, `lasx`, `lbt`, `lsx`, and `lvz`] (rust-lang/rust#135015) - [Remove `i128` and `u128` from `improper_ctypes_definitions`] (rust-lang/rust#137306) - [Stabilize `repr128` (`#[repr(u128)]`, `#[repr(i128)]`)] (rust-lang/rust#138285) - [Allow `#![doc(test(attr(..)))]` everywhere] (rust-lang/rust#140560) - [Extend temporary lifetime extension to also go through tuple struct and tuple variant constructors] (rust-lang/rust#140593) Compiler -------- - [Default to non-leaf frame pointers on aarch64-linux] (rust-lang/rust#140832) - [Enable non-leaf frame pointers for Arm64EC Windows] (rust-lang/rust#140862) - [Set Apple frame pointers by architecture] (rust-lang/rust#141797) Platform Support ---------------- - [Add new Tier-3 targets `loongarch32-unknown-none` and `loongarch32-unknown-none-softfloat`] (rust-lang/rust#142053) Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html Libraries --------- - [Specify the base path for `file!`] (rust-lang/rust#134442) - [Allow storing `format_args!()` in a variable] (rust-lang/rust#140748) - [Add `#[must_use]` to `[T; N]::map`] (rust-lang/rust#140957) - [Implement `DerefMut` for `Lazy{Cell,Lock}`] (rust-lang/rust#129334) - [Implement `Default` for `array::IntoIter`] (rust-lang/rust#141574) - [Implement `Clone` for `slice::ChunkBy`] (rust-lang/rust#138016) - [Implement `io::Seek` for `io::Take`] (rust-lang/rust#138023) Stabilized APIs --------------- - [`NonZero<char>`] (https://doc.rust-lang.org/stable/std/num/struct.NonZero.html) - Many intrinsics for x86, not enumerated here - [AVX512 intrinsics](rust-lang/rust#111137) - [`SHA512`, `SM3` and `SM4` intrinsics] (rust-lang/rust#126624) - [`File::lock`] (https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock) - [`File::lock_shared`] (https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.lock_shared) - [`File::try_lock`] (https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock) - [`File::try_lock_shared`] (https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.try_lock_shared) - [`File::unlock`] (https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.unlock) - [`NonNull::from_ref`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_ref) - [`NonNull::from_mut`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.from_mut) - [`NonNull::without_provenance`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.without_provenance) - [`NonNull::with_exposed_provenance`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.with_exposed_provenance) - [`NonNull::expose_provenance`] (https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.expose_provenance) - [`OsString::leak`] (https://doc.rust-lang.org/stable/std/ffi/struct.OsString.html#method.leak) - [`PathBuf::leak`] (https://doc.rust-lang.org/stable/std/path/struct.PathBuf.html#method.leak) - [`Result::flatten`] (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.flatten) - [`std::os::linux::net::TcpStreamExt::quickack`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.quickack) - [`std::os::linux::net::TcpStreamExt::set_quickack`] (https://doc.rust-lang.org/stable/std/os/linux/net/trait.TcpStreamExt.html#tymethod.set_quickack) These previously stable APIs are now stable in const contexts: - [`<[T; N]>::as_mut_slice`] (https://doc.rust-lang.org/stable/std/primitive.array.html#method.as_mut_slice) - [`<[u8]>::eq_ignore_ascii_case`] (https://doc.rust-lang.org/stable/std/primitive.slice.html#impl-%5Bu8%5D/method.eq_ignore_ascii_case) - [`str::eq_ignore_ascii_case`] (https://doc.rust-lang.org/stable/std/primitive.str.html#impl-str/method.eq_ignore_ascii_case) Cargo ----- - [`cargo fix` and `cargo clippy --fix` now default to the same Cargo target selection as other build commands.] (rust-lang/cargo#15192) Previously it would apply to all targets (like binaries, examples, tests, etc.). The `--edition` flag still applies to all targets. - [Stabilize doctest-xcompile.] (rust-lang/cargo#15462) Doctests are now tested when cross-compiling. Just like other tests, it will use the [`runner` setting] (https://doc.rust-lang.org/cargo/reference/config.html#targettriplerunner) to run the tests. If you need to disable tests for a target, you can use the [ignore doctest attribute] (https://doc.rust-lang.org/rustdoc/write-documentation/documentation-tests.html#ignoring-targets) to specify the targets to ignore. Rustdoc ----- - [On mobile, make the sidebar full width and linewrap] (rust-lang/rust#139831). This makes long section and item names much easier to deal with on mobile. Compatibility Notes ------------------- - [Make `missing_fragment_specifier` an unconditional error] (rust-lang/rust#128425) - [Enabling the `neon` target feature on `aarch64-unknown-none-softfloat` causes a warning] (rust-lang/rust#135160) because mixing code with and without that target feature is not properly supported by LLVM - [Sized Hierarchy: Part I](rust-lang/rust#137944) - Introduces a small breaking change affecting `?Sized` bounds on impls on recursive types which contain associated type projections. It is not expected to affect any existing published crates. Can be fixed by refactoring the involved types or opting into the `sized_hierarchy` unstable feature. See the [FCP report] (rust-lang/rust#137944 (comment)) for a code example. - The warn-by-default `elided_named_lifetimes` lint is [superseded by the warn-by-default `mismatched_lifetime_syntaxes` lint.] (rust-lang/rust#138677) - [Error on recursive opaque types earlier in the type checker] (rust-lang/rust#139419) - [Type inference side effects from requiring element types of array repeat expressions are `Copy` are now only available at the end of type checking] (rust-lang/rust#139635) - [The deprecated accidentally-stable `std::intrinsics::{copy,copy_nonoverlapping,write_bytes}` are now proper intrinsics] (rust-lang/rust#139916). There are no debug assertions guarding against UB, and they cannot be coerced to function pointers. - [Remove long-deprecated `std::intrinsics::drop_in_place`] (rust-lang/rust#140151) - [Make well-formedness predicates no longer coinductive] (rust-lang/rust#140208) - [Remove hack when checking impl method compatibility] (rust-lang/rust#140557) - [Remove unnecessary type inference due to built-in trait object impls] (rust-lang/rust#141352) - [Lint against "stdcall", "fastcall", and "cdecl" on non-x86-32 targets] (rust-lang/rust#141435) - [Future incompatibility warnings relating to the never type (`!`) are now reported in dependencies] (rust-lang/rust#141937) - [Ensure `std::ptr::copy_*` intrinsics also perform the static self-init checks] (rust-lang/rust#142575) Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - [Correctly un-remap compiler sources paths with the `rustc-dev` component] (rust-lang/rust#142377)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #142532
r? @RalfJung