diff options
| author | Matthias Krüger <matthias.krueger@famsik.de> | 2022-08-11 22:53:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-11 22:53:01 +0200 |
| commit | 37efd5521019bd3e97d62de6de95907cbeafa176 (patch) | |
| tree | 1f98d6947b1c2f2e9472f9751e9bdc4bf6c14807 | |
| parent | 92b32e307c08b82f14914d12313a2882af879dcb (diff) | |
| parent | 338d7c2fb07da34abab1ca5bb4a8c40ff0b4d604 (diff) | |
| download | rust-37efd5521019bd3e97d62de6de95907cbeafa176.tar.gz rust-37efd5521019bd3e97d62de6de95907cbeafa176.zip | |
Rollup merge of #99511 - RalfJung:raw_eq, r=wesleywiser
make raw_eq precondition more restrictive Specifically, don't allow comparing pointers that way. Comparing pointers is subtle because you have to talk about what happens to the provenance. This matches what [Miri already implements](https://play.rust-lang.org/?version=nightly&mode=debug&edition=2021&gist=9eb1dfb8a61b5a2d4a7cee43df2717af), and all existing users are fine with this. If raw_eq on pointers is ever desired, we can adjust the intrinsic spec and Miri implementation as needed, but for now that seems just unnecessary. Also, this is a const intrinsic, and in const, comparing pointers this way is *not possible* -- so if we allow the intrinsic to compare pointers in general, we need to impose an extra restrictions saying that in const-context, pointers are *not* okay.
| -rw-r--r-- | library/core/src/array/equality.rs | 7 | ||||
| -rw-r--r-- | library/core/src/intrinsics.rs | 3 |
2 files changed, 6 insertions, 4 deletions
diff --git a/library/core/src/array/equality.rs b/library/core/src/array/equality.rs index 33f7f494e9d..b2c895f882c 100644 --- a/library/core/src/array/equality.rs +++ b/library/core/src/array/equality.rs @@ -173,13 +173,14 @@ macro_rules! is_raw_eq_comparable { )+}; } -// SAFETY: All the ordinary integer types allow all bit patterns as distinct values +// SAFETY: All the ordinary integer types have no padding, and are not pointers. is_raw_eq_comparable!(u8, u16, u32, u64, u128, usize, i8, i16, i32, i64, i128, isize); -// SAFETY: bool and char have *niches*, but no *padding*, so this is sound +// SAFETY: bool and char have *niches*, but no *padding* (and these are not pointer types), so this +// is sound is_raw_eq_comparable!(bool, char); -// SAFETY: Similarly, the non-zero types have a niche, but no undef, +// SAFETY: Similarly, the non-zero types have a niche, but no undef and no pointers, // and they compare like their underlying numeric type. is_raw_eq_comparable!( NonZeroU8, diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs index cabc5017f1d..2d44feb15f8 100644 --- a/library/core/src/intrinsics.rs +++ b/library/core/src/intrinsics.rs @@ -2282,7 +2282,8 @@ extern "rust-intrinsic" { /// /// # Safety /// - /// It's UB to call this if any of the *bytes* in `*a` or `*b` are uninitialized. + /// It's UB to call this if any of the *bytes* in `*a` or `*b` are uninitialized or carry a + /// pointer value. /// Note that this is a stricter criterion than just the *values* being /// fully-initialized: if `T` has padding, it's UB to call this intrinsic. /// |