diff options
| author | Daniel Henry-Mantilla <daniel.henry.mantilla@gmail.com> | 2022-01-24 01:34:46 +0100 |
|---|---|---|
| committer | Daniel Henry-Mantilla <daniel.henry.mantilla@gmail.com> | 2022-02-14 17:27:37 +0100 |
| commit | c93968aee896ff2e2ccba1b195e778eb32d6d6e3 (patch) | |
| tree | 1ae749275f00a6e4c4cd7d66b8d01f018aedf74e | |
| parent | 6df63cc148d58fb87797f3dc1fc201b789e7fb0d (diff) | |
| download | rust-c93968aee896ff2e2ccba1b195e778eb32d6d6e3.tar.gz rust-c93968aee896ff2e2ccba1b195e778eb32d6d6e3.zip | |
Mark `unsafe_pin_internals` as `incomplete`.
This thus still makes it technically possible to enable the feature, and thus to trigger UB without `unsafe`, but this is fine since incomplete features are known to be potentially unsound (labelled "may not be safe"). This follows from the discussion at https://github.com/rust-lang/rust/pull/93176#discussion_r799413561
4 files changed, 35 insertions, 0 deletions
diff --git a/compiler/rustc_feature/src/active.rs b/compiler/rustc_feature/src/active.rs index fab22e4e6cf..ad0e1eac4b9 100644 --- a/compiler/rustc_feature/src/active.rs +++ b/compiler/rustc_feature/src/active.rs @@ -161,6 +161,9 @@ declare_features! ( (active, staged_api, "1.0.0", None, None), /// Added for testing E0705; perma-unstable. (active, test_2018_feature, "1.31.0", None, Some(Edition::Edition2018)), + /// Allows non-`unsafe` —and thus, unsound— access to `Pin` constructions. + /// Marked `incomplete` since perma-unstable and unsound. + (incomplete, unsafe_pin_internals, "1.61.0", None, None), /// Use for stable + negative coherence and strict coherence depending on trait's /// rustc_strict_coherence value. (active, with_negative_coherence, "1.60.0", None, None), diff --git a/compiler/rustc_span/src/symbol.rs b/compiler/rustc_span/src/symbol.rs index 2e451502263..ebc0e72bba6 100644 --- a/compiler/rustc_span/src/symbol.rs +++ b/compiler/rustc_span/src/symbol.rs @@ -1455,6 +1455,7 @@ symbols! { unsafe_block_in_unsafe_fn, unsafe_cell, unsafe_no_drop_flag, + unsafe_pin_internals, unsize, unsized_fn_params, unsized_locals, diff --git a/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.rs b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.rs new file mode 100644 index 00000000000..0680d234403 --- /dev/null +++ b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.rs @@ -0,0 +1,17 @@ +// edition:2018 +#![forbid(incomplete_features, unsafe_code)] +#![feature(unsafe_pin_internals)] +//~^ ERROR the feature `unsafe_pin_internals` is incomplete and may not be safe to use + +use core::{marker::PhantomPinned, pin::Pin}; + +/// The `unsafe_pin_internals` is indeed unsound. +fn non_unsafe_pin_new_unchecked<T>(pointer: &mut T) -> Pin<&mut T> { + Pin { pointer } +} + +fn main() { + let mut self_referential = PhantomPinned; + let _: Pin<&mut PhantomPinned> = non_unsafe_pin_new_unchecked(&mut self_referential); + core::mem::forget(self_referential); // move and disable drop glue! +} diff --git a/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr new file mode 100644 index 00000000000..4d0c931b404 --- /dev/null +++ b/src/test/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr @@ -0,0 +1,14 @@ +error: the feature `unsafe_pin_internals` is incomplete and may not be safe to use and/or cause compiler crashes + --> $DIR/feature-gate-unsafe_pin_internals.rs:3:12 + | +LL | #![feature(unsafe_pin_internals)] + | ^^^^^^^^^^^^^^^^^^^^ + | +note: the lint level is defined here + --> $DIR/feature-gate-unsafe_pin_internals.rs:2:11 + | +LL | #![forbid(incomplete_features, unsafe_code)] + | ^^^^^^^^^^^^^^^^^^^ + +error: aborting due to previous error + |