diff options
| author | bors <bors@rust-lang.org> | 2025-01-15 12:06:56 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2025-01-15 12:06:56 +0000 |
| commit | 341f60327fa5302732a4be366949c16f91870b6a (patch) | |
| tree | 319c3df4a34ed17a8b34f3a69331aa8c63444045 /compiler/rustc_hir/src | |
| parent | 2776bdfe423c9fdfcd6313d678f0852ea26f1309 (diff) | |
| parent | 767d4fe64e3644ffcd89b3265fdee6659d08786a (diff) | |
| download | rust-341f60327fa5302732a4be366949c16f91870b6a.tar.gz rust-341f60327fa5302732a4be366949c16f91870b6a.zip | |
Auto merge of #134353 - oli-obk:safe-target-feature-unsafe-by-default, r=wesleywiser
Treat safe target_feature functions as unsafe by default [less invasive variant] This unblocks * #134090 As I stated in https://github.com/rust-lang/rust/pull/134090#issuecomment-2541332415 I think the previous impl was too easy to get wrong, as by default it treated safe target feature functions as safe and had to add additional checks for when they weren't. Now the logic is inverted. By default they are unsafe and you have to explicitly handle safe target feature functions. This is the less (imo) invasive variant of #134317, as it doesn't require changing the Safety enum, so it only affects FnDefs and nothing else, as it should.
Diffstat (limited to 'compiler/rustc_hir/src')
| -rw-r--r-- | compiler/rustc_hir/src/hir.rs | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/compiler/rustc_hir/src/hir.rs b/compiler/rustc_hir/src/hir.rs index dd96b30fefc..740c3ee8c07 100644 --- a/compiler/rustc_hir/src/hir.rs +++ b/compiler/rustc_hir/src/hir.rs @@ -3762,9 +3762,30 @@ impl fmt::Display for Constness { } } +/// The actualy safety specified in syntax. We may treat +/// its safety different within the type system to create a +/// "sound by default" system that needs checking this enum +/// explicitly to allow unsafe operations. +#[derive(Copy, Clone, Debug, HashStable_Generic, PartialEq, Eq)] +pub enum HeaderSafety { + /// A safe function annotated with `#[target_features]`. + /// The type system treats this function as an unsafe function, + /// but safety checking will check this enum to treat it as safe + /// and allowing calling other safe target feature functions with + /// the same features without requiring an additional unsafe block. + SafeTargetFeatures, + Normal(Safety), +} + +impl From<Safety> for HeaderSafety { + fn from(v: Safety) -> Self { + Self::Normal(v) + } +} + #[derive(Copy, Clone, Debug, HashStable_Generic)] pub struct FnHeader { - pub safety: Safety, + pub safety: HeaderSafety, pub constness: Constness, pub asyncness: IsAsync, pub abi: ExternAbi, @@ -3780,7 +3801,18 @@ impl FnHeader { } pub fn is_unsafe(&self) -> bool { - self.safety.is_unsafe() + self.safety().is_unsafe() + } + + pub fn is_safe(&self) -> bool { + self.safety().is_safe() + } + + pub fn safety(&self) -> Safety { + match self.safety { + HeaderSafety::SafeTargetFeatures => Safety::Unsafe, + HeaderSafety::Normal(safety) => safety, + } } } |