| Age | Commit message (Collapse) | Author | Lines |
|
This commit fixes a buffer overflow issue in the standard library
discovered by Scott McMurray where if a large number was passed to
`str::repeat` it may cause and out of bounds write to the buffer of a `Vec`.
This bug was accidentally introduced in #48657 when optimizing the
`str::repeat` function. The bug affects stable Rust releases 1.26.0 to
1.29.0. We plan on backporting this fix to create a 1.29.1 release, and
the 1.30.0 release onwards will include this fix.
The fix in this commit is to introduce a deterministic panic in the case of
capacity overflow. When repeating a slice where the resulting length is larger
than the address space, there’s no way it can succeed anyway!
The standard library and surrounding libraries were briefly checked to see if
there were othere instances of preallocating a vector with a calculation that
may overflow. No instances of this bug (out of bounds write due to a calculation
overflow) were found at this time.
Note that this commit is the first steps towards fixing this issue,
we'll be making a formal post to the Rust security list once these
commits have been merged.
|
|
Incorporate a stray test
`liballoc/repeat-generic-slice.rs` doesn't seem to be tested (I think it was intended to be placed in `run-pass`). This PR incorporates the test into `liballoc/tests`.
|
|
Rollup of bare_trait_objects PRs
All deny attributes were moved into bootstrap so they can be disabled with a line of config.
Warnings for external tools are allowed and it's up to the tool's maintainer to keep it warnings free.
r? @Mark-Simulacrum
cc @ljedrz @kennytm
|
|
|
|
|
|
|
|
|
|
doc: Clarify the lifetime returned by `Box::leak`
`Box::leak` mentions that it can return a `'static` reference, but it
wasn't immediately clear to me why it doesn't always do so. This is
because of the `T: 'a` constraint needed to form a valid reference, and
in general we want to be more flexible than requiring `T: 'static`.
This patch tries to clarify the relationship between `T` and `'a`.
|
|
|
|
Instead, rely on alignment and use usize::MAX as sentinel.
|
|
Deprecation of str::slice_unchecked(_mut)
Closes #51715
I am not sure if 1.28.0 or 1.29.0 should be used for deprecation version, for now it's 1.28.0.
Additionally I've replaced `slice_unchecked` uses with `get_unchecked`. The only places where this method is still used are `src/liballoc/tests/str.rs` and `src/liballoc/tests/str.rs`.
|
|
Use `ptr::eq` for comparing pointers
|
|
Handle array manually in str case conversion methods
Avoiding the overhead incurred from `String.extend(char.to_lowercase())` showed a notable performance improvement when I benchmarked it.
I tested on these strings:
```rust
ALL_LOWER: "loremipsumdolorsitametduosensibusmnesarchumabcdefgh"
ALL_UPPER: "LOREMIPSUMDOLORSITAMETDUOSENSIBUSMNESARCHUMABCDEFGH"
REALISTIC_UPPER: "LOREM IPSUM DOLOR SIT AMET, DUO SENSIBUS MNESARCHUM"
SIGMAS: "ΣΣΣΣΣ ΣΣΣΣΣ ΣΣΣΣΣ ΣΣΣ ΣΣΣΣ, ΣΣΣ ΣΣΣΣΣΣΣΣ ΣΣΣΣΣΣΣΣΣΣ"
WORD_UPPER: "Lorem Ipsum Dolor Sit Amet, Duo Sensibus Mnesarchum"
```
the performance improvements of `to_lowercase()` were
```
running 10 tests
test tests::all_lower ... bench: 1,752 ns/iter (+/- 49)
test tests::all_lower_new ... bench: 1,266 ns/iter (+/- 15) -28%
test tests::all_upper ... bench: 1,832 ns/iter (+/- 39)
test tests::all_upper_new ... bench: 1,337 ns/iter (+/- 18) -27%
test tests::realistic_upper ... bench: 1,993 ns/iter (+/- 14)
test tests::realistic_upper_new ... bench: 1,445 ns/iter (+/- 22) -27%
test tests::sigmas ... bench: 1,342 ns/iter (+/- 39)
test tests::sigmas_new ... bench: 1,226 ns/iter (+/- 16) -9%
test tests::word_upper ... bench: 1,899 ns/iter (+/- 12)
test tests::word_upper_new ... bench: 1,381 ns/iter (+/- 26) -27%
```
and of `to_uppercase()`
```
running 10 tests
test tests::all_lower ... bench: 1,813 ns/iter (+/- 20)
test tests::all_lower_new ... bench: 1,321 ns/iter (+/- 16) -27%
test tests::all_upper ... bench: 1,629 ns/iter (+/- 22)
test tests::all_upper_new ... bench: 1,241 ns/iter (+/- 9) -24%
test tests::realistic_upper ... bench: 1,670 ns/iter (+/- 24)
test tests::realistic_upper_new ... bench: 1,241 ns/iter (+/- 17) -26%
test tests::sigmas ... bench: 2,053 ns/iter (+/- 20)
test tests::sigmas_new ... bench: 1,753 ns/iter (+/- 23) -15%
test tests::word_upper ... bench: 1,873 ns/iter (+/- 30)
test tests::word_upper_new ... bench: 1,412 ns/iter (+/- 25) -25%
```
I gave up on the more advanced method from #52061 as it wasn't always a clear improvement and would help in even less cases if this PR was merged.
|
|
|
|
|
|
|
|
`Box::leak` mentions that it can return a `'static` reference, but it
wasn't immediately clear to me why it doesn't always do so. This is
because of the `T: 'a` constraint needed to form a valid reference, and
in general we want to be more flexible than requiring `T: 'static`.
This patch tries to clarify the relationship between `T` and `'a`.
|
|
Add the `alloc::prelude` module
It contains the re-exports that are in `std::prelude::v1` but not in `core::prelude::v1`.
Calling it prelude is somewhat of a misnomer since (unlike those modules in `std` or `core`) its contents are never implicitly imported in modules. Rather it is intended to be used with an explicit glob import like `use alloc::prelude::*;`. However there is precedent for the same misnomer with `std::io::prelude`, for example.
This new module is unstable with the same feature name as the `alloc` care. They are proposed for stabilization together in RFC https://github.com/rust-lang/rfcs/pull/2480.
|
|
|
|
|
|
|
|
It contains the re-exports that are in `std::prelude::v1`
but not in `core::prelude::v1`.
Calling it prelude is somewhat of a misnomer since (unlike those modules
in `std` or `core`) its contents are never implicitly imported in modules.
Rather it is intended to be used with an explicit glob import like
`use alloc::prelude::*;`.
However there is precedent for the same misnomer with `std::io::prelude`,
for example.
This new module is unstable with the same feature name as the `alloc` care.
They are proposed for stabilization together in RFC
https://github.com/rust-lang/rfcs/pull/2480
|
|
Stabilize rc_downcast
Fixes #44608
|
|
|
|
|
|
Same as https://github.com/rust-lang/rust/pull/50357
|
|
|
|
|
|
enable Atomic*.{load,store} for ARMv6-M / MSP430
closes #45085
as proposed in https://github.com/rust-lang/rust/issues/45085#issuecomment-384825434
this commit adds an `atomic_cas` target option and extends the `#[cfg(target_has_atomic)]`
attribute to enable a subset of the `Atomic*` API on architectures that don't support atomic CAS
natively, like MSP430 and ARMv6-M.
r? @alexcrichton
|
|
Fixes #44608
|
|
|
|
closes #45085
this commit adds an `atomic_cas` target option and an unstable `#[cfg(target_has_atomic_cas)]`
attribute to enable a subset of the `Atomic*` API on architectures that don't support atomic CAS
natively, like MSP430 and ARMv6-M.
|
|
Previously, `is_unique` would not synchronize at all with a `drop` that returned
early because it was not the last reference, leading to a data race.
Fixes #51780
|
|
nikomatsakis:nll-fix-issue-issue-btreemap-annotations, r=gankro
add outlives annotations to `BTreeMap`
NLL requires these annotations, I believe because of <https://github.com/rust-lang/rust/issues/29149>.
Fixes #48224
r? @Gankro
cc @lqd
|
|
|
|
|
|
nll requires these annotations, I believe because of
https://github.com/rust-lang/rust/issues/29149
|
|
|
|
|
|
|
|
|
|
|
|
Bootstrap from 1.28.0 beta
|
|
|
|
|
|
|
|
… since `std` has no corresponding reexports.
Use `alloc::vec::Vec` and `alloc::string::String` instead.
|
|
|
|
This matches std::collections
|
|
|