Similar to the existing nullpointer and alignment checks, this checks
for valid enum discriminants on creation of enums through unsafe
transmutes. Essentially this sanitizes patterns like the following:
```rust
let val: MyEnum = unsafe { std::mem::transmute<u32, MyEnum>(42) };
```
An extension of this check will be done in a follow-up that explicitly
sanitizes for extern enum values that come into Rust from e.g. C/C++.
This check is similar to Miri's capabilities of checking for valid
construction of enum values.
This PR is inspired by saethlin@'s PR
https://github.com/rust-lang/rust/pull/104862. Thank you so much for
keeping this code up and the detailed comments!
I also pair-programmed large parts of this together with vabr-g@.
Update cargo
18 commits in 64a12460708cf146e16cc61f28aba5dc2463bbb4..fc1518ef02b77327d70d4026b95ea719dd9b8c51
2025-05-30 18:25:08 +0000 to 2025-06-06 04:49:44 +0000
- fix: Make UI tests handle hyperlinks consistently (rust-lang/cargo#15640)
- Update "time out" to "timeout" (rust-lang/cargo#15637)
- fix(workspace): reload current manifest path member only (rust-lang/cargo#15633)
- Update dependencies (rust-lang/cargo#15635)
- fix(publish): Don't tell people to ctrl-c without knowing consequences (rust-lang/cargo#15632)
- refactor: clean up `clippy::perf` lint warnings (rust-lang/cargo#15631)
- fix(package): Skip registry check if its not needed (rust-lang/cargo#15629)
- Add --offline for comp (rust-lang/cargo#15623)
- cargo-credential-libsecret: load libsecret only once (rust-lang/cargo#15295)
- test(publish): Improvements in prep for `-Zpackage-workspace` stabilization (rust-lang/cargo#15628)
- fix(package): Allow packaging of self-cycles with -Zpackage-workspace (rust-lang/cargo#15626)
- docs: clarify `--all-features` not available for all commmands (rust-lang/cargo#15572)
- Remove double reference in Shell::print_json (rust-lang/cargo#15460)
- fix(trim-paths): remap all paths to `build.build-dir` (rust-lang/cargo#15614)
- test(trim-paths): enable more tests for windows-msvc (rust-lang/cargo#15621)
- fix(fingerprint): explicit reason rather than "stale; unknown reason" (rust-lang/cargo#15617)
- Fix cargo add overwriting symlinked Cargo.toml files (rust-lang/cargo#15281)
- chore(deps): update alpine docker tag to v3.22 (rust-lang/cargo#15616)
r? ghost
Enable Non-determinism of float operations in Miri and change std tests
Links to [#4208](https://github.com/rust-lang/miri/issues/4208) and [#3555](https://github.com/rust-lang/miri/issues/3555) in Miri.
Non-determinism of floating point operations was disabled in rust-lang/rust#137594 because it breaks the tests and doc-tests in core/coretests and std. This PR enables some of them.
This pr includes the following changes:
- Enables the float non-determinism but with a lower relative error of 4ULP instead of 16ULP
- These operations now have a fixed output based on the C23 standard, except the pow operations, this is tracked in [#4286](https://github.com/rust-lang/miri/issues/4286#issue-3010677983)
- Changes tests that made incorrect assumptions about the operations, not to make that assumption anymore (from `assert_eq!` to `assert_approx_eq!`.
- Changed the doctests of the stdlib of these operations to compare against fixed constants instead of `f*::EPSILON`, which now succeed with Miri and `-Zmiri-many-seeds`
- Added a constant `APPROX_DELTA` in `std/tests/floats/f32.rs` which is used for approximation tests, but with a different value when run in Miri. This is to make these tests succeed.
- Added tests in the float tests of Miri to test the C23 behaviour.
Fixes https://github.com/rust-lang/miri/issues/4208
const-eval error: always say in which item the error occurred
I don't see why "is this generic" should make a difference. It may be reasonable to key this on whether the error occurs in a `const fn` that was invoked by a const (making it non-obvious which constant it is) vs inside the body of the const.
r? `@oli-obk`
Many of `std`'s dependency have a dependency on the crates.io
`compiler-builtins` when used with the feature
`rustc-std-workspace-core`. Use a Cargo patch to select the in-tree
version instead.
`compiler-builtins` is also added as a dependency of
`rustc-std-workspace-core` so these crates can remove their crates.io
dependency in the future.
Replace some `Option<Span>` with `Span` and use DUMMY_SP instead of None
Turns out many locations actually have a span available that we could use, so I used it
Add a new `mismatched-lifetime-syntaxes` lint
The lang-team [discussed this](https://hackmd.io/nf4ZUYd7Rp6rq-1svJZSaQ) and I attempted to [summarize](https://github.com/rust-lang/rust/pull/120808#issuecomment-2701863833) their decision. The summary-of-the-summary is:
- Using two different kinds of syntax for elided lifetimes is confusing. In rare cases, it may even [lead to unsound code](https://github.com/rust-lang/rust/issues/48686)! Some examples:
```rust
// Lint will warn about these
fn(v: ContainsLifetime) -> ContainsLifetime<'_>;
fn(&'static u8) -> &u8;
```
- Matching up references with no lifetime syntax, references with anonymous lifetime syntax, and paths with anonymous lifetime syntax is an exception to the simplest possible rule:
```rust
// Lint will not warn about these
fn(&u8) -> &'_ u8;
fn(&'_ u8) -> &u8;
fn(&u8) -> ContainsLifetime<'_>;
```
- Having a lint for consistent syntax of elided lifetimes will make the [future goal](https://github.com/rust-lang/rust/issues/91639) of warning-by-default for paths participating in elision much simpler.
---
This new lint attempts to accomplish the goal of enforcing consistent syntax. In the process, it supersedes and replaces the existing `elided-named-lifetimes` lint, which means it starts out life as warn-by-default.
jsondocck: Refactor directive handling
Best reviewed commit by commit.
1. Moves directive handling into its own file. This makes it easier to link to in the dev-guide (https://github.com/rust-lang/rustc-dev-guide/pull/2422#discussion_r2112724234), but also makes the code nicer in it's own right
2. Renames command to directive. This is what compiletest uses, and it's nice to not have 2 words for this.
r? ``@GuillaumeGomez``
UnsafePinned: also include the effects of UnsafeCell
This tackles https://github.com/rust-lang/rust/issues/137750 by including an `UnsafeCell` in `UnsafePinned`, thus imbuing it with all the usual properties of interior mutability (no `noalias` nor `dereferenceable` on shared refs, special treatment by Miri's aliasing model). The soundness issue is not fixed yet because coroutine lowering does not use `UnsafePinned`.
The RFC said that `UnsafePinned` would not permit mutability on shared references, but since then, https://github.com/rust-lang/rust/issues/137750 has demonstrated that this is not tenable. In the face of those examples, I propose that we do the "obvious" thing and permit shared mutable state inside `UnsafePinned`. This seems loosely consistent with the fact that we allow going from `Pin<&mut T>` to `&T` (where the former can be aliased with other pointers that perform mutation, and hence the same goes for the latter) -- but the `as_ref` example shows that we in fact would need to add this `UnsafeCell` even if we didn't have a safe conversion to `&T`, since for the compiler and Miri, `&T` and `Pin<&T>` are basically the same type.
To make this possible, I had to remove the `Copy` and `Clone` impls for `UnsafePinned`.
Tracking issue: https://github.com/rust-lang/rust/issues/125735
Cc ``@rust-lang/lang`` ``@rust-lang/opsem`` ``@Sky9x``
I don't think this needs FCP since the type is still unstable -- we'll finally decide whether we like this approach when `UnsafePinned` is moved towards stabilization (IOW, this PR is reversible). However, I'd still like to make sure that the lang team is okay with the direction I am proposing here.
Fix incorrect eq_unspanned in TokenStream
Fixesrust-lang/rust#141522
r? ``@workingjubilee``
should we remove this function?
since it's used in several places, i'd prefer to keep it.
