From f4add4be0305a51cf54e22b39aa9ef0e58b0fe53 Mon Sep 17 00:00:00 2001 From: Pure White Date: Sun, 24 Mar 2024 21:47:23 +0800 Subject: [PATCH 1/8] add link to reference about undefined behavior --- src/what-unsafe-does.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index 67fbe8a..372538e 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -41,6 +41,9 @@ language cares about is preventing the following things: [`NonNull`] that is null. (Requesting custom invalid values is an unstable feature, but some stable libstd types, like `NonNull`, make use of it.) +For a more detailed explanation about "Undefined Bahavior", you may refer to +[the reference][behavior-considered-undefined]. + "Producing" a value happens any time a value is assigned, passed to a function/primitive operation or returned from a function/primitive operation. @@ -75,6 +78,8 @@ Rust considers it "safe" to: * Abort the program * Delete the production database +For more detailed information, you may refer to [the reference][behavior-not-considered-unsafe]. + However any program that actually manages to do such a thing is *probably* incorrect. Rust provides lots of tools to make these things rare, but these problems are considered impractical to categorically prevent. @@ -84,3 +89,5 @@ these problems are considered impractical to categorically prevent. [race]: races.html [target features]: ../reference/attributes/codegen.html#the-target_feature-attribute [`NonNull`]: ../std/ptr/struct.NonNull.html +[behavior-considered-undefined]: ../reference/behavior-considered-undefined.html +[behavior-not-considered-unsafe]: ../reference/behavior-not-considered-unsafe.html From 8d96cc06854f148f33ff7408fd9cead3f27c5f99 Mon Sep 17 00:00:00 2001 From: guqicun Date: Sat, 6 Apr 2024 18:20:19 +0800 Subject: [PATCH 2/8] chore: fix typo Signed-off-by: guqicun --- src/subtyping.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/subtyping.md b/src/subtyping.md index 4c45b2d..f09fead 100644 --- a/src/subtyping.md +++ b/src/subtyping.md @@ -268,7 +268,7 @@ To see why `fn(T) -> U` should be covariant over `U`, consider the following sig fn get_str() -> &'a str; ``` -This function claims to produce a `str` bound by some liftime `'a`. As such, it is perfectly valid to +This function claims to produce a `str` bound by some lifetime `'a`. As such, it is perfectly valid to provide a function with the following signature instead: From 462ac2d92c80aa10ae378c0f73057dfc8e4754fd Mon Sep 17 00:00:00 2001 From: Ben Kimock Date: Sat, 18 May 2024 20:14:40 -0400 Subject: [PATCH 3/8] cfg out the extern crate libc on Windows --- src/beneath-std.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/beneath-std.md b/src/beneath-std.md index 02a02bd..da2cc50 100644 --- a/src/beneath-std.md +++ b/src/beneath-std.md @@ -19,7 +19,10 @@ Note that the default features have been disabled. This is a critical step - disabled.** Alternatively, we can use the unstable `rustc_private` private feature together -with an `extern crate libc;` declaration as shown in the examples below. +with an `extern crate libc;` declaration as shown in the examples below. Note that +windows-msvc targets do not require a libc, and correspondingly there is no `libc` +crate in their sysroot. We do not need the `extern crate libc;` below, and having it +on a windows-msvc target would be a compile error. ## Writing an executable without `std` @@ -39,11 +42,12 @@ in the same format as C (aside from the exact integer types being used): #![allow(internal_features)] #![no_std] -// Necessary for `panic = "unwind"` builds on some platforms. +// Necessary for `panic = "unwind"` builds on cfg(unix) platforms. #![feature(panic_unwind)] extern crate unwind; // Pull in the system libc library for what crt0.o likely requires. +#[cfg(not(windows))] extern crate libc; use core::panic::PanicInfo; @@ -73,11 +77,12 @@ compiler's name mangling too: #![no_std] #![no_main] -// Necessary for `panic = "unwind"` builds on some platforms. +// Necessary for `panic = "unwind"` builds on cfg(unix) platforms. #![feature(panic_unwind)] extern crate unwind; // Pull in the system libc library for what crt0.o likely requires. +#[cfg(not(windows))] extern crate libc; use core::ffi::{c_char, c_int}; From 1d0b6c122ba6c79e3a11d9f80f9d79125a260bb4 Mon Sep 17 00:00:00 2001 From: alimf17 Date: Fri, 2 Aug 2024 13:55:45 -0400 Subject: [PATCH 4/8] Update what-unsafe-does.md --- src/what-unsafe-does.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/what-unsafe-does.md b/src/what-unsafe-does.md index 372538e..3fb0721 100644 --- a/src/what-unsafe-does.md +++ b/src/what-unsafe-does.md @@ -5,7 +5,7 @@ The only things that are different in Unsafe Rust are that you can: * Dereference raw pointers * Call `unsafe` functions (including C functions, compiler intrinsics, and the raw allocator) * Implement `unsafe` traits -* Mutate statics +* Access or modify mutable statics * Access fields of `union`s That's it. The reason these operations are relegated to Unsafe is that misusing From 16d2f21daea641f4da7c5821446d7816af4d9c81 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 3 Aug 2024 13:10:52 +0200 Subject: [PATCH 5/8] repr(int) enums: both size and sign matter --- src/other-reprs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/other-reprs.md b/src/other-reprs.md index 228b22b..289da57 100644 --- a/src/other-reprs.md +++ b/src/other-reprs.md @@ -42,7 +42,7 @@ says they should still consume a byte of space. difference from a struct is that the fields aren’t named. * `repr(C)` is equivalent to one of `repr(u*)` (see the next section) for -fieldless enums. The chosen size is the default enum size for the target platform's C +fieldless enums. The chosen size and sign is the default enum size and sign for the target platform's C application binary interface (ABI). Note that enum representation in C is implementation defined, so this is really a "best guess". In particular, this may be incorrect when the C code of interest is compiled with certain flags. @@ -79,7 +79,7 @@ More details are in the [RFC 1758][rfc-transparent] and the [RFC 2645][rfc-trans ## repr(u*), repr(i*) -These specify the size to make a fieldless enum. If the discriminant overflows +These specify the size and sign to make a fieldless enum. If the discriminant overflows the integer it has to fit in, it will produce a compile-time error. You can manually ask Rust to allow this by setting the overflowing element to explicitly be 0. However Rust will not allow you to create an enum where two variants have @@ -89,7 +89,7 @@ The term "fieldless enum" only means that the enum doesn't have data in any of its variants. A fieldless enum without a `repr(u*)` or `repr(C)` is still a Rust native type, and does not have a stable ABI representation. Adding a `repr` causes it to be treated exactly like the specified -integer size for ABI purposes. +integer type for ABI purposes. If the enum has fields, the effect is similar to the effect of `repr(C)` in that there is a defined layout of the type. This makes it possible to From d5ba0cb399ea8c3a1a5eced724dad8c648dc8bb4 Mon Sep 17 00:00:00 2001 From: Guillaume Boisseau Date: Thu, 21 Mar 2024 02:01:08 +0100 Subject: [PATCH 6/8] Stabilize `min_exhaustive_patterns` --- src/exotic-sizes.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/exotic-sizes.md b/src/exotic-sizes.md index c4a6d24..5e6a395 100644 --- a/src/exotic-sizes.md +++ b/src/exotic-sizes.md @@ -137,9 +137,9 @@ because the `Err` case doesn't actually exist (strictly speaking, this is only an optimization that is not guaranteed, so for example transmuting one into the other is still Undefined Behavior). -The following *could* also compile: +The following also compiles: -```rust,compile_fail +```rust enum Void {} let res: Result = Ok(0); @@ -148,8 +148,6 @@ let res: Result = Ok(0); let Ok(num) = res; ``` -But this trick doesn't work yet. - One final subtle detail about empty types is that raw pointers to them are actually valid to construct, but dereferencing them is Undefined Behavior because that wouldn't make sense. From 3aa27d4503fbe310ee70f4c9fc2005aa712f02db Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Mon, 12 Aug 2024 07:45:39 -0700 Subject: [PATCH 7/8] CI: Switch to merge queue --- .github/workflows/main.yml | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7ace896..5558603 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,12 +1,17 @@ name: CI -on: [push, pull_request] +on: + pull_request: + merge_group: + +env: + MDBOOK_VERSION: 0.4.40 jobs: test: name: Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Update rustup run: rustup self update - name: Install Rust @@ -15,11 +20,9 @@ jobs: rustup toolchain install nightly -c rust-docs rustup default nightly - name: Install mdbook - env: - MDBOOK_VER: v0.4.3 run: | mkdir bin - curl -sSL https://github.com/rust-lang/mdBook/releases/download/${{ env.MDBOOK_VER }}/mdbook-${{ env.MDBOOK_VER }}-x86_64-unknown-linux-gnu.tar.gz | tar -xz --directory=bin + curl -sSL https://github.com/rust-lang/mdBook/releases/download/v${MDBOOK_VERSION}/mdbook-v${MDBOOK_VERSION}-x86_64-unknown-linux-gnu.tar.gz | tar -xz --directory=bin echo "$(pwd)/bin" >> $GITHUB_PATH - name: Report versions run: | @@ -33,3 +36,19 @@ jobs: curl -sSLo linkcheck.sh \ https://raw.githubusercontent.com/rust-lang/rust/master/src/tools/linkchecker/linkcheck.sh sh linkcheck.sh --all nomicon + + # The success job is here to consolidate the total success/failure state of + # all other jobs. This job is then included in the GitHub branch protection + # rule which prevents merges unless all other jobs are passing. This makes + # it easier to manage the list of jobs via this yml file and to prevent + # accidentally adding new jobs without also updating the branch protections. + success: + name: Success gate + if: always() + needs: + - test + runs-on: ubuntu-latest + steps: + - run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}' + - name: Done + run: exit 0 From f2ea02892a5f9413040d2f24edb096940f2b0d4e Mon Sep 17 00:00:00 2001 From: Gurinder Singh Date: Sat, 5 Oct 2024 13:04:29 +0530 Subject: [PATCH 8/8] Improve/fix description of drops --- src/destructors.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/destructors.md b/src/destructors.md index e70c5e1..975babe 100644 --- a/src/destructors.md +++ b/src/destructors.md @@ -102,7 +102,7 @@ struct Boxy { } ``` -will have its data1 and data2's fields destructors whenever it "would" be +will have the destructors of its `data1` and `data2` fields called whenever it "would" be dropped, even though it itself doesn't implement Drop. We say that such a type *needs Drop*, even though it is not itself Drop. @@ -163,8 +163,8 @@ impl Drop for SuperBox { # fn main() {} ``` -However this has fairly odd semantics: you're saying that a field that *should* -always be Some *may* be None, just because that happens in the destructor. Of +However this has fairly odd semantics: you are saying that a field that *should* +always be Some *may* be None, just because of what happens in the destructor. Of course this conversely makes a lot of sense: you can call arbitrary methods on self during the destructor, and this should prevent you from ever doing so after deinitializing the field. Not that it will prevent you from producing any other