#[deny(unsafe_op_in_unsafe_fn)] in sys/wasm#74477
Conversation
|
(rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
There was a problem hiding this comment.
This is not an unsafe operation.
There was a problem hiding this comment.
My guess is that the unsafety here is basically just from the raw pointer, so we can say something like "ptr() is always valid"
There was a problem hiding this comment.
This is also not an unsafe operation.
src/libstd/sys/wasm/mutex_atomics.rs
Outdated
There was a problem hiding this comment.
This seems... odd. @alexcrichton, can you recall why lock() here is unsafe? It seems like it could be safe.
There was a problem hiding this comment.
The intrinsic has a *mut i32 in the signature which it modifies, so the intrinsic is unsafe.
src/libstd/sys/wasm/mutex_atomics.rs
Outdated
There was a problem hiding this comment.
Atomic operations are safe.
There was a problem hiding this comment.
Thank you for the review
|
☔ The latest upstream changes (presumably #74569) made this pull request unmergeable. Please resolve the merge conflicts. |
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
from
0054eb3 to
90d4625
Compare
|
☔ The latest upstream changes (presumably #73265) made this pull request unmergeable. Please resolve the merge conflicts. |
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
2 times, most recently
from
440f06c to
c0accca
Compare
|
This hasn't got any response for a while, r? @Mark-Simulacrum as you left some reviews. |
There was a problem hiding this comment.
Not an unsafe operation (please also fix the other atomics).
Mark-Simulacrum
added
S-waiting-on-author
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
from
c0accca to
fa379b4
Compare
|
@chansuke Ping from triage! What's the current status on this? i assume this is ready for review again? |
crlf0710
added
S-waiting-on-review
There was a problem hiding this comment.
I think this is a rebase failure -- this function seems to have been renamed to memory_atomic_wait32 on master. (I think there's one or two more cases where you have that).
There was a problem hiding this comment.
This is also not an unsafe operation.
There was a problem hiding this comment.
This is not an unsafe operation.
There was a problem hiding this comment.
This also lost the right name.
Mark-Simulacrum
added
S-waiting-on-author
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
from
fa379b4 to
353727b
Compare
|
@crlf0710 Sorry for the late reply. I fixed and now it's ready for the review. |
crlf0710
added
S-waiting-on-review
There was a problem hiding this comment.
I think this is still the wrong name, it should be memory_atomic_notify.
There was a problem hiding this comment.
Can you put this comment above the unsafe block instead?
Mark-Simulacrum
removed
the
S-waiting-on-review
Mark-Simulacrum
added
the
S-waiting-on-review
|
I think I likely approved the SGX changes a bit earlier than was warranted (sgx is also less critical in some sense as it's not to my knowledge something readily used by consumers, though I could be wrong). lock::lock() is defined in the alloc.rs file and is just taking a global lock if std is compiled with atomics enabled. We need the locks with multithreading because the allocator is called with |
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
from
4a17d19 to
2ff5965
Compare
library/std/src/sys/wasm/alloc.rs
Outdated
There was a problem hiding this comment.
There are two preconditions that we need to document for these calls:
- DLMALLOC access is safe: this is true because the lock gives us unique and non-reentrant access.
- Calling the function itself is safe: Preconditions on these functions match the trait method preconditions, so this is safe.
The comments so far only sort of talk about the first, but should address both. I think basically copy/pasting my two bullet points makes sense.
There was a problem hiding this comment.
This is not an unsafe operation and should not be inside the unsafe block. It also looks like are missing a safety comment about the first argument to memory_atomic_notify being a valid pointer.
There was a problem hiding this comment.
This is not an unsafe operation.
There was a problem hiding this comment.
I don't believe there are any unsafe operations here.
Mark-Simulacrum
added
S-waiting-on-author
chansuke
force-pushed
the
sys-wasm-unsafe-op-in-unsafe-fn
branch
from
2ff5965 to
d37b8cf
Compare
|
@rustbot modify labels: +S-waiting-on-review -S-waiting-on-author |
rustbot
added
S-waiting-on-review
|
@bors r+ rollup |
|
📌 Commit d37b8cf has been approved by |
bors
added
S-waiting-on-bors
…fe-fn, r=Mark-Simulacrum `#[deny(unsafe_op_in_unsafe_fn)]` in sys/wasm This is part of rust-lang#73904. This encloses unsafe operations in unsafe fn in `libstd/sys/wasm`. @rustbot modify labels: F-unsafe-block-in-unsafe-fn
…fe-fn, r=Mark-Simulacrum `#[deny(unsafe_op_in_unsafe_fn)]` in sys/wasm This is part of rust-lang#73904. This encloses unsafe operations in unsafe fn in `libstd/sys/wasm`. @rustbot modify labels: F-unsafe-block-in-unsafe-fn
Rollup of 10 pull requests Successful merges: - rust-lang#74477 (`#[deny(unsafe_op_in_unsafe_fn)]` in sys/wasm) - rust-lang#77836 (transmute_copy: explain that alignment is handled correctly) - rust-lang#78126 (Properly define va_arg and va_list for aarch64-apple-darwin) - rust-lang#78137 (Initialize tracing subscriber in compiletest tool) - rust-lang#78161 (Add issue template link to IRLO) - rust-lang#78214 (Tweak match arm semicolon removal suggestion to account for futures) - rust-lang#78247 (Fix rust-lang#78192) - rust-lang#78252 (Add codegen test for rust-lang#45964) - rust-lang#78268 (Do not try to report on closures to avoid ICE) - rust-lang#78295 (Add some regression tests) Failed merges: r? `@ghost`
11 participants
This is part of #73904.
This encloses unsafe operations in unsafe fn in
libstd/sys/wasm.@rustbot modify labels: F-unsafe-block-in-unsafe-fn