Skip to content

Commit 5d65123

Browse files
matthiaskrgrmatthiaskrgr
authored
Rollup merge of rust-lang#121681 - jswrenn:nix-visibility-analysis, r=compiler-errors
Safe Transmute: Revise safety analysis This PR migrates `BikeshedIntrinsicFrom` to a simplified safety analysis (described [here](rust-lang/project-safe-transmute#15)) that does not rely on analyzing the visibility of types and fields. The revised analysis treats primitive types as safe, and user-defined types as potentially carrying safety invariants. If Rust gains explicit (un)safe fields, this PR is structured so that it will be fairly easy to thread support for those annotations into the analysis. Notably, this PR removes the `Context` type parameter from `BikeshedIntrinsicFrom`. Most of the files changed by this PR are just UI tests tweaked to accommodate the removed parameter. r? `@compiler-errors`
2 parents 3d9b114 + 50ad9c2 commit 5d65123

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

core/src/mem/transmutability.rs

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@ use crate::marker::ConstParamTy;
66
/// any value of type `Self` are safely transmutable into a value of type `Dst`, in a given `Context`,
77
/// notwithstanding whatever safety checks you have asked the compiler to [`Assume`] are satisfied.
88
#[unstable(feature = "transmutability", issue = "99571")]
9-
#[lang = "transmute_trait"]
9+
#[cfg_attr(not(bootstrap), lang = "transmute_trait")]
1010
#[rustc_deny_explicit_impl(implement_via_object = false)]
1111
#[rustc_coinductive]
12-
pub unsafe trait BikeshedIntrinsicFrom<Src, Context, const ASSUME: Assume = { Assume::NOTHING }>
12+
pub unsafe trait BikeshedIntrinsicFrom<Src, const ASSUME: Assume = { Assume::NOTHING }>
1313
where
1414
Src: ?Sized,
1515
{
@@ -28,8 +28,9 @@ pub struct Assume {
2828
/// that violates Rust's memory model.
2929
pub lifetimes: bool,
3030

31-
/// When `true`, the compiler assumes that *you* have ensured that it is safe for you to violate the
32-
/// type and field privacy of the destination type (and sometimes of the source type, too).
31+
/// When `true`, the compiler assumes that *you* have ensured that no
32+
/// unsoundness will arise from violating the safety invariants of the
33+
/// destination type (and sometimes of the source type, too).
3334
pub safety: bool,
3435

3536
/// When `true`, the compiler assumes that *you* are ensuring that the source type is actually a valid

0 commit comments

Comments
 (0)