Skip to content

make abort intrinsic safe, and correct its documentation #72204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 17, 2020
Merged

make abort intrinsic safe, and correct its documentation #72204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/liballoc/rc.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2035,6 +2035,8 @@ trait RcBoxPtr<T: ?Sized> {
// nevertheless, we insert an abort here to hint LLVM at
// an otherwise missed optimization.
if strong == 0 || strong == usize::max_value() {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand All @@ -2061,6 +2063,8 @@ trait RcBoxPtr<T: ?Sized> {
// nevertheless, we insert an abort here to hint LLVM at
// an otherwise missed optimization.
if weak == 0 || weak == usize::max_value() {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand Down
5 changes: 5 additions & 0 deletions src/liballoc/sync.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1096,6 +1096,8 @@ impl<T: ?Sized> Clone for Arc<T> {
// We abort because such a program is incredibly degenerate, and we
// don't care to support it.
if old_size > MAX_REFCOUNT {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand Down Expand Up @@ -1614,6 +1616,8 @@ impl<T: ?Sized> Weak<T> {

// See comments in `Arc::clone` for why we do this (for `mem::forget`).
if n > MAX_REFCOUNT {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand Down Expand Up @@ -1753,6 +1757,7 @@ impl<T: ?Sized> Clone for Weak<T> {

// See comments in Arc::clone() for why we do this (for mem::forget).
if old_size > MAX_REFCOUNT {
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
abort();
}
Expand Down
5 changes: 2 additions & 3 deletions src/libcore/cell.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,10 +133,9 @@
//! `Cell<T>`.
//!
//! ```
//! #![feature(core_intrinsics)]
//! use std::cell::Cell;
//! use std::ptr::NonNull;
//! use std::intrinsics::abort;
//! use std::process::abort;
//! use std::marker::PhantomData;
//!
//! struct Rc<T: ?Sized> {
Expand Down Expand Up @@ -173,7 +172,7 @@
//! .strong
//! .set(self.strong()
//! .checked_add(1)
//! .unwrap_or_else(|| unsafe { abort() }));
//! .unwrap_or_else(|| abort() ));
//! }
//! }
//!
Expand Down
2 changes: 1 addition & 1 deletion src/libcore/intrinsics.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -918,7 +918,7 @@ extern "rust-intrinsic" {

/// Aborts the execution of the process.
///
/// The stabilized version of this intrinsic is
/// A more user-friendly and stable version of this operation is
/// [`std::process::abort`](../../std/process/fn.abort.html).
pub fn abort() -> !;

Expand Down
18 changes: 15 additions & 3 deletions src/libcore/panicking.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,12 @@ use crate::panic::{Location, PanicInfo};
#[lang = "panic"] // needed by codegen for panic on overflow and other `Assert` MIR terminators
pub fn panic(expr: &str) -> ! {
if cfg!(feature = "panic_immediate_abort") {
// remove `unsafe` (and safety comment) on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
// SAFETY: the `abort` intrinsic has no requirements to be called.
unsafe { super::intrinsics::abort() }
unsafe {
super::intrinsics::abort()
}
}

// Use Arguments::new_v1 instead of format_args!("{}", expr) to potentially
Expand All @@ -58,8 +62,12 @@ pub fn panic(expr: &str) -> ! {
#[lang = "panic_bounds_check"] // needed by codegen for panic on OOB array/slice access
fn panic_bounds_check(index: usize, len: usize) -> ! {
if cfg!(feature = "panic_immediate_abort") {
// remove `unsafe` (and safety comment) on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
// SAFETY: the `abort` intrinsic has no requirements to be called.
unsafe { super::intrinsics::abort() }
unsafe {
super::intrinsics::abort()
}
}

panic!("index out of bounds: the len is {} but the index is {}", len, index)
Expand All @@ -72,8 +80,12 @@ fn panic_bounds_check(index: usize, len: usize) -> ! {
#[track_caller]
pub fn panic_fmt(fmt: fmt::Arguments<'_>) -> ! {
if cfg!(feature = "panic_immediate_abort") {
// remove `unsafe` (and safety comment) on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
// SAFETY: the `abort` intrinsic has no requirements to be called.
unsafe { super::intrinsics::abort() }
unsafe {
super::intrinsics::abort()
}
}

// NOTE This function never crosses the FFI boundary; it's a Rust-to-Rust call
Expand Down
5 changes: 4 additions & 1 deletion src/libpanic_unwind/seh.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,5 +327,8 @@ pub unsafe fn cleanup(payload: *mut u8) -> Box<dyn Any + Send> {
#[lang = "eh_personality"]
#[cfg(not(test))]
fn rust_eh_personality() {
unsafe { core::intrinsics::abort() }
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
core::intrinsics::abort()
}
}
6 changes: 4 additions & 2 deletions src/librustc_typeck/check/intrinsic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ fn equate_intrinsic_type<'tcx>(
/// Returns `true` if the given intrinsic is unsafe to call or not.
pub fn intrinsic_operation_unsafety(intrinsic: &str) -> hir::Unsafety {
match intrinsic {
"size_of" | "min_align_of" | "needs_drop" | "caller_location" | "size_of_val"
"abort" | "size_of" | "min_align_of" | "needs_drop" | "caller_location" | "size_of_val"
| "min_align_of_val" | "add_with_overflow" | "sub_with_overflow" | "mul_with_overflow"
| "wrapping_add" | "wrapping_sub" | "wrapping_mul" | "saturating_add"
| "saturating_sub" | "rotate_left" | "rotate_right" | "ctpop" | "ctlz" | "cttz"
Expand Down Expand Up @@ -130,7 +130,9 @@ pub fn check_intrinsic_type(tcx: TyCtxt<'_>, it: &hir::ForeignItem<'_>) {
}
};
(n_tps, inputs, output, hir::Unsafety::Unsafe)
} else if &name[..] == "abort" || &name[..] == "unreachable" {
} else if &name[..] == "abort" {
(0, Vec::new(), tcx.types.never, hir::Unsafety::Normal)
} else if &name[..] == "unreachable" {
(0, Vec::new(), tcx.types.never, hir::Unsafety::Unsafe)
} else {
let unsafety = intrinsic_operation_unsafety(&name[..]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yea, we should just pull this function call out of the if and remove the manual computation of it in for the above cases.

Expand Down
20 changes: 16 additions & 4 deletions src/libstd/panicking.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,10 @@ pub fn panicking() -> bool {
#[cfg_attr(feature = "panic_immediate_abort", inline)]
pub fn begin_panic_fmt(msg: &fmt::Arguments<'_>) -> ! {
if cfg!(feature = "panic_immediate_abort") {
unsafe { intrinsics::abort() }
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
intrinsics::abort()
}
}

let info = PanicInfo::internal_constructor(Some(msg), Location::caller());
Expand Down Expand Up @@ -398,7 +401,10 @@ pub fn begin_panic_handler(info: &PanicInfo<'_>) -> ! {
#[track_caller]
pub fn begin_panic<M: Any + Send>(msg: M) -> ! {
if cfg!(feature = "panic_immediate_abort") {
unsafe { intrinsics::abort() }
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
intrinsics::abort()
}
}

rust_panic_with_hook(&mut PanicPayload::new(msg), None, Location::caller());
Expand Down Expand Up @@ -458,7 +464,10 @@ fn rust_panic_with_hook(
"thread panicked while processing \
panic. aborting.\n"
));
unsafe { intrinsics::abort() }
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
intrinsics::abort()
}
}

unsafe {
Expand Down Expand Up @@ -493,7 +502,10 @@ fn rust_panic_with_hook(
"thread panicked while panicking. \
aborting.\n"
));
unsafe { intrinsics::abort() }
#[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
unsafe {
intrinsics::abort()
}
}

rust_panic(payload)
Expand Down
2 changes: 2 additions & 0 deletions src/libstd/sync/mpsc/shared.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,8 @@ impl<T> Packet<T> {

// See comments on Arc::clone() on why we do this (for `mem::forget`).
if old_count > MAX_REFCOUNT {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand Down
2 changes: 2 additions & 0 deletions src/libstd/sync/mpsc/sync.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,6 +358,8 @@ impl<T> Packet<T> {

// See comments on Arc::clone() on why we do this (for `mem::forget`).
if old_count > MAX_REFCOUNT {
// remove `unsafe` on bootstrap bump
#[cfg_attr(not(bootstrap), allow(unused_unsafe))]
unsafe {
abort();
}
Expand Down