rename ptr::invalid -> ptr::without_provenance by RalfJung · Pull Request #117658 · rust-lang/rust
labels
Nov 7, 2023bors added a commit to rust-lang/hashbrown that referenced this pull request
Nov 15, 2023
avoid using unstable ptr::invalid_mut I want to rename that function in rust-lang/rust#117658, but currently the build fails because hashbrown uses it.
bors
added
S-waiting-on-review
and removed S-waiting-on-bors
Status: Waiting on bors to run and complete tests. Bors will change the label on completion.labels
Feb 21, 2024
also introduce ptr::dangling matching NonNull::dangling
bors
added
S-waiting-on-bors
and removed S-waiting-on-review
Status: Awaiting review from the assignee but also interested parties.labels
Feb 21, 2024This was referenced
Feb 22, 2024github-actions bot pushed a commit to rust-lang/miri that referenced this pull request
Feb 22, 2024
rename ptr::invalid -> ptr::without_provenance It has long bothered me that `ptr::invalid` returns a pointer that is actually valid for zero-sized memory accesses. In general, it doesn't even make sense to ask "is this pointer valid", you have to ask "is this pointer valid for a given memory access". We could say that a pointer is invalid if it is not valid for *any* memory access, but [the way this FCP is going](rust-lang/unsafe-code-guidelines#472), it looks like *all* pointers will be valid for zero-sized memory accesses. Two possible alternative names emerged as people's favorites: 1. Something involving `dangling`, in analogy to `NonNull::dangling`. To avoid inconsistency with the `NonNull` method, the address-taking method could be called `dangling_at(addr: usize) -> *const T`. 2. `without_provenance`, to be symmetric with the inverse operation `ptr.addr_without_provenance()` (currently still called `ptr.addr()` but probably going to be renamed) I have no idea which one of these is better. I read [this comment](rust-lang/rust#117658 (comment)) as expressing a slight preference for something like the second option, so I went for that. I'm happy to go with `dangling_at` as well. Cc `@rust-lang/opsem`
This was referenced
Feb 25, 2024adpaco-aws added a commit to model-checking/kani that referenced this pull request
Feb 29, 2024
Upgrades the Rust toolchain to `nightly-2024-02-25`. The Rust compiler PRs that triggered changes in this upgrades are: * rust-lang/rust#121209 * rust-lang/rust#121309 * rust-lang/rust#120863 * rust-lang/rust#117772 * rust-lang/rust#117658 With rust-lang/rust#121309 some intrinsics became inlineable so their names became qualified. This made our `match` on the intrinsic name to fail in those cases, leaving them as unsupported constructs as in this example: ``` warning: Found the following unsupported constructs: - _RNvNtCscyGW2MM2t5j_4core10intrinsics8unlikelyCs1eohKeNmpdS_5arith (3) - caller_location (1) - foreign function (1) Verification will fail if one or more of these constructs is reachable. See https://model-checking.github.io/kani/rust-feature-support.html for more details. [...] Failed Checks: _RNvNtCscyGW2MM2t5j_4core10intrinsics8unlikelyCs1eohKeNmpdS_5arith is not currently supported by Kani. Please post your example at https://github.com/model-checking/kani/issues/new/choose File: "/home/ubuntu/.rustup/toolchains/nightly-2024-02-18-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/num/mod.rs", line 25, in core::num::<impl i8>::checked_add ``` We use `trimmed_name()` to work around this, but that may include type arguments if the intrinsic is defined on generics. So in those cases, we just take the first part of the name so we can keep the rest as before. Resolves #3044
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters