| commit | 5d328a1f62fe7c9d3a31d14b88dfa13310b7c989 | [log] [tgz] |
|---|---|---|
| author | bors <bors@rust-lang.org> | Wed May 22 13:04:14 2024 +0000 |
| committer | bors <bors@rust-lang.org> | Wed May 22 13:04:14 2024 +0000 |
| tree | b1f63b68a2831b90a56fccdd9230f95f814106bd | |
| parent | f0038a7c8fd8b5b8a949c92ae6419bcb59a09e72 [diff] | |
| parent | 9526ce60fd5bb46221f4a0c35dda694aa14716b0 [diff] |
Auto merge of #117329 - RalfJung:offset-by-zero, r=oli-obk,scottmcm offset: allow zero-byte offset on arbitrary pointers As per prior `@rust-lang/opsem` [discussion](https://github.com/rust-lang/opsem-team/issues/10) and [FCP](https://github.com/rust-lang/unsafe-code-guidelines/issues/472#issuecomment-1793409130): - Zero-sized reads and writes are allowed on all sufficiently aligned pointers, including the null pointer - Inbounds-offset-by-zero is allowed on all pointers, including the null pointer - `offset_from` on two pointers derived from the same allocation is always allowed when they have the same address This removes surprising UB (in particular, even C++ allows "nullptr + 0", which we currently disallow), and it brings us one step closer to an important theoretical property for our semantics ("provenance monotonicity": if operations are valid on bytes without provenance, then adding provenance can't make them invalid). The minimum LLVM we require (v17) includes https://reviews.llvm.org/D154051, so we can finally implement this. The `offset_from` change is needed to maintain the equivalence with `offset`: if `let ptr2 = ptr1.offset(N)` is well-defined, then `ptr2.offset_from(ptr1)` should be well-defined and return N. Now consider the case where N is 0 and `ptr1` dangles: we want to still allow offset_from here. I think we should change offset_from further, but that's a separate discussion. Fixes https://github.com/rust-lang/rust/issues/65108 [Tracking issue](https://github.com/rust-lang/rust/issues/117945) | [T-lang summary](https://github.com/rust-lang/rust/pull/117329#issuecomment-1951981106) Cc `@nikic`
Website | Getting started | Learn | Documentation | Contributing
This is the main source code repository for Rust. It contains the compiler, standard library, and documentation.
Performance: Fast and memory-efficient, suitable for critical services, embedded devices, and easily integrate with other languages.
Reliability: Our rich type system and ownership model ensure memory and thread safety, reducing bugs at compile-time.
Productivity: Comprehensive documentation, a compiler committed to providing great diagnostics, and advanced tooling including package manager and build tool (Cargo), auto-formatter (rustfmt), linter (Clippy) and editor support (rust-analyzer).
Read “Installation” from The Book.
If you really want to install from source (though this is not recommended), see INSTALL.md.
See https://www.rust-lang.org/community for a list of chat platforms and forums.
See CONTRIBUTING.md.
Rust is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0), with portions covered by various BSD-like licenses.
See LICENSE-APACHE, LICENSE-MIT, and COPYRIGHT for details.
The Rust Foundation owns and protects the Rust and Cargo trademarks and logos (the “Rust Trademarks”).
If you want to use these names or brands, please read the media guide.
Third-party logos may be subject to third-party copyrights and trademarks. See Licenses for details.