From 13f3461b78d168b2d9e03fa08e35934d5505917d Mon Sep 17 00:00:00 2001 From: Funkill Date: Thu, 17 Oct 2024 15:28:32 +0400 Subject: [PATCH] update rust 1.82 draft --- .../announcements/2024-10-17-Rust-1.82.0.md | 152 ++++++++++-------- 1 file changed, 87 insertions(+), 65 deletions(-) diff --git a/originals/announcements/2024-10-17-Rust-1.82.0.md b/originals/announcements/2024-10-17-Rust-1.82.0.md index c720a20..95b6cc1 100644 --- a/originals/announcements/2024-10-17-Rust-1.82.0.md +++ b/originals/announcements/2024-10-17-Rust-1.82.0.md @@ -26,7 +26,7 @@ Cargo now has an [`info` subcommand](https://doc.rust-lang.org/nightly/cargo/com For example, here's what you could see for `cargo info cc`: 
-cc #build-dependencies
+cc #build-dependencies
 A build-time dependency for Cargo build scripts to assist in invoking the native
 C compiler to compile native C code into a static archive to be linked into Rust
 code.
@@ -41,15 +41,15 @@ code.
   jobserver = []
   parallel  = [dep:libc, dep:jobserver]
 note: to see how you depend on cc, run `cargo tree --invert --package cc@1.1.23`
-
+ -By default `cargo info` describes the package version in the local `Cargo.lock`, if any, but as you can see it will indicate when there's a newer version too, and `cargo info cc@1.1.30` would report on that. The feature list also indicates a `+` next to any that are enabled. +By default, `cargo info` describes the package version in the local `Cargo.lock`, if any. As you can see, it will indicate when there's a newer version too, and `cargo info cc@1.1.30` would report on that. ### Apple target promotions -#### macOS on ARM64 is now Tier 1 +#### macOS on 64-bit ARM is now Tier 1 -The Rust target `aarch64-apple-darwin` for macOS on ARM64 (M1-family or later Apple Silicon CPUs) is now a tier 1 target, indicating our highest guarantee of working properly. As the [platform support](https://doc.rust-lang.org/stable/rustc/platform-support.html) page describes, every change in the Rust repository must pass full tests on every tier 1 target before it can be merged. This ARM64 target was added to tier 2 back in Rust 1.49, making it available in `rustup`, and this new milestone raises it on par with ARM64 Linux and the X86 macOS, Linux, and Windows targets. +The Rust target `aarch64-apple-darwin` for macOS on 64-bit ARM (M1-family or later Apple Silicon CPUs) is now a tier 1 target, indicating our highest guarantee of working properly. As the [platform support](https://doc.rust-lang.org/stable/rustc/platform-support.html) page describes, every change in the Rust repository must pass full tests on every tier 1 target before it can be merged. This target was introduced as tier 2 back in Rust 1.49, making it available in `rustup`. This new milestone puts the `aarch64-apple-darwin` target on par with the 64-bit ARM Linux and the X86 macOS, Linux, and Windows targets. #### Mac Catalyst targets are now Tier 2 @@ -57,45 +57,9 @@ The Rust target `aarch64-apple-darwin` for macOS on ARM64 (M1-family or later Ap [The targets](https://doc.rust-lang.org/nightly/rustc/platform-support/apple-ios-macabi.html) are now tier 2, and can be downloaded with `rustup target add aarch64-apple-ios-macabi x86_64-apple-ios-macabi`, so now is an excellent time to update your CI pipeline to test that your code also runs in iOS-like environments. -### Minimal exhaustive patterns - -Empty patterns can now be omitted in common cases: - -```rust -use std::convert::Infallible; -pub fn safe_unwrap(x: Result) -> T { - let Ok(x) = x; // the `Err` case does not need to appear - x -} -``` - -This works with empty types such as a variant-less `enum Void {}`, or structs and enums with a visible empty field and no `#[non_exhaustive]` attribute. It will also be particularly useful in combination with the never type `!`, although that type is still unstable at this time. - -This feature is "minimal" because there are still some exclusions at this time. For reasons related to uninitialized values and unsafe code, omitting patterns is not allowed if the empty type is accessed through a reference, pointer, or union field: - -```rust -pub fn safe_unwrap_ref(x: &Result) -> &T { - match x { - Ok(x) => x, - // this branch cannot be omitted because of the reference - Err(infallible) => match *infallible {}, - } -} -``` - -To avoid interfering with crates that wish to support several rust versions, branches with empty patterns are not yet warned as "unreachable", despite the fact that they can be removed. - -### Floating-point NaN semantics and `const` - -Operations on floating-point values (of type `f32` and `f64`) are famously subtle. One of the reasons for this is the existence of "NaN values": this is short for "Not a Number", and is used to represent e.g. the result of `0.0 / 0.0`. What makes NaN values subtle is that more than one possible NaN value exists: a NaN value has a sign that can be checked with `f.is_sign_positive()`, and it has a "payload" that can be extracted with `f.to_bits()`. Despite very successful efforts to standardize the behavior of floating-point operations across hardware architectures, the details of when a NaN is positive or negative and what its exact payload is differ across architectures. To make matters even more complicated, Rust and its LLVM backend apply optimizations to floating-point operations when the exact numeric result is guaranteed not to change, but those optimizations can change which NaN value is produced. For instance, `f * 1.0` may be optimized to just `f`. However, if `f` is a NaN, this can change the exact bit pattern of the result! - -With this release, Rust standardizes on a set of rules for how NaN values behave. This set of rules is *not* fully deterministic, which means that the result of operations like `(0.0 / 0.0).is_sign_positive()` can differ depending on the hardware architecture, optimization levels, and the surrounding code. Code that aims to be fully portable should avoid using `to_bits` and should use `f.signum() == 1.0` instead of `f.is_sign_positive()`. However, the rules are carefully chosen to still allow advanced optimization techniques such as NaN boxing to be realized in Rust code. For more details on what the exact rules are, check out our [documentation](https://doc.rust-lang.org/std/primitive.f32.html#nan-bit-patterns). - -With the semantics for NaN values settled, this release also permits the use of floating-point operations in `const fn`. Due to the reasons described above, operations like `(0.0 / 0.0).is_sign_positive()` can produce a different result when executed at compile-time vs at run-time; this is not a bug and code must not rely on a `const fn` always producing the exact same result. - ### Native syntax for creating a raw pointer -Unsafe code sometimes has to deal with pointers that may dangle, may be misaligned, or may not point to valid data. A common case where this comes up are packed structs. In such a case, it is important to avoid creating a reference, as that would cause undefined behavior. This means the usual `&` and `&mut` operators cannot be used, as those create a reference -- even if the reference is immediately cast to a raw pointer, it's too late to avoid the undefined behavior. +Unsafe code sometimes has to deal with pointers that may dangle, may be misaligned, or may not point to valid data. A common case where this comes up are `repr(packed)` structs. In such a case, it is important to avoid creating a reference, as that would cause undefined behavior. This means the usual `&` and `&mut` operators cannot be used, as those create a reference -- even if the reference is immediately cast to a raw pointer, it's too late to avoid the undefined behavior. For several years, the macros `std::ptr::addr_of!` and `std::ptr::addr_of_mut!` have served this purpose. Now the time has come to provide a proper native syntax for this operation: `addr_of!(expr)` becomes `&raw const expr`, and `addr_of_mut!(expr)` becomes `&raw mut expr`. For example: @@ -127,51 +91,81 @@ fn main() { The native syntax makes it more clear that the operand expression of these operators is interpreted as a [place expression](https://www.ralfj.de/blog/2024/08/14/places.html). It also avoids the term "address-of" when referring to the action of creating a pointer. A pointer is [more than just an address](https://rust-lang.github.io/rfcs/3559-rust-has-provenance.html), so Rust is moving away from terms like "address-of" that reaffirm a false equivalence of pointers and addresses. -### Safely addressing unsafe `static`s +### Safe items in `unsafe extern` -This code is now allowed: +Rust code can use functions and statics from foreign code. The type signatures of these foreign items are provided in `extern` blocks. Historically, all items within `extern` blocks have been unsafe to call, but we didn't have to write `unsafe` anywhere on the `extern` block itself. + +However, if a signature within the `extern` block is incorrect, then using that item will result in undefined behavior. Would that be the fault of the person who wrote the `extern` block, or the person who used that item? + +We've decided that it's the responsibility of the person writing the `extern` block to ensure that all signatures contained within it are correct, and so we now allow writing `unsafe extern`: ```rust -static mut STATIC_MUT: Type = Type::new(); -extern "C" { - static EXTERN_STATIC: Type; -} -fn main() { - let static_mut_ptr = std::ptr::addr_of_mut!(STATIC_MUT); - let extern_static_ptr = &raw const EXTERN_STATIC; +unsafe extern { + pub safe fn sqrt(x: f64) -> f64; + pub unsafe fn strlen(p: *const u8) -> usize; } ``` -In an expression context, `STATIC_MUT` and `EXTERN_STATIC` are [place expressions](https://doc.rust-lang.org/reference/expressions.html#place-expressions-and-value-expressions). Previously, the compiler's safety checks were not aware that the raw ref operator did not actually affect the operand's place, treating it as a possible read or write to a pointer. No unsafety is actually present, however, as it just creates a pointer. - -Relaxing this may cause problems where some unsafe blocks are now reported as unused if you deny the `unused_unsafe` lint, but they are now only useful on older versions. Annotate these unsafe blocks with `#[allow(unused_unsafe)]` if you wish to support multiple versions of Rust, as in this example diff: +One benefit of this is that items within an `unsafe extern` block can be marked as safe to call. In the above example, we can call `sqrt` without using `unsafe`. Items that aren't marked with either `safe` or `unsafe` are conservatively assumed to be `unsafe`. -```diff - static mut STATIC_MUT: Type = Type::new(); - fn main() { -+ #[allow(unused_unsafe)] - let static_mut_ptr = unsafe { std::ptr::addr_of_mut!(STATIC_MUT) }; - } -``` +In future releases, we'll be encouraging the use of `unsafe extern` with lints. Starting in Rust 2024, using `unsafe extern` will be required. -A future version of Rust is expected to generalize this to other expressions which would be safe in this position, not just statics. +For further details, see [RFC 3484](https://github.com/rust-lang/rfcs/blob/master/text/3484-unsafe-extern-blocks.md) and the ["Unsafe extern blocks"](https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-extern.html) chapter of the edition guide. ### Unsafe attributes -Some Rust attributes, such as `no_mangle`, can be used to [cause Undefined Behavior without any `unsafe` block](https://github.com/rust-lang/rust/issues/28179). If this was regular code we would require them to be placed in an `unsafe {}` block, but so far attributes have not had comparable syntax. To reflect the fact that these attributes can undermine Rust's safety guarantees, they are now considered "unsafe" and should be written as follows: +Some Rust attributes, such as [`no_mangle`](https://doc.rust-lang.org/reference/abi.html#the-no_mangle-attribute), can be used to [cause Undefined Behavior without any `unsafe` block](https://github.com/rust-lang/rust/issues/28179). If this was regular code we would require them to be placed in an `unsafe {}` block, but so far attributes have not had comparable syntax. To reflect the fact that these attributes can undermine Rust's safety guarantees, they are now considered "unsafe" and should be written as follows: ```rust #[unsafe(no_mangle)] pub fn my_global_function() { } ``` -The old form of the attribute (without `unsafe`) is currently still accepted, but might be linted against at some point in the future, and will be a hard error in a future edition. +The old form of the attribute (without `unsafe`) is currently still accepted, but might be linted against at some point in the future, and will be a hard error in Rust 2024. This affects the following attributes: - `no_mangle` - `link_section` - `export_name` +For further details, see the ["Unsafe attributes"](https://doc.rust-lang.org/nightly/edition-guide/rust-2024/unsafe-attributes.html) chapter of the edition guide. + +### Omitting empty types in pattern matching + +Patterns which match empty (a.k.a. uninhabited) types by value can now be omitted: + +```rust +use std::convert::Infallible; +pub fn unwrap_without_panic(x: Result) -> T { + let Ok(x) = x; // the `Err` case does not need to appear + x +} +``` + +This works with empty types such as a variant-less `enum Void {}`, or structs and enums with a visible empty field and no `#[non_exhaustive]` attribute. It will also be particularly useful in combination with the never type `!`, although that type is still unstable at this time. + +There are still some cases where empty patterns must still be written. For reasons related to uninitialized values and unsafe code, omitting patterns is not allowed if the empty type is accessed through a reference, pointer, or union field: + +```rust +pub fn unwrap_ref_without_panic(x: &Result) -> &T { + match x { + Ok(x) => x, + // this arm cannot be omitted because of the reference + Err(infallible) => match *infallible {}, + } +} +``` + +To avoid interfering with crates that wish to support several Rust versions, `match` arms with empty patterns are not yet reported as “unreachable code” warnings, despite the fact that they can be removed. + +### Floating-point NaN semantics and `const` + +Operations on floating-point values (of type `f32` and `f64`) are famously subtle. One of the reasons for this is the existence of "NaN values": this is short for "not a number", and is used to represent e.g. the result of `0.0 / 0.0`. What makes NaN values subtle is that more than one possible NaN value exists: a NaN value has a sign that can be checked with `f.is_sign_positive()`, and it has a "payload" that can be extracted with `f.to_bits()`. Despite very successful efforts to standardize the behavior of floating-point operations across hardware architectures, the details of when a NaN is positive or negative and what its exact payload is differ across architectures. To make matters even more complicated, Rust and its LLVM backend apply optimizations to floating-point operations when the exact numeric result is guaranteed not to change, but those optimizations can change which NaN value is produced. For instance, `f * 1.0` may be optimized to just `f`. However, if `f` is a NaN, this can change the exact bit pattern of the result! + +With this release, Rust standardizes on a set of rules for how NaN values behave. This set of rules is *not* fully deterministic, which means that the result of operations like `(0.0 / 0.0).is_sign_positive()` can differ depending on the hardware architecture, optimization levels, and the surrounding code. Code that aims to be fully portable should avoid using `to_bits` and should use `f.signum() == 1.0` instead of `f.is_sign_positive()`. However, the rules are carefully chosen to still allow advanced data representation techniques such as NaN boxing to be implemented in Rust code. For more details on what the exact rules are, check out our [documentation](https://doc.rust-lang.org/std/primitive.f32.html#nan-bit-patterns). + +With the semantics for NaN values settled, this release also permits the use of floating-point operations in `const fn`. Due to the reasons described above, operations like `(0.0 / 0.0).is_sign_positive()` can produce a different result when executed at compile-time vs at run-time; this is not a bug and code must not rely on a `const fn` always producing the exact same result. + ### Constants as assembly immediates The `const` assembly operand now provides a way to use integers as immediates @@ -228,6 +222,35 @@ mov rax, rax # save the return value See [the reference](https://doc.rust-lang.org/reference/inline-assembly.html) for more details. +### Safely addressing unsafe `static`s + +This code is now allowed: + +```rust +static mut STATIC_MUT: Type = Type::new(); +extern "C" { + static EXTERN_STATIC: Type; +} +fn main() { + let static_mut_ptr = &raw mut STATIC_MUT; + let extern_static_ptr = &raw const EXTERN_STATIC; +} +``` + +In an expression context, `STATIC_MUT` and `EXTERN_STATIC` are [place expressions](https://doc.rust-lang.org/reference/expressions.html#place-expressions-and-value-expressions). Previously, the compiler's safety checks were not aware that the raw ref operator did not actually affect the operand's place, treating it as a possible read or write to a pointer. No unsafety is actually present, however, as it just creates a pointer. + +Relaxing this may cause problems where some unsafe blocks are now reported as unused if you deny the `unused_unsafe` lint, but they are now only useful on older versions. Annotate these unsafe blocks with `#[allow(unused_unsafe)]` if you wish to support multiple versions of Rust, as in this example diff: + +```diff + static mut STATIC_MUT: Type = Type::new(); + fn main() { ++ #[allow(unused_unsafe)] + let static_mut_ptr = unsafe { std::ptr::addr_of_mut!(STATIC_MUT) }; + } +``` + +A future version of Rust is expected to generalize this to other expressions which would be safe in this position, not just statics. + ### Stabilized APIs - [`std::thread::Builder::spawn_unchecked`](https://doc.rust-lang.org/stable/std/thread/struct.Builder.html#method.spawn_unchecked) @@ -305,7 +328,6 @@ for more details. These APIs are now stable in const contexts: - [`std::task::Waker::from_raw`](https://doc.rust-lang.org/nightly/std/task/struct.Waker.html#method.from_raw) -- [`std::task::Waker::waker`](https://doc.rust-lang.org/nightly/std/task/struct.Waker.html#method.from_raw) - [`std::task::Context::from_waker`](https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.from_waker) - [`std::task::Context::waker`](https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.waker) - [`$integer::from_str_radix`](https://doc.rust-lang.org/nightly/std/primitive.u32.html#method.from_str_radix)