-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
static_mut_refs: Need edition migration guide documentation #123059
Comments
I opened rust-lang/edition-guide#299 as a step towards this. |
We talked about this in the edition meeting today. The page that we merged to the edition guide in rust-lang/edition-guide#299 is a good start, but we still want to see a bit more. We're hoping for the guide to cover an example showing why this is unsound, and then show how the simple cases could be rewritten using raw pointers, and maybe show a more complicated case showing where using a custom type instead would make sense. Looking in the recent crater results (#125384), it seems there are a lot of calls to |
Yes, from a user's perspective this definitely could definitely use more documentation still. For context, I am not a stranger to formally thinking about lifetimes/object provenance/… (having worked on compilers, memory model details, etc. before), but as far as I can tell not being involved in Rust language development, Rust's model here is still somewhat in flux, or at least it is not obvious to me where to go look for details. I just ran into this lint in a single-threaded embedded Rust context with some DMA buffers need to be a global The sentence "By first obtaining a raw pointer rather than directly taking a reference, (the safety requirements of) accesses through that pointer will be more familiar to |
If you have two pointers that alias, each in separate threads, and you're careful to only read or write through one of them at a time, that's sound. But if you create two mutable references that alias in separate threads (or otherwise), that's immediately UB, regardless of whether you ever racily read or write through those references. That's the difference. |
Thanks for the quick response. (I think) I understood the point about UB with two mutable references; I just wanted to illustrate how this change/the current guide page tripped me as a non-Rust-expert up with no good idea on how to follow up to confirm my interpretation. For instance, if as mentioned in the top post,
then a code example discussing this explicitly might help, i.e. that this is a way to silence the lint for cases where it really is safe to create a reference (acknowledging that that this is a non-local property of the program, etc.). In other words: While the top-line summary says "Taking a reference to a |
Your interpretation is correct. If you're interested and feel able, submit a PR. This issue is open because we know the docs here should be improved. |
Implicitly creating a reference and writing through it is indeed equivalent to doing the same write through a raw pointer. So this is likely a case of the lint not being able to tell that this is a short-lived guaranteed-used reference, where a raw pointer makes no difference. (You gave no code example so I can't be sure of this though, I am just guessing.) |
This is an attempt to provide more specific examples on how people can safely work around `static-mut-refs`. Closes rust-lang/rust#123059
I have posted rust-lang/edition-guide#354 with a first draft for some recommendations and examples. I would appreciate if anyone could look it over and provide suggestions for things to fix/change/add. |
The change for
static_mut_refs
in the 2024 Edition needs to have documentation (here) for how a user can perform a manual migration.This documentation should have a more complete explanation of why it is forbidden. Currently it just mentions use in multiple threads, but I don't think that is a complete description.
It also needs to explain to the user how to rewrite their code to make it work. My understanding is that someone can convert
&STATIC
to&*addr_of!(STATIC)
, which is equivalent, but still runs afoul of the exact same aliasing problems and undefined behavior, so I don't know if it makes sense to recommend that.&*addr_of!(…)
allowed?addr_of!
is appropriate?addr_of!
isn't the correct route, what should a user do to update their code?See also discussion at #114447 and
https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/static_mut_refs
The text was updated successfully, but these errors were encountered: