Tracking Issue for nonnull_provenance #135243
Labels
C-tracking-issue
Category: An issue tracking the progress of sth. like the implementation of an RFC
T-libs-api
Relevant to the library API team, which will review and decide on the PR/issue.
Comments
RalfJung
added
C-tracking-issue
This was referenced Jan 8, 2025
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this issue
Jan 9, 2025
…ratt
add missing provenance APIs on NonNull
This adds some provenance APIs that exist on raw pointers but have been forgotten on `NonNull`:
```rust
impl<T> NonNull<T> {
pub const fn without_provenance(addr: NonZero<usize>) -> Self;
pub fn from_exposed_provenance(addr: NonZero<usize>) -> Self;
}
impl<T: ?Sized> NonNull<T> {
pub fn expose_provenance(self) -> NonZero<usize>;
}
```
rust-lang/libs-team#518 is the ACP for the two exposed provenance ones; I forgot to include `without_provenance` there but I hope that, too, is uncontroversial (and anyway this PR only adds things unstably). Cc `@rust-lang/libs-api`
Tracking issue: rust-lang#135243
jhpratt
added a commit
to jhpratt/rust
that referenced
this issue
Jan 9, 2025
…ratt
add missing provenance APIs on NonNull
This adds some provenance APIs that exist on raw pointers but have been forgotten on `NonNull`:
```rust
impl<T> NonNull<T> {
pub const fn without_provenance(addr: NonZero<usize>) -> Self;
pub fn from_exposed_provenance(addr: NonZero<usize>) -> Self;
}
impl<T: ?Sized> NonNull<T> {
pub fn expose_provenance(self) -> NonZero<usize>;
}
```
rust-lang/libs-team#518 is the ACP for the two exposed provenance ones; I forgot to include `without_provenance` there but I hope that, too, is uncontroversial (and anyway this PR only adds things unstably). Cc ``@rust-lang/libs-api``
Tracking issue: rust-lang#135243
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jan 9, 2025
Rollup merge of rust-lang#135242 - RalfJung:nonnull-provenance, r=jhpratt add missing provenance APIs on NonNull This adds some provenance APIs that exist on raw pointers but have been forgotten on `NonNull`: ```rust impl<T> NonNull<T> { pub const fn without_provenance(addr: NonZero<usize>) -> Self; pub fn from_exposed_provenance(addr: NonZero<usize>) -> Self; } impl<T: ?Sized> NonNull<T> { pub fn expose_provenance(self) -> NonZero<usize>; } ``` rust-lang/libs-team#518 is the ACP for the two exposed provenance ones; I forgot to include `without_provenance` there but I hope that, too, is uncontroversial (and anyway this PR only adds things unstably). Cc `@rust-lang/libs-api` Tracking issue: rust-lang#135243
|
This |
jhpratt
added a commit
to jhpratt/rust
that referenced
this issue
Jan 11, 2025
…=jhpratt Use `NonNull::without_provenance` within the standard library This API removes the need for several `unsafe` blocks, and leads to clearer code. It uses feature `nonnull_provenance` (rust-lang#135243). Close rust-lang#135343
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jan 11, 2025
Rollup merge of rust-lang#135347 - samueltardieu:push-qvyxtxsqyxyr, r=jhpratt Use `NonNull::without_provenance` within the standard library This API removes the need for several `unsafe` blocks, and leads to clearer code. It uses feature `nonnull_provenance` (rust-lang#135243). Close rust-lang#135343
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jan 14, 2025
Less unsafe in `dangling`/`without_provenance` This PR was inspired by the new `NonNull::without_provenance` (cc rust-lang#135243 (comment)) since it made me realize that we could write `NonNull::dangling` in completely-safe code using other existing things. Then doing that led me to a few more places that could be simplified, like now that GVN will optimize Transmute-then-PtrToPtr, we can just implement `ptr::without_provenance` by calling `ptr::without_provenance_mut` since the shipped rlib of `core` ends up with the same single statement as the implementation (thanks to GVN merging the steps) and thus there's no need to duplicate the `transmute` -- and more importantly, no need to repeat a long safety comment. There did end up being a couple of other changes needed to avoid exploding certain bits of MIR, though -- like `<Box<[i32]>>::default()`'s MIR originally got way worse as certain things didn't inline, or had a bunch of extraneous UbChecks -- so there's a couple of other changes to solve that.
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jan 15, 2025
Less unsafe in `dangling`/`without_provenance` This PR was inspired by the new `NonNull::without_provenance` (cc rust-lang#135243 (comment)) since it made me realize that we could write `NonNull::dangling` in completely-safe code using other existing things. Then doing that led me to a few more places that could be simplified, like now that GVN will optimize Transmute-then-PtrToPtr, we can just implement `ptr::without_provenance` by calling `ptr::without_provenance_mut` since the shipped rlib of `core` ends up with the same single statement as the implementation (thanks to GVN merging the steps) and thus there's no need to duplicate the `transmute` -- and more importantly, no need to repeat a long safety comment. There did end up being a couple of other changes needed to avoid exploding certain bits of MIR, though -- like `<Box<[i32]>>::default()`'s MIR originally got way worse as certain things didn't inline, or had a bunch of extraneous UbChecks -- so there's a couple of other changes to solve that.
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jan 16, 2025
Less unsafe in `dangling`/`without_provenance` This PR was inspired by the new `NonNull::without_provenance` (cc rust-lang#135243 (comment)) since it made me realize that we could write `NonNull::dangling` in completely-safe code using other existing things. Then doing that led me to a few more places that could be simplified, like now that GVN will optimize Transmute-then-PtrToPtr, we can just implement `ptr::without_provenance` by calling `ptr::without_provenance_mut` since the shipped rlib of `core` ends up with the same single statement as the implementation (thanks to GVN merging the steps) and thus there's no need to duplicate the `transmute` -- and more importantly, no need to repeat a long safety comment. There did end up being a couple of other changes needed to avoid exploding certain bits of MIR, though -- like `<Box<[i32]>>::default()`'s MIR originally got way worse as certain things didn't inline, or had a bunch of extraneous UbChecks -- so there's a couple of other changes to solve that.
github-actions bot
pushed a commit
to tautschnig/verify-rust-std
that referenced
this issue
Mar 11, 2025
…ratt
add missing provenance APIs on NonNull
This adds some provenance APIs that exist on raw pointers but have been forgotten on `NonNull`:
```rust
impl<T> NonNull<T> {
pub const fn without_provenance(addr: NonZero<usize>) -> Self;
pub fn from_exposed_provenance(addr: NonZero<usize>) -> Self;
}
impl<T: ?Sized> NonNull<T> {
pub fn expose_provenance(self) -> NonZero<usize>;
}
```
rust-lang/libs-team#518 is the ACP for the two exposed provenance ones; I forgot to include `without_provenance` there but I hope that, too, is uncontroversial (and anyway this PR only adds things unstably). Cc `@rust-lang/libs-api`
Tracking issue: rust-lang#135243
github-actions bot
pushed a commit
to tautschnig/verify-rust-std
that referenced
this issue
Mar 11, 2025
…=jhpratt Use `NonNull::without_provenance` within the standard library This API removes the need for several `unsafe` blocks, and leads to clearer code. It uses feature `nonnull_provenance` (rust-lang#135243). Close rust-lang#135343
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Feature gate:
#![feature(nonnull_provenance)]This is a tracking issue for some provenance functions on NonNull that were missed in the initial strict provenance stabilization.
Public API
Steps / History
Unresolved Questions
Footnotes
https://std-dev-guide.rust-lang.org/feature-lifecycle/stabilization.html ↩
The text was updated successfully, but these errors were encountered: