-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tracking Issue for Rust 2024: Make std::env::{set_var, remove_var}
unsafe
#124866
Comments
I'm really not a big fan of this, because I think the best solution would be to contribute new API to glibc/musl... that behaves correctly (e.g. by copying the |
@joboet The nooks and crannies of this issue have been discussed at length already. Your suggestion to "add a new API" to glibc/musl has been brought up before and it isn't viable. I would suggest at least skimming through that thread, and pay special attention to richfelker's comments if you think the solution to this problem can come from libc. (He is the maintainer of musl.)
I don't think anyone is a big fan of this. The fact that Windows has a safe API for this isn't sufficient criteria for marking a platform independent API safe that is unsafe on some set of supported tier1 platforms. The answer here is to probably to publish a crate that exposes the safe Windows specific API. |
I agree. I hope someone will pursue this. However, there was, as far as I can tell, basically zero progress on this in the almost 9 years (!) since #27970 was filed. I see no reason to believe that a fix for this will materialize medium-term (let's say, ≤ 5 years). Even on a 10-year scale I am not optimistic that anything will happen. Saying we have to wait until Linux and macOS get their APIs fixed is, at this point, basically equivalent to saying we're okay with this just not being fixed, and std being perpetually unsound when programs combine Rust code and C code. Given that the best solution is just unrealistic, we should pursue the second-best solution, and that's what we are doing right now. I'm very happy to finally see progress on this.
The safety constraint is basically, don't mutate the environment if another thread may exist. That's the only way we can be sure there's no concurrently running C code. This is sad, but two of our Tier 1 OSes do not support anything better than that, and we can either accept or deny this fact but it remains a fact. This hopefully pushes the Rust ecosystem towards APIs that avoid the need for mutating the environment. |
Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
@rustbot claim |
Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
Make `std::env::{set_var, remove_var}` unsafe in edition 2024 Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
Make `std::env::{set_var, remove_var}` unsafe in edition 2024 Allow calling these functions without `unsafe` blocks in editions up until 2021, but don't trigger the `unused_unsafe` lint for `unsafe` blocks containing these functions. Fixes rust-lang#27970. Fixes rust-lang#90308. CC rust-lang#124866.
It's a bit unclear to me why the migration lint was named Footnotes
|
Hi, is this considered a breaking change? The patch for this is available in Rust nightly 1.80 2024-05-31, and Nix encountered this even though we are using Rust 2021. |
@SteveLauC This should only fire in 2024. If you are encountering a problem, please open a new issue with a reproduction. |
Hi, thanks for your reply! issue filed. |
Of course it's possible to rename the lint, if we want to do that.
My thinking was that the |
In this particular case, it's because the set of unsafe functions that need to be migrated for 2024 will be fixed once 2024 is stabilized. The lint machinery itself does not support a single lint spanning multiple editions (and that is the reason why keyword_idents was split up), so As for @workingjubilee's context about fixing soundness, there is some latitude to make fixes regarding soundness, but in this case it was decided to fix it in a non-breaking manner. (Unless I'm misunderstanding the point being drawn?) |
…safe_fn, r=Nadrieril Don't trigger `unsafe_op_in_unsafe_fn` for deprecated safe fns Fixes rust-lang#125875. Tracking: - rust-lang#124866
…safe_fn, r=Nadrieril Don't trigger `unsafe_op_in_unsafe_fn` for deprecated safe fns Fixes rust-lang#125875. Tracking: - rust-lang#124866
Rollup merge of rust-lang#125925 - tbu-:pr_unsafe_env_unsafe_op_in_unsafe_fn, r=Nadrieril Don't trigger `unsafe_op_in_unsafe_fn` for deprecated safe fns Fixes rust-lang#125875. Tracking: - rust-lang#124866
Posted a draft of the docs at rust-lang/edition-guide#304 if anyone wants to help review that. |
Add TODO comment to unsafe env modification Addresses rust-lang#124636 (comment). I think that the diff display regresses a little, because it's no longer showing the `+` to show where the `unsafe {}` is added. I think it's still fine. Tracking: - rust-lang#124866 r? `@RalfJung`
Rollup merge of rust-lang#126019 - tbu-:pr_unsafe_env_fixme, r=fee1-dead Add TODO comment to unsafe env modification Addresses rust-lang#124636 (comment). I think that the diff display regresses a little, because it's no longer showing the `+` to show where the `unsafe {}` is added. I think it's still fine. Tracking: - rust-lang#124866 r? `@RalfJung`
Create a lint group `deprecated_safe` that includes `deprecated_safe_2024`. Addresses rust-lang#124866 (comment).
Rename `deprecated_safe` lint to `deprecated_safe_2024` Create a lint group `deprecated_safe` that includes `deprecated_safe_2024`. Addresses rust-lang#124866 (comment). r? `@ehuss`
Rollup merge of rust-lang#125990 - tbu-:pr_unsafe_env_lint_name, r=ehuss Rename `deprecated_safe` lint to `deprecated_safe_2024` Create a lint group `deprecated_safe` that includes `deprecated_safe_2024`. Addresses rust-lang#124866 (comment). r? `@ehuss`
…trochenkov Allow to customize `// TODO:` comment for deprecated safe autofix Relevant for the deprecation of `CommandExt::before_exit` in rust-lang#125970. Tracking: - rust-lang#124866
…trochenkov Allow to customize `// TODO:` comment for deprecated safe autofix Relevant for the deprecation of `CommandExt::before_exit` in rust-lang#125970. Tracking: - rust-lang#124866
Rollup merge of rust-lang#127857 - tbu-:pr_deprecated_safe_todo, r=petrochenkov Allow to customize `// TODO:` comment for deprecated safe autofix Relevant for the deprecation of `CommandExt::before_exit` in rust-lang#125970. Tracking: - rust-lang#124866
CommandExt::before_exec: deprecate safety in edition 2024 Similar to `set_var`, we had to find out after 1.0 was released that `before_exec` should have been unsafe. We partially rectified this by deprecating that function a long time ago, but since rust-lang#124636 we have the ability to also deprecate the safety of the old function and make it a *hard error* to call the old function outside `unsafe` in the next edition. So just in case anyone still uses the old function, let's ensure this can't be ignored when moving code to the new edition. Cc `@rust-lang/libs-api` Tracking: - rust-lang#124866
Rollup merge of rust-lang#125970 - RalfJung:before_exec, r=m-ou-se CommandExt::before_exec: deprecate safety in edition 2024 Similar to `set_var`, we had to find out after 1.0 was released that `before_exec` should have been unsafe. We partially rectified this by deprecating that function a long time ago, but since rust-lang#124636 we have the ability to also deprecate the safety of the old function and make it a *hard error* to call the old function outside `unsafe` in the next edition. So just in case anyone still uses the old function, let's ensure this can't be ignored when moving code to the new edition. Cc `@rust-lang/libs-api` Tracking: - rust-lang#124866
I think set_current_dir should also be mark to unsafe, but seems to miss it? |
If you know some way in which that operation is unsafe, please file an issue. But to my knowledge, |
@RalfJung You're right, that surprises me a bit. My impression of this comes from https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setcurrentdirectory
but this seems to be just condition race, not thread safety. |
This has been discussed before. E.g. for Windows #37984 (Raymond Chen, of oldnewthing, makes an appearance in the last comment). |
This is a tracking issue for making
std::env::{set_var, remove_var}
unsafe to call in Rust 2024.About tracking issues
Tracking issues are used to record the overall progress of implementation. They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions. A tracking issue is however not meant for large scale discussion, questions, or bug reports about a feature. Instead, open a dedicated issue for the specific matter and add the relevant feature gate label.
Steps
std::env::{set_var, remove_var}
.std::env::{set_var, remove_var}
unsafe in edition 2024 #124636rustc_deprecated_safe_2024
.std::env::{set_var, remove_var}
unsafe in edition 2024 #124636deprecated_safe
lint todeprecated_safe_2024
#125990CommandExt::before_exec
.// TODO:
comment for deprecated safe autofix #127857Unresolved Questions
TODO.
Related
std::env::{set_var, remove_var}
unsafe in edition 2024 #124636unsafe_op_in_unsafe_fn
for deprecated safe fns #125925std::env::{set_var, remove_var}
#125937deprecated_safe
lint todeprecated_safe_2024
#125990// TODO:
comment for deprecated safe autofix #127857Implementation history
std::env::{set_var, remove_var}
unsafe in edition 2024 #124636cc @tbu @Amanieu @rust-lang/libs-api
The text was updated successfully, but these errors were encountered: