-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
let _ = <access to unsafe field>
currently type-checks
#54003
Comments
On the topic of doing unsafe checking on HAIR:
@arielb1 and @eddyb pointed out that, in HAIR, we have to be careful because field access can also occur in patterns. But I think that this is just a matter of looking for "struct patterns" that refer to packed structs, and checking if they have any ref-bindings within? Still, kind of a pain, not as nice as doing the check on MIR. This may argue for the dummy access. |
|
IMO this isn't as bad as |
Of course it's not as bad - only one of these is unsound. |
I agree it is not as bad, but it still seems like a bug to me. Do we want to fix? cc @rust-lang/lang -- nominating for discussion, but feel free to leave comments, maybe we can settle async before the meeting. =) Should If we do want to fix, and we don't want to move the code to HAIR, I think we want to add some kind of
|
The only reason I can see not to fix this is backwards compatibility: this is a somewhat old regression by now. Not sure how old. |
@nikomatsakis I think we should require an |
I'd like to see this fixed as well. |
I agree with @aturon wrt. the goal and the reasoning... ...but I am concerned about complicating MIR (this would be akin to extending Haskell Core with a constructor which they are very reluctant to do for good reasons). Are there other places which would benefit from |
FWIW I don't think we need to fix anything, and that these are all equivalent: let _ = a.b;
let Union { b: _ } = a;
let Union { .. } = a; |
We discussed this in the @rust-lang/lang meeting, and we were generally in favor of emitting warnings about needing However, we also agreed that we'd like to have a warn-by-default lint for |
The following example passes the unsafe checker, but probably should not:
The problem here is that
let _ = foo.x
is a no-op --foo.x
is a place expression, and the_
pattern just plain ignores it. This means that no MIR is generated. The unsafe checker runs on MIR.But I think that we expect an error here nonetheless.
This is a regression that was introduced in the move to doing unsafe checking on MIR. I'm not sure the best way to fix: I tend to think we should do unsafe checking on HAIR, but that would be a fairly large effort. We could certainly generate a "dummy access" as we do with matches. (But we want to be careful about borrow checker interactions -- see #53114).
I'm nominating this for lang-team discussion — we do want an unsafe error here, right?
The text was updated successfully, but these errors were encountered: