Skip to content

Commit

Permalink
Add 2024 unsafe attributes.
Browse files Browse the repository at this point in the history
  • Loading branch information
ehuss committed Jun 20, 2024
1 parent cb58c43 commit 5129ddd
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,3 +49,4 @@
- [Rustfmt: Combine all delimited exprs as last argument](rust-2024/rustfmt-overflow-delimited-expr.md)
- [`gen` keyword](rust-2024/gen-keyword.md)
- [Macro fragment specifiers](rust-2024/macro-fragment-specifiers.md)
- [Unsafe attributes](rust-2024/unsafe-attributes.md)
81 changes: 81 additions & 0 deletions src/rust-2024/unsafe-attributes.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Unsafe attributes

🚧 The 2024 Edition has not yet been released and hence this section is still "under construction".
More information may be found in the tracking issue at <https://github.com/rust-lang/rust/issues/123757>.

## Summary

- The following attributes must now be marked as `unsafe`:
- [`export_name`]
- [`link_section`]
- [`no_mangle`]

[`export_name`]: ../../reference/abi.html#the-export_name-attribute
[`link_section`]: ../../reference/abi.html#the-link_section-attribute
[`no_mangle`]: ../../reference/abi.html#the-no_mangle-attribute

## Details

Rust 1.xx <!--TODO--> added the ability in all editions to mark certain attributes as `unsafe` to indicate that they have soundness requirements that must be upheld.[^RFC3325] The syntax for an unsafe attribute looks like this:

```rust
# #![feature(unsafe_attributes)]
// SAFETY: there is no other global function of this name
#[unsafe(no_mangle)]
pub fn example() {}
```

Marking the attribute with `unsafe` highlights that there are safety requirements that must be upheld that the compiler cannot verify on its own.

Starting with the 2024 Edition, it is now required to mark these attributes as `unsafe`. The following section describes the safety requirements for these attributes.

[^RFC3325]: See [RFC 3325](https://rust-lang.github.io/rfcs/3325-unsafe-attributes.html) for the original proposal.

### Safety requirements

The [`no_mangle`], [`export_name`], and [`link_section`] attributes influence the symbol names and linking behavior of items. Care must be taken to ensure that these attributes are used correctly.

Because the set of symbols across all linked libraries is a global namespace, there can be issues if there is a symbol name collision between libraries. Typically this isn't an issue for normally defined functions because [symbol mangling] helps ensure that the symbol name is unique. However, attributes like `export_name` can upset that assumption of uniqueness.

For example, in previous editions the following crashes on most Unix-like platforms despite containing only safe code:

```rust,no_run,edition2021
fn main() {
println!("Hello, world!");
}
#[export_name = "malloc"]
fn foo() -> usize { 1 }
```

In the 2024 Edition, it is now required to mark these attributes as unsafe to emphasize that it is required to ensure that the symbol is defined correctly:

<!-- TODO: edition2024 -->
```rust
# #![feature(unsafe_attributes)]
// SAFETY: There should only be a single definition of the loop symbol.
#[unsafe(export_name="loop")]
fn arduino_loop() {
// ...
}
```

[symbol mangling]: ../../rustc/symbol-mangling/index.html
[`unsafe_attr_outside_unsafe`]: ../../rustc/lints/listing/allowed-by-default.html#unsafe-attr-outside-unsafe

## Migration

The [`unsafe_attr_outside_unsafe`] lint can update these attributes to use the `unsafe(...)` format. The lint is part of the `rust-2024-compatibility` lint group which is included in the automatic edition migration. In order to migrate your code to be Rust 2024 Edition compatible, run:

```sh
cargo fix --edition
```

Just beware that this automatic migration will not be able to verify that these attributes are being used correctly. It is still your responsibility to manually review their usage.

Alternatively, you can manually enable the lint to find places where these attributes need to be updated.

```rust
// Add this to the root of your crate to do a manual migration.
#![warn(unsafe_attr_outside_unsafe)]
```

0 comments on commit 5129ddd

Please sign in to comment.