Replace unsafe_destructor_blind_to_params with may_dangle

src/librustc/ty/util.rs

@@ -22,7 +22,6 @@ use rustc_macros::HashStable;
 use std::{cmp, fmt};
 use syntax::ast;
 use syntax::attr::{self, SignedInt, UnsignedInt};
-use syntax::symbol::sym;
 use syntax_pos::{Span, DUMMY_SP};
 
 #[derive(Copy, Clone, Debug)]
@@ -435,20 +434,6 @@ impl<'tcx> TyCtxt<'tcx> {
             Some(dtor) => dtor.did
         };
 
-        // RFC 1238: if the destructor method is tagged with the
-        // attribute `unsafe_destructor_blind_to_params`, then the
-        // compiler is being instructed to *assume* that the
-        // destructor will not access borrowed data,
-        // even if such data is otherwise reachable.
-        //
-        // Such access can be in plain sight (e.g., dereferencing
-        // `*foo.0` of `Foo<'a>(&'a u32)`) or indirectly hidden
-        // (e.g., calling `foo.0.clone()` of `Foo<T:Clone>`).
-        if self.has_attr(dtor, sym::unsafe_destructor_blind_to_params) {
-            debug!("destructor_constraint({:?}) - blind", def.did);
-            return vec![];
-        }
-
         let impl_def_id = self.associated_item(dtor).container.id();
         let impl_generics = self.generics_of(impl_def_id);
 

src/librustc_typeck/check/dropck.rs

@@ -246,7 +246,7 @@ fn ensure_drop_predicates_are_implied_by_item_defn<'tcx>(
 ///
 /// * (1.) `D` has a lifetime- or type-parametric Drop implementation,
 ///        (where that `Drop` implementation does not opt-out of
-///         this check via the `unsafe_destructor_blind_to_params`
+///         this check via the `may_dangle`
 ///         attribute), and
 /// * (2.) the structure of `D` can reach a reference of type `&'a _`,
 ///
@@ -279,7 +279,7 @@ fn ensure_drop_predicates_are_implied_by_item_defn<'tcx>(
 /// instead Drop-Check now simply assumes that if a destructor has
 /// access (direct or indirect) to a lifetime parameter, then that
 /// lifetime must be forced to outlive that destructor's dynamic
-/// extent. We then provide the `unsafe_destructor_blind_to_params`
+/// extent. We then provide the `may_dangle`
 /// attribute as a way for destructor implementations to opt-out of
 /// this conservative assumption (and thus assume the obligation of
 /// ensuring that they do not access data nor invoke methods of

src/librustdoc/html/render.rs

@@ -3809,7 +3809,6 @@ const ATTRIBUTE_WHITELIST: &'static [Symbol] = &[
     sym::must_use,
     sym::no_mangle,
     sym::repr,
-    sym::unsafe_destructor_blind_to_params,
     sym::non_exhaustive
 ];
 

src/libsyntax/feature_gate.rs

@@ -199,9 +199,6 @@ declare_features! (
 
     // no-tracking-issue-end
 
-    // Allows using `#[unsafe_destructor_blind_to_params]` (RFC 1238).
-    (active, dropck_parametricity, "1.3.0", Some(28498), None),
-
     // no-tracking-issue-start
 
     // Allows using `#[omit_gdb_pretty_printer_section]`.
@@ -641,6 +638,8 @@ declare_features! (
     (removed, extern_in_paths, "1.33.0", Some(55600), None,
      Some("subsumed by `::foo::bar` paths")),
     (removed, quote, "1.33.0", Some(29601), None, None),
+    // Allows using `#[unsafe_destructor_blind_to_params]` (RFC 1238).
+    (removed, dropck_parametricity, "1.38.0", Some(28498), None, None),
 
     // -------------------------------------------------------------------------
     // feature-group-end: removed features
@@ -1447,15 +1446,6 @@ pub const BUILTIN_ATTRIBUTES: &[BuiltinAttribute] = &[
             cfg_fn!(omit_gdb_pretty_printer_section)
         )
     ),
-    (sym::unsafe_destructor_blind_to_params,
-    Normal,
-    template!(Word),
-    Gated(Stability::Deprecated("https://github.com/rust-lang/rust/issues/34761",
-                                Some("replace this attribute with `#[may_dangle]`")),
-        sym::dropck_parametricity,
-        "unsafe_destructor_blind_to_params has been replaced by \
-            may_dangle and will be removed in the future",
-        cfg_fn!(dropck_parametricity))),
     (sym::may_dangle,
     Normal,
     template!(Word),

src/libsyntax_pos/symbol.rs

@@ -695,7 +695,6 @@ symbols! {
         unmarked_api,
         unreachable_code,
         unrestricted_attribute_tokens,
-        unsafe_destructor_blind_to_params,
         unsafe_no_drop_flag,
         unsized_locals,
         unsized_tuple_coercion,

src/test/run-pass/issues/issue-24805-dropck-itemless.rs

@@ -1,12 +1,11 @@
 // run-pass
-#![allow(deprecated)]
 
 // Check that item-less traits do not cause dropck to inject extra
 // region constraints.
 
 #![allow(non_camel_case_types)]
 
-#![feature(dropck_parametricity)]
+#![feature(dropck_eyepatch)]
 
 trait UserDefined { }
 
@@ -20,9 +19,8 @@ impl<'a, T> UserDefined for &'a T { }
 //   ```
 macro_rules! impl_drop {
     ($Bound:ident, $Id:ident) => {
-        struct $Id<T:$Bound>(T);
-        impl <T:$Bound> Drop for $Id<T> {
-            #[unsafe_destructor_blind_to_params]
+        struct $Id<T: $Bound>(T);
+        unsafe impl <#[may_dangle] T: $Bound> Drop for $Id<T> {
             fn drop(&mut self) { }
         }
     }

src/test/run-pass/issues/issue-28498-ugeh-ex1.rs

@@ -1,21 +1,19 @@
 // run-pass
-#![allow(deprecated)] // FIXME: switch to `#[may_dangle]` below.
 
 // Example taken from RFC 1238 text
 
 // https://github.com/rust-lang/rfcs/blob/master/text/1238-nonparametric-dropck.md
 //     #example-of-the-unguarded-escape-hatch
 
-#![feature(dropck_parametricity)]
+#![feature(dropck_eyepatch)]
 use std::cell::Cell;
 
 struct Concrete<'a>(u32, Cell<Option<&'a Concrete<'a>>>);
 
 struct Foo<T> { data: Vec<T> }
 
-impl<T> Drop for Foo<T> {
-    // Below is the UGEH attribute
-    #[unsafe_destructor_blind_to_params]
+// Below is the UGEH attribute
+unsafe impl<#[may_dangle] T> Drop for Foo<T> {
     fn drop(&mut self) { }
 }
 

src/test/run-pass/issues/issue-28498-ugeh-with-lifetime-param.rs

@@ -1,12 +1,11 @@
 // run-pass
-#![allow(deprecated)] // FIXME: switch to `#[may_dangle]` below.
 
 // Demonstrate the use of the unguarded escape hatch with a lifetime param
 // to assert that destructor will not access any dead data.
 //
 // Compare with compile-fail/issue28498-reject-lifetime-param.rs
 
-#![feature(dropck_parametricity)]
+#![feature(dropck_eyepatch)]
 
 #[derive(Debug)]
 struct ScribbleOnDrop(String);
@@ -19,11 +18,9 @@ impl Drop for ScribbleOnDrop {
 
 struct Foo<'a>(u32, &'a ScribbleOnDrop);
 
-impl<'a> Drop for Foo<'a> {
-    #[unsafe_destructor_blind_to_params]
+unsafe impl<#[may_dangle] 'a> Drop for Foo<'a> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is sound,
-        // because destructor never accesses `self.1`.
+        // Use of `may_dangle` is sound, because destructor never accesses `self.1`.
         println!("Dropping Foo({}, _)", self.0);
     }
 }

src/test/run-pass/issues/issue-28498-ugeh-with-passed-to-fn.rs

@@ -1,5 +1,4 @@
 // run-pass
-#![allow(deprecated)] // FIXME: switch to `#[may_dangle]` below.
 
 // Demonstrate the use of the unguarded escape hatch with a type param in negative position
 // to assert that destructor will not access any dead data.
@@ -11,7 +10,7 @@
 //
 // Compare with run-pass/issue28498-ugeh-with-passed-to-fn.rs
 
-#![feature(dropck_parametricity)]
+#![feature(dropck_eyepatch)]
 
 #[derive(Debug)]
 struct ScribbleOnDrop(String);
@@ -24,12 +23,10 @@ impl Drop for ScribbleOnDrop {
 
 struct Foo<T>(u32, T, Box<for <'r> fn(&'r T) -> String>);
 
-impl<T> Drop for Foo<T> {
-    #[unsafe_destructor_blind_to_params]
+unsafe impl<#[may_dangle] T> Drop for Foo<T> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is sound,
-        // because destructor never passes a `self.1` to the callback
-        // (in `self.2`) despite having it available.
+        // Use of `may_dangle` is sound, because destructor never passes a `self.1`
+        // to the callback (in `self.2`) despite having it available.
         println!("Dropping Foo({}, _)", self.0);
     }
 }

src/test/run-pass/issues/issue-28498-ugeh-with-trait-bound.rs

@@ -1,12 +1,11 @@
 // run-pass
-#![allow(deprecated)] // FIXME: switch to `#[may_dangle]` below.
 
 // Demonstrate the use of the unguarded escape hatch with a trait bound
 // to assert that destructor will not access any dead data.
 //
 // Compare with compile-fail/issue28498-reject-trait-bound.rs
 
-#![feature(dropck_parametricity)]
+#![feature(dropck_eyepatch)]
 
 use std::fmt;
 
@@ -19,14 +18,12 @@ impl Drop for ScribbleOnDrop {
     }
 }
 
-struct Foo<T:fmt::Debug>(u32, T);
+struct Foo<T: fmt::Debug>(u32, T);
 
-impl<T:fmt::Debug> Drop for Foo<T> {
-    #[unsafe_destructor_blind_to_params]
+unsafe impl<#[may_dangle] T: fmt::Debug> Drop for Foo<T> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is sound,
-        // because destructor never accesses the `Debug::fmt` method
-        // of `T`, despite having it available.
+        // Use of `may_dangle` is sound, because destructor never accesses
+        // the `Debug::fmt` method of `T`, despite having it available.
         println!("Dropping Foo({}, _)", self.0);
     }
 }

src/test/ui/span/issue28498-reject-lifetime-param.rs

@@ -16,9 +16,8 @@ struct Foo<'a>(u32, &'a ScribbleOnDrop);
 
 impl<'a> Drop for Foo<'a> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is unsound,
-        // because destructor accesses borrowed data in `self.1`
-        // and we must force that to strictly outlive `self`.
+        // Use of `may_dangle` is unsound, because destructor accesses borrowed data
+        // in `self.1` and we must force that to strictly outlive `self`.
         println!("Dropping Foo({}, {:?})", self.0, self.1);
     }
 }

src/test/ui/span/issue28498-reject-lifetime-param.stderr

@@ -1,5 +1,5 @@
 error[E0597]: `first_dropped` does not live long enough
-  --> $DIR/issue28498-reject-lifetime-param.rs:33:19
+  --> $DIR/issue28498-reject-lifetime-param.rs:32:19
    |
 LL |     foo1 = Foo(1, &first_dropped);
    |                   ^^^^^^^^^^^^^^ borrowed value does not live long enough

src/test/ui/span/issue28498-reject-passed-to-fn.rs

@@ -16,8 +16,7 @@ struct Foo<T>(u32, T, Box<for <'r> fn(&'r T) -> String>);
 
 impl<T> Drop for Foo<T> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is unsound,
-        // because we pass `T` to the callback in `self.2`
+        // Use of `may_dangle` is unsound, because we pass `T` to the callback in `self.2`
         // below, and thus potentially read from borrowed data.
         println!("Dropping Foo({}, {})", self.0, (self.2)(&self.1));
     }

src/test/ui/span/issue28498-reject-passed-to-fn.stderr

@@ -1,5 +1,5 @@
 error[E0597]: `first_dropped` does not live long enough
-  --> $DIR/issue28498-reject-passed-to-fn.rs:35:19
+  --> $DIR/issue28498-reject-passed-to-fn.rs:34:19
    |
 LL |     foo1 = Foo(1, &first_dropped, Box::new(callback));
    |                   ^^^^^^^^^^^^^^ borrowed value does not live long enough

src/test/ui/span/issue28498-reject-trait-bound.rs

@@ -14,13 +14,12 @@ impl Drop for ScribbleOnDrop {
     }
 }
 
-struct Foo<T:fmt::Debug>(u32, T);
+struct Foo<T: fmt::Debug>(u32, T);
 
-impl<T:fmt::Debug> Drop for Foo<T> {
+impl<T: fmt::Debug> Drop for Foo<T> {
     fn drop(&mut self) {
-        // Use of `unsafe_destructor_blind_to_params` is unsound,
-        // because we access `T` fmt method when we pass `self.1`
-        // below, and thus potentially read from borrowed data.
+        // Use of `may_dangle` is unsound, because we access `T` fmt method when we pass
+        // `self.1` below, and thus potentially read from borrowed data.
         println!("Dropping Foo({}, {:?})", self.0, self.1);
     }
 }

src/test/ui/span/issue28498-reject-trait-bound.stderr

@@ -1,5 +1,5 @@
 error[E0597]: `first_dropped` does not live long enough
-  --> $DIR/issue28498-reject-trait-bound.rs:35:19
+  --> $DIR/issue28498-reject-trait-bound.rs:34:19
    |
 LL |     foo1 = Foo(1, &first_dropped);
    |                   ^^^^^^^^^^^^^^ borrowed value does not live long enough