---
title: Triage meeting 2024-05-08
tags: ["T-lang", "triage-meeting", "minutes"]
date: 2024-05-08
discussion: https://rust-lang.zulipchat.com/#narrow/stream/410673-t-lang.2Fmeetings/topic/Triage.20meeting.202024-05-08
url: https://hackmd.io/gZPen5ZIQpC77wyBOdeVvw
---
# T-lang meeting agenda
- Meeting date: 2024-05-08
## Attendance
- People: TC, pnkfelix, tmandry, eholk, scottmcm
## Meeting roles
- Minutes, driver: TC
## Scheduled meetings
- 2024-05-08: "Design meeting: Deref Patterns" [#260](https://github.com/rust-lang/lang-team/issues/260)
- 2024-05-15: "Design meeting: Match ergonomics 2024" [#265](https://github.com/rust-lang/lang-team/issues/265)
- 2024-05-22: "Design meeting: Review draft project goal slate" [#264](https://github.com/rust-lang/lang-team/issues/264)
- 2024-05-29: "Design meeting: UnsafePinned" [#266](https://github.com/rust-lang/lang-team/issues/266)
Edit the schedule here: https://github.com/orgs/rust-lang/projects/31/views/7.
## Announcements or custom items
(Meeting attendees, feel free to add items here!)
### Guest attendee items
TC: For any guests who are present, please note in this section if you're attending for the purposes of any items on (or off) the agenda in particular.
### Moving right along
TC: As we've been doing recently, due to the impressive backlog, I'm going to push the pace a bit. If it's ever too fast or you need a moment before we move on, please raise a hand and we'll pause.
### Design meeting at 12:30 EST / 09:30 PST / 17:30 CET
TC: Remember that we have a design/planning meeting that starts half an hour after this call ends.
### Next meeting with RfL?
TC: We talked with the RfL team last week about the `derive(SmartPointer)` RFC:
https://github.com/rust-lang/rfcs/pull/3621
We're next meeting with RfL on 2024-05-15 to talk about RfL project goals:
[project goals]: https://github.com/rust-lang/rfcs/pull/3614
### RTN
TC: Note that Niko now has a draft RFC on RTN:
https://hackmd.io/KJaC_dhZTmyR_Ja9ghdZvg
With discussion here:
https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/return-type.20notation
Both tmandry and I have reviewed it. Everyone is hoping to get this posted soon.
## Rust 2024 review
Project board: https://github.com/orgs/rust-lang/projects/43/views/5
None.
### Meta
TC: We have tracking issues for the Rust 2024 aspects of every item queued for the edition:
https://github.com/rust-lang/rust/issues?q=label%3AA-edition-2024+label%3AC-tracking-issue
For each item, we've identified an *owner*. Our most recent update for item owners is here:
https://rust-lang.zulipchat.com/#narrow/stream/268952-edition/topic/Owners.20update.202024-04-30
Our motivating priorities are:
- Make this edition a success.
- Do so without requiring heroics from anyone.
- ...or stressing anyone or everyone out.
Since last week, we have marked off one item as *entirely* complete and ready for Rust 2024: `unsafe_op_in_unsafe_fn`. Thanks to tmandry for owning that one!
We talked last week about where we're likely to push the schedule, with the release of Rust 2024 coming in early 2025. This is still the current thinking. Details to come.
One thing we may need from the project is more scaling of the crater infrastructure and some improvements to the infrastructure. We're looking into this.
### Tracking Issue for Lifetime Capture Rules 2024 (RFC 3498) #117587
**Link:** https://github.com/rust-lang/rust/issues/117587
TC: With the acceptance of RFC 3617 and the great work by CE, this is looking to be in good shape for the edition.
### Reserve gen keyword in 2024 edition for Iterator generators #3513
**Link:** https://github.com/rust-lang/rfcs/pull/3513
TC: With the acceptance of RFC 3513 and the great work by Oli, this is looking to be in good shape for the edition.
### Tracking issue for promoting `!` to a type (RFC 1216) #35121
**Link:** https://github.com/rust-lang/rust/issues/35121
**Link:** https://github.com/rust-lang/rust/pull/123508
TC: We FCPed a plan for this and Waffle is moving things along. I've been checking in. Looks good so far.
## Nominated RFCs, PRs, and issues
### "Unsafe Extern Blocks" rfcs#3484
**Link:** https://github.com/rust-lang/rfcs/pull/3484
TC: We unanimously accepted RFC 3484 ("Unsafe Extern Blocks") and it has now completed FCP.
Prior to merging this RFC, as I do, I've been ensuring that the feedback from the thread, including that received during the FCP has been incorporated. This has resulted in a number of improvements to the RFC while preserving the normative behavior specified in the 2023-10-11 lang team consensus and articulated by pnkfelix in a comment:
https://github.com/rust-lang/rfcs/pull/3484#issuecomment-1758275493
Mostly, this has been elaborating on the rationale (also articulated by pnkfelix) so that it can be understood more widely.
However, this discussion also led to RalfJ realizing that we might be able to fix an issue that had been presented as one of the motivations of this RFC. Specifically, currently in Rust, incorrect signatures within an `extern` block can result in the program exhibiting undefined behavior even if no Rust code uses those items. That may be resolvable with enough work.
If any of the items are *used*, of course, the signatures must still be correct or undefined behavior will be the result.
This leads to what is still probably the key motivation here. We want to make clear that this proof obligation for ensuring that the signatures within an `extern` block are correct sits with the author of that `extern` block and not with the callers (or other users) of those items. I.e.:
> When we declare the signature of items within `extern` blocks, we are asserting to the compiler that these declarations are correct. The compiler cannot itself verify these assertions. If the signatures we declare are in fact not correct, then using these items may result in undefined behavior. It's *unreasonable* to expect the *caller* (in the case of function items) to have to prove that the signature is valid. Instead, it's the responsibility of the person writing the `extern` block to ensure the correctness of all signatures within.
>
> Since this proof obligation must be discharged at the site of the `extern` block, and since this proof cannot be checked by the compiler, this implies that `extern` blocks are *unsafe*. Correspondingly, we want to mark these blocks with the `unsafe` keyword and fire the `unsafe_code` lint for them.
>
> By making clear where this proof obligation sits, we can now allow for items that can be soundly used directly from *safe* code to be declared within `unsafe extern` blocks.
(This is the updated motivation section of the RFC.)
In my reading of the minutes and pnkfelix's comment, this was the key motivation behind the 2023-10-11 consensus, and further, this aligns with our direction as expressed in RFC 3325 ("Unsafe attributes"), but there's been much discussion on the issue over this point, so we nominate this to confirm.
TC: Do we have consensus on the above?
scottmcm: The biggest motivation here I think is moving the proof obligation so we can make items safe to call for the caller.
pnkfelix: I'm torn here, because if conceivably you could have an extern block with no callers to those items, and linking it will not producing undefined behavior even if those items are incorrect, then maybe there isn't a proof obligation here. But I still think that `unsafe extern` is a good idea. And I agree with scottmcm.
pnkfelix: Perhaps not *all* `extern` blocks need to be `unsafe`.
tmandry: Moving the proof obligation here makes sense to me. I've certainly seen this create problems in the past. Anytime that you're writing a signature that can't be verified, clearly the proof obligation should be on where the signature is written.
*Consensus*: Let's merge this and do what we had decided to do.
### "Edition 2024: don't special-case diverging blocks" rust#123590
**Link:** https://github.com/rust-lang/rust/pull/123590
TC: This is about this oddity:
```rust
fn foo() -> ! {
foo();
();
//~^ Why does this type check?
}
```
In the last meeting, we formed a tentative consensus in favor of *Option 2*:
2. In Rust 2024, narrow the scope of the special casing from *all* diverging expressions to just those where `return`, `break`, or `continue` are used syntactically and no dead code (that doesn't itself diverge) follows. Do this after macro expansion at the time of type checking (so that, e.g. `let _: ! = { panic!(); }` also works).
- This would promote local reasoning, making the behavior less weird.
- It would take most of the common cases off the table for the moment.
- We could at any later time *warn* about these cases also.
- Then, if we so choose, we could then take the next step in a later edition of disallowing these.
To solidify this tentative consensus, we wanted to first lay out and review some examples. Those examples follow.
Rust currently rejects these:
```rust
fn foo(x: bool) {
let true = x else {
return; // or break, continue
()
};
//~^ ERROR `else` clause of `let...else` does not diverge
}
```
```rust
fn foo(x: bool) {
let true = x else {
();
};
//~^ ERROR `else` clause of `let...else` does not diverge
}
```
Rust currently accepts these:
```rust
fn foo(x: bool) {
let true = x else {
return // or any diverging expression
};
}
```
```rust
fn foo(x: bool) {
let true = x else {
return; // or any diverging expression
};
}
```
```rust
fn foo(x: bool) {
let true = x else {
return; // or any diverging expression
();
};
}
```
```rust
fn foo(x: bool) {
let true = x else {
panic!(); // or unimplemented!(), todo!(), etc.
};
}
```
```rust
fn foo() -> ! {
foo();
}
```
In Rust 2024, under *Option 2*, we would reject these:
```rust
fn foo(x: bool) {
let true = x else {
return; // or `continue` or `break`
();
//~^ ERROR when the block must diverge, any dead code that
//~| follows `return` must also diverge
};
}
```
```rust
fn foo() -> ! {
foo();
//~^ ERROR type mismatch
}
```
```rust
fn foo() -> ! {
foo();
();
//~^ ERROR type mismatch
}
```
In Rust 2024, we would still of course allow:
```rust
fn foo(x: bool) {
let true = x else {
return; // or any diverging expression
();
todo!()
};
}
```
And in Rust 2024, we would continue to allow:
```rust
fn foo(x: bool) {
let true = x else {
return; // or `continue` or `break`
};
}
```
...and:
```rust
fn foo(x: bool) {
let true = x else {
panic!(); // or unimplemented!(), todo!(), etc.
};
}
```
TC: Seeing these examples, do we want to settle on *Option 2* for Rust 2024?
tmandry: All these match my understanding.
pnkfelix: This all looks fine to me.
scottmcm; This is what I was arguing for, so I'm still happy with it.
*Consensus*: Let's do *Option 2*.
### "offset: allow zero-byte offset on arbitrary pointers" rust#117329
**Link:** https://github.com/rust-lang/rust/pull/117329
TC: RalfJ nominates this for us:
> Nominating for t-lang discussion. This implements the t-opsem consensus from [rust-lang/opsem-team#10](https://github.com/rust-lang/opsem-team/issues/10), [rust-lang/unsafe-code-guidelines#472](https://github.com/rust-lang/unsafe-code-guidelines/issues/472) to generally allow zero-sized accesses on all pointers. Also see the [tracking issue](https://github.com/rust-lang/rust/issues/117945).
>
> * Zero-sized reads and writes are allowed on all sufficiently aligned pointers, including the null pointer
> * Inbounds-offset-by-zero is allowed on all pointers, including the null pointer
> * `offset_from` on two pointers is always allowed when they have the same address (but see the caveat below)
>
> This means the following function is safe to be called on any pointer:
>
```rust
fn test_ptr(ptr: *mut ()) { unsafe {
// Reads and writes.
let mut val = *ptr;
*ptr = val;
ptr.read();
ptr.write(());
// Memory access intrinsics.
// - memcpy (1st and 2nd argument)
ptr.copy_from_nonoverlapping(&(), 1);
ptr.copy_to_nonoverlapping(&mut val, 1);
// - memmove (1st and 2nd argument)
ptr.copy_from(&(), 1);
ptr.copy_to(&mut val, 1);
// - memset
ptr.write_bytes(0u8, 1);
// Offset.
let _ = ptr.offset(0);
let _ = ptr.offset(1); // this is still 0 bytes
// Distance.
let ptr = ptr.cast::<i32>();
ptr.offset_from(ptr);
} }
```
>
> Some specific concerns warrant closer scrutiny.
>
> ## LLVM 16
>
> We currently still support LLVM 16, which does not yet have the patches that make `getelementptr inbounds` always well-defined for offset 0. The function above thus generates LLVM IR with UB. No known miscompilations arise from that, and my attempt at just removing the `inbounds` annotation on old versions of LLVM failed (I got segfaults, and Nikic [suggested](https://github.com/rust-lang/rust/pull/117329#issuecomment-1783925317) that keeping these attribute around is actually less risky than removing them). If we want to avoid this, we have to wait until support for LLVM 16 can be dropped (which apparently is in May).
>
> ## Null pointers
> t-opsem decided to allow zero-sized reads and writes on null pointers. This is mostly for consistency: we definitely want to allow zero-sized offsets on null pointers (`ptr::null::<T>().offset(0)`), since this is allowed in C++ (and a proposal is being made to allow it in C) and there's no reason for us to have more UB than C++ here. But if we allow this, and therefore consider the null pointer to have a zero-sized region of "inbounds" memory, then it would be inconsistent to not allow reading from / writing to that region.
>
> ## `offset_from`
>
> This operation is somewhat special as it takes two pointers. We do want `test_ptr` above to be defined on all pointers, so `offset_from` between two identical pointers without provenance must be allowed. But we also want to achieve this property called "provenance monotonicity", whereby adding arbitrary provenance to any no-provenance pointer must never make the program UB.[1](#user-content-fn-mono-e335860ede81d9f8aeed856dbd25a8e3) From these two it follows that calling `offset_from` with two pointers with the same address but arbitrary different provenance must be allowed. This does have some [minor downsides](https://github.com/rust-lang/unsafe-code-guidelines/issues/472#issuecomment-1921686682). So my proposal (and this goes beyond what t-opsem agreed on) is to define the `ptr_offset_from` intrinsic to satisfy provenance monotonicity, but to document the user-facing `ptr.offset_from(...)` as requiring either two pointers without provenance or two pointers with provenance for the same allocation -- therefore, making the case of provenance mismatch library UB, but not language UB.
>
> ## Footnotes
>
> 1. This property should hopefully make some intuitive sense, and it is also crucial to justify optimizations that make the program have more provenance than before -- such as optimizing away provenance-stripping operations. Specifically, `*ptr = *ptr` where `ptr: *mut usize` is likely going to be a provenance-stripping operation, and so optimizing away this redundant assignment requires provenance monotonicity. [↩](#user-content-fnref-mono-e335860ede81d9f8aeed856dbd25a8e3)
TC: What do we think?
pnkfelix: For two ZSTs, `offset_from` would still panic, yes?
scottmcm: Yes, it must.
scottmcm: I've been thinking, perhaps our intrinsic should be `byte_offset_from`, as that would sidestep these issues.
scottmcm: Much of what we do about ZSTs, with empty arrays in particular, makes it difficult to anything other than what is proposed here. Realistically we don't have much of a choice given existing behavior, and RalfJ and company convinced the LLVM team to make this fine.
pnkfelix: I should follow up with RalfJ to better understand the distinction between language and library UB.
tmandry: I'd like to understand better if we're relaxing the monotonicity of provenance here.
scottmcm: The simplest model would be requiring that both pointers be to two locations within the same allocation. That would help with CTFE. I'm unclear whether what RalfJ is proposing reduces to this.
scottmcm: We may want to split off `offset_from` from the rest and see if that may make it easier to address. We could ask about that.
*Consensus*: We'll all ask our questions here in the issue.
### "Warn (or error) when `Self` ctor from outer item is referenced in inner nested item" rust#124187
**Link:** https://github.com/rust-lang/rust/pull/124187
TC: CE nominates this for us:
> This implements a warning `SELF_CONSTRUCTOR_FROM_OUTER_ITEM` when a self constructor from an outer impl is referenced in an inner nested item. This is a proper fix mentioned [#117246 (comment)](https://github.com/rust-lang/rust/pull/117246#discussion_r1374648388).
>
> This warning is additionally bumped to a hard error when the self type references generic parameters, since it's almost always going to ICE, and is basically _never_ correct to do.
>
> This also reverts part of #117246, since I believe this is the proper fix and we shouldn't need the helper functions (`opt_param_at`/`opt_type_param`) any longer, since they shouldn't really ever be used in cases where we don't have this problem.
TC: What do we think?
tmandry: This seems reasonable to do. It seems we just need to rubber stamp this.
pnkfelix: +1.
tmandry: I'll start FCP.
### "Bump `elided_lifetimes_in_associated_constant` to deny" rust#124211
**Link:** https://github.com/rust-lang/rust/pull/124211
TC: CE nominates this for us, noting that it's been 5 versions since this was last bumped. What do we think?
scottmcm: This is where we had accidentally made this `'static`.
tmandry: I'll propose FCP merge.
(Discussion about whether this is really what we want.)
TC: Here's some background, per CE, about this:
https://github.com/rust-lang/rfcs/pull/1623#issuecomment-239559757
https://github.com/rust-lang/rust/issues/38831#issuecomment-305864245
CE: The motivation for this whole rigamarole was to not *implicitly stabilize* behavior that we had explicitly recognized as *not obviously the right choice*.
tmandry: I'm maybe going to cancel the FCP and file an issue arguing that this is obviously the right thing to do.
pnkfelix: I'd like to wait until we talk with Niko about this.
TC: Let's file a concern on this FCP and talk with Niko next then.
tmandry: I'll file a concern here then.
scottmcm: I like that. That way, I can check my box here, as I think I'm fine with doing what's proposed in this FCP.
(The meeting ended here.)
---
### "Add `reserve-x18` target feature for aarch64" rust#124323
**Link:** https://github.com/rust-lang/rust/pull/124323
The RfL folks are proposing an insta-stable `reserve-x18` target feature for aarch64. There's an interesting argument here about why this does not affect the ABI in ways we've been worried about with target features recently:
> it does not affect the ABI in a way where it is a problem to mix code with and without the feature. From the ABI spec:
>
>> X18 is the platform register and is reserved for the use of platform ABIs. This is an additional temporary register on platforms that don't assign a special meaning to it.
>
> That is to say, the register is either already reserved (this is the case on Android targets), or it is a caller-saved temporary register (this is the case on aarch64-unknown-none). Changing a register from caller-saved temporary register to reserved is not breaking, so selectively enabling reserve-x18 on some compilation targets (or even on specific functions) cannot result in UB.
>
> That said, removing the reserve-x18 target feature from a function can potentially trigger UB under some circumstances. This is because it is UB to link together -Zsanitizer=shadow-call-stack code with code where x18 is a temporary register. So enabling SCS in a binary requires that x18 is reserved globally. However, right now -Zsanitizer=shadow-call-stack can only be used on targets such as Android where x18 is never a temporary register, so this shouldn't be an issue for this PR.
The PR also notes some alternatives that were considered.
In the issue, Urgau noted this could be merged without our OK if this were changed to not be insta-stable. The author indicated that insta-stable is probably desirable here.
I brought this issue to the attention of RalfJ who has been working on ABI issues recently. He suggests that this may be more in line with the proposals for ABI variants, as that's more what this is than a target feature.
TC: What do we think?
### "Support C23's Variadics Without a Named Parameter" rust#124048
**Link:** https://github.com/rust-lang/rust/pull/124048
TC: We support accessing variadic external functions with, e.g.:
```rust
extern "C" {
fn foo(x: i32, ...);
fn with_name(format: *const u8, args: ...);
}
```
(See [the reference](https://doc.rust-lang.org/reference/items/external-blocks.html#variadic-functions).)
However, apparently we don't support variadic functions with no fixed parameters, e.g.:
```rust
extern "C" {
fn foo(...);
}
```
This was always legal in C but not useful and so not used in practice. Since C23, this is apparently useful and so people want this now.
TC: What do we think?
### "Tracking Issue for `macro_metavar_expr_concat`" rust#124225
**Link:** https://github.com/rust-lang/rust/issues/124225
TC: This is an experiment seeking a liaison. Does this spark joy for anyone?
### "Tracking Issue for asm_const" rust#93332
**Link:** https://github.com/rust-lang/rust/issues/93332
TC: Amanieu proposes this to us for stabilization:
> This feature adds a `const <expr>` operand type to `asm!` and `global_asm!`.
>
> * `<expr>` must be an integer constant expression. This expression follows the same rules as inline `const` blocks.
> * The type of the expression may be any integer type, but defaults to `i32` just like integer literals.
> * The value of the expression is formatted as a string and substituted directly into the asm template string.
This stabilization was unblocked by our recent stabilization of `inline_const`.
TC: What do we think?
### "Provide better control of which constants (and callees) in a function get monomorphized" rust#122301
**Link:** https://github.com/rust-lang/rust/issues/122301
TC: The8472 asks whether this code, which compiles today, can be relied upon:
```rust
const fn panic<T>() {
struct W<T>(T);
impl<T> W<T> {
const C: () = panic!();
}
W::<T>::C
}
struct Invoke<T, const N: usize>(T);
impl<T, const N: usize> Invoke<T, N> {
const C: () = match N {
0 => (),
// Not called for `N == 0`, so not monomorphized.
_ => panic::<T>(),
};
}
fn main() {
let _x = Invoke::<(), 0>::C;
}
```
The8472 notes that this is a useful property and that there are use cases for this in the compiler and the standard library, at least unless or until we adopt something like `const if`:
https://github.com/rust-lang/rfcs/issues/3582
RalfJ has pointed out to The8472 that the current behavior might not be intentional and notes:
> It's not opt-dependent, but it's also unclear how we want to resolve the opt-dependent issue. Some [proposals](https://github.com/rust-lang/rust/issues/122814#issuecomment-2015090501) involve also walking all items "mentioned" in a const. That would be in direct conflict with your goal here I think. To be clear I think that's a weakness of those proposals. But if that turns out to be the only viable strategy then we'll have to decide what we want more: using `const` tricks to control what gets monomorphized, or not having optimization-dependent errors.
>
> One crucial part of this construction is that everything involved is generic. If somewhere in the two "branches" you end up calling a monomorphic function, then that may have its constants evaluated even if it is in the "dead" branch -- or it may not, it depends on which functions are deemed cross-crate-inlinable. That's basically what #122814 is about.
TC: The question to us is whether we want to guarantee this behavior. What do we think?
### "Stabilize `min_exhaustive_patterns`" rust#122792
**Link:** https://github.com/rust-lang/rust/pull/122792
TC: Nadri proposes that we stabilize `min_exhaustive_patterns`:
> With this feature, patterns of empty types are considered unreachable when matched by-value. This allows:
>
```rust
enum Void {}
fn foo() -> Result<u32, Void>;
fn main() {
let Ok(x) = foo();
// also
match foo() {
Ok(x) => ...,
}
}
```
>
> This is a subset of the long-unstable [`exhaustive_patterns`](https://github.com/rust-lang/rust/issues/51085) feature. That feature is blocked because omitting empty patterns is tricky when _not_ matched by-value. This PR stabilizes the by-value case, which is not tricky.
>
> The not-by-value cases (behind references, pointers, and unions) stay as they are today, e.g.
>
```rust
enum Void {}
fn foo() -> Result<u32, &Void>;
fn main() {
let Ok(x) = foo(); // ERROR: missing `Err(_)`
}
```
>
> The consequence on existing code is some extra "unreachable pattern" warnings. This is fully backwards-compatible.
TC: Further details are here:
https://github.com/rust-lang/rust/pull/122792#issue-2198466801
We discussed this in the 2024-03-27 meeting, and scottmcm proposed FCP merge.
Since then, it's been observed that there's a relationship between this and:
https://github.com/rust-lang/rust/pull/108993
We had delegated this issue to T-types on 2023-03-24. It had then blocked pending the stabilization of exhaustive patterns, as those were felt needed to land this:
https://github.com/rust-lang/rust/pull/108993#issuecomment-1540087895
It's now been observed that, if we're going to, we need to land #108993 before or simultaneously with stabilizing exhaustive patterns (*completing the cycle...*). This is due to code such as:
```rust
#![feature(min_exhaustive_patterns)]
#![allow(unused)]
fn infer<F: FnOnce() -> R, R>(_: Result<bool, R>) {}
enum Void {}
fn with_void() {
let mut x = Ok(true);
match x {
Ok(_) => {}
}
infer::<fn() -> Void, _>(x)
}
```
TC: What do we think?
Nadri: this has been resolved and the PR is in FCP
### "Tracking issue for RFC 2102, "Unnamed fields of struct and union type"" rust#49804
**Link:** https://github.com/rust-lang/rust/issues/49804
TC: fmease nominates this for us:
> Nominating Ralf's comment for T-lang discussion. Context for T-lang: There's currently active compiler dev going on to implement this feature (several merged and open PRs by multiple contributors). I don't want them to continue working on it if it gets thrown out in the end.
TC: That comment from RalfJ is:
> Unresolved question: what should `derive` macros do here? This applies both to the built-in ones and user-defined ones. It seems like they all need major overhaul to support types like this. And it is pretty inevitable that people _will_ ask for `derive` to be supported on these types, even if the MVP does not support them.
>
> OTOH I assume many of them don't support unions to begin with, and these unnamed fields only really make sense when there are unions involved I think?
>
> The RFC also explicitly lists anonymous types as a rejected alternative, and yet the implementation that recently began for this RFC does introduce anonymous ADTs to the compiler. Though maybe if it is impossible to write an expression of these types they are less problematic? That said I assume in the internal compiler IRs such expressions will exist -- the unnamed fields are getting an internal name and field accesses are desugared to use those names.
>
> It's that kind of issue that makes me think that adding a new form of unnamed types to Rust (on top of closures/coroutines) is a mistake. The RFC was accepted 6 years ago, our approach to language design and evolution changed since then. I think we need to ensure that this is even still something we want to do in this form.
TC: What do we think?
### "Tracking issue for function attribute `#[coverage]`" rust#84605
**Link:** https://github.com/rust-lang/rust/issues/84605
TC: This is about stabilizing a `#[coverage(off)]` attribute to exclude items from `-Z instrument-coverage`.
Josh proposed FCP merge and nominated this for us.
There are two open questions about applying this automatically to nested functions and to inlined functions.
TC: What do we think?
### "Stabilize `extended_varargs_abi_support`" rust#116161
**Link:** https://github.com/rust-lang/rust/pull/116161
TC: This stabilization was nominated for us, with pnkfelix commenting:
> Just to add on to @cjgillot 's comment above: @wesleywiser and I could not remember earlier today whether T-lang _wants_ to own FCP'ing changes like this that are restricted to extending the set of calling-conventions (i.e. the `conv` in `extern "conv" fn foo(...)`), which is largely a detail about what platforms one is interoperating with, and not about changing the expressiveness of the Rust language as a whole in the abstract.
>
> (My own gut reaction is that T-compiler is a more natural owner for this than T-lang, but I wasn't certain and so it seems best to let the nomination stand and let the two teams duke it out.)
TC: What do we think about 1) this stabilization, and 2) whether we want to own this?
### "Don't make statement nonterminals match pattern nonterminals" rust#120221
**Link:** https://github.com/rust-lang/rust/pull/120221
TC: CE handed this one to us, since it changes the contract of macro matchers.
Here's the code that does not work today that we would make work:
```rust
macro_rules! m {
($pat:pat) => {};
($stmt:stmt) => {};
}
macro_rules! m2 {
($stmt:stmt) => {
m! { $stmt }
//~^ ERROR expected pattern
};
}
m2! { let x = 1 }
```
This code does not work because we consider `:stmt` to be a possible `:pat` even though we then always reject it later in the process. By saying that `:stmt` cannot be a `:pat`, we make this code work.
We discussed this in the meeting on 2024-03-27:
> CE: Right now the tokens that a macro matcher may begin with is a stable guarantee. We are relaxing the assumption that pattern matchers may begin with statement metavariables ($var whose type is stmt), because when we actually try to *parse* such a pattern, we are always guaranteed to fail. This only allows more code to compile, and would only break future code if we specifically wanted to begin patterns with *statement metavariable*.
>
> scottmcm: I agree that it's weird to allow a `:stmt` in a pattern, so am happy to say we won't. Let's see what others think, since this conversation was in a sparsely-attended triage meeting:
>
> scottmcm: The other thing we explored was what it would take to make this actually work, since you can actually put an `:expr` into a pattern. But CE argued that we don't actually like that that works, it's just something we're stuck with because people used it before `:literal` was available, which seems fair.
TC: What do we think?
### "Initial support for auto traits with default bounds" rust#120706
**Link:** https://github.com/rust-lang/rust/pull/120706
TC: This is related to this MCP about a path toward async drop and scoped tasks:
https://github.com/rust-lang/compiler-team/issues/727
TC: petrochenkov gives some background:
> So, what are the goals here:
>
> * We want to have a possibility to add new auto traits that are added to _all_ bound lists by default on the current edition. The examples of such traits could be `Leak`, `Move`, `SyncDrop` or something else, it doesn't matter much right now. The desired behavior is similar to the current `Sized` trait. Such behavior is required for introducing `!Leak` or `!SyncDrop` types in a backward compatible way. (Both `Leak` and `SyncDrop` are likely necessary for properly supporting libraries for scoped async tasks and structured concurrency.)
> * It's not clear whether it can be done backward compatibly and without significant perf regressions, but that's exactly what we want to find out. Right now we encounter some cycle errors and exponential blow ups in the trait solver, but there's a chance that they are fixable with the new solver.
> * Then we want to land the change into rustc under an option, so it becomes available in bootstrap compiler. Then we'll be able to do standard library experiments with the aforementioned traits without adding hundreds of `#[cfg(not(bootstrap))]`s.
> * Based on the experiments, we can come up with some scheme for the next edition, in which such bounds are added more conservatively.
> * Relevant blog posts - https://without.boats/blog/changing-the-rules-of-rust/, https://without.boats/blog/follow-up-to-changing-the-rules-of-rust/ and https://without.boats/blog/generic-trait-methods-and-new-auto-traits/, https://without.boats/blog/the-scoped-task-trilemma/
> * Larger compiler team MCP including this feature - [MCP: Low level components for async drop compiler-team#727](https://github.com/rust-lang/compiler-team/issues/727), it gives some more context
We discussed this in the async WG on 2024-03-25 and commented:
> This is interesting work, but there's a lot to review here. We'd be particularly interested in seeing something in the way of a design document here, specifically e.g. with respect to when these bounds are added and when they are not, and how they interact with the `?` bounds. Seeing the algorithm spelled out in words and in theory would definitely help us understand this. The best place to put this may be in the [rustc-dev-guide](https://github.com/rust-lang/rustc-dev-guide).
The question here is whether we want to charter this as an experiment.
### "Let's `#[expect]` some lints: Stabilize `lint_reasons` (RFC 2383) " rust#120924
**Link:** https://github.com/rust-lang/rust/pull/120924
TC: Since the last time this was proposed for stabilization, various unresolved questions have now been resolved, so this is being proposed again.
We're talking about this:
```rust
#![feature(lint_reasons)]
fn main() {
#[deny(unused_variables, reason = "unused variables, should be removed")]
let unused = "How much wood would a woodchuck chuck?";
}
error: unused variable: `unused`
--> src/main.rs:5:9
|
5 | let unused = "How much wood would a woodchuck chuck?";
| ^^^^^^ help: if this is intentional, prefix it with an underscore: `_unused`
|
= note: unused variables, should be removed
note: the lint level is defined here
--> src/main.rs:4:12
|
4 | #[deny(unused_variables, reason = "unused variables, should be removed")]
| ^^^^^^^^^^^^^^^^
```
And this:
```rust
#![feature(lint_reasons)]
fn main() {
#[expect(unused_variables, reason = "WIP, I'll use this value later")]
let message = "How much wood would a woodchuck chuck?";
#[expect(unused_variables, reason = "is this unused?")]
let answer = "about 700 pounds";
println!("A: {answer}")
}
warning: this lint expectation is unfulfilled
--> src/main.rs:4:14
|
6 | #[expect(unused_variables, reason = "is this unused?")]
| ^^^^^^^^^^^^^^^^
|
= note: `#[warn(unfulfilled_lint_expectations)]` on by default
= note: is this unused?
```
On 2024-03-15, tmandry proposed FCP merge, and nikomatsakis is also +1. This needs one more +1 to go into FCP. What do we think?
### "Support ?Trait bounds in supertraits and dyn Trait under a feature gate" rust#121676
**Link:** https://github.com/rust-lang/rust/pull/121676
TC: This is related to this MCP about a path toward async drop and scoped tasks:
https://github.com/rust-lang/compiler-team/issues/727
TC: petrochenkov gives some background:
> Summary:
>
> * [Initial support for auto traits with default bounds #120706](https://github.com/rust-lang/rust/pull/120706) introduces a way to add new auto traits that are appended to all bound lists by default, similarly to existing `Sized`. Such traits may include `Leak`, `SyncDrop` or similar, see [Initial support for auto traits with default bounds #120706 (comment)](https://github.com/rust-lang/rust/pull/120706#issuecomment-1934006762) for more detailed motivation.
> * To opt out from bounds added by default the `?Trait` syntax is used, but such "maybe" bounds are not supported in some contexts like supertrait lists and `dyn Trait + ...` lists, because `Sized` is not added by default in those context.
> * This PR adds a feature for supporting `trait Trait1: ?Trait2`, `dyn Trait1 + ?Trait2` and also multiple maybe bounds in the same list `?Trait1 + ?Trait2`, because the new traits need to be added by default in those contexts too, and `?Sized + ?Leak` may also make sense.
> * We need this to be available in bootstrap compiler, to make experiments on standard library without adding too many `#[cfg(not(bootstrap))]`s
> * Larger compiler team MCP including this feature - [MCP: Low level components for async drop compiler-team#727](https://github.com/rust-lang/compiler-team/issues/727), it gives some more context
TC: The question here is whether we want to charter this as an experiment.
### "Elaborate on the invariants for references-to-slices" rust#121965
**Link:** https://github.com/rust-lang/rust/pull/121965
TC: scottmcm filed this issue and explains:
> The length limit on slices is clearly a safety invariant, and I'd like it to also be a validity invariant. With [function parameter metadata](https://discourse.llvm.org/t/rfc-metadata-attachments-for-function-arguments/76420?u=scottmcm) making progress in LLVM, I'd really like to be able to use it when `&[_]` is passed as a scalar pair, in particular.
>
> The documentation for references is cagey about what exactly is a validity invariant, so for now just elaborate on the consequences of the existing safety rules on slices -- the length restriction follows from the `size_of_val` restriction -- as a way to help discourage people from trying to violate them.
>
> I also made the existing warning stronger, since I'm fairly sure it's already UB to violate at least the "references must be non-null" rule, rather than it just being that it "might be UB in the future".
Then joboet nominated this for us with:
> Given that `slice::from_raw_parts` already states that "the total size `len * mem::size_of::<T>()` of the slice must be no larger than `isize::MAX`" and that its behaviour is undefined otherwise, I'd say that this is entirely uncontroversial. Still, I'd appreciate some team sign-off on this, I think this concerns lang?
RalfJ thinks this should probably be a dual T-lang / T-opsem FCP.
TC: What do we think?
### "`#![crate_name = EXPR]` semantically allows `EXPR` to be a macro call but otherwise mostly ignores it" rust#122001
**Link:** https://github.com/rust-lang/rust/issues/122001
TC: In previous stable versions of Rust, `#![crate_name = EXPR]` worked. That is, within `EXPR` we expanded and then used macro calls such as `concat`.
However, due to:
https://github.com/rust-lang/rust/pull/117584
...we broke this, and then we shipped it in stable Rust v1.77.
Except, we only half broke it. It doesn't work, but neither is it a hard error. It just quietly ignores the result.
We discussed this in the meeting on 2024-03-27 and agreed this was the worst of all worlds, and so we should at a minimum break it completely, and then we could always later decide to relax the hard error and make it work again by reverting #117584. On that basis, scottmcm proposed FCP merge.
TC: What do we think?
### "Assert that the first `assert!` expression is `bool`" rust#122661
**Link:** https://github.com/rust-lang/rust/pull/122661
TC: estebank describes this issue for us:
> In the desugaring of `assert!` in 2024 edition, assign the condition expression to a `bool` biding in order to provide better type errors when passed the wrong thing.
>
> The span will point only at the expression, and not the whole `assert!` invocation.
>
```
error[E0308]: mismatched types
--> $DIR/issue-14091.rs:2:13
|
LL | assert!(1,1);
| ^ expected `bool`, found integer
```
>
> We no longer mention the expression needing to implement the `Not` trait.
>
```
error[E0308]: mismatched types
--> $DIR/issue-14091-2.rs:15:13
|
LL | assert!(x, x);
| ^ expected `bool`, found `BytePos`
```
>
> In <=2021 edition, we still accept any type that implements `Not<Output = bool>`.
TC: And pnkfelix nominates this for us:
> At the very least, we might need to tie such a change to an edition.
>
> I am not certain whether this decision would be a T-lang matter or a T-libs-api one. I'll nominate for T-lang for now.
>
> (Namely: The question is whether we can start enforcing a rule that the first expression to `assert!` must be of bool type, which is how the [macro is documented](https://doc.rust-lang.org/std/macro.assert.html), but its current behavior is a little bit more general, as demonstrated in my [prior comment](https://github.com/rust-lang/rust/pull/122661#issuecomment-2004197554))
>
> ...
>
> There _is_ a design space here. E.g. one set of options is:
>
> 1. (stable Rust behavior): in all editions, support arbitrary `impl Not<Output=bool>` for first parameter to `assert!`;
> 2. in edition >= 2024, support _just_ `Deref<Target=bool>` for first parameter to `assert!` (e.g. by expanding to `let x: &bool = &$expr;`), or
> 3. (this PR): in edition >= 2024, support _just_ `bool` for first parameter to `assert!`.
>
> (And then there's variations thereof about how to handle editions < 2024, but that's a separate debate IMO.)
TC: What do we think?
### "Emit a warning if a `match` is too complex" rust#122685
**Link:** https://github.com/rust-lang/rust/pull/122685
TC: Nadri nominates this for us and describes the situation:
> Dear T-lang, this PR adds a warning that cannot be silenced, triggered when a match takes a really long time to analyze (in the order of seconds). This is to help users figure out what's taking so long and fix it.
>
> We _could_ make the limit configurable or the warning `allow`able. I argue that's not necessary because [crater](https://github.com/rust-lang/rust/pull/121979#issuecomment-2003089646) showed zero regressions with the current limit, and it's be pretty easy in general to split up a `match` into smaller `match`es to avoid blowup.
>
> We're still figuring out the exact limit, but does the team approve in principle?
(As an aside, awhile back someone [showed](https://niedzejkob.p4.team/rust-np/) how to [lower](https://github.com/NieDzejkob/rustc-sat) SAT to exhaustiveness checking with `match`. Probably that would hit this limit.)
TC: What do we think?
### "Policy for lint expansions" rust#122759
**Link:** https://github.com/rust-lang/rust/issues/122759
TC: In the call on 2024-03-13, we discussed this issue raised by tmandry:
"Fallout from expansion of redundant import checking"
https://github.com/rust-lang/rust/issues/121708
During the call, the thoughts expressed included:
- We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint.
- It would be good if potentially-disruptive expansions of an existing lint either:
- Had a machine-applicable fix.
- Or had a new name.
- We don't want to require a new lint name for each expansion.
- We don't want to require a crater run for each change to a lint.
- There are two ways to prevent disruption worth exploring:
- Prevent potentially-disruptive changes from hitting master.
- Respond quickly to early indications of disruption once the changes hit master.
- Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable.
TC: tmandry volunteered to draft a policy proposal. He's now written up this proposal in this issue.
> ## Background
>
> When a lint is expanded to include many new cases, it adds significant complexity to the rollout of a toolchain to large codebases. Maintainers of these codebases are stuck with the choice of
>
> 1. Disabling the existing lint while the toolchain is updated and new cases are fixed
> 2. Fixing cases manually and updating the toolchain immediately
>
> Both of these come with the problem of _racing_ with other developers in a codebase who may land new code which triggers the expanded lint in a new compiler, but does _not_ trigger the lint in an old compiler.
>
> While it would be nice to solve this "raciness" once and for all, there are other considerations at play. Instead, we propose to support these users by either providing them with a new lint name to temporarily opt out of _OR_ a machine-applicable fix which eases the pain of any races which might occur.
>
> Note that this requirement only applies to _significant_ lint expansions as measured by crater.
>
> ## Policy
>
> When an existing lint is expanded to include many new cases, we must provide either:
>
> 1. A new lint name under the existing group, so that users may opt out of the expansion at least temporarily, or
> 2. A MachineApplicable fix for the lint.
>
> Exceptions to this policy may be made via Language Team FCP.
>
> Here, we define "many new cases" as impacting more than 5% of the top-1000 crates on crates.io. This can be measured by counting the number of regressions from a crater run like the one below.
>
> A crater run is not required before landing for every lint expansion. Reviewers should use their best judgment to decide if one is required. However, if a lint expansion lands that violates this requirement, or is strongly suspected to violate this requirement based on other impact, it should be reverted.
>
> #### Crater command
>
> To measure the impact of a lint as defined by this policy, you can use the following crater command:
>
> `@craterbot run name=<name> start=master#<hash1>+rustflags=-D<lint_name> end=master#<hash2>+rustflags=-D<lint_name> crates=top-1000 mode=check-only p=1`
>
> See the [crater docs](https://github.com/rust-lang/crater/blob/master/docs/bot-usage.md#tutorial-creating-an-experiment-for-a-pr) for more information.
TC: What do we think?
### "Raw Keywords" rfcs#3098
**Link:** https://github.com/rust-lang/rfcs/pull/3098
TC: We've at various times discussed that we had earlier decided that if we wanted to use a new keyword within an edition, we would write it as `k#keyword`, and for that reason, we prefer to not speculatively reserve keywords ahead of an edition (except, perhaps, when it's clear we plan to use it in the near future).
TC: Somewhat amusingly, however, we never in fact accepted that RFC. Back in 2021, we accepted scottmcm's proposal to **cancel**:
> We discussed this RFC again in the lang team triage meeting today.
>
> For the short-term goal of the reservation for the edition, we'll be moving forward on #3101 instead. As such, we wanted to leave more time for conversations about this one, and maybe use crater results from 3101 to make design changes,
>
> @rfcbot cancel
Instead we accepted RFC 3101 that reserved `ident#foo`, `ident"foo"`, `ident'f'`, and `ident#123` starting in the 2023 edition.
Reading through the history, here's what I see:
- What do we want to do about Rust 2015 and Rust 2018? It's a breaking change to add this there. Is this OK? Do we want to do a crater run on this?
- Would we have the stomach to actually do this? It's one thing to *say* that if we wanted to use a new keyword within an edition, we'd write `k#keyword`, but it's another to actually do it in the face of certain criticism about that being e.g. unergonomic. Would we follow through?
TC: What do we think?
### "Tracking issue for the `start` feature" rust#29633
**Link:** https://github.com/rust-lang/rust/issues/29633
TC: Nils proposes to us that we delete the unstable `#[start]` attribute:
> I think this issue should be closed and `#[start]` should be deleted. It's nothing but an accidentally leaked implementation detail that's a not very useful mix between "portable" entrypoint logic and bad abstraction.
>
> I think the way the stable user-facing entrypoint should work (and works today on stable) is pretty simple:
>
> * `std`-using cross-platform programs should use `fn main()`. the compiler, together with `std`, will then ensure that code ends up at `main` (by having a platform-specific entrypoint that gets directed through `lang_start` in `std` to `main` - but that's just an implementation detail)
> * `no_std` platform-specific programs should use `#![no_main]` and define their own platform-specific entrypoint symbol with `#[no_mangle]`, like `main`, `_start`, `WinMain` or `my_embedded_platform_wants_to_start_here`. most of them only support a single platform anyways, and need cfg for the different platform's ways of passing arguments or other things _anyways_
>
> `#[start]` is in a super weird position of being neither of those two. It tries to pretend that it's cross-platform, but its signature is a total lie. Those arguments are just stubbed out to zero on Windows, for example. It also only handles the platform-specific entrypoints for a few platforms that are supported by `std`, like Windows or Unix-likes. `my_embedded_platform_wants_to_start_here` can't use it, and neither could a libc-less Linux program. So we have an attribute that only works in some cases anyways, that has a signature that's a total lie (and a signature that, as I might want to add, has changed recently, and that I definitely would not be comfortable giving _any_ stability guarantees on), and where there's a pretty easy way to get things working without it in the first place.
>
> Note that this feature has **not** been RFCed in the first place.
TC: What do we think?
### "Stabilize `anonymous_lifetime_in_impl_trait`" rust#107378
**Link:** https://github.com/rust-lang/rust/pull/107378
TC: We unnominated this back in October 2023 as more analysis seemed to be needed. Since then, nikomatsakis and tmandry have posted substantive analysis that it seems we should discuss.
### "#[cold] on match arms" rust#120193
**Link:** https://github.com/rust-lang/rust/pull/120193
TC: Apparently our unstable `likely` and `unlikely` intrinsics don't work. There's a proposal to do some work on fixing that and stabilizing a solution here. The nominated question is whether we want to charter this as an experiment.
### "add float semantics RFC" rfcs#3514
**Link:** https://github.com/rust-lang/rfcs/pull/3514
TC: In addition to documenting the current behavior carefully, this RFC (per RalfJ)...
> says we should allow float operations in `const fn`, which is currently not stable. This is a somewhat profound decision since it is the first non-deterministic operation we stably allow in `const fn`. (We already allow those operations in `const`/`static` initializers.)
TC: What do we think? tmandry proposed this for FCP merge back in October 2023.
### "Tracking Issue for unicode and escape codes in literals" rust#116907
**Link:** https://github.com/rust-lang/rust/issues/116907
TC: nnethercote has implemented most of RFC 3349 ("Mixed UTF-8 literals") and, based on implementation experience, argues that the remainder of the RFC should not be implemented:
> I have a partial implementation of this RFC working locally (EDIT: now at #120286). The RFC proposes five changes to literal syntax. I think three of them are good, and two of them aren't necessary.
TC: What do we think?
### "Proposal: Remove `i128`/`u128` from the `improper_ctypes` lint" lang-team#255
**Link:** https://github.com/rust-lang/lang-team/issues/255
TC: Trevor Gross describes the situation:
> For a while, Rust's 128-bit integer types have been incompatible with those from C. The original issue is here [rust-lang/rust#54341](https://github.com/rust-lang/rust/issues/54341), with some more concise background information at the MCP here [rust-lang/compiler-team#683](https://github.com/rust-lang/compiler-team/issues/683)
>
> The current Beta of 1.77 will have [rust-lang/rust#116672](https://github.com/rust-lang/rust/pull/116672), which manually sets the alignment of `i128` to make it ABI-compliant with any version of LLVM (`clang` does something similar now). 1.78 will have LLVM18 as the vendored version which fixes the source of this error.
>
> Proposal: now that we are ABI-compliant, do not raise `improper_ctypes` on our 128-bit integers. I did some testing with abi-cafe and a more isolated https://github.com/tgross35/quick-abi-check during the time https://reviews.llvm.org/D86310 was being worked on, and verified everything lines up. (It would be great to have some fork of abi-cafe in tree, but that is a separate discussion.)
>
> @joshtriplett mentioned that changing this lint needs a lang FCP https://rust-lang.zulipchat.com/#narrow/stream/187780-t-compiler.2Fwg-llvm/topic/LLVM.20alignment.20of.20i128/near/398422037. cc @maurer
>
> Reference change from when I was testing [rust-lang/rust@c742908](https://github.com/rust-lang/rust/commit/c742908c4b9abde264b8c5e9663e31c649a47f2f)
TC: Josh nominates this for our discussion. What do we think?
### "`is` operator for pattern-matching and binding" rfcs#3573
**Link:** https://github.com/rust-lang/rfcs/pull/3573
TC: Josh proposes for us that we should accept:
```rust
if an_option is Some(x) && x > 3 {
println!("{x}");
}
```
And:
```rust
func(x is Some(y) && y > 3);
```
TC: The main topic discussed in the issue thread so far has been the degree to which Rust should have "two ways to do things". Probably the more interesting issue is how the binding and drop scopes for this should work.
TC: In the 2024-02-21 meeting (with limited attendance), we discussed how we should prioritize stabilizing let chains, and tmandry suggested we may want to allow those to settle first.
TC: What do we think, as a gut check?
### "RFC: Allow symbol re-export in cdylib crate from linked staticlib" rfcs#3556
**Link:** https://github.com/rust-lang/rfcs/pull/3556
TC: This seems to be about making the following work:
```rust
// kind is optional if it's been specified elsewhere, e.g. via the `-l` flag to rustc
#[link(name="ext", kind="static")]
extern {
#[no_mangle]
pub fn foo();
#[no_mangle]
pub static bar: std::ffi::c_int;
}
```
There are apparently use cases for this.
What's interesting is that apparently it already does, but we issue a warning that is wrong:
```rust
warning: `#[no_mangle]` has no effect on a foreign function
--> src/lib.rs:21:5
|
21 | #[no_mangle]
| ^^^^^^^^^^^^ help: remove this attribute
22 | pub fn foo_rfc3556_pub_with_no_mangle();
| ---------------------------------------- foreign function
|
= warning: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release!
= note: symbol names in extern blocks are not mangled
```
TC: One of the author's asks of us is that we don't make this into a hard error (e.g. with the new edition).
TC: What do we think?
### "Better errors with bad/missing identifiers in MBEs" rust#118939
**Link:** https://github.com/rust-lang/rust/pull/118939
TC: The idea here seems to be to improve some diagnostics around `macro_rules`, but this seems to be done by way of reserving the `macro_rules` token more widely, which is a breaking change. Petrochenkov has objected to it on that basis, given that reserving `macro_rules` minimally has been the intention since we hope it will one day disappear in favor of `macro`. What do we think?
### "Uplift `clippy::invalid_null_ptr_usage` lint" rust#119220
**Link:** https://github.com/rust-lang/rust/pull/119220
TC: Urgau proposes this for us:
> This PR aims at uplifting the `clippy::invalid_null_ptr_usage` lint into rustc, this is similar to the [`clippy::invalid_utf8_in_unchecked` uplift](https://github.com/rust-lang/rust/pull/111543) a few months ago, in the sense that those two lints lint on invalid parameter(s), here a null pointer where it is unexpected and UB to pass one.
>
> ## `invalid_null_ptr_usages`
>
> (deny-by-default)
>
> The `invalid_null_ptr_usages` lint checks for invalid usage of null pointers.
>
> ### Example
>
```rust
// Undefined behavior
unsafe { std::slice::from_raw_parts(ptr::null(), 0); }
// Not Undefined behavior
unsafe { std::slice::from_raw_parts(NonNull::dangling().as_ptr(), 0); }
```
>
> Produces:
>
```
error: calling this function with a null pointer is undefined behavior, even if the result of the function is unused, consider using a dangling pointer instead
--> $DIR/invalid_null_ptr_usages.rs:14:23
|
LL | let _: &[usize] = std::slice::from_raw_parts(ptr::null(), 0);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^-----------^^^^
| |
| help: use a dangling pointer instead: `core::ptr::NonNull::dangling().as_ptr()`
```
>
> ### Explanation
>
> Calling methods who's safety invariants requires non-null pointer with a null pointer is undefined behavior.
>
> The lint use a list of functions to know which functions and arguments to checks, this could be improved in the future with a rustc attribute, or maybe even with a `#[diagnostic]` attribute.
TC: What do we think?
### "Stop skewing inference in ?'s desugaring" rust#122412
**Link:** https://github.com/rust-lang/rust/pull/122412
TC: Waffle nominates this breaking change for us:
> This changes `expr?`'s desugaring like so (simplified, see code for more info):
>
> ```rust
> // old
> match expr {
> Ok(val) => val,
> Err(err) => return Err(err),
> }
>
> // new
> match expr {
> Ok(val) => val,
> Err(err) => core::convert::absurd(return Err(err)),
> }
>
> // core::convert
> pub const fn absurd<T>(x: !) -> T { x }
> ```
>
> This prevents `!` from the `return` from skewing inference:
>
> ```rust
> // previously: ok (never type spontaneous decay skews inference, `T = ()`)
> // with this pr: can't infer the type for `T`
> Err(())?;
> ```
We discussed this on 2024-03-20. On the one hand, people were hesitant to block incremental progress, but on the other, people were hesitant to add a special case if we could address a more general case. There was, I would say, appetite for taking a bigger bite here, but people were uncertain if there were any bigger bites that were feasible other than those discussed to support the never type generally, such as disabling fallback to `()`.
In terms of next steps, we wanted to see an answer about the pros and cons of doing this for `return` generally, which @WaffleLapkin has now [answered](https://github.com/rust-lang/rust/pull/122412#issuecomment-2010480706):
> > it made me wonder whether it would be feasible to change return in general to be a free type variable instead of `!`?
>
> @scottmcm I'm not sure. I don't think it's unfeasible, but it sure is harder than this.
>
> The issues are:
>
> * Need to add fallback for those type variables too, so that `return;` works
> * `{ return; }` (which is currently `!` even though there is `;`) needs to be special cased in a different way
> * Will break strictly more things
>
> I'm not sure if this is a good idea or not. It's kinda weird.
...and we wanted to see the results of the crater run that we know that @WaffleLapkin is working to make happen.
When taking this back up, in addition to those details, we wanted to specifically consider how this incremental step may be addressing known footguns with unsafe code such as that in:
https://github.com/rust-lang/rust/issues/51125
TC: What do we think?
### "panic in a no-unwind function leads to not dropping local variables" rust#123231
**Link:** https://github.com/rust-lang/rust/issues/123231
TC: RalfJ nominates this for us. Consider this code:
```rust
#![feature(c_unwind)]
struct Noise;
impl Drop for Noise {
fn drop(&mut self) {
eprintln!("Noisy Drop");
}
}
extern "C" fn test() {
let _val = Noise;
panic!("heyho");
}
fn main() {
test();
}
```
It doesn't print anything. Should it?
### "Lang discussion: Item-level `const {}` blocks, and `const { assert!(...) }`" lang-team#251
**Link:** https://github.com/rust-lang/lang-team/issues/251
TC: This issue was raised due to discussion in a T-libs-api call. Josh gives the context:
> In discussion of [rust-lang/libs-team#325](https://github.com/rust-lang/libs-team/issues/325) (a proposal for a compile-time assert macro), the idea came up to allow `const {}` blocks at item level, and then have people use `const { assert!(...) }`.
>
> @rust-lang/libs-api would like some guidance from @rust-lang/lang about whether lang is open to toplevel `const { ... }` blocks like this, which would influence whether we want to add a compile-time assert macro, as well as what we want to call it (e.g. `static_assert!` vs `const_assert!` vs some other name).
>
> Filing this issue to discuss in a lang meeting. This issue is _not_ seeking any hard commitment to add such a construct, just doing a temperature check.
CAD97 noted:
> To ensure that it's noted: if both item and expression `const` blocks are valid in the same position (i.e. in statement position), a rule to disambiguate would be needed (like for statement versus expression `if`-`else`). IMO it would be quite unfortunate for item-level `const` blocks to be evaluated pre-mono if that same `const` block but statement-level would be evaluated post-mono.
>
> Additionally: since `const { assert!(...) }` is post-mono (due to using the generic context), it's potentially desirable to push people towards using `const _: () = assert!(...);` (which is pre-mono) whenever possible (not capturing generics).
TC: What do we think?
### "Add lint against function pointer comparisons" rust#118833
**Link:** https://github.com/rust-lang/rust/pull/118833
TC: In the 2024-01-03 call, we developed a tentative consensus to lint against direct function pointer comparison and to push people toward using `ptr::fn_addr_eq`. We decided to ask T-libs-api to add this. There's now an open proposal for that here:
https://github.com/rust-lang/libs-team/issues/323
One question that has come up is whether we would expect this to work like `ptr::addr_eq` and have separate generic parameters, e.g.:
```rust
/// Compares the *addresses* of the two pointers for equality,
/// ignoring any metadata in fat pointers.
///
/// If the arguments are thin pointers of the same type,
/// then this is the same as [`eq`].
pub fn addr_eq<T: ?Sized, U: ?Sized>(p: *const T, q: *const U) -> bool { .. }
```
Or whether we would prefer that `fn_addr_eq` enforced type equality of the function pointers. Since we're the ones asking for this, we probably want to develop a consensus here. We discussed this in the call on 2024-01-10, then we opened a Zulip thread:
https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/Signature.20of.20.60ptr.3A.3Afn_addr_eq.60
TC: On this subject, scottmcm raised this point, with which pnkfelix seemed to concur:
> I do feel like if I saw code that had `fn1.addr() == fn2.addr()` (if `FnPtr` were stabilized), I'd write a comment saying "isn't that what `fn_addr_eq` is for?"
>
> If the answer ends up being "no, actually, because I have different types", that feels unfortunate even if it's rare.
>
> (Like how `addr_eq(a, b)` is nice even if with strict provenance I could write `a.addr() == b.addr()` anyway.)
TC: scottmcm also asserted confidence that allowing mixed-type pointer comparisons is correct for `ptr::addr_eq` since comparing the addresses of `*const T`, `*const [T; N]`, and `*const [T]` are all reasonable. I pointed out that, if that's reasonable, then `ptr::fn_addr_eq` is the higher-ranked version of that, since for the same use cases, it could be reasonable to compare function pointers that return those three different things or accept them as arguments.
TC: Adding to that, scottmcm noted that comparing addresses despite lifetime differences is also compelling, e.g. comparing `fn(Box<T>) -> &'static mut T` with `for<'a> fn(Box<T>) -> &'a mut T`.
TC: Other alternatives we considered were not stabilizing `ptr::fn_addr_eq` at all and instead stabilizing `FnPtr` so people could write `ptr::addr_eq(fn1.addr(), fn2.addr())`, or expecting that people would write instead `fn1 as *const () == fn2 as *const ()`.
TC: Recently CAD97 raised an interesting alternative:
> From the precedent of `ptr::eq` and `ptr::addr_eq`, I'd expect a "`ptr::fn_eq`" to have one generic type and a "`ptr::fn_addr_eq`" to have two. Even if `ptr::fn_eq`'s implementation is just an address comparison, it still serves as a documentation point to call out the potential pitfalls with comparing function pointers.
TC: What do we think?
---
TC: Separately, on the 2024-01-10 call, we discussed some interest use cases for function pointer comparison, especially when it's indirected through `PartialEq`. We had earlier said we didn't want to lint when such comparisons were indirected through generics, but we did address the non-generic case of simply composing such comparisons.
One example of how this is used is in the standard library, in `Waker::will_wake`:
https://doc.rust-lang.org/core/task/struct.Waker.html#method.will_wake
It's comparing multiple function pointers via a `#[derive(PartialEq)]` on the `RawWakerVTable`.
We decided on 2024-01-01 that this case was interesting and we wanted to think about it further. We opened a discussion thread about this:
https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/Function.20pointer.20comparison.20and.20.60PartialEq.60
Since then, another interesting use case in the standard library was raised, in the formatting machinery:
https://doc.rust-lang.org/src/core/fmt/rt.rs.html
What do we think about these, and would we lint on derived `PartialEq` cases like these or no?
### "Implement lint against unexpected unary precedence" rust#121364
**Link:** https://github.com/rust-lang/rust/pull/121364
TC: The proposal is to lint against:
```rust
-2.pow(2); // Equals -4.
```
These would instead be written:
```rust
-(2.pow(2)); // Equals -4.
```
TC: This is a subset of:
https://github.com/rust-lang/rust/pull/117161
...which is also nominated. Whereas the #117161 proposal is to lint on both binary op and unary op cases, this proposal is to lint only on unary op cases. The proposal for this subset came out a discussion with scottmcm.
TC: What do we think?
### "Uplift `clippy::precedence` lint" rust#117161
**Link:** https://github.com/rust-lang/rust/pull/117161
TC: The proposal is to lint against:
```rust
-2.pow(2); // Equals -4.
1 << 2 + 3; // Equals 32.
```
These would instead be written:
```rust
-(2.pow(2)); // Equals -4.
1 << (2 + 3); // Equals 32.
```
Prompts for discussion:
- Is this an appropriate lint for `rustc`?
- How do other languages handle precedence here?
- Is minus special enough to treat differently than other unary operators (e.g. `!`, `*`, `&`)?
### "Should Rust still ignore SIGPIPE by default?" rust#62569
**Link:** https://github.com/rust-lang/rust/issues/62569
TC: Prior to `main()` being executed, the Rust startup code makes a syscall to change the handling of `SIGPIPE`. Many believe that this is wrong thing for a low-level language like Rust to do, because 1) it makes it impossible to recover what the original value was, and 2) means things like `seccomp` filters must be adjusted for this.
It's also just, in a practical sense, wrong for most CLI applications.
This seems to have been added back when Rust had green threads and then forgotten about. But it's been an ongoing footgun.
Making a celebrity appearance, Rich Felker, the author of MUSL libc, notes:
> As long as Rust is changing signal dispositions inside init code in a way that the application cannot suppress or undo, it is _fundamentally unusable to implement standard unix utilities that run child processes_ or anything that needs to preserve the signal dispositions it was invoked with and pass them on to children. Changing inheritable process state behind the application's back is just unbelievably bad behavior and does not belong in a language runtime for a serious language...
>
> As an example, if you implement `find` in Rust, the `-exec` option will invoke its commands with `SIGPIPE` set to `SIG_IGN`, so that they will not properly terminate on broken pipe. But if you just made it set `SIGPIPE` to `SIG_DFL` before invoking the commands, now it would be broken in the case where the invoking user intentionally set `SIGPIPE` to `SIG_IGN` so that the commands would not die on broken pipe.
There was discussion in 2019 about fixing this over an edition, but nothing came of it.
Are we interested in fixing it over this one?
Strawman (horrible) proposal: We could stop making this pre-main syscall in Rust 2024 and have `cargo fix` insert this syscall at the start of every `main` function.
(In partial defense of the strawman, it gets us directly to the arguably best end result while having an automatic semantics-preserving edition migration and it avoids the concerns about lang/libs coupling that Mara raised. The edition migration could add a comment above this inserted code telling people under what circumstances they should either keep or delete the added line.)
### "types team / lang team interaction" rust#116557
**Link:** https://github.com/rust-lang/rust/issues/116557
TC: nikomatsakis nominated this:
> We had some discussion about types/lang team interaction. We concluded a few things:
>
> * Pinging the team like @rust-lang/lang is not an effective way to get attention. Nomination is the only official way to get attention.
> * It's ok to nominate things in an "advisory" capacity but not block (e.g., landing a PR), particularly as most any action can ultimately be reversed. But right now, triagebot doesn't track closed issues, so that's a bit risky.
>
> Action items:
>
> * We should fix triagebot to track closed issues.
TC: What do we think?
### "UnsafePinned: allow aliasing of pinned mutable references" rfcs#3467
**Link:** https://github.com/rust-lang/rfcs/pull/3467
TC: We have a design meeting scheduled for this for 2024-05-29:
https://github.com/rust-lang/lang-team/issues/266
### "Implement `PartialOrd` and `Ord` for `Discriminant`" rust#106418
**Link:** https://github.com/rust-lang/rust/pull/106418
TC: We discussed this last in the meeting on 2024-03-13. scottmcm has now raised on concern on the issue and is planning to make a counter-proposal:
> I remain concerned about exposing this with no opt-out on an unrestricted generic type @rfcbot concern overly-broad
>
> I'm committing to making an alternative proposal because I shouldn't block without one. Please hold my feet to the fire if that's no up in a week.
>
> Basically, I have an idea for how we might be able to do this, from [#106418 (comment)](https://github.com/rust-lang/rust/pull/106418#issuecomment-1698887324)
>
> > 2. Expose the variant ordering privately, only accessible by the type owner/module.
> >
> > Solution 2. is obviously more desirable, but AFAIK Rust can't do that and there is no proposal to add a feature like that.
https://github.com/rust-lang/rust/pull/106418#issuecomment-1994833151
### "Fallout from expansion of redundant import checking" rust#121708
**Link:** https://github.com/rust-lang/rust/issues/121708
TC: We discussed this in the meeting on 2024-03-13. The feelings expressed included:
- We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint.
- It would be good if potentially-disruptive expansions of an existing lint either:
- Had a machine-applicable fix.
- Or had a new name.
- We don't want to require a new lint name for each expansion.
- We don't want to require a crater run for each change to a lint.
- There are two ways to prevent disruption worth exploring:
- Prevent potentially-disruptive changes from hitting master.
- Respond quickly to early indications of disruption once the changes hit master.
- Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable.
TC: tmandry volunteered to draft a policy proposal.
## Action item review
- [Action items list](https://hackmd.io/gstfhtXYTHa3Jv-P_2RK7A)
## Pending lang team project proposals
None.
## PRs on the lang-team repo
### "Add soqb`s design doc to variadics notes" lang-team#236
**Link:** https://github.com/rust-lang/lang-team/pull/236
### "Update auto traits design notes with recent discussion" lang-team#237
**Link:** https://github.com/rust-lang/lang-team/pull/237
### "Update hackmd link to a public link" lang-team#258
**Link:** https://github.com/rust-lang/lang-team/pull/258
## RFCs waiting to be merged
### "Unsafe Extern Blocks" rfcs#3484
**Link:** https://github.com/rust-lang/rfcs/pull/3484
### "Precise capturing" rfcs#3617
**Link:** https://github.com/rust-lang/rfcs/pull/3617
## `S-waiting-on-team`
### "offset: allow zero-byte offset on arbitrary pointers" rust#117329
**Link:** https://github.com/rust-lang/rust/pull/117329
### "Support C23's Variadics Without a Named Parameter" rust#124048
**Link:** https://github.com/rust-lang/rust/pull/124048
### "Stabilize `min_exhaustive_patterns`" rust#122792
**Link:** https://github.com/rust-lang/rust/pull/122792
### "Don't make statement nonterminals match pattern nonterminals" rust#120221
**Link:** https://github.com/rust-lang/rust/pull/120221
### "Stabilize `count`, `ignore`, `index`, and `length` in Rust 1.80" rust#122808
**Link:** https://github.com/rust-lang/rust/pull/122808
### "Better errors with bad/missing identifiers in MBEs" rust#118939
**Link:** https://github.com/rust-lang/rust/pull/118939
### "[ptr] Document maximum allocation size" rust#116675
**Link:** https://github.com/rust-lang/rust/pull/116675
### "warn less about non-exhaustive in ffi" rust#116863
**Link:** https://github.com/rust-lang/rust/pull/116863
### "Rename `AsyncIterator` back to `Stream`, introduce an AFIT-based `AsyncIterator` trait" rust#119550
**Link:** https://github.com/rust-lang/rust/pull/119550
### "Allow `#[deny]` inside `#[forbid]` as a no-op with a warning" rust#121560
**Link:** https://github.com/rust-lang/rust/pull/121560
## Proposed FCPs
**Check your boxes!**
### "Edition 2024: don't special-case diverging blocks" rust#123590
**Link:** https://github.com/rust-lang/rust/pull/123590
### "Tracking issue for function attribute `#[coverage]`" rust#84605
**Link:** https://github.com/rust-lang/rust/issues/84605
### "Don't make statement nonterminals match pattern nonterminals" rust#120221
**Link:** https://github.com/rust-lang/rust/pull/120221
### "`#![crate_name = EXPR]` semantically allows `EXPR` to be a macro call but otherwise mostly ignores it" rust#122001
**Link:** https://github.com/rust-lang/rust/issues/122001
### "Stabilize `count`, `ignore`, `index`, and `length` in Rust 1.80" rust#122808
**Link:** https://github.com/rust-lang/rust/pull/122808
### "Stabilize `anonymous_lifetime_in_impl_trait`" rust#107378
**Link:** https://github.com/rust-lang/rust/pull/107378
### "add float semantics RFC" rfcs#3514
**Link:** https://github.com/rust-lang/rfcs/pull/3514
### "Implement `PartialOrd` and `Ord` for `Discriminant`" rust#106418
**Link:** https://github.com/rust-lang/rust/pull/106418
### "RFC: inherent trait implementation" rfcs#2375
**Link:** https://github.com/rust-lang/rfcs/pull/2375
### "Don't allow unwinding from Drop impls" rfcs#3288
**Link:** https://github.com/rust-lang/rfcs/pull/3288
### "Add text for the CFG OS Version RFC" rfcs#3379
**Link:** https://github.com/rust-lang/rfcs/pull/3379
### "Tracking Issue for `const_cstr_from_ptr`" rust#113219
**Link:** https://github.com/rust-lang/rust/issues/113219
### "Stabilize Wasm relaxed SIMD" rust#117468
**Link:** https://github.com/rust-lang/rust/pull/117468
### "Stabilize associated type position impl Trait (ATPIT)" rust#120700
**Link:** https://github.com/rust-lang/rust/pull/120700
### "Allow `#[deny]` inside `#[forbid]` as a no-op with a warning" rust#121560
**Link:** https://github.com/rust-lang/rust/pull/121560
### "regression: let-else syntax restriction (right curly brace not allowed)" rust#121608
**Link:** https://github.com/rust-lang/rust/issues/121608
## Active FCPs
### "Stabilize `min_exhaustive_patterns`" rust#122792
**Link:** https://github.com/rust-lang/rust/pull/122792
### "RFC: New range types for Edition 2024" rfcs#3550
**Link:** https://github.com/rust-lang/rfcs/pull/3550
### "Let's `#[expect]` some lints: Stabilize `lint_reasons` (RFC 2383) " rust#120924
**Link:** https://github.com/rust-lang/rust/pull/120924
### "MaybeDangling" rfcs#3336
**Link:** https://github.com/rust-lang/rfcs/pull/3336
### "[ptr] Document maximum allocation size" rust#116675
**Link:** https://github.com/rust-lang/rust/pull/116675
## P-critical issues
None.
Sign in with Wallet
Connect another wallet