--- title: "Lang/RfL meeting 2025-03-26" tags: ["T-lang", "design-meeting", "minutes"] date: 2025-03-26 discussion: url: https://hackmd.io/Ndf1VWZgRpSYwohU9F-09A --- # Lang/RfL meeting 2025-03-26 ## Attendance People: Miguel Ojeda, Gary Guo, Boqun Feng, TC, Niko, Wesley Wiser, Josh Triplett, davidtwco ## Inviting Linus to the all-hands There's been discussion of inviting Linus to the all-hands. We're interested in Greg coming also, but we understand he can't make it this year. Maybe he can make it next year. ## TL;DR Most of the major items are in an iteration phase. The rustdoc changes for exporting doctests are the furthest along, with a working prototype; the RFL project has been integrating that prototype and providing feedback. Clippy stabilization now has a pre-RFC and there is active iteration towards support for build-std. Other areas of progress: * We have an [open PR](https://github.com/rust-lang/rust/pull/136926) to stabilize `-Zdwarf-version`. * The lang and types team have been discussing the best path forward to resolve [#136702](https://github.com/rust-lang/rust/issues/136702). This is a soundness concern that was raised around certain casts, specifically, casts from a type like `*mut dyn Foo + '_` (with some lifetime) to `*mut dyn Foo + 'static` (with a static lifetime). Rust's defaulting rules mean that the latter is more commonly written with a defaulted lifetime, i.e., just `*mut dyn Foo`, which makes this an easy footgun. This kind of cast has always been dubious, as it disregards the lifetime in a rather subtle way, but when combined with arbitrary self types it permits users to disregard safety invariants making it hard to enforce soundness (see [#136702](https://github.com/rust-lang/rust/issues/136702) for details). The current proposal under discussion in [#136776](https://github.com/rust-lang/rust/issues/136776) is to make this sort of cast a hard error at least outside of an unsafe block; we evaluated the feasibility of doing a future-compatibility-warning and found it was infeasible. Crater runs suggest very limited fallout from this soundness fix but discussion continues about the best set of rules to adopt so as to balance minimizing fallout with overall language simplicity. ## Tracking [Tracking issue](https://github.com/rust-lang/rust-project-goals/issues/116) ### Finalizing 2024h2 goals * [ ] Stabilize `derive(CoercePointee)` (blocked on #136764 / #136776) * [ ] Stabilize arbitrary self types v2 (blocked on #136764 / #136776) * [x] Stabilize asm-goto * [ ] Support for pointers with `asm_const` https://github.com/rust-lang/rust/issues/128464 First two are making progress, see monthly update. asm-goto will be released in 1.87 asm-const has a preliminary impl, gcc support is needed: https://github.com/rust-lang/rust/pull/138618 While not used in RFL, `naked_asm` is not on the list but it will be moving forward for stabilization. It suffers from the same LLVM bug as `global_asm` forgetting target feature flags. ### ABI-modifying compiler flags * [x] Author RFC (@darksonn) * [x] RFC decision ([compiler](http://github.com/rust-lang/compiler-team) ![Team][]) * [ ] Implementation ([draft PR](https://github.com/rust-lang/rust/pull/138736) from @azhogin) * [ ] Standard reviews ([compiler](http://github.com/rust-lang/compiler-team) ![Team][]) * [ ] Stabilization decision ([compiler](http://github.com/rust-lang/compiler-team) ![Team][]) Andrew Zhogin has opened a draft PR (https://github.com/rust-lang/rust/pull/138736) following Alice's issue about which santisers should be modifiers (https://github.com/rust-lang/rust/issues/138453) ### Extract dependency information, configure no-std externally (-Zcrate-attr) * [x] Author an RFC to stabilize [RFC #3791](https://github.com/rust-lang/rfcs/pull/3791) * [ ] Implementation () * [ ] Standard reviews ([compiler](http://github.com/rust-lang/compiler-team) ![Team][]) * [ ] Stabilization decision ([compiler](http://github.com/rust-lang/compiler-team) ![Team][]) Dependency thing we do not need `-Zcrate-attr` has an RFC from jyn: https://github.com/rust-lang/rfcs/pull/3791 ### Rustdoc features to extract doc tests * [x] Author RFC () * [x] RFC decision ([rustdoc](https://github.com/rust-lang/rust) ![Team][]) * [x] Implementation () * [x] Standard reviews ([rustdoc](https://github.com/rust-lang/rust) ![Team][]) * [ ] Experimentation in RFL (@ojeda) * [ ] Stabilization decision ([rustdoc](https://github.com/rust-lang/rust) ![Team][]) No update. ### Clippy configuration * [ ] RFC text ([pre-RFC draft](https://hackmd.io/@flip1995/By87NXIc1g)) * [ ] Stabilization decision ([clippy](https://github.com/rust-lang/rust-clippy) ![Team][]) [Pre-RFC](https://hackmd.io/@flip1995/By87NXIc1g) was published but hasn't (to our knowledge) made progress. Would be good to sync up on next steps with @flip1995. ### Build-std (https://github.com/rust-lang/rust-project-goals/issues/274) No update. Progress will resume next week when the contributor working on this returns from holiday. ### `-Zsanitize-kcfi-arity` * [x] Tracking issue: https://github.com/rust-lang/rust/issues/138311 * [ ] Implementation (https://github.com/rust-lang/rust/pull/138368, already reviewed by davidtwco) * [ ] Stabilization Notes available [here](https://clang.llvm.org/docs/ControlFlowIntegrity.html#fsanitize-kcfi-arity) and [here](https://lore.kernel.org/lkml/20250224123703.843199044@infradead.org/). Unblocked to land. Ideally we'd have more end-to-end tests but that's not always possible. ### Previous minutes https://hackmd.io/e_sJtc0UQPWVgVBMDUY33A ### Want to have assertions at link time...? Some places where const assert runs too early. Miguel can bring some of the details. Some of the cases are parameters that always have const values but using turbofish is annoying. Others are due to limitations of const functions. ```rust const fn foo(const len: usize) { } // ... const fn foo<L: usize>() { } ``` examples from chat: ``` 125- pub fn access<'a>(&'a self, owner: &'a U) -> &'a T 126- where 127- T: Sync, 128- { 129: build_assert!( 130- size_of::<U>() > 0, 131- "`U` cannot be a ZST because `owner` wouldn't be unique" 132- ); ``` ``` 92- /// Creates a new instance of `C22` with a vendor specific register. 93- pub const fn vendor_specific<const N: u8>() -> Self { 94: build_assert!( 95- N > 0x0f && N < 0x20, 96- "Vendor-specific register address must be between 16 and 31" 97- ); 98- C22(N) 99- } ``` ``` 11-/// Build an ioctl number, analogous to the C macro of the same name. 12-#[inline(always)] 13-const fn _IOC(dir: u32, ty: u32, nr: u32, size: usize) -> u32 { 14: build_assert!(dir <= uapi::_IOC_DIRMASK); 15: build_assert!(ty <= uapi::_IOC_TYPEMASK); 16: build_assert!(nr <= uapi::_IOC_NRMASK); 17: build_assert!(size <= (uapi::_IOC_SIZEMASK as usize)); ``` option A. Require something to be run only at compilation time. option B. Niko would like to be able to declare some parameters as `const` as well as a more ergonomic variant on const generics, kind of like `impl Trait` but for constants... ``` 11-/// Build an ioctl number, analogous to the C macro of the same name. 12-#[inline(always)] 13-const fn _IOC(const dir: u32, const ty: u32, const nr: u32, const size: usize) -> u32 { 14: const { assert!(dir <= uapi::_IOC_DIRMASK); 15: assert!(ty <= uapi::_IOC_TYPEMASK); 16: assert!(nr <= uapi::_IOC_NRMASK); 17: assert!(size <= (uapi::_IOC_SIZEMASK as usize)); } ``` Gary: I would really like this for atomics ordering... `rustc_legacy_const_generics` TC: You can hack this in Rust today. E.g.: ```rust! const fn divide<const D: u64>(n: u64) -> u64 { const { assert!(D > 0) }; // <--- Post-mono assertion. n / D } const fn divide_checked<const D: u64>(n: u64) -> Option<u64> { match D { 0 => None, 1.. => Some(divide::<D>(n)), } } fn main() { dbg!({const { divide_checked::<1>(1) }}); dbg!({const { divide_checked::<0>(1) }}); // <--- Look here. dbg!(divide_checked::<1>(1)); dbg!(divide_checked::<0>(1)); //~ ERROR } ``` So we can write this: ```rust const fn postmono_panic<T>() { const { panic!() } } const fn only_in_const() -> u8 { if false { postmono_panic::<()>(); } 42 } fn main() { assert_eq!(42, const { only_in_const() }); //~ OK _ = only_in_const(); //~ ERROR } ```