--- title: Triage meeting 2025-03-05 tags: ["T-lang", "triage-meeting", "minutes"] date: 2025-03-05 discussion: https://rust-lang.zulipchat.com/#narrow/channel/410673-t-lang.2Fmeetings/topic/Triage.20meeting.202025-03-05 url: https://hackmd.io/nf4ZUYd7Rp6rq-1svJZSaQ --- # T-lang meeting agenda - Meeting date: 2025-03-05 ## Attendance - People: Josh, TC, Niko, Tyler, Eric Holk, cramertj ## Meeting roles - Minutes, driver: TC ## Scheduled meetings None. Edit the schedule here: https://github.com/orgs/rust-lang/projects/31/views/7. ## Announcements or custom items (Meeting attendees, feel free to add items here!) ### Guest attendee items TC: For any guests who are present, please note in this section if you're attending for the purposes of any items on (or off) the agenda in particular. ### Moving right along TC: As we've been doing recently, due to the impressive backlog, I'm going to push the pace a bit. If it's ever too fast or you need a moment before we move on, please raise a hand and we'll pause. ### Design meeting at 12:30 EST / 09:30 PST / 17:30 CET TC: Remember that we have a design/planning meeting that starts half an hour after this call ends. ### Next meeting with RfL We're next meeting with RfL on 2025-03-12 to review the status of RfL project goals. https://github.com/rust-lang/rfcs/pull/3614 ## Rust 2025 review ### Meta TC: We should start thinking about Rust 2025. Our motivating priorities are: - Make every edition a success. - Do so without requiring heroics from anyone. - ...or stressing anyone or everyone out. The tentative timeline will be: | Date | Version | Edition stage | |------------|---------------|--------------------------------| | 2025-04-03 | Release v1.86 | Checking off items... | | 2025-05-15 | Release v1.87 | Checking off items... | | 2025-06-26 | Release v1.88 | Checking off items... | | 2025-08-07 | Release v1.89 | Checking off items... | | 2025-09-12 | Branch v1.91 | Go / no go on all items | | 2025-09-18 | Release v1.90 | | | 2025-10-24 | Branch v1.92 | Stabilize Rust 2025 on nightly | | 2025-10-30 | Release v1.91 | Rust 2025 nightly beta | | 2025-12-05 | Branch v1.93 | Cut Rust 2025 to beta | | 2025-12-11 | Release v1.92 | Announce Rust 2025 is pending | | 2026-01-22 | Release v1.93 | Release Rust 2025 | ## Nominated RFCs, PRs, and issues ### "Unstable Feature Usage Metrics" rust#129485 **Link:** https://github.com/rust-lang/rust/issues/129485 TC: Jane asks: > As mentioned in [rust-lang/rust-project-goals#260 (comment)](https://github.com/rust-lang/rust-project-goals/issues/260#issuecomment-2695460081), I need to have more detailed discussions with t-libs and t-lang to discuss specifics of unstable feature usage metrics and the precise questions t-libs and t-lang would likely like to use this data to answer. I talked this over with Jane a bit and suggested a document might help here. She has one for us to review: https://hackmd.io/@yaah/HkmynxSjyg What do we think? scottmcm: Pondering, would this also be people on stable who hit the "you need the gate to do this", as a (weak) proxy for interest? How to we track usage on *stabilized* features to know they were worth it? Josh: Some examples of what I'd love to try: measure how many crates in the ecosystem rely on the "only one impl" inference rule. Question: is it easier to measure that with metrics, or with crater? What kinds of things are best measured with metrics *rather* than crater? Probably usage of nightly-only features. nikomatsakis: There is some ambiguity by what "feature" means here. Is it feature gates? Or e.g. usage of stable things? I'd like both. Josh: Some question of measurement methodology. Number of crates? Frequency of usage *within* the crates? Popularity of crates? Some formula combining those? tmandry: I'm excited. It'd be worth focusing on things that we can't get from other tools like crater. E.g., on diagnostics, if you're getting an error, you're probably not committing that code. Josh: :+1: for the idea of measuring diagnostics about incorrect code, and seeing how often. Jane: That's an interesting thought. However, this would change the order of what we'd need to do. We'd been deferring the work for this. scottmcm: The other piece, and I guess this is not V1 because it sounds hard, the "flow of things" that people have mentioned is what I'd love to see. Like: I didn't write any lifetimes, I got an error, and this is what I put in. Or, the compiler suggested I put static and that was wrong. A lot of that seems hard because it's a multisession sort of thing but in general the flow of "I was doing this and then I hit issues" across a lot of things would be nice. If we track unstable features, it'd be nice to know it's not just "the 2 or 3 people that use it". nikomatsakis: My preference, Jane, is you do whatever you need to do to get the infrastructure stood up for this. nikomatsakis: We know that crater has limited visibility into private code but also app/binary code. I'd be interested in correlating and confirming what we see in crater. I am also interested in build times, number of dependencies, and related things like that. nikomatsakis: I'm curious to know about many aspects of the user experience such as build times. Josh: We've put in a lot of work on compiler features like incremental compilation. It'd be good to know how much effect these things have in practice. E.g., how much reuse do we get from cached queries? tmandry: +1 on metrics on compile times. We have rustc benchmarks. But measuring the end-user experience is important. Crater does build a lot of crates that aren't on crates.io. I would like to collect metrics from private repos, but there will likely be many hurdles there. scottmcm: Speaking of perf, we often have things that look great but then do something like regress optimized incremental builds. So then we ask, "does anyone actually use optimized incremental builds?" Knowing that might help. nikomatsakis: It'd be good to know how those signals change over time as well. nikomatsakis: I'd like to have rust-analyzer include info too -- there's a lot of fascinating metrics from the IDE experience. Example: meta has done an analysis of what errors people see as a function of the amount of time they've used Rust, and you can actually see and quantify the learning curve. I'd be very curious to know "what kinds of features do people use". Jane: We will just be dumping the data to the disk. We're hopeful that rustup will help people to upload these if desired. Jane: Even if people can't upload these, they could run their own internal infrastructure to process these, and then tell us about the results of the analysis. cramertj: People doing builds in CI in hermatically sealed environments definitely need this to just be dumped to a disk. Jane: How might the lang team think about using these metrics in lang processes? TC: Probably we'll need to see it first and get a feel for it. scottmcm: Maybe it'll be a thing that'll help in stabilization reports. tmandry: We'll want to think about how the data is weighted. ### "[WIP] Forbid object lifetime changing pointer casts" rust#136776 **Link:** https://github.com/rust-lang/rust/pull/136776 TC: This PR acts to try to resolve a different concern around the stabilization of arbitrary self types and `derive(CoercePointee)`. It produces distinctly non-zero regressions. Let's review this situation. What do we think? (Discussion.) We'll check in on whether or not we're going to be able to get a FCW in a reasonable amount of time, and if that's not likely, then we'll consider going to a hard error here to unblock arbitrary self types. ### "Split elided_lifetime_in_paths into tied and untied" rust#120808 **Link:** https://github.com/rust-lang/rust/pull/120808 TC: The proposal here is to restructure the `elided_lifetime_in_paths` lint so we can lint more strongly about parts of it. The proposal for how to break this down, now in FCP, is: - The lint group is `hidden-lifetimes-in-paths`. - *Case 1*: The `fn(W) -> W` case is `hidden-lifetimes-in-output-paths`. - *Case 2*: The `fn(W)` case is `hidden-lifetimes-in-input-paths-only`. - *Case 3*: The `f::<W>` / `<W>::f()` case is `hidden-lifetimes-in-type-paths`. Checkboxes are here: https://github.com/rust-lang/rust/pull/120808#issuecomment-2655043979 What do we think? scottmcm: What if you have `fn(W) -> W<'_>`? That's not hidden in the output, but the input one is "tied" to the output path, which is what I want to lint about. TC: I'd expect the `hidden-lifetimes-in-output-paths` lint to fire. Obviously you have to squint a bit to make the name fit for that. It's not hidden in the output path, but it's a lifetime that is hidden and then appears in the output path. nikomatsakis: I have hit a LOT of confusing compilation errors lately as a result of lifetimes I forgot to write -- mostly on the return type but also a significant number in the parameter position. Big +1 to making progress here. The example where I'm hitting case 2 frequently is this ```rust // in revision 1 struct Foo { field: Something } // in revision 2, uses the `'db` lifetime comes everywhere in salsa struct Foo<'db> { field: Something<'db> } fn foo(foo: Foo) { let x: Something<'_> = foo.field(); // where `'_` is now a random thing } ``` Josh: The other thing coming to mind that may be useful. I was reminded by something in LWN about how much value with get out of `_` prefixing to suppress warnings. The other place we get pushback is on "you could have elided this lifetime and you didn't". It might be worth distinguishing whether the lifetime is named. I wonder if we might want to set a policy of "it looks like you've given this a name" or not. scottmcm: I'm not sure this fits in the elidedness lints. Josh: It doesn't, it's just related to lifetime elision (in this case, warnings steering *towards* elision). NM: ```rust fn foo<'a>(x: &'a u32) -> &u32 { x } // <-- this case, Scott? (if so, I agree, it should be warned against) ``` NM: My intution is the union of "lifetimes in the output type should not be invisible" (either `&` or `'_`) and "lifetimes in the output type should be written in the same way as the input type", i.e., don't have `W -> W<'_>` and don't have `W<'a> -> W<'_>`. Both of these cases seem worth warning by default. scottmcm: Probably, but we can do that as a separate lint. TC: +1. NM: I'm gonna bikeshed a bit here * "lifetimes in the output type should not be hidden" -- "hidden-lifetimes-in-output-paths" * (i.e., don't have `-> W` but `-> W<'_>` is ok) * "lifetimes in the output type should be written in the same way as the input type" -- "mismatched-input-output-lifetimes" * (i.e., don't have `W -> W<'_>` and <-- to me it is pretty confusing to have this under here * don't have `W<'a> -> W<'_>`) scottmcm: Hmm, yeah, niko convinced me that might be a better split. And it makes the output path one be more explicitly *actually about stuff in the return* which would be nice. (The meeting ended here.) --- Post-meeting... TC/scottmcm: The full breakdown is maybe: - Hidden in the input and output and tied. - Hidden in the input only, not in the output at all. - Hidden in the input and elided in the output. - Elided in the input and hidden in the output. - Named in the input and elided in the output. - Named in the input and hidden in the output. Breakdown: - Do I care about whether things are hidden in the output? - `fn(W) -> W` - `fn(W<'_>) -> W` - `fn<'a>(W<'a>) -> W` - (literally doesn't look at the arguments at all) - Do I care about whether things are hidden in the input? - `fn(W) -> W` - `fn(w)` - `fn(W) -> W<'_>` - `fn<'a>(W) -> W<'a>` - (literally doesn't look at the return type at all) - Do I care about whether lifetimes are written different in the inputs and outputs. - Hidden in input and elided in output. - Elided in input and hidden in output. - Named in input and elided in output. - Named in input and hidden in output. - Notably, this lints on `fn<'a>(W<'a>) -> W<'_>`, which none of the current-proposal "hidden" lints lint on. If you have `fn(W) -> W`, that doesn't get a "written differently" lint, because it's the same in both places. But you get an output lint suggesting `fn(W) -> W<'_>`, then you get a "not written consistently" suggesting `fn(W<'_>) -> W<'_>`. ### "Tracking issue for unsized tuple coercion" rust#42877 **Link:** https://github.com/rust-lang/rust/issues/42877 TC: Niko nominates: > We discussed this some in the Rust-for-Linux sync meeting. This is impacting stabilization of `#[derive(CoercePointee)]`. There doesn't seem to be a strong rationale in favor of the feature (the argument for is essentially "why not, it works for structs") and there are some plausible responses ("so we have more freedom to play with tuples"). Therefore my inclination is to say "let's just remove this unstable feature" (we also considered trying to stabilize it, but it doesn't seem worth it to me). > > It's also a 2-way door, of course, we can always add it back. RalfJ suggests we may be closing doors though: > We cannot, though. Once `CoercePointee` is stable, the same issue that led to this discussion will mean we cannot have unstable unsizing coercions any more. Or did I misunderstand something? > > I tend to agree that we've been doing fine without tuple unsizing; unsized types aren't even that common and defining your own ADT for them isn't an undue burden -- given, as you say, that this unlocks more layout optimizations for tuples. > > However, we could want other unstable unsizing coercions in the future, and it seems we are closing the door for that. lcnr adds: > I am in favor of just removing this feature. Tuple unsizing coercions inhibits future layout optimizations for tuples... > > It may also inhibit optimizations based on the "preferred alignment". > > For struct unsizing this only inhibits these optimizations for structs which can be unsized (have a `?Sized` param in the last field), but given that all tuples may get unsized, we would be forced to limit these optimization for all tuples. What do we think? ### "Allow numeric tokens containing 'e' that aren't exponents be passed to proc macros" rust#111615 **Link:** https://github.com/rust-lang/rust/issues/111615 TC: Josh nominates this for us and proposes that it's an easy call. There's some back and forth with dtolnay that's worth reading. TC: What do we think? ### "An unsafe const fn being used to compute an array length or const generic is incorrectly described as being an "item"." rust#133441 **Link:** https://github.com/rust-lang/rust/issues/133441 TC: We're being asked for our take on what contexts should inherent an `unsafe { .. }`. E.g., should this?: ```rust const unsafe fn f() -> usize { 1 } fn main() { unsafe { let _x = [0; f()]; } } ``` What about?: ```rust const unsafe fn f() -> usize { 1 } fn main() { _ = unsafe { const { f(); } }; } ``` ```rust const unsafe fn f() -> usize { 1 } fn main() { _ = unsafe { || { f(); } }; } ``` ```rust const unsafe fn f() -> usize { 1 } fn main() { unsafe { <[i32; f()]>::default(); } } ``` ```rust const unsafe fn f() -> usize { 1 } fn g<const N: usize>() {} fn main() { unsafe { g::<{f()}>(); } } ``` ```rust const unsafe fn f() -> usize { 1 } struct S<const N: usize>; fn main() { unsafe { let _x: S<{f()}>; } } ``` TC: What do we think? ### "de-stabilize bench attribute" rust#134273 **Link:** https://github.com/rust-lang/rust/pull/134273 TC: RalfJ wants to destabilize the `#[bench]` attribute. What do we think? ### "Partially stabilize LoongArch target features" rust#135015 **Link:** https://github.com/rust-lang/rust/pull/135015 TC: The proposal here is that we stabilize some target features for LoongArch. What do we think? ### "aarch64-softfloat: forbid enabling the neon target feature" rust#135160 **Link:** https://github.com/rust-lang/rust/pull/135160 TC: RalfJ proposes: > This fixes #134375 in a rather crude way, by making [the example](https://godbolt.org/z/r56xWo8nT) not build any more on aarch64-unknown-none-softfloat. That is a breaking change since the "neon" aarch64 target feature is stable, but this is justified as a soundness fix. Note that it's not "neon" which is problematic but "fp-armv8"; however, the two are tied together by rustc. > > More work on the LLVM side will be needed before we can let people use neon without impacting the ABI of float values (and, in particular, the ABI used by automatically inserted calls to libm functions, e.g. for int-to-float casts, which rustc has no control over). > > Nominating for @rust-lang/lang since it is a breaking change. As-is this PR doesn't have a warning cycle; the hope is that the aarch64-unknown-none-softfloat target is sufficiently niche that there's no huge fallout and we can easily revert if it causes trouble. A warning cycle could be added but would need some dedicated rather hacky check in the target_feature attribute handling logic. TC: What do we think? ### "experiment with relaxing the orphan rule" rust#136979 **Link:** https://github.com/rust-lang/rust/issues/136979 TC: In the RfL/lang call on 2025-02-12, there was (again) a request for some way to relax the orphan rule, and they described their use case a bit. We asked them to file an issue about this for a nomination, and there's been some discussion. TC: What do we think? ### "stabilize ptr::swap_nonoverlapping in const" rust#137280 **Link:** https://github.com/rust-lang/rust/pull/137280 TC: Over in the tracking issue, we gave our good vibes for this and asked for a stabilization PR to FCP. This is that. What do we think? ### "Remove `i128` and `u128` from `improper_ctypes_definitions`" rust#137306 **Link:** https://github.com/rust-lang/rust/pull/137306 TC: Trevor Gross proposes: > Rust's 128-bit integers have historically been incompatible with C... > > At [rust-lang/lang-team#255 (comment)](https://github.com/rust-lang/lang-team/issues/255#issuecomment-2088855084), the lang team considered it acceptable to remove `i128` from `improper_ctypes_definitions` if the LLVM version is known to be compatible. Time has elapsed since then and we have dropped support for LLVM versions that do not have the x86 fixes, meaning a per-llvm-version lint should no longer be necessary. The PowerPC, SPARC, and MIPS changes only came in LLVM 20 but since Rust's datalayouts have also been updated to match, we will be using the correct alignment regardless of LLVM version. What do we think? ### "Guarantee behavior of transmuting Option::<T>::None subject to NPO" rust#137323 **Link:** https://github.com/rust-lang/rust/pull/137323 TC: joshif writes: > In https://github.com/rust-lang/rust/pull/115333, we added a guarantee that transmuting from `[0u8; N]` to `Option<P>` is sound where `P` is a pointer type subject to the null pointer optimization (NPO). It would be useful to be able to guarantee the inverse - that a `None::<P>` value can be transmutes to an array and that will yield `[0u8; N]`. TC: RalfJ seems to be on board. What do we think? ### "Define raw pointer transmute behavior" reference#1661 **Link:** https://github.com/rust-lang/reference/pull/1661 TC: To satisfy a use-case in the `zerocopy` library, jostif proposes the following should be true: > For any `*const T` / `*mut T` to `*const U` / `*mut U` cast which is well-defined as described in this section, `core::mem::transmute<*const T, *const U>` / `core::mem::transmute<*mut T, *mut U>` has the same behavior as the corresponding cast. RalfJ has commented that exact thing can't quite be true, but similar things probably could be. TC: What do we think? ### "Add core::ptr::assume_moved" rfcs#3700 **Link:** https://github.com/rust-lang/rfcs/pull/3700 TC: We're being asked for a vibe check on this one. Vibes? ### "sanitizers: Stabilize AddressSanitizer and LeakSanitizer for the Tier 1 targets" rust#123617 **Link:** https://github.com/rust-lang/rust/pull/123617 TC: There's a proposed stabilization for sanitizers. It includes a new attribute, currently called `#[no_sanitize]`. I couldn't immediately find if we had previously discussed this. In discussion, Eric Huss proposed we might want to consider `#[sanitize(off)]` or similar for parity with what we're doing for `#[coverage(off)]`. We'd also need to think about whether there might be extensions to allow for e.g. turning off only one of many sanitizers. TC: What do we think? ### "Stabilize let chains in the 2024 edition" rust#132833 **Link:** https://github.com/rust-lang/rust/pull/132833 TC: We have before us now a proposal, long awaited, to stabilize let chains starting in Rust 2024. E.g.: ```rust fn f(x: Option<String>) { if let Some(x) = x && x.is_ascii() { println!("{x}"); } } ``` TC: When we last talked about this, we had questions about the drop order. I've now put together an extensive set of tests to demonstrate what this is, and what the drop order of other related things are, and how this all changes across editions. It's here: https://github.com/rust-lang/rust/pull/133605 Have a look. The way to read this is that: - `e.mark(1)` means to log `1` immediately. - `e.ok(1)` means to return an `Ok(_)` value and log `1` when it drops. - `e.err(1)` means to return an `Err(_)` value and log `1` when it drops. The tests then assert that the events happened in ascending order. There are some thought-provoking things in here. My takeaway, as it pertains to let chains, is that the behavior is mostly consistent with the comparable nested `if let` encoding, and so the question is whether that's what we want or, e.g., whether we want it to work more like a comparable chain using `let else`. I can think of reasons we might want that. TC: What do we think? ### "Stabilize `naked_functions`" rust#134213 **Link:** https://github.com/rust-lang/rust/pull/134213 TC: What do we think about the stabilization of `naked_functions`? ### "Specify the behavior of `file!`" rust#134442 **Link:** https://github.com/rust-lang/rust/pull/134442 TC: kernelski made a good point about the tension between two uses of this feature. I've nominated it for us to consider. ### "Lint on fn pointers comparisons in external macros" rust#134536 **Link:** https://github.com/rust-lang/rust/pull/134536 TC: This is a question of whether we want to extend a lint. We had talked about this extension when considering the original lint, but we didn't answer that question. See: https://github.com/rust-lang/rust/pull/134536#issuecomment-2557487035 TC: What do we think? ### "Decide on behavior of `anonymous_lifetime_in_impl_trait`" rust#137575 **Link:** https://github.com/rust-lang/rust/issues/137575 TC: We unnominated the original PR back in October 2023 as more analysis seemed to be needed. Since then, nikomatsakis and tmandry have posted substantive analysis that it seems we should discuss. Unfortunately, the author seems to have lost interest in this stabilization. Still, we'd be well-advised to finish our discussion so as to unblock anyone else from pursuing this. ### "[RFC] Add `#[export_ordinal(n)]` attribute" rfcs#3641 **Link:** https://github.com/rust-lang/rfcs/pull/3641 TC: This RFC would allow writing: ```rust #[no_mangle] #[export_ordinal(1)] pub extern "C" fn hello() { println!("Hello, World!"); } ``` TC: There's a long-outstanding FCP. Josh nominates this for us to collect checkboxes. What do we think? ### "Closing issues relevant to T-lang on this repo" rfcs#3756 **Link:** https://github.com/rust-lang/rfcs/issues/3756 TC: We're being asked what we want to do, if anything, about issues (rather than PRs) in the RFCs repo. Thoughts? ### "Support for pointers with asm_const" rust#128464 **Link:** https://github.com/rust-lang/rust/issues/128464 TC: Josh nominates for us the question: > Nominating this for lang to discuss the question of whether we should support use of `const` in `asm!` for things that can't just be textually substituted, or whether we should give that a different name. > > @Amanieu, any input you'd like to provide would be helpful. To which Amanieu replies: > After thinking about it a bit, I think it's probably fine to add this functionality to `const`. I'm a bit bothered about the duplication with `sym`, which is already stable. TC: What do we think? ### "Remove unstable cfg `target(...)` compact feature" rust#130780 **Link:** https://github.com/rust-lang/rust/pull/130780 TC: Urgau suggests that we remove the `cfg_target_compact` unstable feature. Its tracking issue is: https://github.com/rust-lang/rust/issues/96901 TC: What do we think? ### "Add lint against (some) interior mutable consts" rust#132146 **Link:** https://github.com/rust-lang/rust/pull/132146 TC: Urgau nominates a new lint for us. What do we think? ### "Add `must-use-output` attribute" rfcs#3773 **Link:** https://github.com/rust-lang/rfcs/pull/3773 TC: We have `#[must_use]` that applies to function return types. This RFC proposes a similar attribute that can be applied to output arguments on functions and have the same effect. E.g.: ```rust impl<T> Vec<T> { pub fn push(#[must_use_output] &mut self, item: T) { /* ... */ } } ``` TC: What do we think? ### "Add checking for unnecessary delims in closure body" rust#136906 **Link:** https://github.com/rust-lang/rust/pull/136906 TC: This is about linting against: ```rust pub fn main() { let _ = || (0 == 0); } ``` What do we think? ### "Emit a warning if a `match` is too complex" rust#122685 **Link:** https://github.com/rust-lang/rust/pull/122685 TC: Nadri nominates this for us and describes the situation: > Dear T-lang, this PR adds a warning that cannot be silenced, triggered when a match takes a really long time to analyze (in the order of seconds). This is to help users figure out what's taking so long and fix it. > > We _could_ make the limit configurable or the warning `allow`able. I argue that's not necessary because [crater](https://github.com/rust-lang/rust/pull/121979#issuecomment-2003089646) showed zero regressions with the current limit, and it's be pretty easy in general to split up a `match` into smaller `match`es to avoid blowup. > > We're still figuring out the exact limit, but does the team approve in principle? (As an aside, awhile back someone [showed](https://niedzejkob.p4.team/rust-np/) how to [lower](https://github.com/NieDzejkob/rustc-sat) SAT to exhaustiveness checking with `match`. Probably that would hit this limit.) TC: What do we think? ### "Uplift `clippy::invalid_null_ptr_usage` lint" rust#119220 **Link:** https://github.com/rust-lang/rust/pull/119220 TC: Urgau proposes this for us: > This PR aims at uplifting the `clippy::invalid_null_ptr_usage` lint into rustc, this is similar to the [`clippy::invalid_utf8_in_unchecked` uplift](https://github.com/rust-lang/rust/pull/111543) a few months ago, in the sense that those two lints lint on invalid parameter(s), here a null pointer where it is unexpected and UB to pass one. > > ## `invalid_null_ptr_usages` > > (deny-by-default) > > The `invalid_null_ptr_usages` lint checks for invalid usage of null pointers. > > ### Example > ```rust // Undefined behavior unsafe { std::slice::from_raw_parts(ptr::null(), 0); } // Not Undefined behavior unsafe { std::slice::from_raw_parts(NonNull::dangling().as_ptr(), 0); } ``` > > Produces: > ``` error: calling this function with a null pointer is undefined behavior, even if the result of the function is unused, consider using a dangling pointer instead --> $DIR/invalid_null_ptr_usages.rs:14:23 | LL | let _: &[usize] = std::slice::from_raw_parts(ptr::null(), 0); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^-----------^^^^ | | | help: use a dangling pointer instead: `core::ptr::NonNull::dangling().as_ptr()` ``` > > ### Explanation > > Calling methods who's safety invariants requires non-null pointer with a null pointer is undefined behavior. > > The lint use a list of functions to know which functions and arguments to checks, this could be improved in the future with a rustc attribute, or maybe even with a `#[diagnostic]` attribute. TC: What do we think? ### "Lang discussion: Item-level `const {}` blocks, and `const { assert!(...) }`" lang-team#251 **Link:** https://github.com/rust-lang/lang-team/issues/251 TC: This issue was raised due to discussion in a T-libs-api call. Josh gives the context: > In discussion of [rust-lang/libs-team#325](https://github.com/rust-lang/libs-team/issues/325) (a proposal for a compile-time assert macro), the idea came up to allow `const {}` blocks at item level, and then have people use `const { assert!(...) }`. > > @rust-lang/libs-api would like some guidance from @rust-lang/lang about whether lang is open to toplevel `const { ... }` blocks like this, which would influence whether we want to add a compile-time assert macro, as well as what we want to call it (e.g. `static_assert!` vs `const_assert!` vs some other name). > > Filing this issue to discuss in a lang meeting. This issue is _not_ seeking any hard commitment to add such a construct, just doing a temperature check. CAD97 noted: > To ensure that it's noted: if both item and expression `const` blocks are valid in the same position (i.e. in statement position), a rule to disambiguate would be needed (like for statement versus expression `if`-`else`). IMO it would be quite unfortunate for item-level `const` blocks to be evaluated pre-mono if that same `const` block but statement-level would be evaluated post-mono. > > Additionally: since `const { assert!(...) }` is post-mono (due to using the generic context), it's potentially desirable to push people towards using `const _: () = assert!(...);` (which is pre-mono) whenever possible (not capturing generics). TC: What do we think? ## On radar RFCs, PRs, and issues ### "Arbitrary self types v2: stabilize" rust#135881 **Link:** https://github.com/rust-lang/rust/pull/135881 TC: Adrian Taylor has put up a stabilization PR for arbitrary self types. I've reviewed the tests and talked through some nits with Adrian. It seems right to me. What do we think? ### "Stabilize `derive(CoercePointee)`" rust#133820 **Link:** https://github.com/rust-lang/rust/pull/133820 TC: Are we ready to stabilize `derive(CoercePointee)`? Ding proposes that for us. ### "Tracking Issue for unicode and escape codes in literals" rust#116907 **Link:** https://github.com/rust-lang/rust/issues/116907 TC: nnethercote has implemented most of RFC 3349 ("Mixed UTF-8 literals") and, based on implementation experience, argues that the remainder of the RFC should not be implemented: > I have a partial implementation of this RFC working locally (EDIT: now at #120286). The RFC proposes five changes to literal syntax. I think three of them are good, and two of them aren't necessary. TC: What do we think? ### "Built-in attributes are treated differently vs prelude attributes, unstable built-in attributes can name-collide with stable macro, and built-in attributes can break back-compat" rust#134963 **Link:** https://github.com/rust-lang/rust/issues/134963 TC: jieyouxu makes an interesting observation of current behavior at which we should have a look. What do we think? ### "RFC: No (opsem) Magic Boxes" rfcs#3712 **Link:** https://github.com/rust-lang/rfcs/pull/3712 TC: The idea here is to remove the language invariant that a `Box` must not alias other things (the library invariant would of course remain). TC: What do we think? ### "Tracking Issue: Procedural Macro Diagnostics (RFC 1566)" rust#54140 **Link:** https://github.com/rust-lang/rust/issues/54140 TC: Spawned off from the original RFC 1566 for proc macros is the question of how to allow proc macros to emit diagnostics. TC: The feeling on the 2025-01-07 libs-api call, particularly from dtolnay, is that it would be mistake to do this without some way to allow users to suppress these warnings with some specificity. This then seems to call for some kind of namespacing solution, e.g. `allow(my_macro::*)`. As I wrote: > But more broadly, we've been thinking about a number of seemingly-related namespacing concerns, e.g. how to namespace attributes applied to fields for derive macros, the tooling namespace, etc. We may want to think holistically about this, or to encourage designs that fall within whatever direction we take here. TC: This is nominated just to build context and see if we have any immediate thoughts. Thoughts? ### "Tracking Issue for enum access in offset_of" rust#120141 **Link:** https://github.com/rust-lang/rust/issues/120141 TC: There's a proposed FCP merge for us: https://github.com/rust-lang/rust/issues/120141#issuecomment-2161507356 TC: What do we think? ### "Strengthen the follow-set rule for macros" rust#131025 **Link:** https://github.com/rust-lang/rust/issues/131025 TC: Over in: - https://github.com/rust-lang/rust/pull/130635 @compiler-errors describes this general problem: > The breakage specifically represents an inherent limitation to the "macro follow-set" formulation which is _supposed_ to make us more resilient against breakages due to extensions to the grammar like this. > > Given two macro matcher arms: > > * `($ty:ty) => ...` > * `(($tt:tt)*) => ...` > > And given tokens like: > > * `&` `pin` `mut` [...more tokens may follow...] > > On nightly today, `&pin` gets parsed as a type. However, we run out of matchers but still have tokens left (the `mut` token is next), so we fall through to the next arm. Since it's written like `($tt:tt)*`, everything is allowed, and we match the second arm successfully... > > I think that's weird, because if this second arm were written like `$ty:ty mut`, that would be illegal, since `mut` is not in the follow-set of the `:ty` matcher. Thus, we can use `:tt` matchers to observe whether the compiler _actually_ parses things not in our grammar that should otherwise be protected against, which seems pretty gross. And @Noratrieb proposes a general solution: > I believe a solution to this would be the following new logic: > > * after the end of a macro matcher arm has been reached > * and there are still input tokens remaining > * and if the last part of the matcher is a metavar > * ensure that the first remaining token is in the follow set of this metavar > * if it is, move on to the next arm > * if it is not, **emit an error** > > What this semantically does is strengthen the "commit to fully matching metavars or error" behavior such that it extends past the end. I don't know how many macros rely on this, but it seems like emitting an FCW (instead of error) on such macro invocations would find all these cases and ensure that the follow-set logic is actually robust past the end. But imo this shouldn't block this PR (which should probably just ship as-is) and can be done separately. About this, NM noted: > I don't think this proposal is sufficient but I am interested in pursuing a real fix to this for a future edition. > > Example: > ```rust macro_rules! test { (if $x:ty { }) => {}; (if $x:expr { }) => {}; } ``` > > This basically says to pick one arm if something is a type, another if it's an expression. Extending the type grammar to cover new cases could change which arm you go down to. > > I *think* the most general fix is to say: when you would start parsing a fragment, first skip ahead to find the extent of it (i.e., until you see an entry from the follow-set). Then parse it as the fragment. If the parsing fails or there are unconsumed tokens, report a hard error. > > I suspect it would break a lot in practice and we would need an opt-in. TC: What do we think? ### "Warn about C-style octal literals" rust#131309 **Link:** https://github.com/rust-lang/rust/pull/131309 TC: The question is about code like: ```rust fn is_executable(unix_mode: u32) -> bool { unix_mode & 0111 != 0 ``` TC: Do we want to lint against that? ### "Decide on name for `Freeze`" rust#131401 **Link:** https://github.com/rust-lang/rust/issues/131401 TC: We still need to pick a name for `Freeze` (which may still be `Freeze`) so that we can proceed with: - https://github.com/rust-lang/rfcs/pull/3633 Having heard no options particularly more appealing options than `Freeze`, I propose we go with that as the author of that RFC has suggested. TC: What do we think? ### "RFC: Improved State Machine Codegen" rfcs#3720 **Link:** https://github.com/rust-lang/rfcs/pull/3720 TC: After a long discussion on Zulip leading to this, folkertdev proposes a way to express intraprocedural finite state machine transitions building on match syntax. There's an draft implementation by bjorn3, and this results in some impressive speedups in `zlib-rs`. TC: What's our vibe, and are there any objections to accepting this work from bjorn3 as a lang experiment? ### "Effective breakage to `jiff` due to `ambiguous_negative_literals`" rust#128287 **Link:** https://github.com/rust-lang/rust/issues/128287 TC: We have an allow-by-default lint against `ambiguous_negative_literals` like: ```rust assert_eq!(-1.abs(), -1); ``` It's allow-by-default because we found use cases such as `jiff` (by BurntSushi) that have, in their API, operations whose result is invariant to the order of the negation and that rely on this syntax for the intended ergonomics. Urgau has a proposal for us. He'd like to lint by default, and have an... ```rust #[diagnostic::irrelevant_negative_literal_precedence] ``` ...attribute (of some name), using the diagnostic namespace, that could be applied to function definitions and that would suppress this lint on their callers. Urgau would prefer this be opt-in rather than opt-out so as to bring awareness to this, even though many functions don't affect the sign bit and so will have this invariance. I've asked BurntSushi for his views on this proposal with respect to `jiff`, to confirm this would address his use case. TC: What do we think? ### "Simplify lightweight clones, including into closures and async blocks" rfcs#3680 **Link:** https://github.com/rust-lang/rfcs/pull/3680 TC: Josh nominates a new RFC for us. What do we think? ### "Declarative `macro_rules!` attribute macros" rfcs#3697 **Link:** https://github.com/rust-lang/rfcs/pull/3697 TC: Josh proposes an RFC for us: > Many crates provide attribute macros. Today, this requires defining proc macros, in a separate crate, typically with several additional dependencies adding substantial compilation time, and typically guarded by a feature that users need to remember to enable. > > However, many common cases of attribute macros don't require any more power than an ordinary `macro_rules!` macro. Supporting these common cases would allow many crates to avoid defining proc macros, reduce dependencies and compilation time, and provide these macros unconditionally without requiring the user to enable a feature. E.g.: ```rust macro_rules! main { attr() ($func:item) => { make_async_main!($func) }; attr(threads = $threads:literal) ($func:item) => { make_async_main!($threads, $func) }; } #[main] async fn main() { ... } #[main(threads = 42)] async fn main() { ... } ``` TC: What do we think? ### "Declarative `macro_rules!` derive macros" rfcs#3698 **Link:** https://github.com/rust-lang/rfcs/pull/3698 TC: Josh proposes an RFC for us: > Many crates support deriving their traits with `derive(Trait)`. Today, this requires defining proc macros, in a separate crate, typically with several additional dependencies adding substantial compilation time, and typically guarded by a feature that users need to remember to enable. > > However, many common cases of derives don't require any more power than an ordinary `macro_rules!` macro. Supporting these common cases would allow many crates to avoid defining proc macros, reduce dependencies and compilation time, and provide these macros unconditionally without requiring the user to enable a feature. E.g.: ```rust trait Answer { fn answer(&self) -> u32; } #[macro_derive] macro_rules! Answer { // Simplified for this example (struct $n:ident $_:tt) => { impl Answer for $n { fn answer(&self) -> u32 { 42 } } }; } #[derive(Answer)] struct Struct; fn main() { let s = Struct; assert_eq!(42, s.answer()); } ``` TC: What do we think? ### "Macro fragment fields" rfcs#3714 **Link:** https://github.com/rust-lang/rfcs/pull/3714 TC: This RFC proposes to allow: ```rust macro_rules! get_name { ($t:adt) => { println!("{}", stringify!(${t.name})); } } fn main() { let n1 = get_name!(struct S { field: u32 }); let n2 = get_name!(enum E { V1, V2 = 42, V3(u8) }); let n3 = get_name!(union U { u: u32, f: f32 }); println!("{n3}{n1}{n2}"); // prints "USE" } ``` That is, it lets MBE authors use the Rust parser to pull out certain elements. TC: What do we think? ### "Add `homogeneous_try_blocks` RFC" rfcs#3721 **Link:** https://github.com/rust-lang/rfcs/pull/3721 TC: scottmcm proposes for us a tweak to the way that `?` works within `try { .. }` blocks. TC: What's our vibe? ### "Elided lifetime changes in `rust_2018_idioms` lint is very noisy and results in dramatically degraded APIs for Bevy" rust#131725 **Link:** https://github.com/rust-lang/rust/issues/131725 TC: Long ago, we set a direction of wanting to move away from eliding lifetimes in paths, e.g.: ```rust #![deny(elided_lifetimes_in_paths)] struct S<'a>(&'a ()); fn f(x: &()) -> S { // ~ //~^ ERROR expected lifetime parameter S(x) } ``` However, that lint is currently `allow-by-default`. It was part of the `rust_2018_idioms` lint group (which is also `allow-by-default`). We talked about changing this in Rust 2024, but it seems we didn't get around to it. One of the maintainers of Bevy has now written in to ask us to never change this. I'd probably highlight: - The representativeness of the example being challenged. - https://github.com/rust-lang/rust/issues/131725#issuecomment-2413272045 - Details about the lint and what would actually be flagged. - https://github.com/rust-lang/rust/issues/91639#issuecomment-2413823502 TC: What do we think? ### "Coercing &mut to *const should not create a shared reference" rust#56604 **Link:** https://github.com/rust-lang/rust/issues/56604 TC: It's currently UB to write: ``` fn main() { let x = &mut 0; let y: *const i32 = x; unsafe { *(y as *mut i32) = 1; } assert_eq!(*x, 1); } ``` This is due to the fact that we implicitly first create a shared reference when coercing a `&mut` to a `*const`. See: TC: What do we think about this? ### "#[cold] on match arms" rust#120193 **Link:** https://github.com/rust-lang/rust/pull/120193 TC: Apparently our unstable `likely` and `unlikely` intrinsics don't work. There's a proposal to do some work on fixing that and stabilizing a solution here. The nominated question is whether we want to charter this as an experiment. ### "`is` operator for pattern-matching and binding" rfcs#3573 **Link:** https://github.com/rust-lang/rfcs/pull/3573 TC: Josh proposes for us that we should accept: ```rust if an_option is Some(x) && x > 3 { println!("{x}"); } ``` And: ```rust func(x is Some(y) && y > 3); ``` TC: The main topic discussed in the issue thread so far has been the degree to which Rust should have "two ways to do things". Probably the more interesting issue is how the binding and drop scopes for this should work. TC: In the 2024-02-21 meeting (with limited attendance), we discussed how we should prioritize stabilizing let chains, and tmandry suggested we may want to allow those to settle first. TC: What do we think, as a gut check? ### "Unsafe fields" rfcs#3458 **Link:** https://github.com/rust-lang/rfcs/pull/3458 TC: Nearly ten years ago, on 2014-10-09, pnkfelix proposed unsafe fields in RFC 381: https://github.com/rust-lang/rfcs/issues/381 On 2017-05-04, Niko commented: > I am pretty strongly in favor of unsafe fields at this point. The only thing that holds me back is some desire to think a bit more about the "unsafe" model more generally. Then, in 2023, Jacob Pratt refreshed this proposal with RFC 3458. It proposes that: > Fields may be declared `unsafe`. Unsafe fields may only be mutated (excluding interior mutability) or initialized in an unsafe context. Reading the value of an unsafe field may occur in either safe or unsafe contexts. An unsafe field may be relied upon as a safety invariant in other unsafe code. E.g.: ```rust struct Foo { safe_field: u32, /// Safety: Value must be an odd number. unsafe unsafe_field: u32, } // Unsafe field initialization requires an `unsafe` block. // Safety: `unsafe_field` is odd. let mut foo = unsafe { Foo { safe_field: 0, unsafe_field: 1, } }; ``` On 2024-05-21, Niko nominated this for us: > I'd like to nominate this RFC for discussion. I've not read the details of the thread but I think the concept of unsafe fields is something that comes up continuously and some version of it is worth doing. TC: What do we think? ### "RFC: Allow symbol re-export in cdylib crate from linked staticlib" rfcs#3556 **Link:** https://github.com/rust-lang/rfcs/pull/3556 TC: This seems to be about making the following work: ```rust // kind is optional if it's been specified elsewhere, e.g. via the `-l` flag to rustc #[link(name="ext", kind="static")] extern { #[no_mangle] pub fn foo(); #[no_mangle] pub static bar: std::ffi::c_int; } ``` There are apparently use cases for this. What's interesting is that apparently it already does, but we issue a warning that is wrong: ```rust warning: `#[no_mangle]` has no effect on a foreign function --> src/lib.rs:21:5 | 21 | #[no_mangle] | ^^^^^^^^^^^^ help: remove this attribute 22 | pub fn foo_rfc3556_pub_with_no_mangle(); | ---------------------------------------- foreign function | = warning: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release! = note: symbol names in extern blocks are not mangled ``` TC: One of the author's asks of us is that we don't make this into a hard error (e.g. with the new edition). TC: What do we think? ### "Hierarchy of Sized traits" rfcs#3729 **Link:** https://github.com/rust-lang/rfcs/pull/3729 TC: We discussed this in our design meeting on 2024-11-13. There's still a steady stream of good revisions and new ideas on the thread happening, so we should probably let this play out awhile longer. ### "Better errors with bad/missing identifiers in MBEs" rust#118939 **Link:** https://github.com/rust-lang/rust/pull/118939 TC: The idea here seems to be to improve some diagnostics around `macro_rules`, but this seems to be done by way of reserving the `macro_rules` token more widely, which is a breaking change. Petrochenkov has objected to it on that basis, given that reserving `macro_rules` minimally has been the intention since we hope it will one day disappear in favor of `macro`. What do we think? ### "Language vs. implementation threat models and implications for TypeId collision resistance" rust#129030 **Link:** https://github.com/rust-lang/rust/issues/129030 TC: We use SipHash-1-3-128 in Rust for hashing types to form TypeIds. If these TypeIds collide in a single program, UB may result. If SipHash-1-3-128 is a secure PRF, then the probability of such collisions happening accidentally in a program that contains an enormous 1M types is one in 2^-89. But, if someone wanted to brute-force a collision -- that is, find two entirely random types that would have the same TypeId -- the work factor for that is no more than about 2^64 on average. The question being nominated for lang is whether we consider that good enough for soundness, for now. TC: What do we think? ### "RFC: inherent trait implementation" rfcs#2375 **Link:** https://github.com/rust-lang/rfcs/pull/2375 TC: We had a design meeting on 2023-09-12 about inherent trait impls. In that meeting, I proposed a `use` syntax for this: > In the discussion above, we had left two major items unresolved. > > - How do we make blanket trait impls inherent? > - How can we allow only *some* items from the trait impl to be made inherent? > - This is especially tricky for associated functions and methods with a default implementation. > > (Part of the motivation for wanting to allow only some items to be made inherent is to prevent or to fix breakage caused when a trait later adds a new method with a default implementation whose name conflicts with the name of an existing inherent method.) > > Coming up with a syntax for these that combines well with the `#[inherent]` attribute could be challenging. > > One alternative that would make solving these problems straightforward is to add some syntax to the inherent `impl` block for the type. Given the desugaring in the RFC, there is some conceptual appeal here. (quaternic proposed this arrangement; TC is proposing the concrete syntax.) > > We can use `use` syntax to make this concise and intuitive. > > Here's an example: ```rust trait Trait1<Tag, T> { fn method0(&self) -> u8 { 0 } fn method1(&self) -> u8 { 1 } } trait Trait2<Tag, T> { fn method2(&self) -> u8 { 2 } fn method3(&self) -> u8 { 3 } fn method4(&self) -> u8 { 4 } } struct Tag; struct Foo<T>(T); impl<T> Foo<T> { // All methods and associated items of Trait1 become inherent, // except for `method0`. The inherent items are only visible // within this crate. pub(crate) use Trait1<Tag, T>::*; // Only `method2` and `method3` on Trait2 become inherent. pub use Trait2<Tag, T>::{method2, method3}; fn method0(&self) -> u64 { u64::MAX } } impl<T> Trait1<Tag, T> for Foo<T> {} impl<U: Trait1<Tag, T>, T> Trait2<Tag, T> for U {} ``` > This solves another problem that we discussed above. How do we prevent breakage in downstream crates when a trait later adds a new method with a default implementation? Since a downstream crate might have made an impl of this trait for some local type inherent and might have an inherent method with a conflicting name, this could be breaking. > > We already handle this correctly for `use` declarations with wildcards. Any locally-defined items override an item that would otherwise be brought into scope with a wildcard import. We can reuse that same behavior and intuition here. When a wildcard is used to make all items in the trait inherent, any locally-defined inherent items in the `impl` prevent those items from the trait with the same name from being made inherent. > > Advantages: > > - It provides a syntax for adopting as inherent a blanket implementation of a trait for the type. > - It provides a syntax for specifying which methods should become inherent, including methods with default implementations. > - The wildcard import (`use Trait::*`) makes it very intuitive what exactly is happening and what exactly your API is promising. > - The `use` syntax makes it natural for a locally-defined item to override an item from the wildcard import because that's exactly how other `use` declarations work. > - `rust-analyzer` would probably support expanding a wildcard `use Trait::*` to an explicit `use Trait::{ .. }` just as it does for other `use` declarations, which would help people to avoid breakage. > - We can support any visibility (e.g. `use`, `pub use`, `pub(crate) use`, etc.) for the items made inherent. > > Disadvantages: > > - There's some redundancy, especially when the items to make inherent are specifically named. During the meeting, this emerged as the presumptive favorite, and we took on a TODO item to updated the RFC. After follow-on discussion in Zulip, Niko agreed, and also raised a good question: > Per the discussion on zulip, I have become convinced that it would be better to make this feature use the syntax `use`, like: > ```rust impl SomeType { pub use SomeTrait::*; // re-export the methods for the trait implementation } ``` > > This syntax has a few advantages: > > * We can give preference to explicit method declared in the impl blocks over glob re-exports, eliminating one source of breakage (i.e., trait adds a method with a name that overlaps one of the inherent methods defined on `SomeType`) > * Can make just specific methods (not all of them) inherent. > * Easier to see the inherent method when scanning source. > * You can re-export with different visibility levels (e.g., `pub(crate)`) > * It would work best if we planned to permit `use SomeTrait::some_method;` as a way to import methods as standalone fns, but I wish we did that. > > However, in writing this, I realize an obvious disadvantage -- if the trait has more generics and things, it's not obvious how those should map. i.e., consider > ```rust struct MyType<T> { } impl<T> MyType<T> { pub use MyTrait::foo; } impl<T: Debug> MyTrait for MyType<T> { fn foo(&self) { } } ``` > > This would be weird -- is this an error, because the impl block says it's for all `T`? And what if it were `trait MyTRait<X>`? TC: My sense is that we've just been awaiting someone digging in and updating the RFC here. ### "Raw Keywords" rfcs#3098 **Link:** https://github.com/rust-lang/rfcs/pull/3098 TC: We've at various times discussed that we had earlier decided that if we wanted to use a new keyword within an edition, we would write it as `k#keyword`, and for that reason, we prefer to not speculatively reserve keywords ahead of an edition (except, perhaps, when it's clear we plan to use it in the near future). TC: Somewhat amusingly, however, we never in fact accepted that RFC. Back in 2021, we accepted scottmcm's proposal to **cancel**: > We discussed this RFC again in the lang team triage meeting today. > > For the short-term goal of the reservation for the edition, we'll be moving forward on #3101 instead. As such, we wanted to leave more time for conversations about this one, and maybe use crater results from 3101 to make design changes, > > @rfcbot cancel Instead we accepted RFC 3101 that reserved `ident#foo`, `ident"foo"`, `ident'f'`, and `ident#123` starting in the 2023 edition. Reading through the history, here's what I see: - What do we want to do about Rust 2015 and Rust 2018? It's a breaking change to add this there. Is this OK? Do we want to do a crater run on this? - Would we have the stomach to actually do this? It's one thing to *say* that if we wanted to use a new keyword within an edition, we'd write `k#keyword`, but it's another to actually do it in the face of certain criticism about that being e.g. unergonomic. Would we follow through? TC: What do we think? ### "RFC: Implementable trait aliases" rfcs#3437 **Link:** https://github.com/rust-lang/rfcs/pull/3437 TC: We discussed this in the lang planning meeting in June, and it looks like there have been updates since we last looked at this, so it's time for us to have another look since we seemed interested in this happening. TC: What do we think? ### "Should Rust still ignore SIGPIPE by default?" rust#62569 **Link:** https://github.com/rust-lang/rust/issues/62569 TC: Prior to `main()` being executed, the Rust startup code makes a syscall to change the handling of `SIGPIPE`. Many believe that this is wrong thing for a low-level language like Rust to do, because 1) it makes it impossible to recover what the original value was, and 2) means things like `seccomp` filters must be adjusted for this. It's also just, in a practical sense, wrong for most CLI applications. This seems to have been added back when Rust had green threads and then forgotten about. But it's been an ongoing footgun. Making a celebrity appearance, Rich Felker, the author of MUSL libc, notes: > As long as Rust is changing signal dispositions inside init code in a way that the application cannot suppress or undo, it is _fundamentally unusable to implement standard unix utilities that run child processes_ or anything that needs to preserve the signal dispositions it was invoked with and pass them on to children. Changing inheritable process state behind the application's back is just unbelievably bad behavior and does not belong in a language runtime for a serious language... > > As an example, if you implement `find` in Rust, the `-exec` option will invoke its commands with `SIGPIPE` set to `SIG_IGN`, so that they will not properly terminate on broken pipe. But if you just made it set `SIGPIPE` to `SIG_DFL` before invoking the commands, now it would be broken in the case where the invoking user intentionally set `SIGPIPE` to `SIG_IGN` so that the commands would not die on broken pipe. There was discussion in 2019 about fixing this over an edition, but nothing came of it. Are we interested in fixing it over this one? Strawman (horrible) proposal: We could stop making this pre-main syscall in Rust 2024 and have `cargo fix` insert this syscall at the start of every `main` function. (In partial defense of the strawman, it gets us directly to the arguably best end result while having an automatic semantics-preserving edition migration and it avoids the concerns about lang/libs coupling that Mara raised. The edition migration could add a comment above this inserted code telling people under what circumstances they should either keep or delete the added line.) ### "types team / lang team interaction" rust#116557 **Link:** https://github.com/rust-lang/rust/issues/116557 TC: nikomatsakis nominated this: > We had some discussion about types/lang team interaction. We concluded a few things: > > * Pinging the team like @rust-lang/lang is not an effective way to get attention. Nomination is the only official way to get attention. > * It's ok to nominate things in an "advisory" capacity but not block (e.g., landing a PR), particularly as most any action can ultimately be reversed. But right now, triagebot doesn't track closed issues, so that's a bit risky. > > Action items: > > * We should fix triagebot to track closed issues. TC: What do we think? ### "[RFC] `core::marker::Freeze` in bounds" rfcs#3633 **Link:** https://github.com/rust-lang/rfcs/pull/3633 TC: There's a proposal on the table for the stabilization of the `Freeze` trait in bounds. We discussed this in our design meeting on 2024-07-24. TC: What's next here? ### "Trait method impl restrictions" rfcs#3678 **Link:** https://github.com/rust-lang/rfcs/pull/3678 TC: This RFC is pending further work that's probably on me at this point. ### "Implement `PartialOrd` and `Ord` for `Discriminant`" rust#106418 **Link:** https://github.com/rust-lang/rust/pull/106418 TC: We discussed this last in the meeting on 2024-03-13. scottmcm has now raised on concern on the issue and is planning to make a counter-proposal: > I remain concerned about exposing this with no opt-out on an unrestricted generic type @rfcbot concern overly-broad > > I'm committing to making an alternative proposal because I shouldn't block without one. Please hold my feet to the fire if that's no up in a week. > > Basically, I have an idea for how we might be able to do this, from [#106418 (comment)](https://github.com/rust-lang/rust/pull/106418#issuecomment-1698887324) > > > 2. Expose the variant ordering privately, only accessible by the type owner/module. > > > > Solution 2. is obviously more desirable, but AFAIK Rust can't do that and there is no proposal to add a feature like that. https://github.com/rust-lang/rust/pull/106418#issuecomment-1994833151 ### "Fallout from expansion of redundant import checking" rust#121708 **Link:** https://github.com/rust-lang/rust/issues/121708 TC: We discussed this in the meeting on 2024-03-13. The feelings expressed included: - We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint. - It would be good if potentially-disruptive expansions of an existing lint either: - Had a machine-applicable fix. - Or had a new name. - We don't want to require a new lint name for each expansion. - We don't want to require a crater run for each change to a lint. - There are two ways to prevent disruption worth exploring: - Prevent potentially-disruptive changes from hitting master. - Respond quickly to early indications of disruption once the changes hit master. - Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable. TC: tmandry volunteered to draft a policy proposal. ### "What are the guarantees around which constants (and callees) in a function get monomorphized?" rust#122301 **Link:** https://github.com/rust-lang/rust/issues/122301 TC: The8472 asks whether this code, which compiles today, can be relied upon: ```rust const fn panic<T>() { struct W<T>(T); impl<T> W<T> { const C: () = panic!(); } W::<T>::C } struct Invoke<T, const N: usize>(T); impl<T, const N: usize> Invoke<T, N> { const C: () = match N { 0 => (), // Not called for `N == 0`, so not monomorphized. _ => panic::<T>(), }; } fn main() { let _x = Invoke::<(), 0>::C; } ``` The8472 notes that this is a useful property and that there are use cases for this in the compiler and the standard library, at least unless or until we adopt something like `const if`: https://github.com/rust-lang/rfcs/issues/3582 RalfJ has pointed out to The8472 that the current behavior might not be intentional and notes: > It's not opt-dependent, but it's also unclear how we want to resolve the opt-dependent issue. Some [proposals](https://github.com/rust-lang/rust/issues/122814#issuecomment-2015090501) involve also walking all items "mentioned" in a const. That would be in direct conflict with your goal here I think. To be clear I think that's a weakness of those proposals. But if that turns out to be the only viable strategy then we'll have to decide what we want more: using `const` tricks to control what gets monomorphized, or not having optimization-dependent errors. > > One crucial part of this construction is that everything involved is generic. If somewhere in the two "branches" you end up calling a monomorphic function, then that may have its constants evaluated even if it is in the "dead" branch -- or it may not, it depends on which functions are deemed cross-crate-inlinable. That's basically what #122814 is about. TC: The question to us is whether we want to guarantee this behavior. What do we think? ### "Policy for lint expansions" rust#122759 **Link:** https://github.com/rust-lang/rust/issues/122759 TC: In the call on 2024-03-13, we discussed this issue raised by tmandry: "Fallout from expansion of redundant import checking" https://github.com/rust-lang/rust/issues/121708 During the call, the thoughts expressed included: - We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint. - It would be good if potentially-disruptive expansions of an existing lint either: - Had a machine-applicable fix. - Or had a new name. - We don't want to require a new lint name for each expansion. - We don't want to require a crater run for each change to a lint. - There are two ways to prevent disruption worth exploring: - Prevent potentially-disruptive changes from hitting master. - Respond quickly to early indications of disruption once the changes hit master. - Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable. TC: tmandry volunteered to draft a policy proposal. He's now written up this proposal in this issue. TC: What do we think? ### "Decide on path forward for attributes on expressions" rust#127436 **Link:** https://github.com/rust-lang/rust/issues/127436 TC: We decided recently to unblock progress on attributes on expressions (RFC 16) by allowing attributes on blocks. We have a proposed FCP to this effect. After we did this, the question came up what we want to do about attributes in list contexts, e.g.: ```rust call(#[foo] { block1 }, #[bar] { block2 }) ``` ...in particular, macro attributes. Petrochenkov says: > It needs to be decided how proc macros see the commas, or other separators in similar cases. > > Ideally proc macros should be able to turn 1 expression into multiple (including 0) expressions in this position, similarly to `cfg`s or macros in list contexts without separators. So it would be reasonable if the separators were included into both input and output tokens streams (there are probably other alternatives, but they do not fit into the token-based model as well). The "reparse context" bit from [#61733 (comment)](https://github.com/rust-lang/rust/issues/61733#issuecomment-509626449) is likely relevant to this case as well. We filed a concern to figure this all out. We discussed this on 2024-07-24 and came up with these options: > Options ordered from least to most conservative (and then from most to least expressive): > > - Option A: Punt this case and don't support attributes in this position without parens (e.g. `call((#[attr] arg), (#[attr] arg2))`) > - Option B (exactly one): Specify that, for now, if you use a macro attribute on an expression, that macro can only expand to a single expresion (not zero tokens, and no tokens following in the output). > - Option C (zero or one): Specify that, for now, if you use a macro attribute on an expression, that macro can only expand to zero tokens or an expression with nothing following (extra tokens, including `,`, are an error for now) > - Option D (zero or more): Specify that an attribute in this position can expand to tokens that may include a `,`, and that if they expand to zero tokens then we elide the comma. > - Option E (flexible): include comma, let macro decide, etc > - We find it surprising that comma would be included. In discussion, we seemed generally interested in allowing at least zero and 1. We weren't sure about N, and we weren't sure about the handling of the comma in the input. TC: What do we think? ### "RFC: Allow type inference for const or static" rfcs#3546 **Link:** https://github.com/rust-lang/rfcs/pull/3546 ## Action item review - [Action items list](https://hackmd.io/gstfhtXYTHa3Jv-P_2RK7A) ## Pending lang team project proposals None. ## PRs on the lang-team repo ### "Add soqb`s design doc to variadics notes" lang-team#236 **Link:** https://github.com/rust-lang/lang-team/pull/236 ### "Update auto traits design notes with recent discussion" lang-team#237 **Link:** https://github.com/rust-lang/lang-team/pull/237 ### "Update hackmd link to a public link" lang-team#258 **Link:** https://github.com/rust-lang/lang-team/pull/258 ### "Adding a link to "how to add a feature gate" in the experimenting how-to" lang-team#267 **Link:** https://github.com/rust-lang/lang-team/pull/267 ### "text describing how other teams are enabled to make decisions." lang-team#290 **Link:** https://github.com/rust-lang/lang-team/pull/290 ## RFCs waiting to be merged None. ## `S-waiting-on-team` ### "Split elided_lifetime_in_paths into tied and untied" rust#120808 **Link:** https://github.com/rust-lang/rust/pull/120808 ### "de-stabilize bench attribute" rust#134273 **Link:** https://github.com/rust-lang/rust/pull/134273 ### "aarch64-softfloat: forbid enabling the neon target feature" rust#135160 **Link:** https://github.com/rust-lang/rust/pull/135160 ### "Guarantee behavior of transmuting Option::<T>::None subject to NPO" rust#137323 **Link:** https://github.com/rust-lang/rust/pull/137323 ### "Lint on fn pointers comparisons in external macros" rust#134536 **Link:** https://github.com/rust-lang/rust/pull/134536 ### "`repr(tag = ...)` for type aliases" rfcs#3659 **Link:** https://github.com/rust-lang/rfcs/pull/3659 ### "Remove unstable cfg `target(...)` compact feature" rust#130780 **Link:** https://github.com/rust-lang/rust/pull/130780 ### "Warn about C-style octal literals" rust#131309 **Link:** https://github.com/rust-lang/rust/pull/131309 ### "Add lint against (some) interior mutable consts" rust#132146 **Link:** https://github.com/rust-lang/rust/pull/132146 ### "#[cold] on match arms" rust#120193 **Link:** https://github.com/rust-lang/rust/pull/120193 ### "Emit a warning if a `match` is too complex" rust#122685 **Link:** https://github.com/rust-lang/rust/pull/122685 ### "Better errors with bad/missing identifiers in MBEs" rust#118939 **Link:** https://github.com/rust-lang/rust/pull/118939 ### "Permissions" rfcs#3380 **Link:** https://github.com/rust-lang/rfcs/pull/3380 ### "Rename `AsyncIterator` back to `Stream`, introduce an AFIT-based `AsyncIterator` trait" rust#119550 **Link:** https://github.com/rust-lang/rust/pull/119550 ### "Implement RFC 3349, mixed utf8 literals" rust#120286 **Link:** https://github.com/rust-lang/rust/pull/120286 ### "Tracking Issue for `bare_link_kind`" rust#132061 **Link:** https://github.com/rust-lang/rust/issues/132061 ## Proposed FCPs **Check your boxes!** ### " elided_lifetime_in_paths into tied and untied" rust#120808 **Link:** https://github.com/rust-lang/rust/pull/120808 ### "Arbitrary self types v2: stabilize" rust#135881 **Link:** https://github.com/rust-lang/rust/pull/135881 ### "Stabilize `derive(CoercePointee)`" rust#133820 **Link:** https://github.com/rust-lang/rust/pull/133820 ### "stabilize ptr::swap_nonoverlapping in const" rust#137280 **Link:** https://github.com/rust-lang/rust/pull/137280 ### "sanitizers: Stabilize AddressSanitizer and LeakSanitizer for the Tier 1 targets" rust#123617 **Link:** https://github.com/rust-lang/rust/pull/123617 ### "Stabilize let chains in the 2024 edition" rust#132833 **Link:** https://github.com/rust-lang/rust/pull/132833 ### "Stabilize `naked_functions`" rust#134213 **Link:** https://github.com/rust-lang/rust/pull/134213 ### "Specify the behavior of `file!`" rust#134442 **Link:** https://github.com/rust-lang/rust/pull/134442 ### "RFC: No (opsem) Magic Boxes" rfcs#3712 **Link:** https://github.com/rust-lang/rfcs/pull/3712 ### "Closing issues relevant to T-lang on this repo" rfcs#3756 **Link:** https://github.com/rust-lang/rfcs/issues/3756 ### "Warn about C-style octal literals" rust#131309 **Link:** https://github.com/rust-lang/rust/pull/131309 ### "Decide on name for `Freeze`" rust#131401 **Link:** https://github.com/rust-lang/rust/issues/131401 ### "Declarative `macro_rules!` attribute macros" rfcs#3697 **Link:** https://github.com/rust-lang/rfcs/pull/3697 ### "Declarative `macro_rules!` derive macros" rfcs#3698 **Link:** https://github.com/rust-lang/rfcs/pull/3698 ### "[RFC] externally implementable functions" rfcs#3632 **Link:** https://github.com/rust-lang/rfcs/pull/3632 ### "Implement `PartialOrd` and `Ord` for `Discriminant`" rust#106418 **Link:** https://github.com/rust-lang/rust/pull/106418 ### "Policy for lint expansions" rust#122759 **Link:** https://github.com/rust-lang/rust/issues/122759 ### "Decide on path forward for attributes on expressions" rust#127436 **Link:** https://github.com/rust-lang/rust/issues/127436 ### "RFC: Allow type inference for const or static" rfcs#3546 **Link:** https://github.com/rust-lang/rfcs/pull/3546 ### "Unsafe derives and attributes" rfcs#3715 **Link:** https://github.com/rust-lang/rfcs/pull/3715 ### "Stabilize associated type position impl Trait (ATPIT)" rust#120700 **Link:** https://github.com/rust-lang/rust/pull/120700 ### "Use `BinOp::Cmp` for `iNN::signum`" rust#137835 **Link:** https://github.com/rust-lang/rust/pull/137835 ## Active FCPs ### "Turn order dependent trait objects future incompat warning into a hard error" rust#136968 **Link:** https://github.com/rust-lang/rust/pull/136968 ## P-critical issues None.