T-lang meeting agenda

Meeting date: 2024-09-18

Attendance

People: TC, scottmcm, tmandry, Josh, nikomatsakis, pnkfelix, eholk, CE, Santiago, Urgau, Tamme Dittrich (tdittr), Nadri

Meeting roles

Minutes, driver: TC

Scheduled meetings

2024-09-18: Extended triage
2024-09-25: "Design meeting: Profiles" #289

Edit the schedule here: https://github.com/orgs/rust-lang/projects/31/views/7.

Announcements or custom items

(Meeting attendees, feel free to add items here!)

Guest attendee items

TC: For any guests who are present, please note in this section if you're attending for the purposes of any items on (or off) the agenda in particular.

Moving right along

TC: As we've been doing recently, due to the impressive backlog, I'm going to push the pace a bit. If it's ever too fast or you need a moment before we move on, please raise a hand and we'll pause.

Design meeting at 12:30 EST / 09:30 PST / 17:30 CET

TC: Remember that we have a design/planning meeting that starts half an hour after this call ends.

Next meeting with RfL

We're next meeting with RfL on 2024-09-25 to review the status of RfL project goals.

https://github.com/rust-lang/rfcs/pull/3614

Rust 2024 review

Project board: https://github.com/orgs/rust-lang/projects/43/views/5

None.

Date	Version	Edition stage
2024-09-05	Release v1.81	Checking off items…
2024-10-11	Branch v1.83	Go / no go on all items
2024-10-17	Release v1.82	Rust 2024 nightly beta
2024-11-22	Branch v1.84	Prepare to stabilize…
2024-11-28	Release v1.83	Stabilize Rust 2024 on master
2025-01-03	Branch v1.85	Cut Rust 2024 to beta
2025-01-09	Release v1.84	Announce Rust 2024 is pending!
2025-02-20	Release v1.85	Release Rust 2024

Tracking Issue for Lifetime Capture Rules 2024 (RFC 3498) #117587

Link: https://github.com/rust-lang/rust/issues/117587

TC: This item is now ready for Rust 2024.

Reserve gen keyword in 2024 edition for Iterator generators #3513

Link: https://github.com/rust-lang/rfcs/pull/3513

TC: This item is now ready for Rust 2024.

Tracking issue for promoting `!` to a type (RFC 1216) #35121

Link: https://github.com/rust-lang/rust/issues/35121
Link: https://github.com/rust-lang/rust/pull/123508

TC: This item is now ready for Rust 2024.

Vibe check: Stabilize RFC 3627?

TC: I had asked for this to be broken apart to stabilize more minimally, but that's asking for work that hasn't been done. There is an implementation ready for the whole thing. Do we want to see a stabilization report?

Nadri: I had this disagreement about the RFC:

https://github.com/rust-lang/rust/issues/130501

TC: Earlier work:

RFC 3627:

https://github.com/rust-lang/rfcs/pull/3627

Earlier design meeting ("Match ergonomics, part 3"):

https://hackmd.io/_ey51TmXRqyHq1fQ_t9pmQ

Match ergonomics framed as typing rules:

https://hackmd.io/zUqs2ISNQ0Wrnxsa9nhD0Q

Consideration of Rule 4X2:

https://github.com/rust-lang/rust/issues/127559

Nadri's "Match ergonomics overal RFC" document:

https://hackmd.io/eJdp4f0iQASg5BEPVkCD8g

nikomatsakis: So to walk through one of the examples, imagine…

// user types this
let [x] = ...;

// user sees `x: &&mut T`, user wants `T`
// user adds `&&mut`
let [&&mut x] = ...;

// but (without rule 4E) user gets an error.
// With rule 4E, this works.

// To make it work they have to write or
let &[&mut x] = ...;
let [&&mut x] = ...;

Adding ref would be an error if you have an inherited reference.

// given rv: &[String] and the rule 4E that Nadri describes,
// Niko believes the behavior is this
let &[ref x] = rv; // x gives you `&String`
let [&ref x] = rv; // x gives you `&String`
let [&x] = rv; // x gives you a move error
let [x] = rv; // x gives you `&String`
let [ref x] = rv; // x gives you an error, because you have an `&` you didn't "discharge" yet

but that is true for all versions (modulo the error with ref). To see the difference you need to have &&mut combo:

// given rv: &[&mut String] and the rule 4E that Nadri describes,
// Niko believes the behavior is this
let &[ref x] = rv; // x gives you `&&mut String`
let [&ref x] = rv; // x gives you `&&mut String`
let [&x] = rv; // x gives you a hard error (`&` doesn't match `&mut`)
let [x] = rv; // x gives you `&&mut String`
let [ref x] = rv; // x gives you an error, because you have an `&` you didn't "discharge" yet

// How would it be with rule 4X2?
let &[ref x] = rv; // ??
let [&ref x] = rv; // ??
let [&x] = rv;     // ??
let [x] = rv;      // ??
let [ref x] = rv;  // ??

tmandry:

let rv: &[&mut T];  // ??
let [x] = rv;       // x: &&mut T
let [&x] = rv;      // x: &mut T in 4E (borrow error)
let [&x] = rv;      // x: &T in RFC 3627
let [&&x] = rv;     // x: T, under 4E + rule 5
let [&&ref x] = rv; // x: &T under 4E + rule 5
let [&&mut x] = rv; // x: T under 4E
// RFC3627: type error

Josh: it'd be nice if the error included the "fully explicit" pattern

NM: I'm hesitant to expose people to ref keyword if they haven't typed it, but otherwise I think showing the fully explicit pattern is nice

Josh: Seems like a reasonable compromise.

Nadri: My tool

Nadri: design axioms: https://hackmd.io/aL5FRz-QTc6K0qtUzPoU9A I have to do work to know which ones we get with each proposal though.

Nadri: 4E gets us at least "6. If x: &T, I can copy out the value by writing & before the binding"

Vibe check

Tyler: sympathetic that primacy of structural matching is less important than "I just add the & and get the type that I want". This gets us there but I'm hesitant about the [&x]: &[&mut T] case. This gets a borrow error, you really just want a reference.

Felix: worried about the timing pressure from the edition

TC: I see a lot of good options. What's on Rust stable today has problems that I really want to fix. Resetting the binding mode is very unintuitive. All of the proposals fix that. At the end of the day I'm ok with anything and I don't think either decision is terrible. I think my main hesitation on Rule 4E is well represented by Tyler's example and it comes down to one's mental model. If one is thinking of it in terms of the "inherited type" than any other rule sounds crazy, but if you are thinking of the actual type as primary, with a carried DBM, any other rule seems crazy. I'm not as concerned about the timing, at some point we have to sit down, work through it, and make a decision. If we stretch it out over more years I am not sure we will make a better decision. I think we have to allocate the time we need to load it into cache.

Josh: Most desirable property of this proposal seems like not guessing in cases where the current proposal guesses, and instead erroring out. The ability to patch-in a & or similar when you don't have what you want seems somewhat intuitive, at least in the cases presented. Concerned about the apparent inability to do the same kind of "patching" with ref. Hesitant to lose structural primacy in the mixed case because of people ending up in the mixed case for accidental or path-dependent reasons, such as "I need a ref, let me add ref", or "I missed a reference so I ended up in match ergonomics". for being concerned about timing pressure. Want to make sure we use today's extended triage as triage and not get further behind on other things.

Niko: I like boiling it down to a mental model of "carrying an inherited type" (or moving & to the right) versus "matching the type and having a DBM". I'm with TC that the edition pressure doesn't seem like the biggest thing here, it's more – just – this space is complex and it's hard to make decisions. I guess what we are missing is having time to sit with the rules and see how they feel?

TC: Given that we seem to have some support for Rule 4E, it seems that the next step here would be asking Nadri to implement this (with the migration lints), and then if we're feeling good about it, ask for a stabilization report.

(The first part of the meeting ended here.)

(The second part of the meeting started here.)

People: TC, tmandry, Josh, nikomatsakis, pnkfelix, scottmcm, CE, Tamme Dittrich (tdittr), eholk, Urgau

GitHub "sub-issues" beta

Josh: Want to draw attention to this:
https://github.com/github/roadmap/issues/927
https://rust-lang.zulipchat.com/#narrow/stream/122651-general/topic/feedback.20on.20github.20issues.20improvements

How might we want to use this?

Could we use this for concern tracking?

NM: Neat.

"Ambitious Wild Ideas" preliminary takeaways

Josh: Ran a session at the RustConf 2024 Unconf. Want to give a brief summary of one takeaway, namely that people's spiciest takes pretty much align with things on our own long-term wishlists, and that all of them represented a valid problem people wanted a solution to.

More details later.

https://hackmd.io/ua7rN5xKTh2MFatC-UKVNQ

Nominated RFCs, PRs, and issues

"test: cross-edition metavar fragment specifiers" rust#129755

Link: https://github.com/rust-lang/rust/pull/129755

TC: If we have code like this in a Rust 2021 crate:

#[macro_export]
macro_rules! make_matcher {
    ($name:ident, $fragment_type:ident, $d:tt) => {
        #[macro_export]
        macro_rules! $name {
            ($d _:$fragment_type) => { true };
            (const { 0 }) => { false };
        }
    };
}
make_matcher!(is_expr_from_2021, expr, $);

And code like this in a Rust 2024 crate:

make_matcher!(is_expr_from_2024, expr, $);

Then we said that we expect the behavior of is_expr_from_2024 to match the 2024 behavior. We said we wanted this fixed for pat also, if possible.

CE now asks us, for implementation reasons, to consider this a bug to be handled separately and later and to ship expr anyway with the undesired behavior. We've filed that bug as:

https://github.com/rust-lang/rust/issues/130484

TC: Sound OK?

Josh: Could we lint against this?

CE: Probably not. There's probably not a lot of value here. Nobody hit this with pat_param where it seemed more likely to come up.

tmandry: I agree it's not likely to be hit.

TC: The fact that we haven't stabilized macro_metavar is part of why this is hard to hit.

Josh: Should we add a question on the macro metavar tracking issue about this? Should we lint on passing $ to a macro to construct macros?

CE: That would be a very wide lint for a very specific case.

theemathas: This could be noted on the edition guide, right?

NM: Agreed, I think we should just note it in the Edition Guide and move on, this seems like quite an edge case.

Josh: If someone did rely on this, would we be willing to break it?

TC: Yes, I would.

Niko: Yes.

tmandry: I think we'll aligned on this.

"Stabilize expr_2021 fragment specifier in all editions" rust#129972

Link: https://github.com/rust-lang/rust/pull/129972

TC: We wanted to stabilize expr_2021 in all editions as soon as possible. This is that stabilization.

The check boxes are here:

https://github.com/rust-lang/rust/pull/129972#issuecomment-2356752343

TC: This is now in FCP.

"Tracking issue for pin ergonomics" rust#130494

Link: https://github.com/rust-lang/rust/issues/130494

TC: Pin ergonomics currently involves the following main ideas:

Reborrowing for Pin<..>.
Some native constructor / pin project syntax, e.g. &pin const place_expr / &pin mut place_expr, with a corresponding type syntax.
Some way of annotating struct fields, e.g. with #[pin], to allow for safe pin projections to these fields.
- …which affects the signature of Drop::drop for the type.

That is, in general, making working with pinned things feel more like part of the language, making it less subtle and surprising, and requiring less unsafe code.

Eric Holk has volunteered to work on this experiment and has an implementation of reborrowing in progress. I "second" this and will liaison.

TC: Sound OK?

NM: +1.

Josh: Sounds like a great thing to have an experiment on, with the usual caveat that we'll later need to make decisions on concrete designs and are not pre-committing to experimented-with designs. Niko also had ideas about avoiding pin projections we should talk about; do you have plans to post those and get them in front of more folks?

Niko: Planning to make a post on that.

TC: So we'll mark the experiment as appproved.

"Tracking issue for unsafe binder types" rust#130516

Link: https://github.com/rust-lang/rust/issues/130516

TC: CE proposes an experiment:

Specifically, I'd like to provide a coherent way to represent lifetimes in structs which are unnameable and can't be plugged by 'static. This has been toyed around with in the past, such as 'unsafe lifetimes1, but the document above calls out some questions in that design and proposes a different solution via "unsafe binder types". Making these their own distinct type solves a lot of those problems, and while users still need to be careful with these types by using unsafe {} when interconverting them, they're far more self-contained.

He has a design document with details:

https://hackmd.io/@compiler-errors/HkXwoBPaR

TC: Sound OK to us? Niko, you want to take this one?

NM: +1, I can serve as liaison.

scottmcm, TC: +1, yes please.

Josh: +1, this will also help with multiple proposals for common async traits (e.g. AsyncIterator, both non-AFIT and AFIT versions), looking forward to seeing those advance on the basis of this experiment.

TC: We'll mark this experiment as approved.

NM: Note that for binders also appear in types, e.g., for<'a> dyn Foo<&'a u32>.

"Gate `repr(Rust)` correctly on non-ADT items" rust#129422

Link: https://github.com/rust-lang/rust/pull/129422

TC: Awhile back, we added #[repr(Rust)], but we apparently didn't add the validation we should have, so we accept:

#[repr(Rust)]
fn foo() {}

Per CE:

I consider this code to be nonsense. Reminder that it's different from extern "Rust", which is valid on function items. But also this now disallows repr(Rust) on modules, impls, traits, etc.

There is one-crate breakage (no dependents).

TC: Are we OK with breaking it?

scottmcm: We should do this. We should also use this as a reminder to try to avoid this in the future.

NM, TC, Josh: +1.

CE: I'm not sure there's much of a lang issue here on avoiding these things. It's more T-compiler.

TC: I'm hearing a consensus that we're OK with this breakage.

NM: Agreed but I do feel like there'd be value in analyzing cases where this occur and talk about how we can stop having these kinds of mistakes. In the particular case of attributes, modifying the compiler to be more conservative might be useful, but I also think maybe we can do more checks at stabilization.

pnkfelix: To CE's point of delegating these decisions, I'll write up a proposal.

Josh: I'm happy to second that. Let's use an FCP to decide it (rather than doing so in a meeting).

"Make deprecated_cfg_attr_crate_type_name a hard error" rust#129670

Link: https://github.com/rust-lang/rust/pull/129670

TC: est31 nominates for us to turn into a hard error:

#![cfg_attr(foo, crate_name = "foobar")]
#![cfg_attr(foo, crate_type = "bin")]

It's still allowed to write:

#![crate_name = "foobar"]
#![crate_type = "lib"]

This goes back to:

https://github.com/rust-lang/rust/pull/83744

…which we did in Rust 1.59.

Then, in Rust 1.65, we made the lint deny-by-default:

https://github.com/rust-lang/rust/pull/99784

TC: What do we think?

As of filing the PR, exactly two years have passed since #99784 has been merged, which has turned the lint's default warning level into an error, so there has been ample time to move off the now-forbidden syntax.

Josh: Is anyone allowing the lint?

NM: I'm inclined to go for it.

Josh: There seem to be two known crates using it.

NM: wasmer is a real crate with genuine users. It might be ok to break it but we should at least ping them.

tmandry: Do they have an alternative?

Josh: They're building a cydlib conditionally, and right now you have to be the leaf build to do that, we don't currently have artifact dependencies so we have no way of consuming a cdylib crate.

tmandry: They might be doing some magic with build.rs

Josh: They ought to be able to do magic that passes --crate-type, then.

Niko: Why did we do this originally?

Discussion: Complexity in the compiler for if there's for determining the crate name/type.

TC: This will now go into FCP.

"Document subtleties of `ManuallyDrop`" rust#130279

Link: https://github.com/rust-lang/rust/pull/130279

TC: This PR seeks to document some things, but scottmcm notes:

I'd much rather just remove the subtleties so we don't have to document them. Dunno whether that's practical, though. I just don't want to do a bunch of ManuallyDrop -> MaybeUninit everywhere now, then undo it again shortly.

TC: What do we think?

TC: This is related to the MaybeDangling RFC:

https://github.com/rust-lang/rfcs/blob/master/text/3336-maybe-dangling.md

TC: We may have already decided the behavior we want here, in that RFC.

scottmcm: The practical outcome here may be to document what we're doing, but explain that we've decided to change this.

TC, tmandry: +1.

pnkfelix: We could also file a bug against Miri (if we are confident that Miri is the sole way to observe UB here, which I am not confident of currently).

tmandry: I'll make the suggestion as above in the issue.

"ill-typed unused FFI declarations can cause UB" rust#46188

Link: https://github.com/rust-lang/rust/issues/46188

TC: pnkfelix nominates for us:

The proposed fixes for this issue might not practical, at least not without some help from the LLVM side, so we should consider what we want to do about this as a language.

Members of T-compiler in particular suspect that merely issuing a hard error in response to a pair of FFI declarations with distinct types may not suffice; we suspect there are users who are relying on being able to do that, and there is some underlying notion of "compatible" pairs of types that is being used to justify such code.

TC: What do we think?

TC: RalfJ now has a write-up here:

https://hackmd.io/cEi0aL6XSk6DDDASwpVH-w

…and plans to propose a design meeting.

tmandry: It seems we should start with linting here.

NM: +1. We could make the lints better and better and see where we land.

"Tracking Issue for strict_provenance_lints" rust#130351

Link: https://github.com/rust-lang/rust/issues/130351

TC: RalfJ nominates this for us for a vibe check. What do we think?

scottmcm: My sense of the vibe check is about whether we want to force people to use a method to do ptr to integer casts, or whether we want to continue allowing as casts for these, as that might affect what RalfJ wants to do here.

NM: This is related to the broader question of what to do about as. We've never RFCed this, but we've talked about it a lot. This is the sort of thing that should happen as a series of progressive steps. This might be a good project goal.

NM: As a vibe, maybe that, yes, this is something we're interested in doing, but we probably want stable options here and a good migration story. We may want a directional RFC related to deprecating as. For this particular change, there's also the strict provenance RFC to which we can point.

TC, tmandry: +1.

scottmcm: The other thing here is whether we want two lints or one here.

NM: One lint seems fine probably.

NM: I'll write out a comment with our vibe.

(The meeting ended here.)

"Emit error when calling/declaring functions with vectors that require missing target feature" rust#127731

Link: https://github.com/rust-lang/rust/pull/127731

TC: RalfJ nominates for us:

There's only 2 crates.io failures and they are both spurious. And the github failures I checked were also all spurious. So looking pretty good I would say. :)

Seems like the next step process-wise is to check back in with the lang team, now that we have crater results. (That's based on this message.) @rust-lang/lang this aims to fix #116558, which is part of the discussion we had in rust-lang/lang-team#235. The way it is fixed is by making it a hard error to call or declare an extern "C" function that passes a SIMD type by-value without enabling the target feature that enables SIMD vectors of the appropriate size. The reason it is made a hard error is that these functions end up having a different ABI depending on whether that target feature is enabled or not. "Rust" ABI functions are not affected as those functions pass SIMD vectors indirectly (they do that precisely to avoid these ABI issues).

There are two points we'd like your take on:

How to stage this. Should it become a hard error immediately, or first be reported as a future-compat lint (I would say we can make it show up in dependencies immediately)? Crater found no regressions (probably because extern "C" functions are generally fairly rare), but of course crater doesn't see all the codebases out there.

What exactly should be checked? Right now, the check is extremely low-level and looks at the computed effective ABI of the function, ensuring it doesn't end up with a too large by-value SIMD vector argument. The check is done during monomorphization, each time a function is instantiated, to make sure that we can even know the actual effective ABI. More mono-time checks are unfortunate, but there's no good way to test this in generic code since we can't know whether a generic argument is a SIMD vector or not. Give that it should be rather rare to run into this, hopefully a mono-time check is acceptable.
The other concern is semver compatibility: if a library changes a public type, e.g., from being an array of i32 to being a SIMD vector instead, that can now break downstream code. However, it can only break downstream code that passes types of this library by-value across an extern "C". If that is an FFI boundary, this is already extremely sketchy to do due to all the concerns around FFI safety and ABI compatibility. The most realistic scenario I could come up with is code using extern "C" for Rust-to-Rust calls; not sure how much we worry about such code – I presume it is fairly rare. Still, we could try to mitigate this by making the check some sort of overapproxomation that generally refuses to pass types from other crates across an extern "C" boundary if those types could in the future be changed such that the ABI ends up with a by-value SIMD vector (i.e., (i32, ForeignType) would be okay but TransparentWrapper<ForeignType> would not). I personally am not convinced that is worth the effort.

TC: What do we think?

"Lint against &T to &mut T and &T to &UnsafeCell<T> transmutes" rust#128351

Link: https://github.com/rust-lang/rust/pull/128351

TC: CE nominates for us a proposal by ChayimFriedman2:

Conversion from & to &mut are and always were immediate UB, and we already lint against them, but until now the lint did not catch the case were the reference was in a field.

Conversion from & to &UnsafeCell is more nuanced: Stacked Borrows makes it immediate UB, but in Tree Borrows it is sound.

However, even in Tree Borrows it is UB to write into that reference (if the original value was Freeze). In all cases crater found where the lint triggered, the reference was written into.

More details here:

https://github.com/rust-lang/rust/pull/128351#issue-2435783651

TC: What do we think?

"`optimize` attribute applied to things other than methods/functions/c…" rust#128943

Link: https://github.com/rust-lang/rust/pull/128943

TC: jieyouxu nominates for us:

This needs a T-lang FCP since it diverges from the original RFC 2412 specified behavior. cc @rust-lang/lang

Summary for T-lang

This PR proposes to elevate #[optimize] attribute (as specified in RFC 2412) applied to unsupported HIR nodes from a warn-by-default unused_attributes lint to a hard error.

More details are here:

https://github.com/rust-lang/rust/pull/128943#issuecomment-2282357407

TC: What do we think?

"Check ABI target compatibility for function pointers" rust#128784

Link: https://github.com/rust-lang/rust/pull/128784

TC: This comes to us as a proposed FCW for cases like:

// These raise E0570
extern "thiscall" fn foo() {}
extern "thiscall" { fn bar() }

// This did not raise any error
fn baz(f: extern "thiscall" fn()) { f() }

There's been extensive analysis using crater here. CE says it looks good to him at this point.

TC: What do we think?

"Trait method impl restrictions" rfcs#3678

Link: https://github.com/rust-lang/rfcs/pull/3678

TC: Josh nominates a new RFC for us. What do we think?

"Simplify lightweight clones, including into closures and async blocks" rfcs#3680

Link: https://github.com/rust-lang/rfcs/pull/3680

TC: Josh nominates a new RFC for us. What do we think?

"edition lint: migrating `extern crate` with `#[macro_use]`" rust#52043

Link: https://github.com/rust-lang/rust/issues/52043

TC: Code like this today isn't idiomatic, since we would use use to import any macros, but it doesn't lint:

#[macro_use]
extern crate rayon;

fn main() { }

TC: Josh nominates as it seems perhaps beyond time that we do so. What do we think?

"Consider deprecation of UB-happy `static mut`" rust#53639

Link: https://github.com/rust-lang/rust/issues/53639

TC: Long ago, eddyb opened an issue to consider deprecating static mut. This is because handling long-lived references to static mut items is hard to do right.

We decided for Rust 2024 to lint at deny-by-default against long-lived references to static mut items, thus apparently solving the problem that motivated opening the issue. And there seem to be use cases for static mut. As RalfJ says:

Sometimes, you need global mutable state. We already had several cases of people being quite confused and concerned by the lints we started emitting, and it turns out that what they were doing is completely fine and we basically told them to add a bit of noise to their code to silence the lint. Those people will be even more confused if we now tell them that static mut will be banned entirely, and I am not convinced that replacing addr_of_mut!(STATIC) with STATIC.get() is really doing anything for ensuring the safety of global mutable state.

Many people that use static mut now are entirely aware of what they are doing, they didn't accidentally stumble into global mutable state. People that just mindlessly run into static mut will equally mindlessly start using SyncUnsafeCell (probably by copying some online resource telling them how to silence that annoying borrow checker, or by following helpful compiler hints).

So overall I am not convinced that the churn caused on existing code, and the overhead caused for people that know what they are doing, is balanced by a sufficient risk reduction for people that don't know what they are doing.

Given all this, it's hard to me to imagine that we've soon depracet static mut, so I propose FCP close.

TC: What do we think?

"Tracking Issue for the C-cmse-nonsecure-call ABI" rust#81391

Link: https://github.com/rust-lang/rust/issues/81391

TC: T-compiler nominates for us:

Nominating for both T-lang and T-compiler discussion: there is a request for the stabilization of the C-cmse-nonsecure-call ABI (posted above at #81391 (comment)), there's also the seemingly related #[cmse_nonsecure_entry] attribute (#75835). This is mostly nominated for several reasons stated below.

For T-compiler:

Procedure questions:

Does this need an MCP/FCP for stabilization, or does this need further design?

Does this need a joint T-compiler/T-lang FCP?

We should help the people working on cmse-related things to find knowledgeable reviewers / domain experts who can help with reviewing the changes, or otherwise provide advice on how to split related PRs into smaller PRs that reviewers feel more confident to review. add extern "C-cmse-nonsecure-entry" fn #127766 already got rerolled a bunch of times (currently, the dice landed on Wesley ^^).

For T-lang:

Procedure questions:

Does this need T-lang sign-off, like a T-lang FCP or a joint T-lang/T-compiler FCP?

For both T-compiler and T-lang:

Is the cmse-related efforts being tracked anywhere?

TC: What do we think?

"Tracking Issue for enum access in offset_of" rust#120141

Link: https://github.com/rust-lang/rust/issues/120141

TC: There's a proposed FCP merge for us:

https://github.com/rust-lang/rust/issues/120141#issuecomment-2161507356

TC: What do we think?

"Fixup Windows verbatim paths when used with the `include!` macro" rust#125205

Link: https://github.com/rust-lang/rust/pull/125205

TC: Chris Denton asks us:

On Windows, the following code can fail if the OUT_DIR environment variable is a verbatim path (i.e. begins with \\?\):
include!(concat!(env!("OUT_DIR"), "/src/repro.rs"));
This is because verbatim paths treat / literally, as if it were just another character in the file name.

The good news is that the standard library already has code to fix this. We can simply use components to normalize the path so it works as intended.

I think it could just be considered a bug fix but it might also be considered a change in language.

TC: What do we think, is this a bug fix or a change to the language, and if the latter, do we want it?

"Reword trait-object compatibility in rustdoc" rust#126554

Link: https://github.com/rust-lang/rust/pull/126554

TC: Josh nominates this for us. What do we think?

"Support for pointers with asm_const" rust#128464

Link: https://github.com/rust-lang/rust/issues/128464

TC: Josh nominates for us the question:

Nominating this for lang to discuss the question of whether we should support use of const in asm! for things that can't just be textually substituted, or whether we should give that a different name.

@Amanieu, any input you'd like to provide would be helpful.

To which Amanieu replies:

After thinking about it a bit, I think it's probably fine to add this functionality to const. I'm a bit bothered about the duplication with sym, which is already stable.

TC: What do we think?

"Decide on name for `derive(SmartPtr)`" rust#129104

Link: https://github.com/rust-lang/rust/issues/129104

TC: We need to resolve the open question on:

https://github.com/rust-lang/rfcs/pull/3621

…regarding what name to use.

Tracking:

https://github.com/rust-lang/rust/issues/123430

TC: What do we think?

"Stabilize `extended_varargs_abi_support`" rust#116161

Link: https://github.com/rust-lang/rust/pull/116161

TC: This stabilization was nominated for us, with pnkfelix commenting:

Just to add on to @cjgillot 's comment above: @wesleywiser and I could not remember earlier today whether T-lang wants to own FCP'ing changes like this that are restricted to extending the set of calling-conventions (i.e. the conv in extern "conv" fn foo(...)), which is largely a detail about what platforms one is interoperating with, and not about changing the expressiveness of the Rust language as a whole in the abstract.

(My own gut reaction is that T-compiler is a more natural owner for this than T-lang, but I wasn't certain and so it seems best to let the nomination stand and let the two teams duke it out.)

TC: What do we think about 1) this stabilization, and 2) whether we want to own this?

"Emit a warning if a `match` is too complex" rust#122685

Link: https://github.com/rust-lang/rust/pull/122685

TC: Nadri nominates this for us and describes the situation:

Dear T-lang, this PR adds a warning that cannot be silenced, triggered when a match takes a really long time to analyze (in the order of seconds). This is to help users figure out what's taking so long and fix it.

We could make the limit configurable or the warning allowable. I argue that's not necessary because crater showed zero regressions with the current limit, and it's be pretty easy in general to split up a match into smaller matches to avoid blowup.

We're still figuring out the exact limit, but does the team approve in principle?

(As an aside, awhile back someone showed how to lower SAT to exhaustiveness checking with match. Probably that would hit this limit.)

TC: What do we think?

"Stabilize `count`, `ignore`, `index`, and `length` (`macro_metavar_expr`)" rust#122808

Link: https://github.com/rust-lang/rust/pull/122808

TC: c410-f3r proposes the following for stabilization:

Stabilization proposal

This PR proposes the stabilization of a subset of #![feature(macro_metavar_expr)] or more specifically, the stabilization of count, ignore, index and length.

What is stabilized

Count

The number of times a meta variable repeats in total.

macro_rules! count_idents {
    ( $( $i:ident ),* ) => {
        ${count($i)}
    };
}

fn main() {
    assert_eq!(count_idents!(a, b, c), 3);
}

Ignore

Binds a meta variable for repetition, but expands to nothing.

macro_rules! count {
    ( $( $i:stmt ),* ) => {{
        0 $( + 1 ${ignore($i)} )*
    }};
}

fn main() {
    assert_eq!(count!(if true {} else {}, let _: () = (), || false), 3);
}

Index

The current index of the inner-most repetition.

trait Foo {
    fn bar(&self) -> usize;
}

macro_rules! impl_tuple {
    ( $( $name:ident ),* ) => {
        impl<$( $name, )*> Foo for ($( $name, )*)
        where
            $( $name: AsRef<[u8]>, )*
        {
            fn bar(&self) -> usize {
                let mut sum: usize = 0;
                $({
                    const $name: () = ();
                    sum = sum.wrapping_add(self.${index()}.as_ref().len());
                })*
                sum
            }
        }
    };
}

impl_tuple!(A, B, C, D);

fn main() {
}

Length

The current index starting from the inner-most repetition.

macro_rules! array_3d {
    ( $( $( $number:literal ),* );* ) => {
        [
            $(
                [
                    $( $number + ${length()}, )*
                ],
            )*
        ]
    };
}

fn main() {
    assert_eq!(array_3d!(0, 1; 2, 3; 4, 5), [[2, 3], [4, 5], [6, 7]]);
}

Motivation

Meta variable expressions not only facilitate the use of macros but also allow things that can't be done today like in the $index example.

An initial effort to stabilize this feature was made in #111908 but ultimately reverted because of possible obstacles related to syntax and expansion.

Nevertheless, #83527 (comment) tried to address some questions and fortunately the lang team accept #117050 the unblocking suggestions.

Here we are today after ~4 months so everything should be mature enough for wider use.

What isn't stabilized

$$ is not being stabilized due to unresolved concerns.

TC: I asked WG-macros for feedback on this here:

https://rust-lang.zulipchat.com/#narrow/stream/404510-wg-macros/topic/Partial.20macro_metavar_expr.20stabilization

TC: Josh proposed FCP merge on this stabilization.

"Add support for `use Trait::func`" rfcs#3591

Link: https://github.com/rust-lang/rfcs/pull/3591

This RFC would add support for:

use Default::default;

struct S {
    a: HashMap<i32, i32>,
}

impl S {
    fn new() -> S {
        S {
            a: default()
        }
    }
}

Josh has proposed FCP merge and has nominated. There are outstanding concerns about the handling of turbofish and associated constants.

TC: What do we think?

"Supertrait item shadowing v2" rfcs#3624

Link: https://github.com/rust-lang/rfcs/pull/3624

TC: On 2024-04-24, we had discussed (on a gut check basis) a proposal from Amanieu to change method resolution such that when both a subtrait and one of its supertraits are in scope, shadowed methods from the subtrait would be chosen rather than resulting in ambiguity errors.

Most notably, this would allow the standard library to uplift methods from itertools, which they've been deferring for years due to no way to do so without causing breakage. But there are many other possible uses and reasons to believe this might be a good rule.

After our last discussion, we had asked for an RFC. This is that RFC. What do we think?

"Tracking issue for the `start` feature" rust#29633

Link: https://github.com/rust-lang/rust/issues/29633

TC: Nils proposes to us that we delete the unstable #[start] attribute:

I think this issue should be closed and #[start] should be deleted. It's nothing but an accidentally leaked implementation detail that's a not very useful mix between "portable" entrypoint logic and bad abstraction.

I think the way the stable user-facing entrypoint should work (and works today on stable) is pretty simple:

std-using cross-platform programs should use fn main(). the compiler, together with std, will then ensure that code ends up at main (by having a platform-specific entrypoint that gets directed through lang_start in std to main - but that's just an implementation detail)

no_std platform-specific programs should use #![no_main] and define their own platform-specific entrypoint symbol with #[no_mangle], like main, _start, WinMain or my_embedded_platform_wants_to_start_here. most of them only support a single platform anyways, and need cfg for the different platform's ways of passing arguments or other things anyways

#[start] is in a super weird position of being neither of those two. It tries to pretend that it's cross-platform, but its signature is a total lie. Those arguments are just stubbed out to zero on Windows, for example. It also only handles the platform-specific entrypoints for a few platforms that are supported by std, like Windows or Unix-likes. my_embedded_platform_wants_to_start_here can't use it, and neither could a libc-less Linux program. So we have an attribute that only works in some cases anyways, that has a signature that's a total lie (and a signature that, as I might want to add, has changed recently, and that I definitely would not be comfortable giving any stability guarantees on), and where there's a pretty easy way to get things working without it in the first place.

Note that this feature has not been RFCed in the first place.

TC: What do we think?

"Coercing &mut to *const should not create a shared reference" rust#56604

Link: https://github.com/rust-lang/rust/issues/56604

TC: It's currently UB to write:

fn main() {
    let x = &mut 0;
    let y: *const i32 = x;
    unsafe { *(y as *mut i32) = 1; }
    assert_eq!(*x, 1);
}

This is due to the fact that we implicitly first create a shared reference when coercing a &mut to a *const. See:

TC: What do we think about this?

"Stabilize `anonymous_lifetime_in_impl_trait`" rust#107378

Link: https://github.com/rust-lang/rust/pull/107378

TC: We unnominated this back in October 2023 as more analysis seemed to be needed. Since then, nikomatsakis and tmandry have posted substantive analysis that it seems we should discuss.

"#[cold] on match arms" rust#120193

Link: https://github.com/rust-lang/rust/pull/120193

TC: Apparently our unstable likely and unlikely intrinsics don't work. There's a proposal to do some work on fixing that and stabilizing a solution here. The nominated question is whether we want to charter this as an experiment.

"Disallow deriving (other than Copy/Clone) on types with unnamed fields" rust#121270

Link: https://github.com/rust-lang/rust/pull/121270

TC: pnkfelix nominates this for us:

This PR that addresses some ICEs arising for the unstable feature(unnamed_fields), by conservatively mapping the ICE'ing cases to static errors instead.

The T-compiler team wants to know the opinion of T-lang of whether feature(unnamed_fields) is sufficiently likely, in the near future, to be removed (or significantly reworked) to such a degree that it would make more sense to close this PR rather than have contributors spend further time on it.

(See also the context established by https://hackmd.io/7r0i-EWyR8yO6po2LnS2rA#Tracking-issue-for-RFC-2102-Unnamed-fields-of-struct-and-union-type-rust49804 (where I think there was supposed to be an eventual writeup of the concerns people had with feature(unnamed_fields)) and #49804 (comment) )

On 2024-05-12, Josh said:

It sounds like, from the minutes, that some folks would like to see this feature designed differently than it was when it was previously accepted. It wouldn't be the first or last feature to need some design adjustments when lang design met compiler reality. Happy to help with that, so that we can find a design that meets the requirements in the original RFC and any new issues that have arisen since then.

This is about RFC 2102:

https://github.com/rust-lang/rfcs/pull/2102

We discussed this in the meeting on 2024-06-12 without consensus.

Some felt that this was still needed, others first wanted to look for a more minimal approach.

We left this for further discussion.

TC: What do we think?

"Tracking Issue for unicode and escape codes in literals" rust#116907

Link: https://github.com/rust-lang/rust/issues/116907

TC: nnethercote has implemented most of RFC 3349 ("Mixed UTF-8 literals") and, based on implementation experience, argues that the remainder of the RFC should not be implemented:

I have a partial implementation of this RFC working locally (EDIT: now at #120286). The RFC proposes five changes to literal syntax. I think three of them are good, and two of them aren't necessary.

TC: What do we think?

"Proposal: Remove `i128`/`u128` from the `improper_ctypes` lint" lang-team#255

Link: https://github.com/rust-lang/lang-team/issues/255

TC: Trevor Gross describes the situation:

For a while, Rust's 128-bit integer types have been incompatible with those from C. The original issue is here rust-lang/rust#54341, with some more concise background information at the MCP here rust-lang/compiler-team#683

The current Beta of 1.77 will have rust-lang/rust#116672, which manually sets the alignment of i128 to make it ABI-compliant with any version of LLVM (clang does something similar now). 1.78 will have LLVM18 as the vendored version which fixes the source of this error.

Proposal: now that we are ABI-compliant, do not raise improper_ctypes on our 128-bit integers. I did some testing with abi-cafe and a more isolated https://github.com/tgross35/quick-abi-check during the time https://reviews.llvm.org/D86310 was being worked on, and verified everything lines up. (It would be great to have some fork of abi-cafe in tree, but that is a separate discussion.)

@joshtriplett mentioned that changing this lint needs a lang FCP https://rust-lang.zulipchat.com/#narrow/stream/187780-t-compiler.2Fwg-llvm/topic/LLVM.20alignment.20of.20i128/near/398422037. cc @maurer

Reference change from when I was testing rust-lang/rust@c742908

TC: Josh nominates this for our discussion. What do we think?

"`is` operator for pattern-matching and binding" rfcs#3573

Link: https://github.com/rust-lang/rfcs/pull/3573

TC: Josh proposes for us that we should accept:

if an_option is Some(x) && x > 3 {
    println!("{x}");
}

And:

func(x is Some(y) && y > 3);

TC: The main topic discussed in the issue thread so far has been the degree to which Rust should have "two ways to do things". Probably the more interesting issue is how the binding and drop scopes for this should work.

TC: In the 2024-02-21 meeting (with limited attendance), we discussed how we should prioritize stabilizing let chains, and tmandry suggested we may want to allow those to settle first.

TC: What do we think, as a gut check?

"Unsafe fields" rfcs#3458

Link: https://github.com/rust-lang/rfcs/pull/3458

TC: Nearly ten years ago, on 2014-10-09, pnkfelix proposed unsafe fields in RFC 381:

https://github.com/rust-lang/rfcs/issues/381

On 2017-05-04, Niko commented:

I am pretty strongly in favor of unsafe fields at this point. The only thing that holds me back is some desire to think a bit more about the "unsafe" model more generally.

Then, in 2023, Jacob Pratt refreshed this proposal with RFC 3458. It proposes that:

Fields may be declared unsafe. Unsafe fields may only be mutated (excluding interior mutability) or initialized in an unsafe context. Reading the value of an unsafe field may occur in either safe or unsafe contexts. An unsafe field may be relied upon as a safety invariant in other unsafe code.

E.g.:

struct Foo {
    safe_field: u32,
    /// Safety: Value must be an odd number.
    unsafe unsafe_field: u32,
}

// Unsafe field initialization requires an `unsafe` block.
// Safety: `unsafe_field` is odd.
let mut foo = unsafe {
    Foo {
        safe_field: 0,
        unsafe_field: 1,
    }
};

On 2024-05-21, Niko nominated this for us:

I'd like to nominate this RFC for discussion. I've not read the details of the thread but I think the concept of unsafe fields is something that comes up continuously and some version of it is worth doing.

TC: What do we think?

"RFC: Allow symbol re-export in cdylib crate from linked staticlib" rfcs#3556

Link: https://github.com/rust-lang/rfcs/pull/3556

TC: This seems to be about making the following work:

// kind is optional if it's been specified elsewhere, e.g. via the `-l` flag to rustc
#[link(name="ext", kind="static")]
extern {
    #[no_mangle]
    pub fn foo();

    #[no_mangle]
    pub static bar: std::ffi::c_int;
}

There are apparently use cases for this.

What's interesting is that apparently it already does, but we issue a warning that is wrong:

warning: `#[no_mangle]` has no effect on a foreign function
  --> src/lib.rs:21:5
   |
21 |     #[no_mangle]
   |     ^^^^^^^^^^^^ help: remove this attribute
22 |     pub fn foo_rfc3556_pub_with_no_mangle();
   |     ---------------------------------------- foreign function
   |
   = warning: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release!
   = note: symbol names in extern blocks are not mangled

TC: One of the author's asks of us is that we don't make this into a hard error (e.g. with the new edition).

TC: What do we think?

"Better errors with bad/missing identifiers in MBEs" rust#118939

Link: https://github.com/rust-lang/rust/pull/118939

TC: The idea here seems to be to improve some diagnostics around macro_rules, but this seems to be done by way of reserving the macro_rules token more widely, which is a breaking change. Petrochenkov has objected to it on that basis, given that reserving macro_rules minimally has been the intention since we hope it will one day disappear in favor of macro. What do we think?

"Uplift `clippy::invalid_null_ptr_usage` lint" rust#119220

Link: https://github.com/rust-lang/rust/pull/119220

TC: Urgau proposes this for us:

This PR aims at uplifting the clippy::invalid_null_ptr_usage lint into rustc, this is similar to the clippy::invalid_utf8_in_unchecked uplift a few months ago, in the sense that those two lints lint on invalid parameter(s), here a null pointer where it is unexpected and UB to pass one.

invalid_null_ptr_usages

(deny-by-default)

The invalid_null_ptr_usages lint checks for invalid usage of null pointers.

Example

// Undefined behavior
unsafe { std::slice::from_raw_parts(ptr::null(), 0); }
// Not Undefined behavior
unsafe { std::slice::from_raw_parts(NonNull::dangling().as_ptr(), 0); }

Produces:

error: calling this function with a null pointer is undefined behavior, even if the result of the function is unused, consider using a dangling pointer instead
  --> $DIR/invalid_null_ptr_usages.rs:14:23
   |
LL |     let _: &[usize] = std::slice::from_raw_parts(ptr::null(), 0);
   |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^-----------^^^^
   |                                                  |
   |                                                  help: use a dangling pointer instead: `core::ptr::NonNull::dangling().as_ptr()`

Explanation

Calling methods who's safety invariants requires non-null pointer with a null pointer is undefined behavior.

The lint use a list of functions to know which functions and arguments to checks, this could be improved in the future with a rustc attribute, or maybe even with a #[diagnostic] attribute.

TC: What do we think?

"Uplift `clippy::double_neg` lint as `double_negations`" rust#126604

Link: https://github.com/rust-lang/rust/pull/126604

TC: This proposes to lint against cases like this:

fn main() {
    let x = 1;
    let _b = --x; //~ WARN use of a double negation
}

TC: What do we think?

"Language vs. implementation threat models and implications for TypeId collision resistance" rust#129030

Link: https://github.com/rust-lang/rust/issues/129030

TC: We use SipHash-1-3-128 in Rust for hashing types to form TypeIds. If these TypeIds collide in a single program, UB may result.

If SipHash-1-3-128 is a secure PRF, then the probability of such collisions happening accidentally in a program that contains an enormous 1M types is one in 2^-89.

But, if someone wanted to brute-force a collision – that is, find two entirely random types that would have the same TypeId – the work factor for that is no more than about 2^64 on average.

The question being nominated for lang is whether we consider that good enough for soundness, for now.

TC: What do we think?

"Lang discussion: Item-level `const {}` blocks, and `const { assert!(...) }`" lang-team#251

Link: https://github.com/rust-lang/lang-team/issues/251

TC: This issue was raised due to discussion in a T-libs-api call. Josh gives the context:

In discussion of rust-lang/libs-team#325 (a proposal for a compile-time assert macro), the idea came up to allow const {} blocks at item level, and then have people use const { assert!(...) }.

@rust-lang/libs-api would like some guidance from @rust-lang/lang about whether lang is open to toplevel const { ... } blocks like this, which would influence whether we want to add a compile-time assert macro, as well as what we want to call it (e.g. static_assert! vs const_assert! vs some other name).

Filing this issue to discuss in a lang meeting. This issue is not seeking any hard commitment to add such a construct, just doing a temperature check.

CAD97 noted:

To ensure that it's noted: if both item and expression const blocks are valid in the same position (i.e. in statement position), a rule to disambiguate would be needed (like for statement versus expression if-else). IMO it would be quite unfortunate for item-level const blocks to be evaluated pre-mono if that same const block but statement-level would be evaluated post-mono.

Additionally: since const { assert!(...) } is post-mono (due to using the generic context), it's potentially desirable to push people towards using const _: () = assert!(...); (which is pre-mono) whenever possible (not capturing generics).

TC: What do we think?

"Add lint against function pointer comparisons" rust#118833

Link: https://github.com/rust-lang/rust/pull/118833

TC: In the 2024-01-03 call, we developed a tentative consensus to lint against direct function pointer comparison and to push people toward using ptr::fn_addr_eq. We decided to ask T-libs-api to add this. There's now an open proposal for that here:

https://github.com/rust-lang/libs-team/issues/323

One question that has come up is whether we would expect this to work like ptr::addr_eq and have separate generic parameters, e.g.:

/// Compares the *addresses* of the two pointers for equality,
/// ignoring any metadata in fat pointers.
///
/// If the arguments are thin pointers of the same type,
/// then this is the same as [`eq`].
pub fn addr_eq<T: ?Sized, U: ?Sized>(p: *const T, q: *const U) -> bool { .. }

Or whether we would prefer that fn_addr_eq enforced type equality of the function pointers. Since we're the ones asking for this, we probably want to develop a consensus here. We discussed this in the call on 2024-01-10, then we opened a Zulip thread:

https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/Signature.20of.20.60ptr.3A.3Afn_addr_eq.60

TC: On this subject, scottmcm raised this point, with which pnkfelix seemed to concur:

I do feel like if I saw code that had fn1.addr() == fn2.addr() (if FnPtr were stabilized), I'd write a comment saying "isn't that what fn_addr_eq is for?"

If the answer ends up being "no, actually, because I have different types", that feels unfortunate even if it's rare.

(Like how addr_eq(a, b) is nice even if with strict provenance I could write a.addr() == b.addr() anyway.)

TC: scottmcm also asserted confidence that allowing mixed-type pointer comparisons is correct for ptr::addr_eq since comparing the addresses of *const T, *const [T; N], and *const [T] are all reasonable. I pointed out that, if that's reasonable, then ptr::fn_addr_eq is the higher-ranked version of that, since for the same use cases, it could be reasonable to compare function pointers that return those three different things or accept them as arguments.

TC: Adding to that, scottmcm noted that comparing addresses despite lifetime differences is also compelling, e.g. comparing fn(Box<T>) -> &'static mut T with for<'a> fn(Box<T>) -> &'a mut T.

TC: Other alternatives we considered were not stabilizing ptr::fn_addr_eq at all and instead stabilizing FnPtr so people could write ptr::addr_eq(fn1.addr(), fn2.addr()), or expecting that people would write instead fn1 as *const () == fn2 as *const ().

TC: Recently CAD97 raised an interesting alternative:

From the precedent of ptr::eq and ptr::addr_eq, I'd expect a "ptr::fn_eq" to have one generic type and a "ptr::fn_addr_eq" to have two. Even if ptr::fn_eq's implementation is just an address comparison, it still serves as a documentation point to call out the potential pitfalls with comparing function pointers.

TC: What do we think?

TC: Separately, on the 2024-01-10 call, we discussed some interest use cases for function pointer comparison, especially when it's indirected through PartialEq. We had earlier said we didn't want to lint when such comparisons were indirected through generics, but we did address the non-generic case of simply composing such comparisons.

One example of how this is used is in the standard library, in Waker::will_wake:

https://doc.rust-lang.org/core/task/struct.Waker.html#method.will_wake

It's comparing multiple function pointers via a #[derive(PartialEq)] on the RawWakerVTable.

We decided on 2024-01-01 that this case was interesting and we wanted to think about it further. We opened a discussion thread about this:

https://rust-lang.zulipchat.com/#narrow/stream/213817-t-lang/topic/Function.20pointer.20comparison.20and.20.60PartialEq.60

Since then, another interesting use case in the standard library was raised, in the formatting machinery:

https://doc.rust-lang.org/src/core/fmt/rt.rs.html

What do we think about these, and would we lint on derived PartialEq cases like these or no?

"RFC: inherent trait implementation" rfcs#2375

Link: https://github.com/rust-lang/rfcs/pull/2375

TC: We had a design meeting on 2023-09-12 about inherent trait impls. In that meeting, I proposed a use syntax for this:

In the discussion above, we had left two major items unresolved.

How do we make blanket trait impls inherent?

How can we allow only some items from the trait impl to be made inherent?

This is especially tricky for associated functions and methods with a default implementation.

(Part of the motivation for wanting to allow only some items to be made inherent is to prevent or to fix breakage caused when a trait later adds a new method with a default implementation whose name conflicts with the name of an existing inherent method.)

Coming up with a syntax for these that combines well with the #[inherent] attribute could be challenging.

One alternative that would make solving these problems straightforward is to add some syntax to the inherent impl block for the type. Given the desugaring in the RFC, there is some conceptual appeal here. (quaternic proposed this arrangement; TC is proposing the concrete syntax.)

We can use use syntax to make this concise and intuitive.

Here's an example:

trait Trait1<Tag, T> {
    fn method0(&self) -> u8 { 0 }
    fn method1(&self) -> u8 { 1 }
}
trait Trait2<Tag, T> {
    fn method2(&self) -> u8 { 2 }
    fn method3(&self) -> u8 { 3 }
    fn method4(&self) -> u8 { 4 }
}

struct Tag;

struct Foo<T>(T);
impl<T> Foo<T> {
    // All methods and associated items of Trait1 become inherent,
    // except for `method0`.  The inherent items are only visible
    // within this crate.
    pub(crate) use Trait1<Tag, T>::*;
    // Only `method2` and `method3` on Trait2 become inherent.
    pub use Trait2<Tag, T>::{method2, method3};

    fn method0(&self) -> u64 { u64::MAX }
}

impl<T> Trait1<Tag, T> for Foo<T> {}
impl<U: Trait1<Tag, T>, T> Trait2<Tag, T> for U {}

This solves another problem that we discussed above. How do we prevent breakage in downstream crates when a trait later adds a new method with a default implementation? Since a downstream crate might have made an impl of this trait for some local type inherent and might have an inherent method with a conflicting name, this could be breaking.

We already handle this correctly for use declarations with wildcards. Any locally-defined items override an item that would otherwise be brought into scope with a wildcard import. We can reuse that same behavior and intuition here. When a wildcard is used to make all items in the trait inherent, any locally-defined inherent items in the impl prevent those items from the trait with the same name from being made inherent.

Advantages:

It provides a syntax for adopting as inherent a blanket implementation of a trait for the type.

It provides a syntax for specifying which methods should become inherent, including methods with default implementations.

The wildcard import (use Trait::*) makes it very intuitive what exactly is happening and what exactly your API is promising.

The use syntax makes it natural for a locally-defined item to override an item from the wildcard import because that's exactly how other use declarations work.

rust-analyzer would probably support expanding a wildcard use Trait::* to an explicit use Trait::{ .. } just as it does for other use declarations, which would help people to avoid breakage.

We can support any visibility (e.g. use, pub use, pub(crate) use, etc.) for the items made inherent.

Disadvantages:

There's some redundancy, especially when the items to make inherent are specifically named.

During the meeting, this emerged as the presumptive favorite, and we took on a TODO item to updated the RFC.

After follow-on discussion in Zulip, Niko agreed, and also raised a good question:

Per the discussion on zulip, I have become convinced that it would be better to make this feature use the syntax use, like:

impl SomeType {
    pub use SomeTrait::*;  // re-export the methods for the trait implementation
}

This syntax has a few advantages:

We can give preference to explicit method declared in the impl blocks over glob re-exports, eliminating one source of breakage (i.e., trait adds a method with a name that overlaps one of the inherent methods defined on SomeType)

Can make just specific methods (not all of them) inherent.

Easier to see the inherent method when scanning source.

You can re-export with different visibility levels (e.g., pub(crate))

It would work best if we planned to permit use SomeTrait::some_method; as a way to import methods as standalone fns, but I wish we did that.

However, in writing this, I realize an obvious disadvantage – if the trait has more generics and things, it's not obvious how those should map. i.e., consider

struct MyType<T> {
}

impl<T> MyType<T> {
    pub use MyTrait::foo;
}

impl<T: Debug> MyTrait for MyType<T> {
    fn foo(&self) { }
}

This would be weird – is this an error, because the impl block says it's for all T? And what if it were trait MyTRait<X>?

TC: My sense is that we've just been awaiting someone digging in and updating the RFC here.

"Raw Keywords" rfcs#3098

Link: https://github.com/rust-lang/rfcs/pull/3098

TC: We've at various times discussed that we had earlier decided that if we wanted to use a new keyword within an edition, we would write it as k#keyword, and for that reason, we prefer to not speculatively reserve keywords ahead of an edition (except, perhaps, when it's clear we plan to use it in the near future).

TC: Somewhat amusingly, however, we never in fact accepted that RFC. Back in 2021, we accepted scottmcm's proposal to cancel:

We discussed this RFC again in the lang team triage meeting today.

For the short-term goal of the reservation for the edition, we'll be moving forward on #3101 instead. As such, we wanted to leave more time for conversations about this one, and maybe use crater results from 3101 to make design changes,

@rfcbot cancel

Instead we accepted RFC 3101 that reserved ident#foo, ident"foo", ident'f', and ident#123 starting in the 2023 edition.

Reading through the history, here's what I see:

What do we want to do about Rust 2015 and Rust 2018? It's a breaking change to add this there. Is this OK? Do we want to do a crater run on this?
Would we have the stomach to actually do this? It's one thing to say that if we wanted to use a new keyword within an edition, we'd write k#keyword, but it's another to actually do it in the face of certain criticism about that being e.g. unergonomic. Would we follow through?

TC: What do we think?

"RFC: Implementable trait aliases" rfcs#3437

Link: https://github.com/rust-lang/rfcs/pull/3437

TC: We discussed this in the lang planning meeting in June, and it looks like there have been updates since we last looked at this, so it's time for us to have another look since we seemed interested in this happening.

TC: What do we think?

"Should Rust still ignore SIGPIPE by default?" rust#62569

Link: https://github.com/rust-lang/rust/issues/62569

TC: Prior to main() being executed, the Rust startup code makes a syscall to change the handling of SIGPIPE. Many believe that this is wrong thing for a low-level language like Rust to do, because 1) it makes it impossible to recover what the original value was, and 2) means things like seccomp filters must be adjusted for this.

It's also just, in a practical sense, wrong for most CLI applications.

This seems to have been added back when Rust had green threads and then forgotten about. But it's been an ongoing footgun.

Making a celebrity appearance, Rich Felker, the author of MUSL libc, notes:

As long as Rust is changing signal dispositions inside init code in a way that the application cannot suppress or undo, it is fundamentally unusable to implement standard unix utilities that run child processes or anything that needs to preserve the signal dispositions it was invoked with and pass them on to children. Changing inheritable process state behind the application's back is just unbelievably bad behavior and does not belong in a language runtime for a serious language…

As an example, if you implement find in Rust, the -exec option will invoke its commands with SIGPIPE set to SIG_IGN, so that they will not properly terminate on broken pipe. But if you just made it set SIGPIPE to SIG_DFL before invoking the commands, now it would be broken in the case where the invoking user intentionally set SIGPIPE to SIG_IGN so that the commands would not die on broken pipe.

There was discussion in 2019 about fixing this over an edition, but nothing came of it.

Are we interested in fixing it over this one?

Strawman (horrible) proposal: We could stop making this pre-main syscall in Rust 2024 and have cargo fix insert this syscall at the start of every main function.

(In partial defense of the strawman, it gets us directly to the arguably best end result while having an automatic semantics-preserving edition migration and it avoids the concerns about lang/libs coupling that Mara raised. The edition migration could add a comment above this inserted code telling people under what circumstances they should either keep or delete the added line.)

"types team / lang team interaction" rust#116557

Link: https://github.com/rust-lang/rust/issues/116557

TC: nikomatsakis nominated this:

We had some discussion about types/lang team interaction. We concluded a few things:

Pinging the team like @rust-lang/lang is not an effective way to get attention. Nomination is the only official way to get attention.

It's ok to nominate things in an "advisory" capacity but not block (e.g., landing a PR), particularly as most any action can ultimately be reversed. But right now, triagebot doesn't track closed issues, so that's a bit risky.

Action items:

We should fix triagebot to track closed issues.

TC: What do we think?

"[RFC] `core::marker::Freeze` in bounds" rfcs#3633

Link: https://github.com/rust-lang/rfcs/pull/3633

TC: There's a proposal on the table for the stabilization of the Freeze trait in bounds.

We discussed this in our design meeting on 2024-07-24.

TC: What's next here?

"Implement `PartialOrd` and `Ord` for `Discriminant`" rust#106418

Link: https://github.com/rust-lang/rust/pull/106418

TC: We discussed this last in the meeting on 2024-03-13. scottmcm has now raised on concern on the issue and is planning to make a counter-proposal:

I remain concerned about exposing this with no opt-out on an unrestricted generic type @rfcbot concern overly-broad

I'm committing to making an alternative proposal because I shouldn't block without one. Please hold my feet to the fire if that's no up in a week.

Basically, I have an idea for how we might be able to do this, from #106418 (comment)

Expose the variant ordering privately, only accessible by the type owner/module.

Solution 2. is obviously more desirable, but AFAIK Rust can't do that and there is no proposal to add a feature like that.

https://github.com/rust-lang/rust/pull/106418#issuecomment-1994833151

"Fallout from expansion of redundant import checking" rust#121708

Link: https://github.com/rust-lang/rust/issues/121708

TC: We discussed this in the meeting on 2024-03-13. The feelings expressed included:

We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint.
It would be good if potentially-disruptive expansions of an existing lint either:
- Had a machine-applicable fix.
- Or had a new name.
We don't want to require a new lint name for each expansion.
We don't want to require a crater run for each change to a lint.
There are two ways to prevent disruption worth exploring:
- Prevent potentially-disruptive changes from hitting master.
- Respond quickly to early indications of disruption once the changes hit master.
Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable.

TC: tmandry volunteered to draft a policy proposal.

"What are the guarantees around which constants (and callees) in a function get monomorphized?" rust#122301

Link: https://github.com/rust-lang/rust/issues/122301

TC: The8472 asks whether this code, which compiles today, can be relied upon:

const fn panic<T>() {
    struct W<T>(T);
    impl<T> W<T> {
        const C: () = panic!();
    }
    W::<T>::C
}

struct Invoke<T, const N: usize>(T);

impl<T, const N: usize> Invoke<T, N> {
    const C: () = match N {
        0 => (),
        // Not called for `N == 0`, so not monomorphized.
        _ => panic::<T>(),
    };
}

fn main() {
    let _x = Invoke::<(), 0>::C;
}

The8472 notes that this is a useful property and that there are use cases for this in the compiler and the standard library, at least unless or until we adopt something like const if:

https://github.com/rust-lang/rfcs/issues/3582

RalfJ has pointed out to The8472 that the current behavior might not be intentional and notes:

It's not opt-dependent, but it's also unclear how we want to resolve the opt-dependent issue. Some proposals involve also walking all items "mentioned" in a const. That would be in direct conflict with your goal here I think. To be clear I think that's a weakness of those proposals. But if that turns out to be the only viable strategy then we'll have to decide what we want more: using const tricks to control what gets monomorphized, or not having optimization-dependent errors.

One crucial part of this construction is that everything involved is generic. If somewhere in the two "branches" you end up calling a monomorphic function, then that may have its constants evaluated even if it is in the "dead" branch – or it may not, it depends on which functions are deemed cross-crate-inlinable. That's basically what #122814 is about.

TC: The question to us is whether we want to guarantee this behavior. What do we think?

"Policy for lint expansions" rust#122759

Link: https://github.com/rust-lang/rust/issues/122759

TC: In the call on 2024-03-13, we discussed this issue raised by tmandry:

"Fallout from expansion of redundant import checking"

https://github.com/rust-lang/rust/issues/121708

During the call, the thoughts expressed included:

We don't want to create a perverse incentive for people to expand existing lints rather than to create new ones where appropriate just because there's less process for expanding the meaning of an existing lint.
It would be good if potentially-disruptive expansions of an existing lint either:
- Had a machine-applicable fix.
- Or had a new name.
We don't want to require a new lint name for each expansion.
We don't want to require a crater run for each change to a lint.
There are two ways to prevent disruption worth exploring:
- Prevent potentially-disruptive changes from hitting master.
- Respond quickly to early indications of disruption once the changes hit master.
Compiler maintainers have a sense of what might be disruptive and are cautious to avoid it. It may be OK to have a policy that is not perfectly measurable.

TC: tmandry volunteered to draft a policy proposal. He's now written up this proposal in this issue.

TC: What do we think?

"Tracking Issue for externally implementable items" rust#125418

Link: https://github.com/rust-lang/rust/issues/125418

TC: We reviewed in triage an RFC for externally implementable functions on 2024-05-22 along with a companion/alternative RFC for externally implementable statics. That discussion produced two more proposals, one from Amanieu and one from tmandry.

TC: We're likely going to need a design meeting to work through these.

"Decide on path forward for attributes on expressions" rust#127436

Link: https://github.com/rust-lang/rust/issues/127436

TC: We decided recently to unblock progress on attributes on expressions (RFC 16) by allowing attributes on blocks. We have a proposed FCP to this effect.

After we did this, the question came up what we want to do about attributes in list contexts, e.g.:

call(#[foo] { block1 }, #[bar] { block2 })

…in particular, macro attributes.

Petrochenkov says:

It needs to be decided how proc macros see the commas, or other separators in similar cases.

Ideally proc macros should be able to turn 1 expression into multiple (including 0) expressions in this position, similarly to cfgs or macros in list contexts without separators. So it would be reasonable if the separators were included into both input and output tokens streams (there are probably other alternatives, but they do not fit into the token-based model as well). The "reparse context" bit from #61733 (comment) is likely relevant to this case as well.

We filed a concern to figure this all out.

We discussed this on 2024-07-24 and came up with these options:

Options ordered from least to most conservative (and then from most to least expressive):

Option A: Punt this case and don't support attributes in this position without parens (e.g. call((#[attr] arg), (#[attr] arg2)))

Option B (exactly one): Specify that, for now, if you use a macro attribute on an expression, that macro can only expand to a single expresion (not zero tokens, and no tokens following in the output).

Option C (zero or one): Specify that, for now, if you use a macro attribute on an expression, that macro can only expand to zero tokens or an expression with nothing following (extra tokens, including ,, are an error for now)

Option D (zero or more): Specify that an attribute in this position can expand to tokens that may include a ,, and that if they expand to zero tokens then we elide the comma.

Option E (flexible): include comma, let macro decide, etc

We find it surprising that comma would be included.

In discussion, we seemed generally interested in allowing at least zero and 1. We weren't sure about N, and we weren't sure about the handling of the comma in the input.

TC: What do we think?

"Decide on bounds syntax for async closures (RFC 3668)" rust#128129

Link: https://github.com/rust-lang/rust/issues/128129

In the special design meeting 2024-07-23, we discussed five syntaxes for async closures:

F: async FnMut() -> T
F: AsyncFnMut() -> T
F: async mut fn() -> T
F: async mut () -> T
F: async mut || -> T

Our current straw poll is:

name	`async Fn*() -> T`	`AsyncFn*() -> T`	`async fn * () -> T`	`async * () -> T`	`async * \|A, B\| -> T`
nikomatsakis	+1	+0	-1	-1	-1
tmandry	+1	+1	-0.5	-1	-0.5
Josh	-1	+0.75	+0.5	+1	+0.5
pnkfelix	+0	-0	-0.5	+0	-1
scottmcm
TC	+1	-0.5	-1	-1	-1
CE	+1	-1	-1	-0.5	-1
eholk	+1	+0	-1	-0.75	-0.5

+1: "This is what I would do."
+0: "I'm OK with this, leaning positive."
-0: "I'm neutral to this, leaning negative."
-1: "I would block this."

We agreed to:

Move this to an unresolved question in RFC 3668.
Allow that RFC to proceed to FCP.
Implement both of the two main syntax options in nightly.
Give both syntaxes equal billing in any blog posts about this.

There was substantial discussion of this after the design meeting itself in the thread here:

https://rust-lang.zulipchat.com/#narrow/stream/410673-t-lang.2Fmeetings/topic/Design.20meeting.202024-07-23

TC: This is just an FYI for those that didn't follow this closely.

"Effective breakage to `jiff` due to `ambiguous_negative_literals`" rust#128287

Link: https://github.com/rust-lang/rust/issues/128287

We recently adopted a lint againstn ambiguous_negative_literals like:

assert_eq!(-1.abs(), -1);

However, immediately after this landed, BurntSushi reported that this effectively breaks a pattern he had used in the API of his jiff datetime library:

This completely broke Jiff once the change landed. Because it specifically supports negating spans like -1.hour(). In the case of Jiff, there is no ambiguity because -1.hour() and (-1).hour() and -(1.hour()) are all precisely equivalent.

This seems worth our consideration.

One option proposed is that, perhaps, we should have a way to notate functions that are sensitive to the order of operations here, and lint on calls to those with unparenthesized negative literals.

Another option proposed is to go the other way, and introduce some way to notate functions that are not sensitive to the order of operations.

TC: What do we think?