const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns #140942
+448
−373
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
RalfJung
added
T-lang
|
@rust-lang/lang nominating for FCP following prior discussion in #140653. |
This comment has been minimized.
This comment has been minimized.
RalfJung
force-pushed
the
const-ref-to-mut
branch
from
f619969 to
9767f96
Compare
This comment has been minimized.
This comment has been minimized.
RalfJung
force-pushed
the
const-ref-to-mut
branch
from
9767f96 to
160cee0
Compare
|
Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
RalfJung
commented
May 12, 2025
RalfJung
force-pushed
the
const-ref-to-mut
branch
from
160cee0 to
e316943
Compare
RalfJung
commented
May 12, 2025
RalfJung
force-pushed
the
const-ref-to-mut
branch
from
e316943 to
6722d4d
Compare
This comment has been minimized.
This comment has been minimized.
|
r? @oli-obk (or someone way more familiar with const-eval) |
RalfJung
force-pushed
the
const-ref-to-mut
branch
2 times, most recently
from
57ea31d to
6e9a7f4
Compare
traviscross
removed
the
T-compiler
|
As discussed in #140653 (comment), this sounds right to me, and I propose that we do it. @rfcbot fcp merge |
|
Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members: Concerns:
Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns. |
rfcbot
added
proposed-final-comment-period
bors
added
S-waiting-on-bors
|
This should probably still wait for rust-lang/reference#1865 ? |
bors
added
S-waiting-on-author
|
☔ The latest upstream changes (presumably #142997) made this pull request unmergeable. Please resolve the merge conflicts. |
traviscross
removed
the
S-waiting-on-documentation
traviscross
approved these changes
Jun 26, 2025
|
Thanks for holding this for the documentation updates to the Reference. That's now ready, so we can... @bors r=oli-obk |
bors
added
S-waiting-on-bors
|
...but it has conflicts... @bors r- |
bors
added
S-waiting-on-author
|
Yeah, I was waiting for the reference PR to finish so I don't have to rebase N times. |
RalfJung
force-pushed
the
const-ref-to-mut
branch
from
3f818e4 to
bade3fd
Compare
|
@bors r=oli-obk |
bors
added
S-waiting-on-bors
bors
added a commit
that referenced
this pull request
Jun 27, 2025
…rors Rollup of 18 pull requests Successful merges: - #137843 (make RefCell unstably const) - #140942 (const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns) - #142549 (small iter.intersperse.fold() optimization) - #142637 (Remove some glob imports from the type system) - #142647 ([perf] Compute hard errors without diagnostics in impl_intersection_has_impossible_obligation) - #142700 (Remove incorrect comments in `Weak`) - #142927 (Add note to `find_const_ty_from_env`) - #142967 (Fix RwLock::try_write documentation for WouldBlock condition) - #142986 (Port `#[export_name]` to the new attribute parsing infrastructure) - #143001 (Rename run always ) - #143010 (Update `browser-ui-test` version to `0.20.7`) - #143015 (Add `sym::macro_pin` diagnostic item for `core::pin::pin!()`) - #143033 (Expand const-stabilized API links in relnotes) - #143041 (Remove cache for citool) - #143056 (Move an ACE test out of the GCI directory) - #143059 (Fix 1.88 relnotes) - #143067 (Tracking issue number for `iter_macro`) - #143073 (Fix some fixmes that were waiting for let chains) Failed merges: - #143020 (codegen_fn_attrs: make comment more precise) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
that referenced
this pull request
Jun 27, 2025
Rollup merge of #140942 - RalfJung:const-ref-to-mut, r=oli-obk const-eval: allow constants to refer to mutable/external memory, but reject such constants as patterns This fixes #140653 by accepting code such as this: ```rust static FOO: AtomicU32 = AtomicU32::new(0); const C: &'static AtomicU32 = &FOO; ``` This can be written entirely in safe code, so there can't really be anything wrong with it. We also accept the much more questionable following code, since it looks very similar to the interpreter: ```rust static mut FOO2: u32 = 0; const C2: &'static u32 = unsafe { &mut FOO2 }; ``` Using this without causing UB is at least very hard (the details are unclear since it is related to how the aliasing model deals with the staging of const-eval vs runtime code). If a constant like `C2` is used as a pattern, we emit an error: ``` error: constant BAD_PATTERN cannot be used as pattern --> $DIR/const_refs_to_static_fail.rs:30:9 | LL | BAD_PATTERN => {}, | ^^^^^^^^^^^ | = note: constants that reference mutable or external memory cannot be used as pattern ``` (If you somehow manage to build a pattern with constant `C`, you'd get the same error, but that should be impossible: we don't have a type that can be used in patterns and that has interior mutability.) The same treatment is afforded for shared references to `extern static`, for the same reason: the const evaluation is entirely fine with it, we just can't build a pattern for it -- and when using interior mutability, this can be totally sound. We do still not accept anything where there is an `&mut` in the final value of the const, as that should always require unsafe code and it's hard to imagine a sound use-case that would require this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #140653 by accepting code such as this:
This can be written entirely in safe code, so there can't really be anything wrong with it.
We also accept the much more questionable following code, since it looks very similar to the interpreter:
Using this without causing UB is at least very hard (the details are unclear since it is related to how the aliasing model deals with the staging of const-eval vs runtime code).
If a constant like
C2is used as a pattern, we emit an error:(If you somehow manage to build a pattern with constant
C, you'd get the same error, but that should be impossible: we don't have a type that can be used in patterns and that has interior mutability.)The same treatment is afforded for shared references to
extern static, for the same reason: the const evaluation is entirely fine with it, we just can't build a pattern for it -- and when using interior mutability, this can be totally sound.We do still not accept anything where there is an
&mutin the final value of the const, as that should always require unsafe code and it's hard to imagine a sound use-case that would require this.