Closed
Description
I tried this code (playground):
static mut FLAG: bool = false;
fn main() {
let p = std::ptr::addr_of!(FLAG);
println!("{p:p}")
}
I expected this to compile without adding an unsafe
block, since the act of getting the address of the static on its own cannot(?) cause Undefined Behavior. Making addr_of!
and addr_of_mut!
safe when used on a static mut
would make the behavior consistent with UnsafeCell::get
, which has identical safety concerns in a multithreaded environment.
Meta
Exists on stable and the nightly version used by playground (2024-05-30).
Activity
workingjubilee commentedon May 31, 2024
It has been in general our expressed preference over time that you use
static FLAG: UnsafeCell<bool> = false;
(or perhapsstatic FLAG: AtomicBool = AtomicBool::new(false);
, which is also anUnsafeCell
) asstatic mut
is quite counterintuitive in many different ways.workingjubilee commentedon May 31, 2024
see #123758
workingjubilee commentedon May 31, 2024
Hmm, it seems we don't take into account this around here:
rust/compiler/rustc_mir_build/src/check_unsafety.rs
Lines 452 to 464 in ada5e2c
Simple fix. I think?
gfaster commentedon May 31, 2024
It seems like #114447 even floats this idea exactly.
Not being able to use
UnsafeCell
directly in statics isn't so nice since it isn'tSync
, but there's #95439 for that. That being said, maybe I ought to write a Clippy lint for some of those alternatives, particularly for flag booleans.I should clarify that I just ran into this when writing some code for a demonstration, so direct replacements aren't exactly applicable. Regardless, I believe the inconsistency stands.
workingjubilee commentedon May 31, 2024
Hmm, looking at things more closely, I don't see why it's a Deref. That should be an
ExprKind::AddressOf
...?gfaster commentedon May 31, 2024
#95439 (comment) claims that arithmetic on
static mut
is unsafe. I'm not sure why that would be - canaddr_of!
violate LLVM'snoalias
?Maybe something like this causes problems?
workingjubilee commentedon May 31, 2024
I think that might be just descriptive (of the problem being discussed here).
workingjubilee commentedon May 31, 2024
well, that was an unexpected THIR desugaring.
workingjubilee commentedon May 31, 2024
Oh! Oh, I see, the way that this is defined is that naming a
static
generates an*mut Static
and then derefs it, creating the appropriate place expression.&raw (const|mut) UNSAFE_STATIC
implied deref as safe #125834workingjubilee commentedon Jun 1, 2024
PR up at #125834
workingjubilee commentedon Jun 1, 2024
I wanted to say that the compiler should fix it by choosing a different lowering for naming
STATIC_MUT
, but that doesn't seem like anything reasonable to implement Soon, so I implemented my original thought of complicating the unsafety check.Rollup merge of rust-lang#125834 - workingjubilee:weaken-thir-unsafec…
Rollup merge of rust-lang#125834 - workingjubilee:weaken-thir-unsafec…
Unrolled build for rust-lang#125834
Rollup merge of #125834 - workingjubilee:weaken-thir-unsafeck-for-add…