3c511bb417
Continuation of #3054: enable spurious reads in TB The last additions to the test suite of TB left some unresolved `#[should_panic]` that these new modifications solve. ## Problem Recall that the issues were arising from the interleavings that follow. ### A. `Reserved -> Frozen` has visible effects after function exit The transition `Reserved -> Frozen` irreversibly blocks write accesses to the tag, so in the interleaving below `y` initially `Reserved` becomes `Frozen` only in the target where a spurious read through `x` is inserted. This makes the later write through `y` UB only in the target and not in the source. ``` 1: retag x (&, protect) 2: retag y (&mut, protect) 1: spurious read x 1: ret x 2: ret y 2: write y ``` ### B. Protectors only announce their presence on retag There is a read-on-reborrow for protected locations, but if the retag of `x` occurs before that of `y` and there is no explicit access through `x`, then `y` is unaware of the existence of `x`. This is problematic because a spurious read inserted through `x` between the retag of `y` and the return of the function protecting `x` is a noalias violation in the target without UB in the source. ``` 1: retag x (&, protect) 2: retag y (&mut, protect) 1: spurious read x 1: ret x 2: write y 2: ret y ``` ## Step 1: Finer behavior for `Reserved` Since one problem is that `Reserved -> Frozen` has consequences beyond function exit, we decide to remove this transition entirely. To replace it we introduce a new subtype of `Reserved` with the extra boolean `aliased` set. `Reserved { aliased: true }` forbids child accesses, but only temporarily: it has no effect on activation once the tag is no longer protected. This makes the semantics of Tree Borrows slightly weaker in favor of being more similar to noalias. This solves interleaving **A.**, but **B.** is still a problem and the exhaustive tests do not pass yet. ## Step 2: Read on function exit Protected tags issue a "reminder" that they are protected until this instant inclusive, in the form of an implicit read (symmetrically to the implicit read on retag). This ensures that if the periods on which two tags `x` and `y` are protected overlap then no matter the interleaving of retags and returns, there is either a protector currently active or a read that has been emitted, both of which temporarily block activation. This makes the exhaustive test designed previously pass, but it has an effect on the ability to return an activated pointer that I had not foreseen before implementing it. ## Step 2': Do not propagate to children A naive implementation of **Step 2** makes the following code UB: ```rs fn reborrow(x: &mut u8) -> &mut u8 { let y = &mut *x; *y = *y; y // callee returns `y: Active`... } let x = &mut 0u8; let y = reborrow(x); // ... and caller receives `y: Frozen` *y = 1; // UB ``` This is unacceptable, and a simple fix is to make this implicit read visible only to foreign tags. We still lack hindsight on the ramifications of this decision, and the fact that the problematic pattern was only discovered because it occured in one completely unrelated test (with a cryptic error message) is worrying. We should be vigilant as to how this interacts with the rest of the model. ## TODO As of commit #281c30, the data race model has not been fully updated. We have removed the reborrow of mutable references counting as a write access, but we still need the implicit read of function exit to count as a read. |
||
|---|---|---|
| .github | ||
| .reuse | ||
| compiler | ||
| library | ||
| LICENSES | ||
| src | ||
| tests | ||
| .editorconfig | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .mailmap | ||
| Cargo.lock | ||
| Cargo.toml | ||
| CODE_OF_CONDUCT.md | ||
| config.example.toml | ||
| configure | ||
| CONTRIBUTING.md | ||
| COPYRIGHT | ||
| LICENSE-APACHE | ||
| LICENSE-MIT | ||
| README.md | ||
| RELEASES.md | ||
| rustfmt.toml | ||
| triagebot.toml | ||
| x | ||
| x.ps1 | ||
| x.py | ||
The Rust Programming Language
This is the main source code repository for Rust. It contains the compiler, standard library, and documentation.
Note: this README is for users rather than contributors. If you wish to contribute to the compiler, you should read CONTRIBUTING.md instead.
Quick Start
Read "Installation" from The Book.
Installing from Source
The Rust build system uses a Python script called x.py to build the compiler,
which manages the bootstrapping process. It lives at the root of the project.
It also uses a file named config.toml to determine various configuration
settings for the build. You can see a full list of options in
config.example.toml.
The x.py command can be run directly on most Unix systems in the following
format:
./x.py <subcommand> [flags]
This is how the documentation and examples assume you are running x.py.
See the rustc dev guide if this does not work on your
platform.
More information about x.py can be found by running it with the --help flag
or reading the rustc dev guide.
Dependencies
Make sure you have installed the dependencies:
python3 or 2.7git- A C compiler (when building for the host,
ccis enough; cross-compiling may need additional compilers) curl(not needed on Windows)pkg-configif you are compiling on Linux and targeting Linuxlibiconv(already included with glibc on Debian-based distros)
To build Cargo, you'll also need OpenSSL (libssl-dev or openssl-devel on
most Unix distros).
If building LLVM from source, you'll need additional tools:
g++,clang++, or MSVC with versions listed on LLVM's documentationninja, or GNUmake3.81 or later (Ninja is recommended, especially on Windows)cmake3.13.4 or laterlibstdc++-staticmay be required on some Linux distributions such as Fedora and Ubuntu
On tier 1 or tier 2 with host tools platforms, you can also choose to download
LLVM by setting llvm.download-ci-llvm = true.
Otherwise, you'll need LLVM installed and llvm-config in your path.
See the rustc-dev-guide for more info.
Building on a Unix-like system
Build steps
-
Clone the source with
git:git clone https://github.com/rust-lang/rust.git cd rust
-
Configure the build settings:
./configureIf you plan to use
x.py installto create an installation, it is recommended that you set theprefixvalue in the[install]section to a directory:./configure --set install.prefix=<path> -
Build and install:
./x.py build && ./x.py installWhen complete,
./x.py installwill place several programs into$PREFIX/bin:rustc, the Rust compiler, andrustdoc, the API-documentation tool. By default, it will also include Cargo, Rust's package manager. You can disable this behavior by passing--set build.extended=falseto./configure.
Configure and Make
This project provides a configure script and makefile (the latter of which just
invokes x.py). ./configure is the recommended way to programatically
generate a config.toml. make is not recommended (we suggest using x.py
directly), but it is supported and we try not to break it unnecessarily.
./configure
make && sudo make install
configure generates a config.toml which can also be used with normal x.py
invocations.
Building on Windows
On Windows, we suggest using winget to install dependencies by running the following in a terminal:
winget install -e Python.Python.3
winget install -e Kitware.CMake
winget install -e Git.Git
Then edit your system's PATH variable and add: C:\Program Files\CMake\bin.
See
this guide on editing the system PATH
from the Java documentation.
There are two prominent ABIs in use on Windows: the native (MSVC) ABI used by Visual Studio and the GNU ABI used by the GCC toolchain. Which version of Rust you need depends largely on what C/C++ libraries you want to interoperate with. Use the MSVC build of Rust to interop with software produced by Visual Studio and the GNU build to interop with GNU software built using the MinGW/MSYS2 toolchain.
MinGW
MSYS2 can be used to easily build Rust on Windows:
-
Download the latest MSYS2 installer and go through the installer.
-
Run
mingw32_shell.batormingw64_shell.batfrom the MSYS2 installation directory (e.g.C:\msys64), depending on whether you want 32-bit or 64-bit Rust. (As of the latest version of MSYS2 you have to runmsys2_shell.cmd -mingw32ormsys2_shell.cmd -mingw64from the command line instead.) -
From this terminal, install the required tools:
# Update package mirrors (may be needed if you have a fresh install of MSYS2) pacman -Sy pacman-mirrors # Install build tools needed for Rust. If you're building a 32-bit compiler, # then replace "x86_64" below with "i686". If you've already got Git, Python, # or CMake installed and in PATH you can remove them from this list. # Note that it is important that you do **not** use the 'python2', 'cmake', # and 'ninja' packages from the 'msys2' subsystem. # The build has historically been known to fail with these packages. pacman -S git \ make \ diffutils \ tar \ mingw-w64-x86_64-python \ mingw-w64-x86_64-cmake \ mingw-w64-x86_64-gcc \ mingw-w64-x86_64-ninja -
Navigate to Rust's source code (or clone it), then build it:
python x.py setup user && python x.py build && python x.py install
MSVC
MSVC builds of Rust additionally require an installation of Visual Studio 2017
(or later) so rustc can use its linker. The simplest way is to get
Visual Studio, check the "C++ build tools" and "Windows 10 SDK" workload.
(If you're installing CMake yourself, be careful that "C++ CMake tools for Windows" doesn't get included under "Individual components".)
With these dependencies installed, you can build the compiler in a cmd.exe
shell with:
python x.py setup user
python x.py build
Right now, building Rust only works with some known versions of Visual Studio. If you have a more recent version installed and the build system doesn't understand, you may need to force rustbuild to use an older version. This can be done by manually calling the appropriate vcvars file before running the bootstrap.
CALL "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
python x.py build
Specifying an ABI
Each specific ABI can also be used from either environment (for example, using the GNU ABI in PowerShell) by using an explicit build triple. The available Windows build triples are:
- GNU ABI (using GCC)
i686-pc-windows-gnux86_64-pc-windows-gnu
- The MSVC ABI
i686-pc-windows-msvcx86_64-pc-windows-msvc
The build triple can be specified by either specifying --build=<triple> when
invoking x.py commands, or by creating a config.toml file (as described in
Building on a Unix-like system), and passing
--set build.build=<triple> to ./configure.
Building Documentation
If you'd like to build the documentation, it's almost the same:
./x.py doc
The generated documentation will appear under doc in the build directory for
the ABI used. That is, if the ABI was x86_64-pc-windows-msvc, the directory
will be build\x86_64-pc-windows-msvc\doc.
Notes
Since the Rust compiler is written in Rust, it must be built by a precompiled "snapshot" version of itself (made in an earlier stage of development). As such, source builds require an Internet connection to fetch snapshots, and an OS that can execute the available snapshot binaries.
See https://doc.rust-lang.org/nightly/rustc/platform-support.html for a list of supported platforms. Only "host tools" platforms have a pre-compiled snapshot binary available; to compile for a platform without host tools you must cross-compile.
You may find that other platforms work, but these are our officially supported build environments that are most likely to work.
Getting Help
See https://www.rust-lang.org/community for a list of chat platforms and forums.
Contributing
See CONTRIBUTING.md.
License
Rust is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0), with portions covered by various BSD-like licenses.
See LICENSE-APACHE, LICENSE-MIT, and COPYRIGHT for details.
Trademark
The Rust Foundation owns and protects the Rust and Cargo trademarks and logos (the "Rust Trademarks").
If you want to use these names or brands, please read the media guide.
Third-party logos may be subject to third-party copyrights and trademarks. See Licenses for details.