Skip to content

document Rust 1.90 changes #580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
+36 −4
Open

document Rust 1.90 changes #580

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6cecf63
document Rust 1.90 changes
tshepang Oct 10, 2025
f669cc9
bump version
tshepang Oct 10, 2025
b874b5d
the restriction was not documented
tshepang Oct 13, 2025
a9fdd2d
remove an obsolete restriction
tshepang Oct 16, 2025
af19a30
restore an adjusted restriction
tshepang Oct 18, 2025
47ce8fd
that equivalent paragraph was actually moved to a new place
tshepang Oct 18, 2025
00c1bfd
add restrictions on constant expressions
tshepang Oct 18, 2025
d261499
lifetime extension here applies to static lifetimes
tshepang Oct 25, 2025
6465ff2
stronger wording
tshepang Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions src/changelog.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,23 @@ with the change that has been applied due to it.
just the language changes that had an impact to the FLS. See the `release
notes`_ for a full list of changes.

Language changes in Rust 1.90.0
-------------------------------

- `Split up the unknown_or_malformed_diagnostic_attributes lint <https://github.com/rust-lang/rust/pull/140717>`_

- No change: lints are not part of the FLS

- `Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns <https://github.com/rust-lang/rust/pull/140942>`_

- This lifted restriction was not specified in the FLS
- The restriction on patterns is documented in :p:`fls_wJ9f906BlBvg`
- New paragraph: :p:`fls_zyuxqty09SDO`

- `Allow volatile access to non-Rust memory, including address 0 <https://github.com/rust-lang/rust/pull/141260>`_

- No change: lints are not part of the FLS

Language changes in Rust 1.89.0
-------------------------------

Expand Down Expand Up @@ -317,6 +334,10 @@ Language changes in Rust 1.83.0

* Changed paragraphs: :p:`fls_to4e7imq2c0w`, :p:`fls_6g7c1kjrmfnr`, :p:`fls_hkbwa8xx2fwx`

* New paragraph: :p:`fls_ooOYxhVh8hZo`

* Removed paragraph: :p:`fls_ox6sgl9n43g2`

* `Allow creating references to statics in \`const\` initializers. <https://github.com/rust-lang/rust/pull/129759>`_

* No change: This previous restriction is not specified in the FLS
Expand Down
8 changes: 5 additions & 3 deletions src/expressions.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,9 +312,11 @@ A :t:`constant context` is a :t:`construct` that requires a
* :dp:`fls_ucFupTeCyylb`
The :t:`block expression` of a :t:`const block expression`.

:dp:`fls_ox6sgl9n43g2`
It is a static error to create a :t:`mutable reference` in a
:t:`constant context`.
* :dp:`fls_zyuxqty09SDO`
All forms of :t:`[borrow]s` except those of expressions that are subject to
:t:`drop scope extension` to the end of the program
and which are either :t:`[mutable borrow]s`
or borrows of expressions that result in values with :t:`interior mutability`.

:dp:`fls_od0h3v40kjp6`
An invocation of the :std:`core::ptr::addr_of` :t:`macro` expands to a
Expand Down
6 changes: 6 additions & 0 deletions src/patterns.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,12 @@ When a :t:`path pattern` refers to an :t:`associated constant` or a
:t:`constant`, the :t:`type` of the :t:`associated constant` or :t:`constant`
shall be :t:`structurally equal`.

:dp:`fls_wJ9f906BlBvg`
When a :t:`path pattern` refers to an :t:`associated constant` or a
:t:`constant`, the :t:`constant` must not contain any references to
:t:`[mutable static]s`, :t:`[static]s` with :t:`interior mutability`,
or :t:`[external static]s`.

:dp:`fls_hF19K8sWU8FF`
When the type of the :t:`path pattern` is of an :t:`enum type` or
:t:`struct type`, then the :t:`enum type` or :t:`struct type` shall be subject
Expand Down
3 changes: 3 additions & 0 deletions src/values.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ The :t:`type specification` of a :t:`constant` shall have ``'static``
The :t:`type` of a :t:`constant` shall implement the :std:`core::marker::Sized`
:t:`trait`.

:dp:`fls_ooOYxhVh8hZo`
The type of a :t:`constant` cannot be a :t:`mutable reference type`.

Comment on lines +98 to +100
Copy link
Contributor

@traviscross traviscross Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two things. One, even with the other rule, this needs to talk about containing a mutable reference rather than being one.

Two, it's not enough to talk about types here. We actually do this reasoning by value, not by type.

trait Tr {}
impl<T: ?Sized> Tr for T {}
static mut X: u8 = 0;
const _: &dyn Tr = unsafe { &&mut X }; //~ ERROR
//       ^^^^^^^
// This type does not contain any mutable references.

Copy link
Member Author

@tshepang tshepang Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

am not sure how to word this simply, given the complexities

Copy link
Contributor

@kirtchev-adacore kirtchev-adacore Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will give this a shot.

The paragraph

The type of a :t:constant cannot be a :t:mutable reference type.

should be removed.

Insert the following after
7.1:8 The value of a constant is determined by evaluating its constant initializer.

The value of a constant cannot contain any mutable references, except when:

  • The type of the constant is an immutable reference and the initializer contains a reference to a mutable static, or
  • The type of the constant is subject to interior mutability and the initializer contains a reference to a value subject to interior mutability, or
  • The type of the constant is a zero-sized type and the initializer contains a reference to a value of a zero-sized type, or
  • The initializer contains a reference to an external static.

I am not sure whether the type of the constant plays a role in the external static case.

Copy link
Contributor

@traviscross traviscross Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value of a constant cannot contain any mutable references, except when... The initializer contains a reference to an external static.

unsafe extern "C" {
    safe static S1: u8;
}

static mut S2: u8 = 0;

const C: (&u8, &mut u8) = (&S1, unsafe { &mut S2 }); //~ ERROR
//                         ^^^
// The initializer contains a reference to an external static.

Copy link
Contributor

@traviscross traviscross Nov 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly:

The value of a constant cannot contain any mutable references, except when... The type of the constant is an immutable reference and the initializer contains a reference to a mutable static...

static mut S1: u8 = 0;
static mut S2: u8 = 0;

const C: &(&u8, &mut u8) = unsafe { &(&S1, &mut S2) }; //~ ERROR
//       ^                            ^^^
// The type of the constant is an immutable reference and the
// initializer contains a reference to a mutable static.

Copy link
Contributor

@traviscross traviscross Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The second case is the one I mean. Agreed it's illegal. What rule are we suggesting makes it illegal?

My reading is that this language, by itself, would allow it:

The final value of a constant, after the constant initializer is evaluated to a value of the declared type, cannot contain any mutable references except when... The referent is subject to interior mutability...

Copy link
Contributor

@kirtchev-adacore kirtchev-adacore Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps

The final value of a constant, after the constant initializer is evaluated to a value of the declared type, cannot contain any mutable references except when...

  • The type of the constant is an immutable reference and the referent is subject to interior mutability, or ...

Assuming the above is correct, the full set of rules becomes

The final value of a constant, after the constant initializer is evaluated to a value of the declared type, cannot contain any mutable references except when

  • The mutable reference is successfully coerced to an immutable reference, or
  • The mutable reference is contained within an external static, or
  • The mutable reference is contained within an union, or
  • The type of the constant is an immutable reference and the referent is subject to interior mutability, or
  • The referent is of a zero-sized type.

🙏

Copy link
Contributor

@traviscross traviscross Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The final value of a constant, after the constant initializer is evaluated to a value of the declared type, cannot contain any mutable references except when... The type of the constant is an immutable reference and the referent is subject to interior mutability, or ...

This does actually happen to be true, in one particular case:

#![allow(static_mut_refs)]
use core::cell::UnsafeCell;
struct W<T>(UnsafeCell<T>);
unsafe impl<T> Sync for W<T> {}

static S: W<&mut u8> = {
    static mut I: u8 = 0; W(UnsafeCell::new(unsafe { &mut I }))
};

const _: &W<&mut u8> = &S;

Good catch there. I don't think the Reference actually covers this. I've asked @RalfJung and @oli-obk about this.

Of course, one does have to consider this in the context of the rules for valid constant expressions, which include:

r[const-eval.const-expr.borrows]

  • All forms of [borrow]s, including raw borrows, except borrows of expressions whose temporary scopes would be extended (see [temporary lifetime extension]) to the end of the program and which are either:
    • Mutable borrows.
    • Shared borrows of expressions that result in values with [interior mutability].

That is, one can't simply write const _: .. = &Cell::new(..).

However, the statement is not general enough, as we also accept similar cases where the type of the constant itself is not an immutable reference.

#![allow(static_mut_refs)]
use core::cell::UnsafeCell;
struct W<T>(UnsafeCell<T>);
unsafe impl<T> Sync for W<T> {}

static S: W<&mut u8> = {
    static mut I: u8 = 0; W(UnsafeCell::new(unsafe { &mut I }))
};

struct Outer<T>(T);

const _: Outer<&W<&mut u8>> = Outer(&S);

Copy link
Contributor

@traviscross traviscross Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More generally, in this and other cases, I might suggest that we try to use verbiage that is as close as possible to the relevant rules in the Reference (i.e., trying to adjust only as minimally as possible for style). (And if we think the phrasing in the Reference can be improved, making that PR first.)

Doing this would seem best to help align the documents and to minimize the correctness-checking effort on the FLS side. Thoughts?

Copy link
Member

@RalfJung RalfJung Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

S in these examples is a mutable static, i.e. a static whose backing store permits mutation. So we can't recurse into it for const validation purposes (and it'd make little sense since the data there may change so even if it's valid now, it might become invalid later).

:dp:`fls_ndmfqxjpvsqy`
A :t:`constant initializer` is a :t:`construct` that provides the :t:`value` of
its related :t:`constant`.
Expand Down
2 changes: 1 addition & 1 deletion version.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.. SPDX-License-Identifier: MIT OR Apache-2.0
SPDX-FileCopyrightText: The Ferrocene Developers
SPDX-FileCopyrightText: The Rust Project Developers
.. |spec_version| replace:: 1.88.0
.. |spec_version| replace:: 1.90.0