Rollup merge of #72289 - RalfJung:abort_internal, r=Mark-Simulacrum

RalfJung · web-flow · commit 0a17be9fe5de · 2020-05-17T20:30:27.000+02:00
abort_internal is safe `sys::abort_internal` is stably exposed as a safe function. Forward that assumption "inwards" to the `sys` module by making the function itself safe, too. This corresponds to what #72204 did for the intrinsic. We should probably wait until that lands because some of the intrinsic calls in this PR might then need adjustments.
diff --git a/src/libstd/alloc.rs b/src/libstd/alloc.rs
@@ -279,7 +279,7 @@ pub fn rust_oom(layout: Layout) -> ! {
     let hook: fn(Layout) =
         if hook.is_null() { default_alloc_error_hook } else { unsafe { mem::transmute(hook) } };
     hook(layout);
-    unsafe { crate::sys::abort_internal() }
+    crate::process::abort()
 }
 
 #[cfg(not(test))]
diff --git a/src/libstd/process.rs b/src/libstd/process.rs
@@ -1620,7 +1620,7 @@ pub fn exit(code: i32) -> ! {
 /// [panic hook]: ../../std/panic/fn.set_hook.html
 #[stable(feature = "process_abort", since = "1.17.0")]
 pub fn abort() -> ! {
-    unsafe { crate::sys::abort_internal() };
+    crate::sys::abort_internal();
 }
 
 /// Returns the OS-assigned process identifier associated with this process.
diff --git a/src/libstd/sys/cloudabi/mod.rs b/src/libstd/sys/cloudabi/mod.rs
@@ -51,8 +51,11 @@ pub fn decode_error_kind(errno: i32) -> ErrorKind {
     }
 }
 
-pub unsafe fn abort_internal() -> ! {
-    core::intrinsics::abort();
+pub fn abort_internal() -> ! {
+    #[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
+    unsafe {
+        core::intrinsics::abort();
+    }
 }
 
 pub use libc::strlen;
diff --git a/src/libstd/sys/hermit/mod.rs b/src/libstd/sys/hermit/mod.rs
@@ -74,8 +74,10 @@ pub extern "C" fn floor(x: f64) -> f64 {
     unsafe { intrinsics::floorf64(x) }
 }
 
-pub unsafe fn abort_internal() -> ! {
-    abi::abort();
+pub fn abort_internal() -> ! {
+    unsafe {
+        abi::abort();
+    }
 }
 
 // FIXME: just a workaround to test the system
@@ -88,7 +90,7 @@ pub fn hashmap_random_keys() -> (u64, u64) {
 #[cfg(not(test))]
 #[no_mangle]
 // NB. used by both libunwind and libpanic_abort
-pub unsafe extern "C" fn __rust_abort() {
+pub extern "C" fn __rust_abort() {
     abort_internal();
 }
 
diff --git a/src/libstd/sys/sgx/mod.rs b/src/libstd/sys/sgx/mod.rs
@@ -124,16 +124,16 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {
     return n;
 }
 
-pub unsafe fn abort_internal() -> ! {
-    abi::usercalls::exit(true)
+pub fn abort_internal() -> ! {
+    unsafe { abi::usercalls::exit(true) }
 }
 
 // This function is needed by the panic runtime. The symbol is named in
 // pre-link args for the target specification, so keep that in sync.
 #[cfg(not(test))]
 #[no_mangle]
 // NB. used by both libunwind and libpanic_abort
-pub unsafe extern "C" fn __rust_abort() {
+pub extern "C" fn __rust_abort() {
     abort_internal();
 }
 
diff --git a/src/libstd/sys/unix/mod.rs b/src/libstd/sys/unix/mod.rs
@@ -163,6 +163,6 @@ where
 // understandable error message like "Abort trap" rather than "Illegal
 // instruction" that intrinsics::abort would cause, as intrinsics::abort is
 // implemented as an illegal instruction.
-pub unsafe fn abort_internal() -> ! {
-    libc::abort()
+pub fn abort_internal() -> ! {
+    unsafe { libc::abort() }
 }
diff --git a/src/libstd/sys/vxworks/mod.rs b/src/libstd/sys/vxworks/mod.rs
@@ -108,6 +108,6 @@ where
 // understandable error message like "Abort trap" rather than "Illegal
 // instruction" that intrinsics::abort would cause, as intrinsics::abort is
 // implemented as an illegal instruction.
-pub unsafe fn abort_internal() -> ! {
-    libc::abort()
+pub fn abort_internal() -> ! {
+    unsafe { libc::abort() }
 }
diff --git a/src/libstd/sys/wasi/mod.rs b/src/libstd/sys/wasi/mod.rs
@@ -100,8 +100,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {
     return n;
 }
 
-pub unsafe fn abort_internal() -> ! {
-    libc::abort()
+pub fn abort_internal() -> ! {
+    unsafe { libc::abort() }
 }
 
 pub fn hashmap_random_keys() -> (u64, u64) {
diff --git a/src/libstd/sys/wasm/mod.rs b/src/libstd/sys/wasm/mod.rs
@@ -81,8 +81,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {
     return n;
 }
 
-pub unsafe fn abort_internal() -> ! {
-    crate::arch::wasm32::unreachable()
+pub fn abort_internal() -> ! {
+    unsafe { crate::arch::wasm32::unreachable() }
 }
 
 // We don't have randomness yet, but I totally used a random number generator to
diff --git a/src/libstd/sys/windows/mod.rs b/src/libstd/sys/windows/mod.rs
@@ -308,11 +308,14 @@ pub fn dur2timeout(dur: Duration) -> c::DWORD {
 //
 // https://docs.microsoft.com/en-us/cpp/intrinsics/fastfail
 #[allow(unreachable_code)]
-pub unsafe fn abort_internal() -> ! {
+pub fn abort_internal() -> ! {
     #[cfg(any(target_arch = "x86", target_arch = "x86_64"))]
-    {
+    unsafe {
         llvm_asm!("int $$0x29" :: "{ecx}"(7) ::: volatile); // 7 is FAST_FAIL_FATAL_APP_EXIT
         crate::intrinsics::unreachable();
     }
-    crate::intrinsics::abort();
+    #[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
+    unsafe {
+        crate::intrinsics::abort();
+    }
 }
diff --git a/src/libstd/sys_common/util.rs b/src/libstd/sys_common/util.rs
@@ -16,9 +16,7 @@ pub fn dumb_print(args: fmt::Arguments<'_>) {
 
 pub fn abort(args: fmt::Arguments<'_>) -> ! {
     dumb_print(format_args!("fatal runtime error: {}\n", args));
-    unsafe {
-        crate::sys::abort_internal();
-    }
+    crate::sys::abort_internal();
 }
 
 #[allow(dead_code)] // stack overflow detection not enabled on all platforms

Original file line number	Diff line number	Diff line change
`@@ -279,7 +279,7 @@ pub fn rust_oom(layout: Layout) -> ! {`
`279`	`279`	`let hook: fn(Layout) =`
`280`	`280`	`if hook.is_null() { default_alloc_error_hook } else { unsafe { mem::transmute(hook) } };`
`281`	`281`	`hook(layout);`
`282`		`- unsafe { crate::sys::abort_internal() }`
	`282`	`+ crate::process::abort()`
`283`	`283`	`}`
`284`	`284`
`285`	`285`	`#[cfg(not(test))]`
Original file line number	Diff line number	Diff line change
`@@ -1620,7 +1620,7 @@ pub fn exit(code: i32) -> ! {`
`1620`	`1620`	`/// [panic hook]: ../../std/panic/fn.set_hook.html`
`1621`	`1621`	`#[stable(feature = "process_abort", since = "1.17.0")]`
`1622`	`1622`	`pub fn abort() -> ! {`
`1623`		`- unsafe { crate::sys::abort_internal() };`
	`1623`	`+ crate::sys::abort_internal();`
`1624`	`1624`	`}`
`1625`	`1625`
`1626`	`1626`	`/// Returns the OS-assigned process identifier associated with this process.`
Original file line number	Diff line number	Diff line change
`@@ -51,8 +51,11 @@ pub fn decode_error_kind(errno: i32) -> ErrorKind {`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`
`54`		`-pub unsafe fn abort_internal() -> ! {`
`55`		`- core::intrinsics::abort();`
	`54`	`+pub fn abort_internal() -> ! {`
	`55`	+ #[cfg_attr(not(bootstrap), allow(unused_unsafe))] // remove `unsafe` on bootstrap bump
	`56`	`+ unsafe {`
	`57`	`+ core::intrinsics::abort();`
	`58`	`+ }`
`56`	`59`	`}`
`57`	`60`
`58`	`61`	`pub use libc::strlen;`
Original file line number	Diff line number	Diff line change
`@@ -74,8 +74,10 @@ pub extern "C" fn floor(x: f64) -> f64 {`
`74`	`74`	`unsafe { intrinsics::floorf64(x) }`
`75`	`75`	`}`
`76`	`76`
`77`		`-pub unsafe fn abort_internal() -> ! {`
`78`		`- abi::abort();`
	`77`	`+pub fn abort_internal() -> ! {`
	`78`	`+ unsafe {`
	`79`	`+ abi::abort();`
	`80`	`+ }`
`79`	`81`	`}`
`80`	`82`
`81`	`83`	`// FIXME: just a workaround to test the system`
`@@ -88,7 +90,7 @@ pub fn hashmap_random_keys() -> (u64, u64) {`
`88`	`90`	`#[cfg(not(test))]`
`89`	`91`	`#[no_mangle]`
`90`	`92`	`// NB. used by both libunwind and libpanic_abort`
`91`		`-pub unsafe extern "C" fn __rust_abort() {`
	`93`	`+pub extern "C" fn __rust_abort() {`
`92`	`94`	`abort_internal();`
`93`	`95`	`}`
`94`	`96`
Original file line number	Diff line number	Diff line change
`@@ -124,16 +124,16 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {`
`124`	`124`	`return n;`
`125`	`125`	`}`
`126`	`126`
`127`		`-pub unsafe fn abort_internal() -> ! {`
`128`		`- abi::usercalls::exit(true)`
	`127`	`+pub fn abort_internal() -> ! {`
	`128`	`+ unsafe { abi::usercalls::exit(true) }`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`// This function is needed by the panic runtime. The symbol is named in`
`132`	`132`	`// pre-link args for the target specification, so keep that in sync.`
`133`	`133`	`#[cfg(not(test))]`
`134`	`134`	`#[no_mangle]`
`135`	`135`	`// NB. used by both libunwind and libpanic_abort`
`136`		`-pub unsafe extern "C" fn __rust_abort() {`
	`136`	`+pub extern "C" fn __rust_abort() {`
`137`	`137`	`abort_internal();`
`138`	`138`	`}`
`139`	`139`
Original file line number	Diff line number	Diff line change
`@@ -163,6 +163,6 @@ where`
`163`	`163`	`// understandable error message like "Abort trap" rather than "Illegal`
`164`	`164`	`// instruction" that intrinsics::abort would cause, as intrinsics::abort is`
`165`	`165`	`// implemented as an illegal instruction.`
`166`		`-pub unsafe fn abort_internal() -> ! {`
`167`		`- libc::abort()`
	`166`	`+pub fn abort_internal() -> ! {`
	`167`	`+ unsafe { libc::abort() }`
`168`	`168`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,6 @@ where`
`108`	`108`	`// understandable error message like "Abort trap" rather than "Illegal`
`109`	`109`	`// instruction" that intrinsics::abort would cause, as intrinsics::abort is`
`110`	`110`	`// implemented as an illegal instruction.`
`111`		`-pub unsafe fn abort_internal() -> ! {`
`112`		`- libc::abort()`
	`111`	`+pub fn abort_internal() -> ! {`
	`112`	`+ unsafe { libc::abort() }`
`113`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -100,8 +100,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {`
`100`	`100`	`return n;`
`101`	`101`	`}`
`102`	`102`
`103`		`-pub unsafe fn abort_internal() -> ! {`
`104`		`- libc::abort()`
	`103`	`+pub fn abort_internal() -> ! {`
	`104`	`+ unsafe { libc::abort() }`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`pub fn hashmap_random_keys() -> (u64, u64) {`
Original file line number	Diff line number	Diff line change
`@@ -81,8 +81,8 @@ pub unsafe fn strlen(mut s: *const c_char) -> usize {`
`81`	`81`	`return n;`
`82`	`82`	`}`
`83`	`83`
`84`		`-pub unsafe fn abort_internal() -> ! {`
`85`		`- crate::arch::wasm32::unreachable()`
	`84`	`+pub fn abort_internal() -> ! {`
	`85`	`+ unsafe { crate::arch::wasm32::unreachable() }`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`// We don't have randomness yet, but I totally used a random number generator to`
Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,7 @@ pub fn dumb_print(args: fmt::Arguments<'_>) {`
`16`	`16`
`17`	`17`	`pub fn abort(args: fmt::Arguments<'_>) -> ! {`
`18`	`18`	`dumb_print(format_args!("fatal runtime error: {}\n", args));`
`19`		`- unsafe {`
`20`		`- crate::sys::abort_internal();`
`21`		`- }`
	`19`	`+ crate::sys::abort_internal();`
`22`	`20`	`}`
`23`	`21`
`24`	`22`	`#[allow(dead_code)] // stack overflow detection not enabled on all platforms`