Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make ub_check message clear that it's not an assert #136750

Merged
merged 1 commit into from
Feb 18, 2025
Merged

Make ub_check message clear that it's not an assert #136750

merged 1 commit into from
Feb 18, 2025

Conversation

kornelski
Copy link
Contributor

I've seen a user assume that their unsound code was safe, because ub_check prevented the program from performing the unsafe operation.

This PR makes the panic message clearer that ub_check is a bug detector, not run-time safety protection.

@rustbot
Copy link
Collaborator

rustbot commented Feb 8, 2025

r? @cuviper

rustbot has assigned @cuviper.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Feb 8, 2025
@Noratrieb
Copy link
Member

r? @saethlin

@rustbot rustbot assigned saethlin and unassigned cuviper Feb 8, 2025
@saethlin
Copy link
Member

saethlin commented Feb 9, 2025

It's good to have experience reports, but these checks have been around for 6 releases and this is the first time I've seen this response. Everyone else seems clear on the idea that "violating an unsafe precondition" is something you should fix your code to not do. If it's that combination of words that is hard to understand, I'd rather adjust those in the diagnostic than shout at our users or emit text that is redundant to everyone but an extremely small minority.

@saethlin saethlin added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Feb 10, 2025
@kornelski
Copy link
Contributor Author

I've calmed down the shouty part.

The current "unsafe precondition(s) violated" part is very clear that a precondition has been violated, but on its own is not very clear what the consequences of violating the precondition are. It's not obvious whether this check indicates UB, or prevents UB. Compare:

  • In the regular array[index] there's a safety precondition that the index must be in bounds. There's code that checks the precondition, and panics when the precondition is violated. The panic makes it safe, and you can keep the code as-is.

  • In array.get_unchecked(index) there's a safety precondition that the index must be in bounds. There's code that checks the precondition, and panics when the precondition is violated. The panic doesn't make it safe, and you must fix the code.

On the surface both safety checks are similar and catch the same error, but they indicate very different things. Evidently, the wording difference between "unsafe precondition" and other preconditions that prevent unsafety isn't clear enough.

So I still think the message would benefit from giving more context. This message is only aimed at developers, and is only meant to be used in dev builds, so I don't see a problem with making it as long as needed.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rustbot
Copy link
Collaborator

rustbot commented Feb 16, 2025

The Miri subtree was changed

cc @rust-lang/miri

@saethlin
Copy link
Member

Hm. I think I'm more positive on this now, but really my opinion on these tends to change as a result of directly watching people run into them.

Thank you for your input on this little feature.

@bors r+ rollup

@bors
Copy link
Contributor

bors commented Feb 18, 2025

📌 Commit ca28827 has been approved by saethlin

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Feb 18, 2025
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Feb 18, 2025
@matthiaskrgr
Rollup merge of rust-lang#136750 - kornelski:ub-bug, r=saethlin
a7ada04 
Make ub_check message clear that it's not an assert

I've seen a user assume that their unsound code was *safe*, because ub_check prevented the program from performing the unsafe operation.

This PR makes the panic message clearer that ub_check is a bug detector, not run-time safety protection.
@matthiaskrgr matthiaskrgr mentioned this pull request Feb 18, 2025
Closed
GuillaumeGomez added a commit to GuillaumeGomez/rust that referenced this pull request Feb 18, 2025
@GuillaumeGomez
Rollup merge of rust-lang#136750 - kornelski:ub-bug, r=saethlin
20ea0c8 
Make ub_check message clear that it's not an assert

I've seen a user assume that their unsound code was *safe*, because ub_check prevented the program from performing the unsafe operation.

This PR makes the panic message clearer that ub_check is a bug detector, not run-time safety protection.
@GuillaumeGomez GuillaumeGomez mentioned this pull request Feb 18, 2025
Closed
bors added a commit to rust-lang-ci/rust that referenced this pull request Feb 18, 2025
@bors
Auto merge of rust-lang#137212 - GuillaumeGomez:rollup-fc4rqfu, r=Gui…
a584f94 
…llaumeGomez

Rollup of 11 pull requests

Successful merges:

 - rust-lang#127793 (Added project-specific Zed IDE settings)
 - rust-lang#134995 (Stabilize const_slice_flatten)
 - rust-lang#135767 (Future incompatibility warning `unsupported_fn_ptr_calling_conventions`: Also warn in dependencies)
 - rust-lang#136599 (librustdoc: more usages of `Joined::joined`)
 - rust-lang#136750 (Make ub_check message clear that it's not an assert)
 - rust-lang#137000 (Deeply normalize item bounds in new solver)
 - rust-lang#137126 (fix docs for inherent str constructors)
 - rust-lang#137151 (Install more signal stack trace handlers)
 - rust-lang#137161 (Pattern Migration 2024: fix incorrect messages/suggestions when errors arise in macro expansions)
 - rust-lang#137167 (tests: Also gate `f16::erfc()` doctest with `reliable_f16_math` cfg)
 - rust-lang#137177 (Update `minifier-rs` version to `0.3.5`)

r? `@ghost`
`@rustbot` modify labels: rollup
@Urgau Urgau mentioned this pull request Feb 18, 2025
Merged
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this pull request Feb 18, 2025
@matthiaskrgr
Rollup merge of rust-lang#136750 - kornelski:ub-bug, r=saethlin
bdf7fd4 
Make ub_check message clear that it's not an assert

I've seen a user assume that their unsound code was *safe*, because ub_check prevented the program from performing the unsafe operation.

This PR makes the panic message clearer that ub_check is a bug detector, not run-time safety protection.
@matthiaskrgr matthiaskrgr mentioned this pull request Feb 18, 2025
Closed
bors added a commit to rust-lang-ci/rust that referenced this pull request Feb 18, 2025
@bors
Auto merge of rust-lang#137231 - Urgau:rollup-heiq934, r=Urgau
827a0d6 
Rollup of 9 pull requests

Successful merges:

 - rust-lang#136750 (Make ub_check message clear that it's not an assert)
 - rust-lang#137151 (Install more signal stack trace handlers)
 - rust-lang#137167 (tests: Also gate `f16::erfc()` doctest with `reliable_f16_math` cfg)
 - rust-lang#137195 (cg_clif: use exclusively ABI alignment)
 - rust-lang#137202 (Enforce T: Hash for Interned<...>)
 - rust-lang#137205 (Remove `std::os::wasi::fs::FileExt::tell`)
 - rust-lang#137211 (don't ICE for alias-relate goals with error term)
 - rust-lang#137214 (add last std diagnostic items for clippy)
 - rust-lang#137221 (Remove scrutinee_hir_id from ExprKind::Match)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit d7fe4c0 into rust-lang:master Feb 18, 2025
6 checks passed
@rustbot rustbot added this to the 1.87.0 milestone Feb 18, 2025
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request Feb 18, 2025
@rust-timer
Unrolled build for rust-lang#136750
46c0287 
Rollup merge of rust-lang#136750 - kornelski:ub-bug, r=saethlin

Make ub_check message clear that it's not an assert

I've seen a user assume that their unsound code was *safe*, because ub_check prevented the program from performing the unsafe operation.

This PR makes the panic message clearer that ub_check is a bug detector, not run-time safety protection.
@kornelski kornelski deleted the ub-bug branch February 21, 2025 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@saethlin saethlin

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.87.0
Development

Successfully merging this pull request may close these issues.
7 participants
@kornelski @rustbot @Noratrieb @saethlin @rust-log-analyzer @bors @cuviper