Allow volatile access to non-Rust memory, including address 0 #141260
+127
−138
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
LuigiPiucco
force-pushed
the
volatile-null
branch
from
7ea9ad7 to
f652fc2
Compare
This comment has been minimized.
This comment has been minimized.
|
Cc @rust-lang/opsem @nikic |
RalfJung
reviewed
May 20, 2025
LuigiPiucco
force-pushed
the
volatile-null
branch
from
2745d4f to
d8b495b
Compare
RalfJung
reviewed
May 23, 2025
This comment has been minimized.
This comment has been minimized.
|
@rustbot author |
rustbot
removed
the
S-waiting-on-review
|
Reminder, once the PR becomes ready for a review, use |
rustbot
added
the
S-waiting-on-author
LuigiPiucco
force-pushed
the
volatile-null
branch
2 times, most recently
from
ccb7d35 to
aae2722
Compare
|
It'd help if you didn't amend and force-push my commit, then I could much easier see what you changed on top of my changes... Now I guess I'll have to download your PR and compare locally against my commit (which was 3ea26bd). In general, please do not force-push while review is still in progress. Github is terrible at dealing with force-pushes. The reviewer will ask you to squash the commits before approval. |
RalfJung
reviewed
May 23, 2025
|
Sorry, I'll add new commits instead of amending from now on. Other projects I worked on seemed to prefer amending, that's why I was doing it like that. |
|
Yeah, every project finds their own way to work around github's deficiencies. :/ I've not yet seen a good way to deal with github's abysmal treatment of force-pushes, though. I often have to pretty much re-review a PR as github provides 0 support for figuring out what actually changes in a series of pushes and force-pushes. When you create your first PR here, a bot posts a message telling you about our PR workflow. But it's probably easy to forget that... |
|
@rustbot ready If the PR needs further revision, would you prefer to run the |
rustbot
added
S-waiting-on-review
|
An explicit "ready for review" signal is always a good idea. :) |
RalfJung
reviewed
May 23, 2025
RalfJung
added
T-lang
According to https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303/4, LLVM allows volatile operations on null and handles it correctly. This should be allowed in Rust as well, because I/O memory may be hard-coded to address 0 in some cases, like the AVR chip ATtiny1626. A test case that ensured a failure when passing null to volatile was removed, since it's now valid. Due to the addition of `maybe_is_aligned` to `ub_checks`, `maybe_is_aligned_and_not_null` was refactored to use it. docs: revise restrictions on volatile operations A distinction between usage on Rust memory vs. non-Rust memory was introduced. Documentation was reworded to explain what that means, and make explicit that: - No trapping can occur from volatile operations; - On Rust memory, all safety rules must be respected; - On Rust memory, the primary difference from regular access is that volatile always involves a memory dereference; - On Rust memory, the only data affected by an operation is the one pointed to in the argument(s) of the function; - On Rust memory, provenance follows the same rules as non-volatile access; - On non-Rust memory, any address known to not contain Rust memory is valid (including 0 and usize::MAX); - On non-Rust memory, no Rust memory may be affected (it is implicit that any other non-Rust memory may be affected, though, even if not referenced by the pointer). This should be relevant when, for example, reading register A causes a flag to change in register B, or writing to A causes B to change in some way. Everything affected mustn't be inside an allocation. - On non-Rust memory, provenance is irrelevant and a pointer with none can be used in a valid way. fix: don't lint null as UB for volatile Also remove a now-unneeded `allow` line. fix: additional wording nits
LuigiPiucco
force-pushed
the
volatile-null
branch
from
9fb16bd to
8a8717e
Compare
|
Both changes applied, it should be good now. @rustbot ready |
rustbot
added
S-waiting-on-review
|
Looks good, thanks! |
bors
added
S-waiting-on-bors
RalfJung
added
the
relnotes
Kobzol
added a commit
to Kobzol/rust
that referenced
this pull request
Jul 19, 2025
Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? `@RalfJung` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
Jul 20, 2025
Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? ``@RalfJung`` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
fee1-dead
added a commit
to fee1-dead-contrib/rust
that referenced
this pull request
Jul 20, 2025
Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? ```@RalfJung``` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
bors
added a commit
that referenced
this pull request
Jul 20, 2025
Rollup of 12 pull requests Successful merges: - #141260 (Allow volatile access to non-Rust memory, including address 0) - #143604 (Stabilize `const_float_round_methods`) - #143833 (Ban projecting into SIMD types [MCP838]) - #143988 ([rustdoc] Make aliases search support partial matching) - #144078 (Fix debuginfo-lto-alloc.rs test) - #144111 (Remove deprecated `MaybeUninit` slice methods) - #144116 (Fixes for LLVM 21) - #144134 (Cleanup unicode table gen) - #144142 (Add implicit sized bound to trait ascription types) - #144148 (Remove pretty print hack for async blocks) - #144169 (interpret: fix TypeId pointers being considered data pointers) - #144196 (Initialize mingw for the runner's user) r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
that referenced
this pull request
Jul 20, 2025
Rollup of 11 pull requests Successful merges: - #141260 (Allow volatile access to non-Rust memory, including address 0) - #143604 (Stabilize `const_float_round_methods`) - #143988 ([rustdoc] Make aliases search support partial matching) - #144078 (Fix debuginfo-lto-alloc.rs test) - #144111 (Remove deprecated `MaybeUninit` slice methods) - #144116 (Fixes for LLVM 21) - #144134 (Cleanup unicode table gen) - #144142 (Add implicit sized bound to trait ascription types) - #144148 (Remove pretty print hack for async blocks) - #144169 (interpret: fix TypeId pointers being considered data pointers) - #144196 (Initialize mingw for the runner's user) r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
that referenced
this pull request
Jul 20, 2025
Rollup merge of #141260 - LuigiPiucco:volatile-null, r=RalfJung Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? ````@RalfJung```` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Jul 21, 2025
Rollup of 11 pull requests Successful merges: - rust-lang/rust#141260 (Allow volatile access to non-Rust memory, including address 0) - rust-lang/rust#143604 (Stabilize `const_float_round_methods`) - rust-lang/rust#143988 ([rustdoc] Make aliases search support partial matching) - rust-lang/rust#144078 (Fix debuginfo-lto-alloc.rs test) - rust-lang/rust#144111 (Remove deprecated `MaybeUninit` slice methods) - rust-lang/rust#144116 (Fixes for LLVM 21) - rust-lang/rust#144134 (Cleanup unicode table gen) - rust-lang/rust#144142 (Add implicit sized bound to trait ascription types) - rust-lang/rust#144148 (Remove pretty print hack for async blocks) - rust-lang/rust#144169 (interpret: fix TypeId pointers being considered data pointers) - rust-lang/rust#144196 (Initialize mingw for the runner's user) r? `@ghost` `@rustbot` modify labels: rollup
Muscraft
pushed a commit
to Muscraft/rust
that referenced
this pull request
Jul 21, 2025
Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? ````@RalfJung```` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
Muscraft
pushed a commit
to Muscraft/rust
that referenced
this pull request
Jul 21, 2025
…iaskrgr Rollup of 11 pull requests Successful merges: - rust-lang#141260 (Allow volatile access to non-Rust memory, including address 0) - rust-lang#143604 (Stabilize `const_float_round_methods`) - rust-lang#143988 ([rustdoc] Make aliases search support partial matching) - rust-lang#144078 (Fix debuginfo-lto-alloc.rs test) - rust-lang#144111 (Remove deprecated `MaybeUninit` slice methods) - rust-lang#144116 (Fixes for LLVM 21) - rust-lang#144134 (Cleanup unicode table gen) - rust-lang#144142 (Add implicit sized bound to trait ascription types) - rust-lang#144148 (Remove pretty print hack for async blocks) - rust-lang#144169 (interpret: fix TypeId pointers being considered data pointers) - rust-lang#144196 (Initialize mingw for the runner's user) r? `@ghost` `@rustbot` modify labels: rollup
github-actions bot
pushed a commit
to model-checking/verify-rust-std
that referenced
this pull request
Jul 29, 2025
Allow volatile access to non-Rust memory, including address 0 This PR relaxes the `ub_check` in the `read_volatile`/`write_volatile` pointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my [PR to add a note about it](llvm/llvm-project@6387c82#diff-81bbb96298c32fa901beb82ab3b97add27a410c01d577c1f8c01000ed2055826) (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly). Follow-up and implementation of the discussions in: - https://internals.rust-lang.org/t/pre-rfc-conditionally-supported-volatile-access-to-address-0/12881/7 - Rahix/avr-device#185; - [#t-lang > Adding the possibility of volatile access to address 0](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/Adding.20the.20possibility.20of.20volatile.20access.20to.20address.200/with/513303502) - https://discourse.llvm.org/t/rfc-volatile-access-to-non-dereferenceable-memory-may-be-well-defined/86303 r? ````@RalfJung```` Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Sep 20, 2025
Pkgsrc changes: * Adjust patches to adapt to upstream changes and new versions. * assosicated checksums Upstream changes relative to 1.89.0: Version 1.90 (2025-09-18) ========================== Language -------- - [Split up the `unknown_or_malformed_diagnostic_attributes` lint] (rust-lang/rust#140717). This lint has been split up into four finer-grained lints, with `unknown_or_malformed_diagnostic_attributes` now being the lint group that contains these lints: 1. `unknown_diagnostic_attributes`: unknown to the current compiler 2. `misplaced_diagnostic_attributes`: placed on the wrong item 3. `malformed_diagnostic_attributes`: malformed attribute syntax or options 4. `malformed_diagnostic_format_literals`: malformed format string literal - [Allow constants whose final value has references to mutable/external memory, but reject such constants as patterns] (rust-lang/rust#140942) - [Allow volatile access to non-Rust memory, including address 0] (rust-lang/rust#141260) Compiler -------- - [Use `lld` by default on `x86_64-unknown-linux-gnu`] (rust-lang/rust#140525). - [Tier 3 `musl` targets now link dynamically by default] (rust-lang/rust#144410). Affected targets: - `mips64-unknown-linux-muslabi64` - `powerpc64-unknown-linux-musl` - `powerpc-unknown-linux-musl` - `powerpc-unknown-linux-muslspe` - `riscv32gc-unknown-linux-musl` - `s390x-unknown-linux-musl` - `thumbv7neon-unknown-linux-musleabihf` Platform Support ---------------- - [Demote `x86_64-apple-darwin` to Tier 2 with host tools] (rust-lang/rust#145252) Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. [platform-support-doc]: https://doc.rust-lang.org/rustc/platform-support.html Libraries --------- - [Stabilize `u*::{checked,overflowing,saturating,wrapping}_sub_signed`] (rust-lang/rust#126043) - [Allow comparisons between `CStr`, `CString`, and `Cow<CStr>`] (rust-lang/rust#137268) - [Remove some unsized tuple impls since unsized tuples can't be constructed] (rust-lang/rust#138340) - [Set `MSG_NOSIGNAL` for `UnixStream`] (rust-lang/rust#140005) - [`proc_macro::Ident::new` now supports `$crate`.] (rust-lang/rust#141996) - [Guarantee the pointer returned from `Thread::into_raw` has at least 8 bytes of alignment] (rust-lang/rust#143859) Stabilized APIs --------------- - [`u{n}::checked_sub_signed`] (https://doc.rust-lang.org/stable/std/primitive.usize.html#method.checked_sub_signed) - [`u{n}::overflowing_sub_signed`] (https://doc.rust-lang.org/stable/std/primitive.usize.html#method.overflowing_sub_signed) - [`u{n}::saturating_sub_signed`] (https://doc.rust-lang.org/stable/std/primitive.usize.html#method.saturating_sub_signed) - [`u{n}::wrapping_sub_signed`] (https://doc.rust-lang.org/stable/std/primitive.usize.html#method.wrapping_sub_signed) - [`impl Copy for IntErrorKind`] (https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Copy-for-IntErrorKind) - [`impl Hash for IntErrorKind`] (https://doc.rust-lang.org/stable/std/num/enum.IntErrorKind.html#impl-Hash-for-IntErrorKind) - [`impl PartialEq<&CStr> for CStr`] (https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3C%26CStr%3E-for-CStr) - [`impl PartialEq<CString> for CStr`] (https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCString%3E-for-CStr) - [`impl PartialEq<Cow<CStr>> for CStr`] (https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CStr) - [`impl PartialEq<&CStr> for CString`] (https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3C%26CStr%3E-for-CString) - [`impl PartialEq<CStr> for CString`] (https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCStr%3E-for-CString) - [`impl PartialEq<Cow<CStr>> for CString`] (https://doc.rust-lang.org/stable/std/ffi/struct.CString.html#impl-PartialEq%3CCow%3C'_,+CStr%3E%3E-for-CString) - [`impl PartialEq<&CStr> for Cow<CStr>`] (https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3C%26CStr%3E-for-Cow%3C'_,+CStr%3E) - [`impl PartialEq<CStr> for Cow<CStr>`] (https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCStr%3E-for-Cow%3C'_,+CStr%3E) - [`impl PartialEq<CString> for Cow<CStr>`] (https://doc.rust-lang.org/stable/std/borrow/enum.Cow.html#impl-PartialEq%3CCString%3E-for-Cow%3C'_,+CStr%3E) These previously stable APIs are now stable in const contexts: - [`<[T]>::reverse`] (https://doc.rust-lang.org/stable/std/primitive.slice.html#method.reverse) - [`f32::floor`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.floor) - [`f32::ceil`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.ceil) - [`f32::trunc`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.trunc) - [`f32::fract`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.fract) - [`f32::round`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round) - [`f32::round_ties_even`] (https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even) - [`f64::floor`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.floor) - [`f64::ceil`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.ceil) - [`f64::trunc`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.trunc) - [`f64::fract`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.fract) - [`f64::round`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round) - [`f64::round_ties_even`] (https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even) Cargo ----- - [Add `http.proxy-cainfo` config for proxy certs] (rust-lang/cargo#15374) - [Use `gix` for `cargo package`] (rust-lang/cargo#15534) - [feat(publish): Stabilize multi-package publishing] (rust-lang/cargo#15636) Rustdoc ----- - [Add ways to collapse all impl blocks] (rust-lang/rust#141663). Previously the "Summary" button and "-" keyboard shortcut would never collapse `impl` blocks, now they do when shift is held - [Display unsafe attributes with `unsafe()` wrappers] (rust-lang/rust#143662) Compatibility Notes ------------------- - [Use `lld` by default on `x86_64-unknown-linux-gnu`] (rust-lang/rust#140525). See also <https://blog.rust-lang.org/2025/09/01/rust-lld-on-1.90.0-stable/>. - [Make `core::iter::Fuse`'s `Default` impl construct `I::default()` internally as promised in the docs instead of always being empty] (rust-lang/rust#140985) - [Set `MSG_NOSIGNAL` for `UnixStream`] (rust-lang/rust#140005) This may change program behavior but results in the same behavior as other primitives (e.g., stdout, network sockets). Programs relying on signals to terminate them should update handling of sockets to handle errors on write by exiting. - [On Unix `std::env::home_dir` will use the fallback if the `HOME` environment variable is empty] (rust-lang/rust#141840) - We now [reject unsupported `extern "{abi}"`s consistently in all positions] (rust-lang/rust#142134). This primarily affects the use of implementing traits on an `extern "{abi}"` function pointer, like `extern "stdcall" fn()`, on a platform that doesn't support that, like aarch64-unknown-linux-gnu. Direct usage of these unsupported ABI strings by declaring or defining functions was already rejected, so this is only a change for consistency. - [const-eval: error when initializing a static writes to that static] (rust-lang/rust#143084) - [Check that the `proc_macro_derive` macro has correct arguments when applied to the crate root] (rust-lang/rust#143607)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR relaxes the
ub_checkin theread_volatile/write_volatilepointer operations to allow passing null. This is needed to support processors which hard-code peripheral registers on address 0, like the AVR chip ATtiny1626. LLVM understands this as valid and handles it correctly, as tested in my PR to add a note about it (rustc generates the same LLVM IR as expected there when this PR is applied, and consequently the same AVR assembly).Follow-up and implementation of the discussions in:
r? @RalfJung
Also fixes rust-lang/unsafe-code-guidelines#29 (about as good as it'll get, null will likely never be a "normal" address in Rust)