From 39df836d6b8ec5335beb2626c82420eef468ab14 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 17 Jun 2021 19:31:34 +0200 Subject: [PATCH 1/3] update UB list for safe target_feature --- src/attributes/codegen.md | 6 ++++-- src/behavior-considered-undefined.md | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/attributes/codegen.md b/src/attributes/codegen.md index c34b5155e..814ff8ef9 100644 --- a/src/attributes/codegen.md +++ b/src/attributes/codegen.md @@ -75,7 +75,8 @@ The following is a list of the available feature names. #### `x86` or `x86_64` -This platform requires that `#[target_feature]` is only applied to [`unsafe` +Executing code with unsupported features is UB on this platform. +Hence this platform requires that `#[target_feature]` is only applied to [`unsafe` functions][unsafe function]. Feature | Implicitly Enables | Description @@ -133,7 +134,8 @@ Feature | Implicitly Enables | Description #### `wasm32` or `wasm64` -This platform allows `#[target_feature]` to be applied to both safe and +Executing code with unsupported features is allowed (i.e., is not UB) on this platform. +Hence this platform allows `#[target_feature]` to be applied to both safe and [`unsafe` functions][unsafe function]. Feature | Description diff --git a/src/behavior-considered-undefined.md b/src/behavior-considered-undefined.md index c2e6fc0cb..c4a998097 100644 --- a/src/behavior-considered-undefined.md +++ b/src/behavior-considered-undefined.md @@ -33,7 +33,7 @@ code. is immutable, unless that data is contained within an [`UnsafeCell`]. * Invoking undefined behavior via compiler intrinsics. * Executing code compiled with platform features that the current platform - does not support (see [`target_feature`]). + does not support (see [`target_feature`]), *except* if the platform explicitly documents this to be safe. * Calling a function with the wrong call ABI or unwinding from a function with the wrong unwind ABI. * Producing an invalid value, even in private fields and locals. "Producing" a value happens any time a value is assigned to or read from a place, passed to From 01cd6edbd209b27a2f8de2e3724f0890807c4444 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 27 Feb 2022 22:02:16 -0500 Subject: [PATCH 2/3] expand acronym Co-authored-by: Eric Huss --- src/attributes/codegen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/attributes/codegen.md b/src/attributes/codegen.md index 814ff8ef9..8f290630d 100644 --- a/src/attributes/codegen.md +++ b/src/attributes/codegen.md @@ -75,7 +75,7 @@ The following is a list of the available feature names. #### `x86` or `x86_64` -Executing code with unsupported features is UB on this platform. +Executing code with unsupported features is undefined behavior on this platform. Hence this platform requires that `#[target_feature]` is only applied to [`unsafe` functions][unsafe function]. From 2d0058a4951a3fe97b0892993bd3faeabc532123 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 7 Mar 2022 12:16:51 -0500 Subject: [PATCH 3/3] tweak wasm wording --- src/attributes/codegen.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/attributes/codegen.md b/src/attributes/codegen.md index 8f290630d..8260409a4 100644 --- a/src/attributes/codegen.md +++ b/src/attributes/codegen.md @@ -63,7 +63,8 @@ error to specify a feature for a target architecture that the crate is not being compiled for. It is [undefined behavior] to call a function that is compiled with a feature -that is not supported on the current platform the code is running on. +that is not supported on the current platform the code is running on, *except* +if the platform explicitly documents this to be safe. Functions marked with `target_feature` are not inlined into a context that does not support the given features. The `#[inline(always)]` attribute may not @@ -134,9 +135,12 @@ Feature | Implicitly Enables | Description #### `wasm32` or `wasm64` -Executing code with unsupported features is allowed (i.e., is not UB) on this platform. -Hence this platform allows `#[target_feature]` to be applied to both safe and -[`unsafe` functions][unsafe function]. +`#[target_feature]` may be used with both safe and +[`unsafe` functions][unsafe function] on Wasm platforms. It is impossible to +cause undefined behavior via the `#[target_feature]` attribute because +attempting to use instructions unsupported by the Wasm engine will fail at load +time without the risk of being interpreted in a way different from what the +compiler expected. Feature | Description ------------|-------------------