Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail compilation on targets w/o soundness proof #404

Closed
wants to merge 1 commit into from
Closed

Fail compilation on targets w/o soundness proof #404

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,21 @@ mod zerocopy {
pub(crate) use crate::*;
}

#[cfg(not(any(
target_arch = "i686",
target_arch = "x86",
target_arch = "x86_64",
target_arch = "arm",
target_arch = "aarch64",
)))]
compile_error!(
r#"Zerocopy has not been proven sound on this architecture.

This doesn't mean that it is unsound - just that we haven't gotten around to
proving it sound. If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383"#
);
Comment on lines +224 to +230
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re. this:

TODO: Figure out how to make sure we block the next minor version release on adding back all of the targets that people actually rely on.

We could potentially take the initial, weaker step of merely warning on unproven architectures:

Suggested change
compile_error!(
r#"Zerocopy has not been proven sound on this architecture.
This doesn't mean that it is unsound - just that we haven't gotten around to
proving it sound. If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383"#
);
const _: () = {
#[deprecated = r#"Zerocopy has not been proven sound on this architecture.
This doesn't mean that it is unsound - just that we haven't gotten around to
proving it sound. If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383"#]
const _WARNING: () = ();
#[warn(deprecated)]
_WARNING
};

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's almost certainly merit in providing an escape hatch for weird architectures, too:

Suggested change
compile_error!(
r#"Zerocopy has not been proven sound on this architecture.
This doesn't mean that it is unsound - just that we haven't gotten around to
proving it sound. If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383"#
);
#[cfg(not(ZEROCOPY_ALLOW_EXPERIMENTAL_ARCH))]
compile_error!(
r#"Zerocopy has not been proven sound on this architecture.
This doesn't mean that it is unsound - just that we haven't gotten around to
proving it sound. If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383
You can temporarily enable this architecture by setting:
export RUSTFLAGS="--cfg ZEROCOPY_ALLOW_EXPERIMENTAL_ARCH"
"#
);
#[cfg(ZEROCOPY_ALLOW_EXPERIMENTAL_ARCH)]
const _: () = {
#[deprecated = r#"If you need support for this architecture, let us know and
we'll prioritize it: https://github.com/google/zerocopy/issues/383"#]
const _WARNING: () = ();
#[warn(deprecated)]
_WARNING
};


Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When an architecture is expressly unsupported, we should report asmuch:

Suggested change
#[cfg(target_arch = "spirv")]
compile_error!(
r#"Zerocopy is not sound on this architecture. SPIRV's memory model
prohibits freely reinterpreting memory. If you believe this limitation is
incorrect, let us know: https://github.com/google/zerocopy/issues/383"#
);

#[rustversion::nightly]
#[cfg(all(test, not(__INTERNAL_USE_ONLY_NIGHLTY_FEATURES_IN_TESTS)))]
const _: () = {
Expand Down
Loading