---

yaml
---
r: 83234
b: refs/heads/try
c: c3ad785
h: refs/heads/master
v: v3

Author: alexcrichton

[refs]

@@ -2,7 +2,7 @@
 refs/heads/master: 0e4d1fc8cae42e15e00f71d9f439b01bb25a86ae
 refs/heads/snap-stage1: e33de59e47c5076a89eadeb38f4934f58a3618a6
 refs/heads/snap-stage3: 6c08cc2db4f98e9f07ae7d50338396c4123c2f0a
-refs/heads/try: bf0e2a6f578251c093f935a9cdf100bba7ebf581
+refs/heads/try: c3ad785d83b583ad693424d9f0f993e36f0990f5
 refs/tags/release-0.1: 1f5c5126e96c79d22cb7862f75304136e204f105
 refs/heads/ndm: f3868061cd7988080c30d6d5bf352a5a5fe2460b
 refs/heads/try2: 147ecfdd8221e4a4d4e090486829a06da1e0ca3c

branches/try/doc/rust.md

@@ -962,76 +962,24 @@ parameters to allow methods with that trait to be called on values
 of that type.
 
 
-#### Unsafety
+#### Unsafe functions
 
-Unsafe operations are those that potentially violate the memory-safety guarantees of Rust's static semantics.
+Unsafe functions are those containing unsafe operations that are not contained in an [`unsafe` block](#unsafe-blocks).
+Such a function must be prefixed with the keyword `unsafe`.
 
-The following language level features cannot be used in the safe subset of Rust:
+Unsafe operations are those that potentially violate the memory-safety guarantees of Rust's static semantics.
+Specifically, the following operations are considered unsafe:
 
   - Dereferencing a [raw pointer](#pointer-types).
-  - Calling an unsafe function (including an intrinsic or foreign function).
-
-##### Unsafe functions
-
-Unsafe functions are functions that are not safe in all contexts and/or for all possible inputs.
-Such a function must be prefixed with the keyword `unsafe`.
+  - Casting a [raw pointer](#pointer-types) to a safe pointer type.
+  - Calling an unsafe function.
 
 ##### Unsafe blocks
 
-A block of code can also be prefixed with the `unsafe` keyword, to permit calling `unsafe` functions
-or dereferencing raw pointers within a safe function.
-
-When a programmer has sufficient conviction that a sequence of potentially unsafe operations is
-actually safe, they can encapsulate that sequence (taken as a whole) within an `unsafe` block. The
-compiler will consider uses of such code safe, in the surrounding context.
-
-Unsafe blocks are used to wrap foreign libraries, make direct use of hardware or implement features
-not directly present in the language. For example, Rust provides the language features necessary to
-implement memory-safe concurrency in the language but the implementation of tasks and message
-passing is in the standard library.
-
-Rust's type system is a conservative approximation of the dynamic safety requirements, so in some
-cases there is a performance cost to using safe code.  For example, a doubly-linked list is not a
-tree structure and can only be represented with managed or reference-counted pointers in safe code.
-By using `unsafe` blocks to represent the reverse links as raw pointers, it can be implemented with
-only owned pointers.
-
-##### Behavior considered unsafe
-
-This is a list of behavior which is forbidden in all Rust code. Type checking provides the guarantee
-that these issues are never caused by safe code. An `unsafe` block or function is responsible for
-never invoking this behaviour or exposing an API making it possible for it to occur in safe code.
-
-* Data races
-* Dereferencing a null/dangling raw pointer
-* Mutating an immutable value/reference, if it is not marked as non-`Freeze`
-* Reads of [undef](http://llvm.org/docs/LangRef.html#undefined-values) (uninitialized) memory
-* Breaking the [pointer aliasing rules](http://llvm.org/docs/LangRef.html#pointer-aliasing-rules)
-  with raw pointers (a subset of the rules used by C)
-* Invoking undefined behavior via compiler intrinsics:
-    * Indexing outside of the bounds of an object with `std::ptr::offset` (`offset` intrinsic), with
-      the exception of one byte past the end which is permitted.
-    * Using `std::ptr::copy_nonoverlapping_memory` (`memcpy32`/`memcpy64` instrinsics) on
-      overlapping buffers
-* Invalid values in primitive types, even in private fields/locals:
-    * Dangling/null pointers in non-raw pointers, or slices
-    * A value other than `false` (0) or `true` (1) in a `bool`
-    * A discriminant in an `enum` not included in the type definition
-    * A value in a `char` which is a surrogate or above `char::MAX`
-    * non-UTF-8 byte sequences in a `str`
-
-##### Behaviour not considered unsafe
-
-This is a list of behaviour not considered *unsafe* in Rust terms, but that may be undesired.
-
-* Deadlocks
-* Reading data from private fields (`std::repr`, `format!("{:?}", x)`)
-* Leaks due to reference count cycles, even in the global heap
-* Exiting without calling destructors
-* Sending signals
-* Accessing/modifying the file system
-* Unsigned integer overflow (well-defined as wrapping)
-* Signed integer overflow (well-defined as two's complement representation wrapping)
+A block of code can also be prefixed with the `unsafe` keyword, to permit a sequence of unsafe operations in an otherwise-safe function.
+This facility exists because the static semantics of Rust are a necessary approximation of the dynamic semantics.
+When a programmer has sufficient conviction that a sequence of unsafe operations is actually safe, they can encapsulate that sequence (taken as a whole) within an `unsafe` block. The compiler will consider uses of such code "safe", to the surrounding context.
+
 
 #### Diverging functions
 

branches/try/doc/tutorial-container.md

@@ -4,14 +4,14 @@
 
 The container traits are defined in the `std::container` module.
 
-## Unique vectors
+## Unique and managed vectors
 
-Vectors have `O(1)` indexing, push (to the end) and pop (from the end). Vectors
-are the most common container in Rust, and are flexible enough to fit many use
-cases.
+Vectors have `O(1)` indexing and removal from the end, along with `O(1)`
+amortized insertion. Vectors are the most common container in Rust, and are
+flexible enough to fit many use cases.
 
 Vectors can also be sorted and used as efficient lookup tables with the
-`bsearch()` method, if all the elements are inserted at one time and
+`std::vec::bsearch` function, if all the elements are inserted at one time and
 deletions are unnecessary.
 
 ## Maps and sets
@@ -42,15 +42,10 @@ implementing the `IterBytes` trait.
 
 ## Double-ended queues
 
-The `extra::ringbuf` module implements a double-ended queue with `O(1)`
-amortized inserts and removals from both ends of the container. It also has
-`O(1)` indexing like a vector. The contained elements are not required to be
-copyable, and the queue will be sendable if the contained type is sendable.
-Its interface `Deque` is defined in `extra::collections`.
-
-The `extra::dlist` module implements a double-ended linked list, also
-implementing the `Deque` trait, with `O(1)` removals and inserts at either end,
-and `O(1)` concatenation.
+The `extra::deque` module implements a double-ended queue with `O(1)` amortized
+inserts and removals from both ends of the container. It also has `O(1)`
+indexing like a vector. The contained elements are not required to be copyable,
+and the queue will be sendable if the contained type is sendable.
 
 ## Priority queues
 
@@ -202,11 +197,11 @@ The function `range` (or `range_inclusive`) allows to simply iterate through a g
 
 ~~~
 for i in range(0, 5) {
-  print!("{} ", i) // prints "0 1 2 3 4"
+  printf!("%d ", i) // prints "0 1 2 3 4"
 }
 
 for i in std::iter::range_inclusive(0, 5) { // needs explicit import
-  print!("{} ", i) // prints "0 1 2 3 4 5"
+  printf!("%d ", i) // prints "0 1 2 3 4 5"
 }
 ~~~
 
@@ -238,15 +233,15 @@ let mut it = xs.iter().zip(ys.iter());
 
 // print out the pairs of elements up to (&3, &"baz")
 for (x, y) in it {
-    println!("{} {}", *x, *y);
+    printfln!("%d %s", *x, *y);
 
     if *x == 3 {
         break;
     }
 }
 
 // yield and print the last pair from the iterator
-println!("last: {:?}", it.next());
+printfln!("last: %?", it.next());
 
 // the iterator is now fully consumed
 assert!(it.next().is_none());
@@ -340,13 +335,13 @@ another `DoubleEndedIterator` with `next` and `next_back` exchanged.
 ~~~
 let xs = [1, 2, 3, 4, 5, 6];
 let mut it = xs.iter();
-println!("{:?}", it.next()); // prints `Some(&1)`
-println!("{:?}", it.next()); // prints `Some(&2)`
-println!("{:?}", it.next_back()); // prints `Some(&6)`
+printfln!("%?", it.next()); // prints `Some(&1)`
+printfln!("%?", it.next()); // prints `Some(&2)`
+printfln!("%?", it.next_back()); // prints `Some(&6)`
 
 // prints `5`, `4` and `3`
 for &x in it.invert() {
-    println!("{}", x)
+    printfln!("%?", x)
 }
 ~~~
 
@@ -361,11 +356,11 @@ let xs = [1, 2, 3, 4];
 let ys = [5, 6, 7, 8];
 let mut it = xs.iter().chain(ys.iter()).map(|&x| x * 2);
 
-println!("{:?}", it.next()); // prints `Some(2)`
+printfln!("%?", it.next()); // prints `Some(2)`
 
 // prints `16`, `14`, `12`, `10`, `8`, `6`, `4`
 for x in it.invert() {
-    println!("{}", x);
+    printfln!("%?", x);
 }
 ~~~
 
@@ -392,17 +387,17 @@ underlying iterators are.
 let xs = [1, 2, 3, 4, 5];
 let ys = ~[7, 9, 11];
 let mut it = xs.iter().chain(ys.iter());
-println!("{:?}", it.idx(0)); // prints `Some(&1)`
-println!("{:?}", it.idx(5)); // prints `Some(&7)`
-println!("{:?}", it.idx(7)); // prints `Some(&11)`
-println!("{:?}", it.idx(8)); // prints `None`
+printfln!("%?", it.idx(0)); // prints `Some(&1)`
+printfln!("%?", it.idx(5)); // prints `Some(&7)`
+printfln!("%?", it.idx(7)); // prints `Some(&11)`
+printfln!("%?", it.idx(8)); // prints `None`
 
 // yield two elements from the beginning, and one from the end
 it.next();
 it.next();
 it.next_back();
 
-println!("{:?}", it.idx(0)); // prints `Some(&3)`
-println!("{:?}", it.idx(4)); // prints `Some(&9)`
-println!("{:?}", it.idx(6)); // prints `None`
+printfln!("%?", it.idx(0)); // prints `Some(&3)`
+printfln!("%?", it.idx(4)); // prints `Some(&9)`
+printfln!("%?", it.idx(6)); // prints `None`
 ~~~

branches/try/mk/rt.mk

@@ -71,7 +71,6 @@ RUNTIME_CXXS_$(1)_$(2) := \
               rt/sync/lock_and_signal.cpp \
               rt/sync/rust_thread.cpp \
               rt/rust_builtin.cpp \
-              rt/rust_run_program.cpp \
               rt/rust_rng.cpp \
               rt/rust_upcall.cpp \
               rt/rust_uv.cpp \

branches/try/src/libstd/run.rs

@@ -643,15 +643,28 @@ fn spawn_process_os(prog: &str, args: &[~str],
     use libc::funcs::bsd44::getdtablesize;
 
     mod rustrt {
-        use libc::c_void;
-
         #[abi = "cdecl"]
         extern {
             pub fn rust_unset_sigprocmask();
-            pub fn rust_set_environ(envp: *c_void);
         }
     }
 
+    #[cfg(windows)]
+    unsafe fn set_environ(_envp: *c_void) {}
+    #[cfg(target_os = "macos")]
+    unsafe fn set_environ(envp: *c_void) {
+        externfn!(fn _NSGetEnviron() -> *mut *c_void);
+
+        *_NSGetEnviron() = envp;
+    }
+    #[cfg(not(target_os = "macos"), not(windows))]
+    unsafe fn set_environ(envp: *c_void) {
+        extern {
+            static mut environ: *c_void;
+        }
+        environ = envp;
+    }
+
     unsafe {
 
         let pid = fork();
@@ -685,7 +698,7 @@ fn spawn_process_os(prog: &str, args: &[~str],
 
         do with_envp(env) |envp| {
             if !envp.is_null() {
-                rustrt::rust_set_environ(envp);
+                set_environ(envp);
             }
             do with_argv(prog, args) |argv| {
                 execvp(*argv, argv);

branches/try/src/libsyntax/ext/bytes.rs

@@ -30,43 +30,43 @@ pub fn expand_syntax_ext(cx: @ExtCtxt, sp: Span, tts: &[ast::token_tree]) -> bas
                 // string literal, push each byte to vector expression
                 ast::lit_str(s) => {
                     for byte in s.byte_iter() {
-                        bytes.push(cx.expr_u8(expr.span, byte));
+                        bytes.push(cx.expr_u8(sp, byte));
                     }
                 }
 
                 // u8 literal, push to vector expression
                 ast::lit_uint(v, ast::ty_u8) => {
                     if v > 0xFF {
-                        cx.span_err(expr.span, "Too large u8 literal in bytes!")
+                        cx.span_err(sp, "Too large u8 literal in bytes!")
                     } else {
-                        bytes.push(cx.expr_u8(expr.span, v as u8));
+                        bytes.push(cx.expr_u8(sp, v as u8));
                     }
                 }
 
                 // integer literal, push to vector expression
                 ast::lit_int_unsuffixed(v) => {
                     if v > 0xFF {
-                        cx.span_err(expr.span, "Too large integer literal in bytes!")
+                        cx.span_err(sp, "Too large integer literal in bytes!")
                     } else if v < 0 {
-                        cx.span_err(expr.span, "Negative integer literal in bytes!")
+                        cx.span_err(sp, "Negative integer literal in bytes!")
                     } else {
-                        bytes.push(cx.expr_u8(expr.span, v as u8));
+                        bytes.push(cx.expr_u8(sp, v as u8));
                     }
                 }
 
                 // char literal, push to vector expression
                 ast::lit_char(v) => {
                     if char::from_u32(v).unwrap().is_ascii() {
-                        bytes.push(cx.expr_u8(expr.span, v as u8));
+                        bytes.push(cx.expr_u8(sp, v as u8));
                     } else {
-                        cx.span_err(expr.span, "Non-ascii char literal in bytes!")
+                        cx.span_err(sp, "Non-ascii char literal in bytes!")
                     }
                 }
 
-                _ => cx.span_err(expr.span, "Unsupported literal in bytes!")
+                _ => cx.span_err(sp, "Unsupported literal in bytes!")
             },
 
-            _ => cx.span_err(expr.span, "Non-literal in bytes!")
+            _ => cx.span_err(sp, "Non-literal in bytes!")
         }
     }
 

branches/try/src/rt/rust_builtin.cpp

@@ -643,6 +643,29 @@ rust_valgrind_stack_deregister(unsigned int id) {
   VALGRIND_STACK_DEREGISTER(id);
 }
 
+#if defined(__WIN32__)
+
+extern "C" CDECL void
+rust_unset_sigprocmask() {
+    // empty stub for windows to keep linker happy
+}
+
+#else
+
+#include <signal.h>
+#include <unistd.h>
+
+extern "C" CDECL void
+rust_unset_sigprocmask() {
+    // this can't be safely converted to rust code because the
+    // representation of sigset_t is platform-dependent
+    sigset_t sset;
+    sigemptyset(&sset);
+    sigprocmask(SIG_SETMASK, &sset, NULL);
+}
+
+#endif
+
 //
 // Local Variables:
 // mode: C++