Treat safe target_feature functions as unsafe by default

[oli-obk]

This unblocks

• Stabilize target_feature_11 #134090

As I stated in #134090 (comment) I think the previous impl was too easy to get wrong, as by default it treated safe target feature functions as safe and had to add additional checks for when they weren't. Now the logic is inverted. By default they are unsafe and you have to explicitly handle safe target feature functions.

I will make another version of this PR that doesn't modify the safety enum but just checks the attrs. Should be less invasive

[rustbot]

r? @BoxyUwU

rustbot has assigned @BoxyUwU.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[rustbot]

Some changes occurred in src/tools/clippy

cc @rust-lang/clippy

Some changes occurred in compiler/rustc_codegen_gcc

cc @antoyo, @GuillaumeGomez

Some changes occurred to the CTFE machinery

cc @rust-lang/wg-const-eval

[veluca93]

As mentioned in #134090 (comment), we might want to make this actually safe if the function this happens in has the required features.
We probably shouldn't change it now, but we might want to modify the comment/FIXME accordingly

[oli-obk]

If the features are also set via target information that can't differ between crates linked together?

[veluca93]

Not sure if doing so is supposed to be ok...

Anyway, I guess the point of the comment is that if you can call a function, then you also ought to be able to take a safe fn pointer to it.

[oli-obk]

But safe pointers can be passed around to code where it's not safe to use them.

With the change I made (plus encoding the actually used target features) we can in theory start creating safe target feature pointers by keeping the target feature information on the function pointer type.

[veluca93]

target_feature_11 enables this:

#[target_feature(enable = "avx2")]
fn bar() -> fn() {
    || avx2()
}

which is not particularly different from allowing coercion of avx2 to a fn pointer. If you have concerns about this, the stabilization PR is probably the better place to discuss it (the stabilization report mentions why it's OK to do this)

[oli-obk]

Oh right, yea that makes sense. You already had to call an unsafe function to get here, and it's not a footgun, because it's global informatiom, not local

[veluca93]

Didn't this drop an assertion?

[oli-obk]

Oh huh

[rust-log-analyzer]

The job mingw-check failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

   |                 ^^^^^^^^^^^^^^ not a unit struct, unit variant or constant
   |
help: the struct variant's field is being ignored
   |
36 |         (false, Safety::Unsafe { target_feature: _ }) => span_lint(

    Checking crossbeam-channel v0.5.13
error[E0533]: expected unit struct, unit variant or constant, found struct variant `Safety::Unsafe`
   --> src/tools/clippy/clippy_lints/src/doc/mod.rs:634:33
   --> src/tools/clippy/clippy_lints/src/doc/mod.rs:634:33
    |
634 |                         (false, Safety::Unsafe) => span_lint(
    |                                 ^^^^^^^^^^^^^^ not a unit struct, unit variant or constant
    |
help: the struct variant's field is being ignored
    |
634 |                         (false, Safety::Unsafe { target_feature: _ }) => span_lint(

    Checking quote v1.0.37
    Checking parking_lot_core v0.9.10
    Checking rustfix v0.8.1