Conversation
|
Tagging subscribers to this area: @dotnet/area-system-runtime-compilerservices |
There was a problem hiding this comment.
Pull request overview
Adds two runtime attributes to the public System.Runtime contract to support unsafe-context analysis and module-level memory-safety metadata, with corresponding implementations in System.Private.CoreLib.
Changes:
- Exposes
System.Diagnostics.CodeAnalysis.RequiresUnsafeAttributeas a public attribute applicable to constructors/events/methods/properties. - Introduces
System.Runtime.CompilerServices.MemorySafetyRulesAttribute(module-level, editor-browsable never) with aVersionpayload. - Implements
MemorySafetyRulesAttributein System.Private.CoreLib and updatesRequiresUnsafeAttributeto be public (non-conditional) with updated documentation.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/libraries/System.Runtime/ref/System.Runtime.cs | Adds the new public attribute declarations to the System.Runtime reference contract. |
| src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/MemorySafetyRulesAttribute.cs | Implements MemorySafetyRulesAttribute with version storage and hidden editor-browsing. |
| src/libraries/System.Private.CoreLib/src/System/Diagnostics/CodeAnalysis/RequiresUnsafeAttribute.cs | Makes RequiresUnsafeAttribute public and expands its applicable targets. |
You can also share your feedback on Copilot code review. Take the survey.
| internal sealed class RequiresUnsafeAttribute : Attribute | ||
| [AttributeUsage( | ||
| AttributeTargets.Constructor | AttributeTargets.Event | AttributeTargets.Method | AttributeTargets.Property, | ||
| Inherited = false, |
There was a problem hiding this comment.
The inherited=false is interesting. Is that correct? From a reflection standpoint, we wouldn't expect a derived type to inherit the requires unsafe nature of its base?
There was a problem hiding this comment.
Compiler doesn't consider inherited attributes though, so it seems better to disallow in reflection too, for consistency.
There was a problem hiding this comment.
Btw, as part of the language feature, we require that a derived API is not RequiresUnsafe if the base API is not RequiresUnsafe too.
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="RequiresUnsafeAttribute"/> class. | ||
| /// </summary> | ||
| public RequiresUnsafeAttribute() { } |
There was a problem hiding this comment.
nit: I'm pretty sure we have really basic attribute tests that just validate the attribute can be constructed without throwing, or in the case of something like MemorySafetyRulesAttribute, that ctor arguments are properly roundtripped through properties. Could you do a quick search and add a couple tests in the right place?
This comment was marked as resolved.
This comment was marked as resolved.
There was a problem hiding this comment.
Pull request overview
This PR exposes RequiresUnsafeAttribute publicly and introduces a new MemorySafetyRulesAttribute API, updating the reference surface and adding basic tests to validate constructor behavior.
Changes:
- Add
MemorySafetyRulesAttributetoSystem.Runtime.CompilerServices(ref + implementation) and test itsVersionroundtrip. - Make
RequiresUnsafeAttributea public attribute with broaderAttributeTargetsand add a smoke test. - Add CoreLib package-validation suppressions for the new/changed APIs.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/libraries/System.Runtime/tests/System.Runtime.Tests/System/Runtime/CompilerServices/AttributesTests.cs | Adds a theory test for MemorySafetyRulesAttribute.Version. |
| src/libraries/System.Runtime/tests/System.Runtime.Tests/System/Diagnostics/CodeAnalysis/RequiresUnsafeAttributeTests.cs | Adds a minimal constructor smoke test for RequiresUnsafeAttribute. |
| src/libraries/System.Runtime/ref/System.Runtime.cs | Updates the public ref surface to include RequiresUnsafeAttribute and MemorySafetyRulesAttribute. |
| src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/MemorySafetyRulesAttribute.cs | Introduces the CoreLib implementation of MemorySafetyRulesAttribute. |
| src/libraries/System.Private.CoreLib/src/System/Diagnostics/CodeAnalysis/RequiresUnsafeAttribute.cs | Changes RequiresUnsafeAttribute from internal/debug-only to public and updates usage/summary. |
| src/coreclr/System.Private.CoreLib/CompatibilitySuppressions.xml | Adds compat suppressions for the new attribute and attribute-usage differences. |
| src/coreclr/nativeaot/System.Private.CoreLib/src/CompatibilitySuppressions.xml | Mirrors the compat suppressions for NativeAOT CoreLib. |
You can also share your feedback on Copilot code review. Take the survey.
...ies/System.Private.CoreLib/src/System/Runtime/CompilerServices/MemorySafetyRulesAttribute.cs
Show resolved
Hide resolved
src/coreclr/System.Private.CoreLib/CompatibilitySuppressions.xml
Outdated
Show resolved
Hide resolved
src/coreclr/System.Private.CoreLib/CompatibilitySuppressions.xml
Outdated
Show resolved
Hide resolved
src/coreclr/nativeaot/System.Private.CoreLib/src/CompatibilitySuppressions.xml
Outdated
Show resolved
Hide resolved
src/coreclr/nativeaot/System.Private.CoreLib/src/CompatibilitySuppressions.xml
Outdated
Show resolved
Hide resolved
|
Does ILLink strip these attributes? If it does - should we fix it? cc @agocke |
|
The linker doesn’t strip attributes |
Resolves #125134.