Rust: mutable noalias: re-enable permanently, only for panic=abort, or stabilize flag?

CC @arielb1 @dotdash @eefriedman @sunfishcode @jrmuizel

@eefriedman's non-comprensive audit in #29485 also turned up -memcpyopt, -mldst-motion, and -loop-idiom. At a brief glance, -loop-idiom looks fixed (r274673). It doesn't appear that -memcpyopt or -mldst-motion are fixed yet (-mldst-motion wasn't enabled by default earlier, but it is now). And for safety's sake, it would be good to have a more comprehensive audit.

@sunfishcode is it accurate to say that the only concern is the interaction with unwinding, in which case enabling for panic=abort should be fine?

"Enable this internally whenever -Cpanic=abort is set" seems like a completely uncontroversial thing we can do now.

Yes, the interaction with unwinding is the only concern I'm aware of here. Are panics the only unwinding possible under panic=abort, or does Rust support, for example, calling C++ code which throws?

Unwinding across language barriers is UB.

Various other language implementations related to Rust's do support cross-language unwinding. Is it specifically UB in Rust?

At least Rust unwinding across an FFI barrier has definitely been declared UB (cf. #18510). I am relatively sure the reverse situation is also UB – or at least, I don't think it has ever been documented as working. Due to different personality routines, I'd expect all hell breaking loose if (say) C++ code throws an exception and it propagates to a Rust landing pad, and we're not in the habit of making such weird things defined depending on codegen options.

I added the panic=abort automatic opt-in to #45012

I don't see why we would ever add a stable -C flag for this. If it doesn't miscompile code, then it should be on by default, no flag needed. If it does miscompile code, then it would be an enormous departure of policy for us to offer such a flag; refusing to add memory-unsafe compiler flags is part of the reason that we've refused to add a flag to completely disable automatic bounds checks. Am I wrong in that this would be completely unprecedented?

Given that no one has suggested otherwise, am I right to infer that this optimization is going to be valid under any conceivable formulation of the UB guidelines / memory model we might eventually settle on?

This is kind-of a duplicate of https://github.com/rust-lang/rust/issues/31681, is it not?

am I right to infer that this optimization is going to be valid under any conceivable formulation of the UB guidelines / memory model we might eventually settle on?

Modulo the fact that the exact scope of optimizations enabled by adding noalias is not clear, this is definitely a design goal. Concretely, the optimization at https://godbolt.org/g/64CjDX is definitely intended to be allowed:

pub fn foo(x: &mut i32, y: &mut i32) -> i32 {
    *x = 23;
    *y = 19;
    *x // optimize to 23
}

I believe this issue can be closed in favor of #54878, which tracks the LLVM bug currently blocking this. Prior to that issue noalias metadata was always emitted (with opt-out flag), and once the issue is resolved I'll expect we'll go back to emitting it.

Triage: Can this issue be closed in favor of #54878 ? nikic commented above but received no response.

Yes, that seems reasonable. Closing.