This issue tracks attempting to build as many Tock libraries as possible with a stable compiler, that is, minimizing the number of #![feature(...)] pragmas used in lib.rs files.

Update Feb 2024

Cortex-M crates can now compile on stable!

Nightly Features

• (Update Nightly Oct 2022 and remove asm_sym feature #3303) asm_sym. Needed for sym operands in assembly blocks. Tracking Issue for asm_sym rust-lang/rust#93333 . Stabilized upstream on 10/18/22, we just need to update to a newer nightly.
• (Update Rust Nightly to November 16 2024 #4193) asm_const. Needed for const operands in assembly blocks. Used in RISC-V CSR crate. The CSR crate will likely change with an upcoming change to tock-registers. Tracking Issue for asm_const rust-lang/rust#93332 Stabilise inline_const rust-lang/rust#104087
• (Remove #![feature(naked_functions)] and compile Cortex-M on stable! #3802) naked_functions. Used for initial entry point and interrupt handlers. Not clear if there is progress on stabilizing this (Tracking issue for naked fns (RFC #1201) rust-lang/rust#32408). Tracking Issue for RFC #2972: Constrained Naked Functions  rust-lang/rust#90957 (comment) Stabilize naked_functions rust-lang/rust#93587
• (Remove nightly-only target_feature #3803) #[cfg(target_feature = "v7")]. This is not a documented feature flag only available on nightly, but target_feature is only set for arm targets on nightly. You can see this by running rustc --target=thumbv7em-none-eabi --print cfg on nightly vs. stable.
• (kernel: remove core_intrinsics #3574) core_intrinsics. Intrinsics will never be stabilized, and are subject to unannounced changes by rustc's developers. We use three classes of intrinsics:
  • (RFC: Restructure DeferredCall to not require atomics #3086 ) core::intrinsics::atomic_*, various atomic intrinsics. These will be very difficult to get rid of due to how Rust decides to provide AtomicT types, and, in the case of kernel's AtomicUsize will require consultation with an atomics expert. These intrinsics are only used for the DeferredCall mechanism, and discussion on the Tock core call indicates that DeferredCall likely can be rewritten to not require atomics, given that the Tock kernel design guarantees non-reentrancy of all interactions with DeferredCall. A PR that safely removes the use of atomics in the kernel is welcome.
  • (Remove core_intrinsics offset feature #1957) core::intrinsics::offset, which is just pointer arithmetic. We should be using <*mut T>::offset, which is guaranteed to have the same effect and the same optimization characteristics.
  • (Remove core::intrinsics::math #1958) core::intrinsics::sqrtf32, a square root intrinsic. f32::sqrt is not present in core even though it just calls the intrinsic. This is because on many platforms, the intrinsic expands into a libm call, though not on any platforms Tock is built for. Removing this may require implementing a polyfill in assembly.
• (????) custom_test_frameworks. Used to test boards. Tracking issue for eRFC 2318, Custom test frameworks rust-lang/rust#50297
• (????) -Z build-std=core, compiler_builtins. Added in use -Zbuild-std=core to build the std library with our optimization settings #2847. Builds a more optimized library, but uses an unstable flag. Doc: https://doc.rust-lang.org/cargo/reference/unstable.html#build-std. Related repo: https://github.com/rust-lang/wg-cargo-std-aware.
• (????) -Z build-std-features="core/optimize_for_size". Added in bump Rust nightly to nightly-2024-05-23 and set optimize_for_size #4002.
• (????) -Z virtual-function-elimination. Added in Update Rust nightly version + Expose virtual-function-elimination #3072 . Removes uncalled virtual functions from LTO'ed binaries, but uses an unstable flag as it can sometimes be too aggressive. This is not used by default, and must be specifically requested by setting an environment variable (VFUNC_ELIM=1).
• (Update Nightly to Feb 2022 #2959) asm. Assembly is a hard requirement for any kernel, it is possible to move all of it into .S files instead. Tracking issue for asm!(): Tracking Issue for inline assembly (asm!) rust-lang/rust#72016.
• (Remove const_fn_trait_bound feature and update nightly (Mar 2022) #2988) const_fn_trait_bound. What used to be const_fn has been broken into smaller changes, and we only require one that is still unstable: const functions with a bound type parameter. The Tock register interface uses const_fn extensively, and it is an open question what it would take to forego this. Fortunately, the stabilization PR has been merged, so we should be able to remove feature(const_fn_trait_bound) at our next toolchain update.
• (Remove #![feature(const_mut_refs)] #3082) const_mut_refs. Used in tock-cells and lowrisc chip. Tracking issue for &mut T in const contexts (const_mut_refs) rust-lang/rust#57349
• (libraries: cells: remove option_result_contains #2964) option_result_contains. Tracking issue for Option::contains and Result::contains rust-lang/rust#62358 . We could easily reimplement this. Branch ready: https://github.com/tock/tock/compare/remove-option_result_contains.
• ([Tracking] Convert from llvm_asm!() to new asm!() #1923) llvm_asm. Replaced by asm!().
• (????) try_trait. Used in the kernel, for tbf parsing. But at some point we stopped using it.
• (Remove associated_type_defaults feature #2346) associated_type_defaults. Allows declaring defaults for associated types in trait definitions. We only use it in two places, and in both cases we can remove it just by adding type parameters in a few places that we currently do not (MPUConfig and Component::StaticInput). Only partially implemented in the compiler right now, but seems to be nearing completion? Tracking issue for RFC 2532, "Associated type defaults" rust-lang/rust#29661 .
• (remove all uses of unstable const_in_array_repeat_expressions feature #2215 ) const_in_array_repeat_expressions. Used to allow for ergonomic components for scheduler initialization. Could be replaced by using recursive macros for array declarations instead, which is @hudson-ayers responsibility if this ever becomes the lone blocker. Tracking issue: Tracking issue for RFC 2203, "Constants in array repeat expressions" rust-lang/rust#49147 . Fixed by remove all uses of unstable const_in_array_repeat_expressions feature #2215
• (rust: remove all unused feature pragmas #1643) Remove all pragmas currently not required to build Tock.
• (remove all uses of lang_items unstable feature #1950 ) lang_items. The main purpose of this pragma is declaring the global panic handler in a no_std binary. A mechanism for this has been stabilized, and remove all uses of lang_items unstable feature #1950 should remove all uses of it.
• (rust: remove all uses of unstable pragma "in_band_lifetimes" #1646) in_band_lifetimes. This is syntax sugar that makes otherwise undeclared lifetimes become defined, by adding lifetime declarations where necessary. In other words, the transformation fn foo(_: &'a T) -> fn foo<'a>(_: &'a T). The "placeholder lifetime", '_, is a stable feature that acts as an in-band lifetime which does not bind a name, and which was originally part of in_band_lifetimes. Since the stabilization of '_, the stabilization of in_band_lifetimes has been deprioritized, and is fairly unlikely to happen in its current form.
• (chips/saml4: remove unstable pragma #1649) concat_idents. Used in just one macro that doesn't actually need it. Given that it is basically unusable, Rust is very reluctant to ever stabilize it.
• (kernel: remove unstable crate_visibility_modifier, aka crate -> pub(crate) #1650) crate_visibility_modifier. Allows crate in item position as sugar for pub(crate). Interest in this feature appears to have died down after the 2018 module system shakeup, and provides no value other than saving five characters.
• (kernel: use NonNull, iterate on grant and appslice interfaces #1648) ptr_internals. Allows use of core::ptr::Unique. This is an internal of Box that will never be stabilized. core::ptr::NonNull is a drop-in replacement.
• (chips/e310x: Remove unstable pragma #1647) exclusive_range_pattern. Allows use of a..b as a pattern. Only used in one place (used incorrectly, too).
• (kernel: remove panic_info_message feature #1955) panic_info_message. Used in one place by kernel to dump panic information. Might want to get rid of it, since it seems the API might get tossed out in favor of something else: Tracking issue for PanicInfo::message rust-lang/rust#66745
• (Handle device register aliases explicitly #1661) untagged_unions. Allows putting non-Copy traits in unions. Using this is basically asking for weird dtor behavior and general unsoundness. We use it in one place, and can probably just plug the hole with the stable DropManually API (which is just an untagged_union without sharp edges).

This work is especially attractive to OpenTitan's use of Tock as a secure embedded operating system. Being able to build code without exercising unstable (and, as such, untested and unproven) code paths in the compiler increases confidence in the language-level and hardware-level guarantees provided by Tock. This is not to mention that unstable features are not guaranteed to be stabilized, or to remain in the compiler indefinitely.

This work is divided up according to pragmas still present after #1643, which every pragma that could be removed without causing build failures. Below is a list of all pragmas Tock still uses.

Please comment additional pragmas below as they are used, or edit this list to include them if you have write access.