Safe Transmute: Enable handling references #110662
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
(rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
|
Ah, I should have run the rest of the tests |
rustbot
added
S-waiting-on-author
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
db58ec1 to
ca36b65
Compare
|
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
bryangarza
changed the title
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
ca36b65 to
cb46844
Compare
|
Regarding the enablement of coinduction for Safe Transmute, I discussed it a bit here https://rust-lang.zulipchat.com/#narrow/stream/144729-t-types/topic/Coinductive.20solving.20for.20.28safe.20transmute.29.20and.20all.20traits/near/351739918 |
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
tests/ui/transmutability/arrays/should_require_well_defined_layout.stderr
Outdated
Show resolved
Hide resolved
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
| @@ -5,6 +5,7 @@ | |||
| /// notwithstanding whatever safety checks you have asked the compiler to [`Assume`] are satisfied. | |||
| #[unstable(feature = "transmutability", issue = "99571")] | |||
| #[lang = "transmute_trait"] | |||
| #[rustc_coinductive] | |||
There was a problem hiding this comment.
This needs a T-types FCP I think
There was a problem hiding this comment.
Yeah, will open one soon
There was a problem hiding this comment.
FCPs are opened by team members. I can open one when this PR is ready to land.
jswrenn
reviewed
Apr 26, 2023
compiler/rustc_trait_selection/src/traits/select/confirmation.rs
Outdated
Show resolved
Hide resolved
jswrenn
requested changes
Apr 26, 2023
compiler/rustc_trait_selection/src/traits/error_reporting/mod.rs
Outdated
Show resolved
Hide resolved
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
cb46844 to
a5de035
Compare
rustbot
added
the
WG-trait-system-refactor
|
Some changes occurred to the core trait solver cc @rust-lang/initiative-trait-system-refactor |
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
3 times, most recently
from
5499ee5 to
824155a
Compare
bryangarza
commented
Apr 28, 2023
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
e2b9cb2 to
cb1cb98
Compare
bryangarza
commented
Apr 28, 2023
tests/ui/transmutability/enums/repr/primitive_reprs_should_have_correct_length.stderr
Show resolved
Hide resolved
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
caec21b to
289af09
Compare
|
@rustbot ready |
This patch just removes the `#[rustc_coinductive]` annotation from `BikeshedIntrinsicFrom` and flips the related tests to `check-fail`. Once an FCP for setting the annotation on the trait is approved, it could be enabled again.
bryangarza
changed the title
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
2 times, most recently
from
a2c43c8 to
ef0b78c
Compare
This comment has been minimized.
This comment has been minimized.
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
ef0b78c to
1556d77
Compare
This comment has been minimized.
This comment has been minimized.
- Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability
bryangarza
force-pushed
the
safe-transmute-reference-types
branch
from
1556d77 to
f4cf8f6
Compare
|
@rustbot ready |
rustbot
added
S-waiting-on-review
compiler-errors
approved these changes
Jun 13, 2023
|
@bors r+ |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
1 similar comment
|
☀️ Test successful - checks-actions |
|
Finished benchmarking commit (3ed2a10): comparison URL. Overall result: no relevant changes - no action needed@rustbot label: -perf-regression Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 647.762s -> 648.428s (0.10%) |
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Jul 11, 2023
…ductive, r=compiler-errors Enable coinduction support for Safe Transmute This patch adds the `#[rustc_coinductive]` annotation to `BikeshedIntrinsicFrom`, so that it's possible to compute transmutability for recursive types. ## Motivation Safe Transmute currently already supports references (rust-lang#110662). However, if a type is implemented recursively, it leads to an infinite loop when we try to check if transmutation is safe. A couple simple examples that one might want to write, that are currently not possible to check transmutability for: ```rs #[repr(C)] struct A(&'static B); #[repr(C)] struct B(&'static A); ``` ```rs #[repr(C)] enum IList<'a> { Nil, Cons(isize, &'a IList<'a>) } #[repr(C)] enum UList<'a> { Nil, Cons(usize, &'a UList<'a>) } ``` Previously, `@jswrenn` was considering writing a co-inductive solver from scratch, just for the `rustc_tranmsute` crate. Later on as I started working on Safe Transmute myself, I came across the `#[rustc_coinductive]` annotation, which is currently only being used for the `Sized` trait. Leveraging this trait actually solved the problem entirely, and it saves a lot of duplicate work that would have had to happen in `rustc_transmute`.
matthiaskrgr
added a commit
to matthiaskrgr/rust
that referenced
this pull request
Mar 13, 2024
…piler-errors
Safe Transmute: Require that source referent is smaller than destination
`BikeshedIntrinsicFrom` currently models transmute-via-union; i.e., it attempts to provide a `where` bound for this function:
```rust
pub unsafe fn transmute_via_union<Src, Dst>(src: Src) -> Dst {
use core::mem::*;
#[repr(C)]
union Transmute<T, U> {
src: ManuallyDrop<T>,
dst: ManuallyDrop<U>,
}
let transmute = Transmute { src: ManuallyDrop::new(src) };
// SAFETY: The caller must guarantee that the transmutation is safe.
let dst = transmute.dst;
ManuallyDrop::into_inner(dst)
}
```
A quirk of this model is that it admits padding extensions in value-to-value transmutation: The destination type can be bigger than the source type, so long as the excess consists of uninitialized bytes. However, this isn't permissible for reference-to-reference transmutations (introduced in rust-lang#110662) — extra referent bytes cannot come from thin air.
This PR patches our analysis for reference-to-reference transmutations to require that the destination referent is no larger than the source referent.
r? `@compiler-errors`
rust-timer
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 14, 2024
Rollup merge of rust-lang#122438 - jswrenn:check-referent-size, r=compiler-errors Safe Transmute: Require that source referent is smaller than destination `BikeshedIntrinsicFrom` currently models transmute-via-union; i.e., it attempts to provide a `where` bound for this function: ```rust pub unsafe fn transmute_via_union<Src, Dst>(src: Src) -> Dst { use core::mem::*; #[repr(C)] union Transmute<T, U> { src: ManuallyDrop<T>, dst: ManuallyDrop<U>, } let transmute = Transmute { src: ManuallyDrop::new(src) }; // SAFETY: The caller must guarantee that the transmutation is safe. let dst = transmute.dst; ManuallyDrop::into_inner(dst) } ``` A quirk of this model is that it admits padding extensions in value-to-value transmutation: The destination type can be bigger than the source type, so long as the excess consists of uninitialized bytes. However, this isn't permissible for reference-to-reference transmutations (introduced in rust-lang#110662) — extra referent bytes cannot come from thin air. This PR patches our analysis for reference-to-reference transmutations to require that the destination referent is no larger than the source referent. r? `@compiler-errors`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch enables support for references in Safe Transmute, by generating nested obligations during trait selection. Specifically, when we call
confirm_transmutability_candidate(...), we now recursively traverse therustc_transmute::Answertree and create obligations for all theAnswervariants, some of which include multiple nestedAnswers.