-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correctly construct Region
to uphold deallocation safety invariant
#2062
Conversation
Yeah, I now understand why this fix is correct, thank you! However, this will create a pointless clone of the data in many cases. I think there are two potential other ways to address it:
|
Since all of the logic is private, I felt free to update the API of The trait exposes the function And testing against the latest nightly compiler, it fixes it. |
The So this is a better API. |
140549b
to
c688732
Compare
Region
to uphold deallocation safety invariant
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's beautiful, thanks!
S: RegionSource, | ||
{ | ||
// Well, this technically violates pointer provenance rules. | ||
// But there isn't a stable API for it, so that's the best we can do, I guess. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which provenance rules are you referring to?
The whole memory
module is wasm32 only, such that we know
- The memory is a Wasm linear memory where memory can be addressed by offsets
- usize is 32 bit long
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, makes sense, but it's just internally a bunch of hints for the compiler and miri.
It contains stuff like the address space, address, and some other metadata which a usize
can technically not accurately represent since it's just a pointer somewhere in memory.
It's technically just an experiment but they also wanna explore if it makes sense for the compiler to enforce provenance at some point AFAIK.
https://doc.rust-lang.org/nightly/std/ptr/index.html#strict-provenance
But as the docs say
The following text is non-normative, insufficiently formal, and is an extremely strict interpretation of provenance. It’s ok if your code doesn’t strictly conform to it.
Just something that was on my mind and I commented in ¯\_(ツ)_/¯
We can remove the comment, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, all good, no worries. I was just not sure if there is anything practically relevant we need to be careful of.
Co-authored-by: Simon Warta <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sweet! Could you add a CHANGELOG entry for this?
S: RegionSource, | ||
{ | ||
// Well, this technically violates pointer provenance rules. | ||
// But there isn't a stable API for it, so that's the best we can do, I guess. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, all good, no worries. I was just not sure if there is anything practically relevant we need to be careful of.
Damn it, I always forget the changelog.. |
8db21a0
to
e0f963d
Compare
No, not really. It's just something they are experimenting with to give the compiler more information about raw pointers. |
@Mergifyio backport release/1.5 |
✅ Backports have been created
|
Correctly construct `Region` to uphold deallocation safety invariant (backport #2062)
@Mergifyio backport release/2.0 |
✅ Backports have been created
|
Correctly construct `Region` to uphold deallocation safety invariant (backport #2062)
Closes #2061
To cite from the comments of the patch: