-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Layout and behavior of enums with uninhabited fields in some variants #443
Comments
Is it guaranteed (and documented somewhere) that |
That is the current behavior as implemented in Miri, but I don't think we guarantee it. |
Do we not specify what data a pattern-match accesses? My real question is: is there or will there ever be a UB-free execution that can reach a match arm that matches on an uninhabited variant. Such an execution could look like the following (I'm assuming this example is fine for e.g. #![feature(never_type)]
#[repr(u8)]
enum Enum<T> {
A = 0,
B = 1,
C(u8, T) = 2,
}
fn main() {
let mut x: Enum<!> = Enum::A;
unsafe { (&raw mut x).cast::<u8>().write(2u8) };
match x {
Enum::A => println!("got A!"),
Enum::B => println!("got B!"),
Enum::C(..) => println!("got C!"), // is this ever reachable?
}
} |
We specify basically nothing here. It's all details of how exactly Personally I think it's reasonable to say that GetDiscriminant will never return the discriminant of an uninhabited enum. Though this is yet another case of special-casing uninhabited types in the semantics (similar to #413 in that sense), which not everyone is happy with. And for |
There has been a good bit of discussion of how this affects code which manually constructs an enum at rust-lang/rust#120141. (Also an IRLO thread.) Essentially, there would be a need for a fallible variant of Personally, I think that a type smaller than the fields it contains is just too surprising/strange of an optimization, and I doubt that manual construction of an enum is the only thing it would affect. Are there other ways to achieve the same performance benefits without changing the enum's size? E.g., since the Rust calling convention is private to the compiler, having functions that take or return |
This is about enums like the following:
The first interesting point is that
E1
actually will not get any space assigned for storing a discriminant, it has size 0. The algorithm that assigns discriminants entirely skipsB
. In Miri we had to make SetDiscriminant throw UB early if the requested variant to set is uninhabited, since otherwise we get ICEs later.However,
E2
has size 8, even though there is only a single valid variant and that variant has size 0. I think we currently always provide storage for all fields of all variants, even if they are uninhabited. This is useful because in theory it lets us compileE2::C(f(), panic!())
into something that does in-place initialization:(AFAIK we currently don't actually do that, we introduce temporaries instead.)
For structs we have decided that we will always have storage for all fields, and this is unavoidable since safe code can partially initialize a struct. However, safe code cannot partially initialize an enum, so we could soundly decide that
E2
has size 0. We have to decide between smaller enums and in-place initialization for arbitrary enums. (We can of course have small enums and then have an analysis that uses in-place initialization where possible -- but in generic MIR, it might not be possible to tell whether the variant we are about to initialize is inhabited.)The text was updated successfully, but these errors were encountered: