Safe Transmute: Enable handling references #110662

bryangarza · 2023-04-21T23:52:49Z

This patch enables support for references in Safe Transmute, by generating nested obligations during trait selection. Specifically, when we call confirm_transmutability_candidate(...), we now recursively traverse the rustc_transmute::Answer tree and create obligations for all the Answer variants, some of which include multiple nested Answers.

rustbot · 2023-04-21T23:52:54Z

r? @petrochenkov

(rustbot has picked a reviewer for you, use r? to override)

bryangarza · 2023-04-21T23:53:45Z

r? @compiler-errors

bryangarza · 2023-04-22T00:47:52Z

Ah, I should have run the rest of the tests
@rustbot author

rustbot · 2023-04-25T23:43:50Z

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

Stabilizing library features
Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
Changing public documentation in ways that create new stability guarantees
Changing observable runtime behavior of library APIs

bryangarza · 2023-04-25T23:49:39Z

Regarding the enablement of coinduction for Safe Transmute, I discussed it a bit here https://rust-lang.zulipchat.com/#narrow/stream/144729-t-types/topic/Coinductive.20solving.20for.20.28safe.20transmute.29.20and.20all.20traits/near/351739918

compiler/rustc_trait_selection/src/traits/select/confirmation.rs

compiler/rustc_transmute/src/layout/mod.rs

tests/ui/transmutability/arrays/should_require_well_defined_layout.stderr

compiler/rustc_trait_selection/src/traits/select/confirmation.rs

compiler-errors · 2023-04-26T15:58:19Z

library/core/src/mem/transmutability.rs

This needs a T-types FCP I think

Yeah, will open one soon

FCPs are opened by team members. I can open one when this PR is ready to land.

compiler/rustc_trait_selection/src/traits/select/confirmation.rs

compiler/rustc_transmute/src/lib.rs

compiler/rustc_transmute/src/maybe_transmutable/mod.rs

compiler/rustc_transmute/src/lib.rs

compiler/rustc_transmute/src/maybe_transmutable/mod.rs

compiler/rustc_trait_selection/src/traits/error_reporting/mod.rs

rustbot · 2023-04-27T21:42:40Z

Some changes occurred to the core trait solver

cc @rust-lang/initiative-trait-system-refactor

tests/ui/transmutability/region-infer.stderr

tests/ui/transmutability/enums/repr/primitive_reprs_should_have_correct_length.stderr

bryangarza · 2023-04-28T22:10:34Z

@rustbot ready

This patch just removes the `#[rustc_coinductive]` annotation from `BikeshedIntrinsicFrom` and flips the related tests to `check-fail`. Once an FCP for setting the annotation on the trait is approved, it could be enabled again.

- Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability

bryangarza · 2023-06-13T00:54:38Z

@rustbot ready

compiler-errors · 2023-06-13T21:36:59Z

@bors r+

bors · 2023-06-13T21:37:01Z

📌 Commit f4cf8f6 has been approved by compiler-errors

It is now in the queue for this repository.

bors · 2023-06-14T08:26:27Z

⌛ Testing commit f4cf8f6 with merge 3ed2a10...

bors · 2023-06-14T11:24:34Z

☀️ Test successful - checks-actions
Approved by: compiler-errors
Pushing 3ed2a10 to master...

bors · 2023-06-14T11:24:34Z

☀️ Test successful - checks-actions
Approved by: compiler-errors
Pushing 3ed2a10 to master...

rust-timer · 2023-06-14T12:41:16Z

Finished benchmarking commit (3ed2a10): comparison URL.

Overall result: no relevant changes - no action needed

@rustbot label: -perf-regression

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	0.3%	[0.3%, 0.3%]	1
Regressions ❌ (secondary)	2.2%	[2.2%, 2.2%]	1
Improvements ✅ (primary)	-3.3%	[-3.3%, -3.3%]	1
Improvements ✅ (secondary)	-	-	0
All ❌✅ (primary)	-1.5%	[-3.3%, 0.3%]	2

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	-	-	0
Regressions ❌ (secondary)	-	-	0
Improvements ✅ (primary)	-	-	0
Improvements ✅ (secondary)	-4.9%	[-6.0%, -3.9%]	5
All ❌✅ (primary)	-	-	0

Binary size

This benchmark run did not return any relevant results for this metric.

Bootstrap: 647.762s -> 648.428s (0.10%)

…ductive, r=compiler-errors Enable coinduction support for Safe Transmute This patch adds the `#[rustc_coinductive]` annotation to `BikeshedIntrinsicFrom`, so that it's possible to compute transmutability for recursive types. ## Motivation Safe Transmute currently already supports references (rust-lang#110662). However, if a type is implemented recursively, it leads to an infinite loop when we try to check if transmutation is safe. A couple simple examples that one might want to write, that are currently not possible to check transmutability for: ```rs #[repr(C)] struct A(&'static B); #[repr(C)] struct B(&'static A); ``` ```rs #[repr(C)] enum IList<'a> { Nil, Cons(isize, &'a IList<'a>) } #[repr(C)] enum UList<'a> { Nil, Cons(usize, &'a UList<'a>) } ``` Previously, `@jswrenn` was considering writing a co-inductive solver from scratch, just for the `rustc_tranmsute` crate. Later on as I started working on Safe Transmute myself, I came across the `#[rustc_coinductive]` annotation, which is currently only being used for the `Sized` trait. Leveraging this trait actually solved the problem entirely, and it saves a lot of duplicate work that would have had to happen in `rustc_transmute`.

…piler-errors Safe Transmute: Require that source referent is smaller than destination `BikeshedIntrinsicFrom` currently models transmute-via-union; i.e., it attempts to provide a `where` bound for this function: ```rust pub unsafe fn transmute_via_union<Src, Dst>(src: Src) -> Dst { use core::mem::*; #[repr(C)] union Transmute<T, U> { src: ManuallyDrop<T>, dst: ManuallyDrop<U>, } let transmute = Transmute { src: ManuallyDrop::new(src) }; // SAFETY: The caller must guarantee that the transmutation is safe. let dst = transmute.dst; ManuallyDrop::into_inner(dst) } ``` A quirk of this model is that it admits padding extensions in value-to-value transmutation: The destination type can be bigger than the source type, so long as the excess consists of uninitialized bytes. However, this isn't permissible for reference-to-reference transmutations (introduced in rust-lang#110662) — extra referent bytes cannot come from thin air. This PR patches our analysis for reference-to-reference transmutations to require that the destination referent is no larger than the source referent. r? `@compiler-errors`

Rollup merge of rust-lang#122438 - jswrenn:check-referent-size, r=compiler-errors Safe Transmute: Require that source referent is smaller than destination `BikeshedIntrinsicFrom` currently models transmute-via-union; i.e., it attempts to provide a `where` bound for this function: ```rust pub unsafe fn transmute_via_union<Src, Dst>(src: Src) -> Dst { use core::mem::*; #[repr(C)] union Transmute<T, U> { src: ManuallyDrop<T>, dst: ManuallyDrop<U>, } let transmute = Transmute { src: ManuallyDrop::new(src) }; // SAFETY: The caller must guarantee that the transmutation is safe. let dst = transmute.dst; ManuallyDrop::into_inner(dst) } ``` A quirk of this model is that it admits padding extensions in value-to-value transmutation: The destination type can be bigger than the source type, so long as the excess consists of uninitialized bytes. However, this isn't permissible for reference-to-reference transmutations (introduced in rust-lang#110662) — extra referent bytes cannot come from thin air. This PR patches our analysis for reference-to-reference transmutations to require that the destination referent is no larger than the source referent. r? `@compiler-errors`

rustbot assigned petrochenkov Apr 21, 2023

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Apr 21, 2023

rustbot assigned compiler-errors and unassigned petrochenkov Apr 21, 2023

This comment has been minimized.

Sign in to view

rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 22, 2023

bryangarza force-pushed the safe-transmute-reference-types branch from db58ec1 to ca36b65 Compare April 25, 2023 23:43

bryangarza changed the title ~~Safe Transmute: Enable handling references~~ Safe Transmute: Enable handling references, including recursive types Apr 25, 2023

bryangarza force-pushed the safe-transmute-reference-types branch from ca36b65 to cb46844 Compare April 25, 2023 23:48

compiler-errors reviewed Apr 26, 2023

View reviewed changes

jswrenn reviewed Apr 26, 2023

View reviewed changes

compiler/rustc_trait_selection/src/traits/select/confirmation.rs Outdated Show resolved Hide resolved

jswrenn requested changes Apr 26, 2023

View reviewed changes

bryangarza force-pushed the safe-transmute-reference-types branch from cb46844 to a5de035 Compare April 27, 2023 00:11

rustbot added the WG-trait-system-refactor The Rustc Trait System Refactor Initiative (-Znext-solver) label Apr 27, 2023

bryangarza force-pushed the safe-transmute-reference-types branch 3 times, most recently from 5499ee5 to 824155a Compare April 27, 2023 22:06

bryangarza commented Apr 28, 2023

View reviewed changes

tests/ui/transmutability/region-infer.stderr Outdated Show resolved Hide resolved

bryangarza force-pushed the safe-transmute-reference-types branch from e2b9cb2 to cb1cb98 Compare April 28, 2023 00:30

bryangarza commented Apr 28, 2023

View reviewed changes

tests/ui/transmutability/enums/repr/primitive_reprs_should_have_correct_length.stderr Outdated Show resolved Hide resolved

bryangarza force-pushed the safe-transmute-reference-types branch from caec21b to 289af09 Compare April 28, 2023 22:02

Safe Transmute: Disable coinduction support

64a54df

This patch just removes the `#[rustc_coinductive]` annotation from `BikeshedIntrinsicFrom` and flips the related tests to `check-fail`. Once an FCP for setting the annotation on the trait is approved, it could be enabled again.

bryangarza changed the title ~~Safe Transmute: Enable handling references, including recursive types~~ Safe Transmute: Enable handling references Jun 7, 2023

bryangarza force-pushed the safe-transmute-reference-types branch 2 times, most recently from a2c43c8 to ef0b78c Compare June 12, 2023 23:43

This comment has been minimized.

Sign in to view

bryangarza force-pushed the safe-transmute-reference-types branch from ef0b78c to 1556d77 Compare June 12, 2023 23:51

This comment has been minimized.

Sign in to view

Safe Transmute: Refactor error handling and Answer type

f4cf8f6

- Create `Answer` type that is not just a type alias of `Result` - Remove a usage of `map_layouts` to make the code easier to read - Don't hide errors related to Unknown Layout when computing transmutability

bryangarza force-pushed the safe-transmute-reference-types branch from 1556d77 to f4cf8f6 Compare June 12, 2023 23:56

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Jun 13, 2023

compiler-errors approved these changes Jun 13, 2023

View reviewed changes

bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 13, 2023

bors added merged-by-bors This PR was explicitly merged by bors. labels Jun 14, 2023

bors merged commit 3ed2a10 into rust-lang:master Jun 14, 2023

rustbot added this to the 1.72.0 milestone Jun 14, 2023

bryangarza mentioned this pull request Jun 29, 2023

Enable coinduction support for Safe Transmute #113175

Merged

jswrenn mentioned this pull request Mar 13, 2024

Safe Transmute: Require that source referent is smaller than destination #122438

Merged

Safe Transmute: Enable handling references #110662

Safe Transmute: Enable handling references #110662

Uh oh!

Conversation

bryangarza commented Apr 21, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rustbot commented Apr 21, 2023

Uh oh!

bryangarza commented Apr 21, 2023

Uh oh!

This comment has been minimized.

bryangarza commented Apr 22, 2023

Uh oh!

rustbot commented Apr 25, 2023

Uh oh!

bryangarza commented Apr 25, 2023

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

compiler-errors Apr 26, 2023

Choose a reason for hiding this comment

Uh oh!

bryangarza Apr 26, 2023

Choose a reason for hiding this comment

Uh oh!

compiler-errors Apr 26, 2023

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

rustbot commented Apr 27, 2023

Uh oh!

Uh oh!

Uh oh!

bryangarza commented Apr 28, 2023

Uh oh!

This comment has been minimized.

This comment has been minimized.

bryangarza commented Jun 13, 2023

Uh oh!

compiler-errors commented Jun 13, 2023

Uh oh!

bors commented Jun 13, 2023

Uh oh!

bors commented Jun 14, 2023

Uh oh!

bors commented Jun 14, 2023

Uh oh!

bors commented Jun 14, 2023

Uh oh!

rust-timer commented Jun 14, 2023

Overall result: no relevant changes - no action needed

Instruction count

Max RSS (memory usage)

Cycles

Binary size

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

bryangarza commented Apr 21, 2023 •

edited

Loading