Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[project] Initial commit #1934

Open
wants to merge 33 commits into
base: main
Choose a base branch
from
Open

[project] Initial commit #1934

wants to merge 33 commits into from

Conversation

joshlf
Copy link
Member

@joshlf joshlf commented Oct 18, 2024
edited
Loading

TODO: Could we support unsized types so long as we never call offset_of!
on the trailing unsized field?

TODO: Use Name type parameter trick to emit better error messages:
https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=97771667892860935bea60b218f8fdf4

This PR is on branch projection-sized.

joshlf and others added 26 commits October 12, 2024 14:06
@joshlf
[ci] Don't run on push (#1882)
5b5d5a6 
We already have the merge queue; running on push is redundant.
@joshlf
Release 0.9.0-alpha.0 (#1881)
e7217b5 
Upgrade our MSRV to 1.65 and remove version detection logic prior to
that version.
@joshlf
Enable clippy::missing_const_for_fn (#1883)
2b56c07 
* Release 0.9.0-alpha.0

Upgrade our MSRV to 1.65 and remove version detection logic prior to
that version.

* Enable clippy::missing_const_for_fn

While we're here, remove defensive programming against bug in
`Layout::from_size_align` which is no longer needed on our new MSRV.
@joshlf
Upgrade some code for MSRV 1.65 (#1885)
1788f44 
Now that our MSRV is 1.65, we can clean up some code.

Makes progress on #67
@joshlf
Clean up some code for new MSRV (#1888)
7349fe0 
Also clean up some code for 0.9.
@joshlf
Upgrade versions of some dependencies (#1886)
19ab41c 
* Upgrade some code for MSRV 1.65

Now that our MSRV is 1.65, we can clean up some code.

Makes progress on #67

* Upgrade versions of some dependencies

Now that our MSRV is 1.65, it unlocks upgrading some dependencies'
versions.
@joshlf
Roll pinned toolchains on v0.8.x branch (#1887)
5452c3d
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1900)
2e819ac
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1902)
ccf477d
@dependabot
[CI] Bump github/codeql-action from 3.26.12 to 3.26.13 (#1903)
c128ed2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c36620d...f779452)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
[CI] Bump Swatinem/rust-cache from 2.7.3 to 2.7.5 (#1904)
1c8cbc7 
Bumps [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) from 2.7.3 to 2.7.5.
- [Release notes](https://github.com/swatinem/rust-cache/releases)
- [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md)
- [Commits](Swatinem/rust-cache@23bce25...82a92a6)

---
updated-dependencies:
- dependency-name: Swatinem/rust-cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@joshlf
[pointer] Clarify semantics of aliasing invariants (#1889)
d9e48e3 
Previously, we supported the `AtLeast` bound, which was used to describe
a subset relationship in which `I: AtLeast<J>` implied that `I` as at
least as restrictive as `J`. However, as described in #1866, this
incorrectly models invariants as monotonic. In reality, invariants both
provide guarantees but also *require* guarantees.

This commit takes a step in the direction of resolving #1866 by removing
`AtLeast`. Uses of `AtLeast<Shared>` are replaced by a new `Reference`
trait, which is implemented for `Shared` and `Exclusive`. This serves
two purposes: First, it makes it explicit what this bound means.
Previously, `AtLeast<Shared>` had an ambiguous meaning, while
`Reference` means precisely that an invariant is either `Shared` or
`Exclusive` and nothing else. Second, it paves the way for #1183, in
which we may add new aliasing invariants which convey ownership. In that
case, it will be important for existing methods to add `Reference`
bounds when those methods would not be sound in the face of ownership
semantics.

We also inline the items in the `invariant` module, which were
previously generated by macro. The addition of the `Reference` trait did
not play nicely with that macro, and we will likely need to go further
from the macro in order to fix #1839 – this fix will likely require
making aliasing invariants meaningfully different than other invariants,
for example by adding an associated type.

Makes progress on #1866
@joshlf
[derive] Document trivial_is_bit_valid (#1905)
967b3a0 
Explain why we only support concrete types so that future authors won't
spuriously add support for them.
@joshlf
[pointer] Add separate PtrInner (#1891)
b43c510 
`PtrInner` carries all invariants which are not controlled by type
parameters. Since `PtrInner` does not promise to uphold aliasing,
alignment, or validity, we can move some utility methods to `PtrInner`
which previously were responsible for maintaining invariants orthogonal
to their purpose.

Makes progress on #1892 (still needs to be fixed on v0.8.x)
Closes #1890
@joshlf
[pointer][invariant] Move to separate file (#1906)
ca9243f 
This prepares us for future changes which will significantly increase
the amount of code in the `invariant` module.

Also merge `aliasing_safety` into this new file.
@joshlf
[pointer] Match variance of references (#1894)
51475bd 
When the aliasing mode is `Any`, `Ptr<'a, T>` is invariant in `'a` and
`T`. When the aliasing mode is `Shared` or `Exclusive`, `Ptr` has the
same variance as `&'a T` and `&'a mut T` respectively.

Makes progress on #1839
@joshlf
[pointer] Make invariants opaque, more ergonomic (#1895)
f80a65d 
Closes #1876
@joshlf
[pointer] Simplify AliasingSafe, rename to Read (#1908)
85a12e2 
`AliasingSafe` is really about whether a pointer permits unsynchronized
reads - either because the referent contains no `UnsafeCell`s or because
the aliasing mode is `Exclusive`. Previously, `AliasingSafe` was not
named consistent with this meaning, and was a function of a *pair* of
types rather than of a single type. This commit fixes both oversights.

While we're here, we also add `Read` bounds in some places, allowing us
to simplify many safety comments.
@joshlf
[pointer] Rename Any -> Unknown/Inaccessible (#1909)
ae43fce 
For aliasing, use `Inaccessible`. For alignment and validity, use
`Unknown`.
@joshlf
[pointer] Support generic invariant mapping (#1896)
0665b90 
This commit adds a framework which supports encoding in the type system
any `I -> I` mapping where `I` is any `Invariant` type. This permits us
to make `cast_unsized`'s return value smarter, and as a result, allows
us to remove a lot of `unsafe` code.

Makes progress on #1122
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1915)
77a5f56
@joshlf
Remove items deprecated in 0.8 (#1916)
49749b7 
gherrit-pr-id: I003d5360d1b7f7882a71490813eca50b39025f14
@jswrenn
Fix flaky TryFromBytes tests (#1917)
f04c344 
These tests depend on `src` being aligned to multiples of 2. With
this commit, that dependency is explicitly enforced.
@joshlf
Use #[marker] on nightly in CI (#1925)
70e5ef4 
We eventually hope to make use of `#[marker]` traits once they're
stable. This permits us to test to make sure the feature is as we expect
and that our intended usage works.

gherrit-pr-id: I3a111bf5647fdcc9805cbadf36f729ac69b28509
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1928)
d3e44e2 
And allow `non_local_definitions`.
@joshlf
Use #[marker] on nightly in CI (#1926)
af67d9a 
We eventually hope to make use of `#[marker]` traits once they're
stable. This permits us to test to make sure the feature is as we expect
and that our intended usage works.

gherrit-pr-id: I3a111bf5647fdcc9805cbadf36f729ac69b28509
@joshlf
Copy link
Member Author

joshlf commented Oct 18, 2024

This supersedes #1933, which has a soundness hole.

This only supports sized types for now, but maybe we'll figure out a way to lift that limitation eventually.

@joshlf joshlf force-pushed the I54eb863c96f056738f58727fc0fec4e1630bf97a branch from 874f368 to 79841ca Compare October 18, 2024 05:55
@joshlf joshlf force-pushed the I54eb863c96f056738f58727fc0fec4e1630bf97a branch from 79841ca to b39b4b1 Compare October 18, 2024 13:57
@joshlf joshlf force-pushed the I54eb863c96f056738f58727fc0fec4e1630bf97a branch 2 times, most recently from 451d820 to 21338e0 Compare October 19, 2024 01:55
google-pr-creation-bot and others added 5 commits October 19, 2024 14:56
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1947)
65e60ae
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1950)
35d9d4f
@google-pr-creation-bot
[ci] Roll pinned nightly toolchain (#1955)
300ddc2
@joshlf
[unsafe-fields] Initial commit (#1929)
986e3c5 
Makes progress on #1931

gherrit-pr-id: If0e198c377137dd941ebd5dc68787766a593e1eb
@joshlf
[project] Initial commit
5ef235b 
TODO: Could we support unsized types so long as we never call offset_of!
on the trailing unsized field?

TODO: Use `Name` type parameter trick to emit better error messages:
https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=97771667892860935bea60b218f8fdf4

gherrit-pr-id: I54eb863c96f056738f58727fc0fec4e1630bf97a
@joshlf joshlf force-pushed the I54eb863c96f056738f58727fc0fec4e1630bf97a branch from 21338e0 to 5ef235b Compare October 21, 2024 20:03
kupiakos
kupiakos reviewed Oct 22, 2024
View reviewed changes
src/pointer/ptr.rs
impl<'a, T, I> Ptr<'a, T, I>
where
T: 'a + ?Sized,
I: Invariants,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this can only ever be sound for invariants that structurally propagate to their fields. This doesn't apply for the Pin invariant.

kupiakos
kupiakos reviewed Oct 22, 2024
View reviewed changes
src/project.rs
// NOTE: Doing the actual cast inside this function makes the `project!`
// macro simpler, but it also means that we can't handle both const code and
// unsized types at the same time. In order to be const, we can't call trait
// methods, but in order to support unsized types, we'd need to provide a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For slice DSTs, all you need is the offset of the last field, which is the same for all sizes. This could be stored as a const.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kupiakos kupiakos kupiakos left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joshlf @kupiakos @google-pr-creation-bot @jswrenn