Improve safety of atom tables and RawBlock #2727
Conversation
|
Thank you so much for working on this! One question I have regarding these changes: Would it be better to apply them directly to the upcoming Please see the announcement and discussion at: #2569 |
|
The rebase to |
adri326
force-pushed
the
atom-table-safety
branch
from
43046f8 to
e3c6a80
Compare
|
@bakaq: I would greatly appreciate if you could take a look at these impressive changes! |
|
I'm not sure why I would like to suggest in a subsequent PR a way to make the API of |
|
@adri326: This looks awesome, thank you so much for all these impressive contributions! |
|
Looks like there are some module access restrictions preventing the CI tests from passing. |
|
Those were fixed by #2735 iirc |
|
@adri326 is there a way to rerun the CI tests for this PR? One easy way may be to amend the topmost commit with |
adri326
force-pushed
the
atom-table-safety
branch
from
963ca37 to
e74b60e
Compare
|
Did a rebase, the one failing test case is fixed in #2759, but you can run the tests locally with I should probably squash those commits down, too. |
|
Mark referred to the CI tests which we see on github at the end of this PR discussion, they still fail:
You can click on the tests to see more information. |
…lloc properly aligns to it
This notably tightens assertions in RawBlock::get to require indices to be less than head. A special case for Machine::get_clause_p, as it needs to read a dangling stack frame. Switch `RawBlock.head` to be a Cell to reduce the number of invariants and be closer to being thread-safe.
- Fix miri warning about pointer->integer->pointer cast in stack.rs - Panic if Stack::truncate is called with an unaligned value - Add assertions in stack.rs and TODOs for leftover unsafe operations
adri326
force-pushed
the
atom-table-safety
branch
from
e74b60e to
166e4fd
Compare
|
@triska that's what I also understood. What I meant earlier was that the CI passing depends on #2759 (as of now, the same error in the CI occurs in In the meantime, I've reorganised/squashed the commits for them to not be a mess anymore :) As proof, you can see that the tests pass if you locally cherry-pick the fix from #2759: git cherry-pick 2546976
cargo test
# All tests pass |
The safety of the operations defined for
AtomandRawBlockrelied until now on undocumented and unasserted properties of the inputs and the environment.For instance, the following (dubious) library prolog code triggers undefined behavior:
This PR aims to lessen the chance of someone inadvertently causing undefined behavior from an incorrect usage of
AtomorRawBlock, by making the following changes:RawBlockTraits::align()into a constant, to enforce the invariant that it must be constant. This should also slightly improve performance.RawBlock::allocnot actually aligning thesizetoT::align(), causing potential UB (all call sites were already aligning the size themselves).AtomDatabefore the right metadata for its fat pointer is obtained.AtomDatahas the expected representation.RawBlock, to reduce the amount of code that needs to uphold its invariants. The raw accesses are replaced with functions with both checked and unchecked variants.UnsafeCellwithCellinRawBlock, as the previous code did not need to hand out mutable borrows toptr.RawBlockis still notSync.ptrtoheadand store it as an offset frombase, to reduce the number of pointer operations to keep track of.AtomDataandRawBlock.AtomDataandRawBlock.I'm well aware that these are a lot of changes. I split them into multiple commits to make it possible to pull out changes into a future PR if needs be :)