Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document raw pointer <-> usize casts. #970

Merged
merged 10 commits into from
May 17, 2021
Merged

Document raw pointer <-> usize casts. #970

merged 10 commits into from
May 17, 2021

Conversation

ben0x539
Copy link
Contributor

No description provided.

@ben0x539
Copy link
Contributor Author

I was advised that these casts are controversial (and to cc @RalfJung), but I think promising at minimum something like this is necessary to describe how people use raw pointers right now irl.

@Havvy Havvy added A-expressions Area: Expressions New Content Missing features or aspects of language not currently documented. S-needs-reviewer The pull request poses questions that need to be answered by non-maintainers of the reference labels Feb 28, 2021
@RalfJung
Copy link
Member

RalfJung commented Feb 28, 2021

I'm afraid "same value" is impossible since pointers carry provenance that is inadvertently lost on an integer roundtrip. See this blog post for the kind of issues that arise when one assumes that a ptr-int-ptr roundtrip returns the same value.

So it might be a different value, but it will point to the same location ("numeric address", I guess).

@ben0x539
Copy link
Contributor Author

C++ seems to use similar phrasing: https://eel.is/c++draft/expr.reinterpret.cast#5

Is the description of the as operation the best place to get into the details of how provenance work? What are we willing to stabilize about as?

@RalfJung
Copy link
Member

C++ seems to use similar phrasing

Yeah, and C/C++ are notoriously bad at documenting how pointers behave, which leads to the kinds of problems I have described in my blog post. I view C and C++ as bad examples in this regard, not as something we should copy. I think Rust can and should do better here. (C is in the process of improving; I hope C++ will follow eventually.)

What are we willing to stabilize about as?

I could agree to saying something like

Casting from usize to a raw pointer will produce a pointer pointing to the same location as the original pointer if the usize was obtained through a pointer to address cast of a valid pointer.

(I removed "of the same type" since it is not relevant in Rust.) I'd prefer to explicitly talk about provenance, and I think a basic understanding of provenance is required to properly work with int-ptr-casts, but I don't have time to draft all that text right now. It might be worth to at least explicitly state that "two pointers point to the same location" does not imply that the two pointers have the same value, i.e., to explicitly say that there's more to a pointer than the location it points to. I am also not sure if "location" is the best term and am open to suggestions for other terms to use here.

Havvy
Havvy previously requested changes Mar 8, 2021
Copy link
Contributor

@Havvy Havvy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't actually discuss provenance anywhere in the reference currently. It'd be part of the memory model, but uhh, we've avoided that area. I'm not actually sure we want to talk about it here. cc @RalfJung against for what they think.

I'm mostly giving stylistic nits here, and you should wait on Ralf before applying them since he might give better non-stylstic review.

src/expressions/operator-expr.md Outdated Show resolved Hide resolved
src/expressions/operator-expr.md Outdated Show resolved Hide resolved
@ben0x539
Copy link
Contributor Author

ben0x539 commented Mar 8, 2021

Thanks for the stylistic pointers!

I also don't want to put a discussion of the memory model into the "what does a cast do" section, but I definitely don't want to trick readers into thinking it's easier than it is. Since a lot of it isn't entirely hammered out as far as I understand, I just wanted to get the basics written down.

@RalfJung
Copy link
Member

RalfJung commented Mar 13, 2021

We don't actually discuss provenance anywhere in the reference currently. It'd be part of the memory model, but uhh, we've avoided that area. I'm not actually sure we want to talk about it here. cc @RalfJung against for what they think.

I think this needs a decision from @rust-lang/lang.^^ I cannot make the call here, all I can say is whether a proposed spec is consistent with what I know about how to mathematically formalize ptr-int-casts and pointer provenance, and I can help flesh out the formulation.

@Havvy
Copy link
Contributor

Havvy commented Mar 31, 2021

Nominating as per the previous comment.

@nikomatsakis
Copy link
Contributor

We discussed this in our 2021-04-06 meeting. The consensus in that meeting was that we did not want to merge this PR, because we didn't feel ready to make commitments one way or the other on this question. It seems like making statements about provenance would be best done when we've worked out more of the stack borrows story etc.

We would however be interested in having a design meeting to talk about the overall plan forward regarding provenance, correct pointer usage, etc.

@nikomatsakis
Copy link
Contributor

(We'd be inclined to close this PR, as a result)

@ben0x539
Copy link
Contributor Author

This PR wasn't meant to be about provenance. Currently there seems to be no official documentation or specification about what pointer<->usize casts do at all. Provenance wording happened because "you obviously just get the same pointer back if you go back and forth" was too ambitious, but of course I would be happy to write down something much weaker.

Is there any behavior, wording aside, that we'd be happy to commit to right now, or would you prefer to leave pointer<->usize casts completely undefined until the provenance/stacked borrows thing is fully hashed out?

@nikomatsakis
Copy link
Contributor

Hmm, I think it would be useful to document them! I imagine something that leaves a lot of open-ended would work. Something like this?

  • Casting from a pointer to an integer produces the machine address. Note that this interacts with the Rust model which is still under development; casting from a pointer to an integer and back may or may not be equivalent depending on the results of that work.

@ben0x539
Copy link
Contributor Author

Great, I'll amend this PR!

I think it may be good to include some basically "blessed" examples of roundtrips that don't go anywhere near the tricky cases, but the table/list-based structure of this section makes it a bit awkward. hm.

@ben0x539
Copy link
Contributor Author

ok so this also changes the formatting a bunch, breaking up the big nested list into sections with headings, so that I could fit in an example.

The actual wording should not be overreaching, I hope.

Copy link
Contributor

@nikomatsakis nikomatsakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking much better to me, modulo @RalfJung's nits.

@ben0x539 ben0x539 requested review from Havvy and RalfJung May 17, 2021 01:14
@RalfJung
Copy link
Member

My comments have been resolved.
I can't approve or merge PRs in this repo.

Copy link
Contributor

@ehuss ehuss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving per nikomatsakis and RalfJung.

I pushed a small change to change a link to markdown.

Thanks!

@ehuss ehuss dismissed Havvy’s stale review May 17, 2021 22:52

was resolved

@ehuss ehuss merged commit f34a622 into rust-lang:master May 17, 2021
JohnTitor added a commit to JohnTitor/rust that referenced this pull request May 26, 2021
Update books

## reference

4 commits in 5aa457bf1b54bd2cd5d4cf49797f29299bdf89a7..9c68af3ce6ccca2395e1868addef26a0542e9ddd
2021-05-05 08:39:22 -0700 to 2021-05-24 09:53:32 -0700
- missing parameter name in Trait Implementations (rust-lang/reference#1030)
- Add more content to impl-trait.md (rust-lang/reference#1017)
- Document extended key-value attributes (rust-lang/reference#1029)
- Document raw pointer &lt;-&gt; usize casts. (rust-lang/reference#970)

## rust-by-example

1 commits in 5f8c6da200ada77760a2fe1096938ef58151c9a6..805e016c5792ad2adabb66e348233067d5ea9f10
2021-04-29 08:08:01 -0300 to 2021-05-20 17:08:34 -0300
- Update structs.md (rust-lang/rust-by-example#1440)

## rustc-dev-guide

4 commits in 1e6c7fb..50de7f0
2021-05-10 13:38:24 +0900 to 2021-05-20 15:02:20 +0200
- update rustfmt references to reflect change from submod to subtree (rust-lang/rustc-dev-guide#1129)
- Remove `--stage 1` argument from `doc` invocations (rust-lang/rustc-dev-guide#1125)
- Update coverage docs (rust-lang/rustc-dev-guide#1122)
- Document -Zunpretty=thir-tree (rust-lang/rustc-dev-guide#1128)

## edition-guide

1 commits in 1da3c411f17adb1ba5de1683bb6acee83362b54a..302a115e8f71876dfc884aebb0ca5ccb02b8a962
2021-02-16 16:46:40 -0800 to 2021-05-21 10:46:11 -0400
- Minimize the edition guide (rust-lang/edition-guide#232)

## embedded-book

1 commits in 569c3391f5c0cc43433bc77831d17f8ff4d76602..7349d173fa28a0bb834cf0264a05286620ef0923
2021-04-07 08:32:11 +0000 to 2021-05-25 13:59:05 +0000
- Remove $ from cargo-binutils  (rust-embedded/book#292)
JohnTitor added a commit to JohnTitor/rust that referenced this pull request May 26, 2021
Update books

## reference

4 commits in 5aa457bf1b54bd2cd5d4cf49797f29299bdf89a7..9c68af3ce6ccca2395e1868addef26a0542e9ddd
2021-05-05 08:39:22 -0700 to 2021-05-24 09:53:32 -0700
- missing parameter name in Trait Implementations (rust-lang/reference#1030)
- Add more content to impl-trait.md (rust-lang/reference#1017)
- Document extended key-value attributes (rust-lang/reference#1029)
- Document raw pointer &lt;-&gt; usize casts. (rust-lang/reference#970)

## rust-by-example

1 commits in 5f8c6da200ada77760a2fe1096938ef58151c9a6..805e016c5792ad2adabb66e348233067d5ea9f10
2021-04-29 08:08:01 -0300 to 2021-05-20 17:08:34 -0300
- Update structs.md (rust-lang/rust-by-example#1440)

## rustc-dev-guide

4 commits in 1e6c7fb..50de7f0
2021-05-10 13:38:24 +0900 to 2021-05-20 15:02:20 +0200
- update rustfmt references to reflect change from submod to subtree (rust-lang/rustc-dev-guide#1129)
- Remove `--stage 1` argument from `doc` invocations (rust-lang/rustc-dev-guide#1125)
- Update coverage docs (rust-lang/rustc-dev-guide#1122)
- Document -Zunpretty=thir-tree (rust-lang/rustc-dev-guide#1128)

## edition-guide

1 commits in 1da3c411f17adb1ba5de1683bb6acee83362b54a..302a115e8f71876dfc884aebb0ca5ccb02b8a962
2021-02-16 16:46:40 -0800 to 2021-05-21 10:46:11 -0400
- Minimize the edition guide (rust-lang/edition-guide#232)

## embedded-book

1 commits in 569c3391f5c0cc43433bc77831d17f8ff4d76602..7349d173fa28a0bb834cf0264a05286620ef0923
2021-04-07 08:32:11 +0000 to 2021-05-25 13:59:05 +0000
- Remove $ from cargo-binutils  (rust-embedded/book#292)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-expressions Area: Expressions New Content Missing features or aspects of language not currently documented. S-needs-reviewer The pull request poses questions that need to be answered by non-maintainers of the reference
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants