-
Notifications
You must be signed in to change notification settings - Fork 13.6k
Closed
Listed in
Copy link
Labels
C-tracking-issueCategory: An issue tracking the progress of sth. like the implementation of an RFCCategory: An issue tracking the progress of sth. like the implementation of an RFC
Description
This issue tracks implementing the t-opsem decision in rust-lang/unsafe-code-guidelines#472. This will require adjustments in many places (codegen, Miri, library docs, reference, ...). The intention is to track here what needs to be done until the transition is complete.
- update LLVM codegenupdate cranelift codegen (not needed)update GCC codegen: deferred to Make sure memcpy/memmove/memset with size 0 behave correctly rustc_codegen_gcc#516update Miriupdate library docsupdate the reference: update 'dangling pointers' to new zero-sized rules reference#1541To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.
Implementation history
schneiderfelipe, MolotovCherry, stanislav-tkach, tillulen, tgross35 and 1 more
Metadata
Metadata
Assignees
Labels
C-tracking-issueCategory: An issue tracking the progress of sth. like the implementation of an RFCCategory: An issue tracking the progress of sth. like the implementation of an RFC
Type
Projects
Milestone
Relationships
Development
Select code repository
Activity
bjorn3 commentedon Nov 16, 2023
cg_clif accepts ZST memory accesses and pointer offsets already. Pointer offsets are implemented as integer addition which doesn't have UB and ZST memory accesses never get turned into loads and stores in cranelift ir as there is no instruction that does so.
RalfJung commentedon Nov 16, 2023
Besides direct accesses, the other concerns are the copy, write_bytes, compare_bytes intrinsics. Those must be implemented in a way that they are not UB when
elem_count*elem_size
is 0.bjorn3 commentedon Nov 16, 2023
They are implemented by calling the respective libc functions which LLVM already expects to accept 0-sized accesses, right?
RalfJung commentedon Nov 16, 2023
GCC codegen might also need updating, Cc @antoyo @GuillaumeGomez
RalfJung commentedon Nov 16, 2023
Well what LLVM assumes doesn't matter for the cranelift backend, does it? ;) But more importantly, Rust explicitly assumes this itself as documented here.
GuillaumeGomez commentedon Nov 16, 2023
No problem. Please ping us when we need to update our part and thanks for the ping!
RalfJung commentedon Nov 16, 2023
Well I'm asking you if you need to update anything. :) You need to make sure that the
Offset
MIR binop is compiled in a way that offset by 0 bytes is always Defined Behavior even if the pointer operand is null or dangling or out of bounds or whatever.I think zero-sized memory accesses disappear in the SSA codegen infrastructure before your backend even sees them so they should be fine.
And finally the
copy
,copy_nonoverlapping
,write_bytes
,compare_bytes
intrinsics need to be lowered in a way that they are Defined Behavior when the size is 0, even if the pointers are null or dangling or whatever.antoyo commentedon Nov 16, 2023
These intrinsics are implemented by calling the GCC builtin functions: memcmp, memset, memcpy, memmove.
I'll double-check, but it seems fine to have a count of zero, but not NULL pointers.
RalfJung commentedon Nov 16, 2023
Okay, something needs to change then in the backend because we'll allow null pointers for the Rust intrinsics.
35 remaining items