Skip to content

Tracking Issue for allowing zero-sized memory accesses and offsets #117945

@RalfJung

Description

@RalfJung
Member

This issue tracks implementing the t-opsem decision in rust-lang/unsafe-code-guidelines#472. This will require adjustments in many places (codegen, Miri, library docs, reference, ...). The intention is to track here what needs to be done until the transition is complete.

Implementation history

Activity

added
C-tracking-issueCategory: An issue tracking the progress of sth. like the implementation of an RFC
on Nov 15, 2023
bjorn3

bjorn3 commented on Nov 16, 2023

@bjorn3
Member

cg_clif accepts ZST memory accesses and pointer offsets already. Pointer offsets are implemented as integer addition which doesn't have UB and ZST memory accesses never get turned into loads and stores in cranelift ir as there is no instruction that does so.

RalfJung

RalfJung commented on Nov 16, 2023

@RalfJung
MemberAuthor

memory accesses never get turned into loads and stores in cranelift ir as there is no instruction that does so.

Besides direct accesses, the other concerns are the copy, write_bytes, compare_bytes intrinsics. Those must be implemented in a way that they are not UB when elem_count*elem_size is 0.

bjorn3

bjorn3 commented on Nov 16, 2023

@bjorn3
Member

They are implemented by calling the respective libc functions which LLVM already expects to accept 0-sized accesses, right?

RalfJung

RalfJung commented on Nov 16, 2023

@RalfJung
MemberAuthor

GCC codegen might also need updating, Cc @antoyo @GuillaumeGomez

RalfJung

RalfJung commented on Nov 16, 2023

@RalfJung
MemberAuthor

They are implemented by calling the respective libc functions which LLVM already expects to accept 0-sized accesses, right?

Well what LLVM assumes doesn't matter for the cranelift backend, does it? ;) But more importantly, Rust explicitly assumes this itself as documented here.

GuillaumeGomez

GuillaumeGomez commented on Nov 16, 2023

@GuillaumeGomez
Member

No problem. Please ping us when we need to update our part and thanks for the ping!

RalfJung

RalfJung commented on Nov 16, 2023

@RalfJung
MemberAuthor

Well I'm asking you if you need to update anything. :) You need to make sure that the Offset MIR binop is compiled in a way that offset by 0 bytes is always Defined Behavior even if the pointer operand is null or dangling or out of bounds or whatever.

I think zero-sized memory accesses disappear in the SSA codegen infrastructure before your backend even sees them so they should be fine.

And finally the copy, copy_nonoverlapping, write_bytes, compare_bytes intrinsics need to be lowered in a way that they are Defined Behavior when the size is 0, even if the pointers are null or dangling or whatever.

antoyo

antoyo commented on Nov 16, 2023

@antoyo
Contributor

These intrinsics are implemented by calling the GCC builtin functions: memcmp, memset, memcpy, memmove.
I'll double-check, but it seems fine to have a count of zero, but not NULL pointers.

RalfJung

RalfJung commented on Nov 16, 2023

@RalfJung
MemberAuthor

Okay, something needs to change then in the backend because we'll allow null pointers for the Rust intrinsics.

35 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-tracking-issueCategory: An issue tracking the progress of sth. like the implementation of an RFC

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @RalfJung@antoyo@GuillaumeGomez@bjorn3

      Issue actions

        Tracking Issue for allowing zero-sized memory accesses and offsets · Issue #117945 · rust-lang/rust