Extend the alignment check to borrows #137940
Conversation
The current alignment check does not include checks for creating misaligned references from raw pointers, which is now added in this patch. When inserting the check we need to be careful with references to field projections (e.g. `&(*ptr).a`), in which case the resulting reference must be aligned according to the field type and not the type of the pointer.
rustbot
added
S-waiting-on-review
|
Some changes occurred to MIR optimizations cc @rust-lang/wg-mir-opt |
Yes, that is the most subtle part. Please add a test ensuring we do not complain in a case where |
|
We actually already have a test for this (@saethlin added an amazing test-suite for this check): https://github.com/rust-lang/rust/blob/2b285cd5f0877e30ad1d83e04f8cc46254e43391/tests/ui/mir/alignment/place_computation.rs. I rename it as part of this PR to make it more clear what we actually test here in the context of the new pass. |
|
@bors try @rust-timer queue |
This comment has been minimized.
This comment has been minimized.
rustbot
added
the
S-waiting-on-perf
Extend the alignment check to borrows The current alignment check does not include checks for creating misaligned references from raw pointers, which is now added in this patch. When inserting the check we need to be careful with references to field projections (e.g. `&(*ptr).a`), in which case the resulting reference must be aligned according to the field type and not the type of the pointer. r? `@saethlin` cc `@RalfJung,` after our discussion in rust-lang#134424
|
☀️ Try build successful - checks-actions |
This comment has been minimized.
This comment has been minimized.
|
Finished benchmarking commit (a7ce54d): comparison URL. Overall result: no relevant changes - no action neededBenchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf. @bors rollup=never Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)Results (primary 1.8%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesThis benchmark run did not return any relevant results for this metric. Binary sizeResults (primary 0.1%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Bootstrap: 782.898s -> 782.134s (-0.10%) |
rustbot
removed
the
S-waiting-on-perf
|
I'm going to review this and also start a crater run, just so that we can know what the impact is before t-release finds it. @craterbot run mode=build-and-test |
|
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
craterbot
added
S-waiting-on-crater
|
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
| if let Some(PlaceElem::Field(_, ty)) = place.projection.last() { | ||
| *ty | ||
| } else { | ||
| pointer_ty.builtin_deref(true).expect("no builtin_deref for an raw pointer") |
There was a problem hiding this comment.
Originally (when I first wrote this method) I thought we actually cared about whether or not the pointer involved in the Deref projection itself. That became not true pretty quickly and now with this PR it's really not true.
So I feel like all of this logic should be based on place.ty() now, and this checking of the last field projection is just a partial implementation of that method's logic. Do you agree?
There was a problem hiding this comment.
I have to say I am not 100% sure I follow, but I agree that we should be always based on place.ty() and abstract from there. I reworked the code to make it a bit clearer, and the special case of deref projections for borrows is now just a special case. I put it into a separate commit for now, so that it becomes clearer.
There was a problem hiding this comment.
The change that you made here isn't what I was thinking of. The sketchy code is not in the assumption above that the type of the Pointer is the type of the Local; that assumption is easily justified by local reasoning. We're creating a Place without projections which is just a Local.
The sketchy part is that you are special-casing computing the pointee type based on checking if the last projection is a field projection. If another projection is added that changes the type, this logic becomes incomplete in a subtle way. I believe the purpose of this code is to compute the type of the place in question, and that's what Place::ty is for.
Am I mistaken?
|
🎉 Experiment
|
craterbot
added
S-waiting-on-review
|
@craterbot run name=pr-137940-2 mode=build-and-test crates=https://crater-reports.s3.amazonaws.com/pr-137940/retry-regressed-list.txt |
|
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
craterbot
added
S-waiting-on-crater
|
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
|
Thanks a lot for the Crater run! I started with a first analysis of the results (pre-rerun): That's 87 regressions which is way more than I initially expected. The null-check crater-numbers were in a similar ballpark, but ~3/4th of them were explainable by a bug in an old bindgen version. I will research if that is the case here as well. Also qq: what is the reason for the rerun? Are you not certain about the quality of the regressed results because of a lot of spurious failures? |
|
🎉 Experiment
|
craterbot
added
S-waiting-on-review
|
Yeah crater has a lot of false regressions. Seems like in this case we're already down to 24. :) |
|
Ah, I completely forgot that there are existing crates that already fail the alignment check. Looking now only in the regressed folder we see 7 failures: This involves two crates on crates.io, where one already has an open issue for the misalignment. (Due to @saethlin's ub.https://asan.saethlin.dev/ub, awesome 🥳 ). For the other one I'll open an issue. Looking at the other regressions: There seems nothing related to this patch, the build failures come from the linker, the test failures are wrong assertions. |
This makes the implementation of our PointerFinder a bit more straightforward.
1c3t3a
force-pushed
the
alignment-borrows-check
branch
from
58d25ed to
db8b83e
Compare
saethlin
added
S-waiting-on-author
The current alignment check does not include checks for creating misaligned references from raw pointers, which is now added in this patch.
When inserting the check we need to be careful with references to field projections (e.g.
&(*ptr).a), in which case the resulting reference must be aligned according to the field type and not the type of the pointer.r? @saethlin
cc @RalfJung, after our discussion in #134424