-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no_hash
queries bypass -Z verify-ich
checks
#85857
Comments
I don't think a I think |
The problem, of course, is that using |
That's not actually the case, I think. Let's make sure we talk about the same thing and that I'm not overlooking something. Here's the diagram from #85783 again:
Let's assume that
Yes indeed 😃 I think we'll need to find a wider solution (that can also take care of #85783). That might involve turning on these checks just for nightly or creating large automated test suites that run with all possible checks and assertions turned on. We just have to find some way to catch these kinds of bugs early. |
My understanding is the same as @michaelwoerister's: no_hash queries can be marked as green iff all their dependencies are green. There is an order-dependency I don't like: if we try to mark green before computing the result, the query may be green (iff all its dependencies are). If we compute the result before trying to mark green, the query will always be red, no matter the state of the dependencies. The issue is perf. This is the case for instance with |
It looks like my understanding of Based on the previous incremental issues we've seen, I think the best way to catch bugs is to have end users running the compiler with the relevant assertions. Ideally, we could improve the hashing performance to the point where |
Interesting. I don't think we do that though, that is, we'll always try to mark a query green before re-executing or loading it from the cache, right? If that is not the case anymore we'll need to restore that protocol again (and put assertions in place to keep it that way). |
@rustbot label +A-query-system +T-compiler |
It was recently shown that "incremental compilation hash verification" (i.e.
-Z verify-ich
) is an important tool for finding potentially dangerous bugs in query provider implementations.However, this verification of query result hashes naturally can only work if we actually compute hashes for the results of a given query. This is not the case for queries marked with the
no_hash
attribute. As a consequence, for such queries, an indeterministic query provider implementation cannot be detected by the measures we recently put in place.There are two reasons for making a query
no_hash
:HashStable
implementation and thus cannot be hashed.There is also some good news here: if a query is marked as
eval_always
in addition tono_hash
we don't have to worry about the kind of inconsistency bug that caused us to make the 1.52.1 point release because in that case there's always a single source of truth for the value of a query result. These also seem to be the kinds of queries that fall into the "necessity" category.However, there still might be queries that are
no_hash
but noteval_always
. There's usual a good (performance-related) reason for marking them as such. The question is: how can we make them still be checked by-Zverify-ich
?(@rust-lang/wg-incr-comp, @Aaron1011, or @cjgillot, please double check my thinking here, especially whether the combination of
eval_always
andno_hash
is indeed safe)cc #85783
The text was updated successfully, but these errors were encountered: