-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make non-power-of-two alignments a validity error in Layout
#95361
Conversation
(rust-highfive has picked a reviewer for you, use r? to override) |
This comment has been minimized.
This comment has been minimized.
@bors rollup=iffy (I manually crafted a 32-bit stderr, which I could easily have done wrong) |
LL | const LAYOUT_INVALID: Layout = unsafe { Layout::from_size_align_unchecked(0x1000, 0x00) }; | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at .align_: encountered 0, but expected something greater or equal to 1 | ||
LL | const LAYOUT_INVALID_ZERO: Layout = unsafe { Layout::from_size_align_unchecked(0x1000, 0x00) }; | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed at .align_.0.<enum-tag>: encountered 0x00000000, but expected a valid enum tag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This error message is not exactly clear about what property the value needs to have.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that's ok. It's a best-effort UB check -- the place to look is at the # Safety
comment, not the error message.
One gets essentially the same error from things like this too:
pub const BAD_ORDERING: std::cmp::Ordering = unsafe { std::mem::transmute(3_u8) };
So it'll get better here if the error in general gets better for enums, which seems fine for this PR.
This feels like overall a good change to me, modulo the one nit -- r=me with that fixed or we can discuss if you disagree. I would prefer for the commits to all be squashed into one as well. |
Inspired by the zulip conversation about how `Layout` should better enforce `size < isize::MAX as usize`, this uses an N-variant enum on N-bit platforms to require at the validity level that the existing invariant of "must be a power of two" is upheld. This was MIRI can catch it, and means there's a more-specific type for `Layout` to store than just `NonZeroUsize`.
Removed the macro and squashed. @bors r=Mark-Simulacrum |
📌 Commit fe0c08a has been approved by |
…crum Make non-power-of-two alignments a validity error in `Layout` Inspired by the zulip conversation about how `Layout` should better enforce `size <= isize::MAX as usize`, this uses an N-variant enum on N-bit platforms to require at the validity level that the existing invariant of "must be a power of two" is upheld. This was MIRI can catch it, and means there's a more-specific type for `Layout` to store than just `NonZeroUsize`. It's left as `pub(crate)` here; a future PR could consider giving it a tracking issue for non-internal usage.
Rollup of 7 pull requests Successful merges: - rust-lang#94794 (Clarify indexing into Strings) - rust-lang#95361 (Make non-power-of-two alignments a validity error in `Layout`) - rust-lang#95369 (Fix `x test src/librustdoc` with `download-rustc` enabled ) - rust-lang#95805 (Left overs of rust-lang#95761) - rust-lang#95808 (expand: Remove `ParseSess::missing_fragment_specifiers`) - rust-lang#95817 (hide another #[allow] directive from a docs example) - rust-lang#95831 (Use bitwise XOR in to_ascii_uppercase) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
Inspired by the zulip conversation about how
Layout
should better enforcesize <= isize::MAX as usize
, this uses an N-variant enum on N-bit platforms to require at the validity level that the existing invariant of "must be a power of two" is upheld.This was MIRI can catch it, and means there's a more-specific type for
Layout
to store than justNonZeroUsize
.It's left as
pub(crate)
here; a future PR could consider giving it a tracking issue for non-internal usage.