Simple validation for unsize coercion in MIR validation #130735
Conversation
|
rustbot has assigned @petrochenkov. Use |
rustbot
added
S-waiting-on-review
|
Some changes occurred to MIR optimizations cc @rust-lang/wg-mir-opt |
| @@ -586,6 +589,22 @@ impl<'a, 'tcx> TypeChecker<'a, 'tcx> { | |||
|
|
|||
| crate::util::relate_types(self.tcx, self.param_env, variance, src, dest) | |||
| } | |||
|
|
|||
| /// Check that the given predicate definitely holds in the param-env of this MIR body. | |||
There was a problem hiding this comment.
Do we already have a "test this predicate holds" function somewhere in the validator? I couldn't find one when doing a simple search.
|
r? @RalfJung |
|
This is doing trait query stuff, I have no idea if that's done correctly... |
rustbot
added
the
T-types
compiler-errors
force-pushed
the
validate-unsize
branch
from
bb7137a
to
6bdfd13
Compare
|
Some changes occurred in compiler/rustc_codegen_cranelift cc @bjorn3 |
|
@bors r+ |
bors
added
S-waiting-on-bors
Rollup of 7 pull requests Successful merges: - rust-lang#130234 (improve compile errors for invalid ptr-to-ptr casts with trait objects) - rust-lang#130752 (Improve assembly test for CMSE ABIs) - rust-lang#130764 (Separate collection of crate-local inherent impls from error tracking) - rust-lang#130788 (Pin memchr to 2.5.0 in the library rather than rustc_ast) - rust-lang#130789 (add InProgress ErrorKind gated behind io_error_inprogress feature) - rust-lang#130793 (Mention `COMPILETEST_VERBOSE_CRASHES` on crash test failure) - rust-lang#130798 (rustdoc: inherit parent's stability where applicable) Failed merges: - rust-lang#130735 (Simple validation for unsize coercion in MIR validation) r? `@ghost` `@rustbot` modify labels: rollup
|
🔒 Merge conflict This pull request and the master branch diverged in a way that cannot be automatically merged. Please rebase on top of the latest master branch, and let the reviewer approve again. How do I rebase?Assuming
You may also read Git Rebasing to Resolve Conflicts by Drew Blessing for a short tutorial. Please avoid the "Resolve conflicts" button on GitHub. It uses Sometimes step 4 will complete without asking for resolution. This is usually due to difference between how Error message |
bors
added
S-waiting-on-author
|
☔ The latest upstream changes (presumably #130807) made this pull request unmergeable. Please resolve the merge conflicts. |
| // and because higher-ranked equality now requires the binders are equal. | ||
| debug_assert_eq!( | ||
| data_a.principal(), | ||
| data_b.principal(), |
There was a problem hiding this comment.
That doesn't check that the projections are equal though, does it?
There was a problem hiding this comment.
No but there is not an upcast for which this is valid. That would literally be unsound in the type system.
There was a problem hiding this comment.
Like, checking projection validity seems more appropriate as an assertion on the Unsize trait goal in the trait system or something, but even that seems excessive.
Like, the only reason miri needs to check projections are compatible is because of transmutes.
There was a problem hiding this comment.
And also because I don't trust the library/ and would prefer this to be double-checked in the compiler. ;)
But maybe that's overly paranoid, and anyway it's a different PR. I just wanted to understand what is and is not being checked here, and the comments should reflect that.
There was a problem hiding this comment.
And also because I don't trust the library/ and would prefer this to be double-checked in the compiler. ;)
It's not really library/, it's just the soundness of the Unsize goal, and the fact that you can't impl impl Foo for Bar { type Assoc = A; } and impl Foo for Bar { type Assoc = B; }. That is, normalization is a function.
| // A NOP cast that doesn't actually change anything, should be allowed even with | ||
| // invalid vtables. |
There was a problem hiding this comment.
| // A NOP cast that doesn't actually change anything, should be allowed even with | |
| // invalid vtables. | |
| // A NOP cast that doesn't actually change anything, let's avoid any unnecessary work. | |
| // This relies on the assumption that if the principal traits are equal, then the associated type | |
| // bounds (`dyn Trait<Assoc=T>`) are also equal, which is ensured by .... |
Not sure what does at the end of this sentence :)
…pal trait def id are truly NOPs
compiler-errors
force-pushed
the
validate-unsize
branch
from
6bdfd13
to
3209943
Compare
|
Thanks. :) |
bors
added
S-waiting-on-bors
…iaskrgr Rollup of 6 pull requests Successful merges: - rust-lang#130735 (Simple validation for unsize coercion in MIR validation) - rust-lang#130781 (Fix up setting strip = true in Cargo.toml makes build scripts fail in…) - rust-lang#130811 (add link from random() helper fn to extensive DefaultRandomSource docs) - rust-lang#130819 (Add `must_use` attribute to `len_utf8` and `len_utf16`.) - rust-lang#130832 (fix some cfg logic around optimize_for_size and 16-bit targets) - rust-lang#130842 (Add tracking issue for io_error_inprogress) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#130735 - compiler-errors:validate-unsize, r=spastorino,RalfJung Simple validation for unsize coercion in MIR validation This adds the most basic validity check to unsize coercions in MIR. The src and target of an unsize cast must *at least* implement `Src: CoerceUnsized<Target>` for this to be valid. This doesn't the second, more subtle validity check that is taken of advantage in codegen [here](https://github.com/rust-lang/rust/blob/914193c8f40528fe82696e1054828de8c399882e/compiler/rustc_codegen_ssa/src/base.rs#L126), but I did leave a beefy FIXME for that explaining what it is. As a consequence, this also fixes an ICE with GVN and invalid unsize coercions. This is somewhat coincidental, since MIR inlining will check that a body is valid before inlining it; so now that we determine it to be invalid, we don't inline it, and we don't encounter the GVN ICE. I'm not certain if the same GVN ICE is triggerable without the inliner, and perhaps instead with trivial where clauses or something. cc `@RalfJung`
|
@rust-timer build 323f521 |
This comment has been minimized.
This comment has been minimized.
|
Finished benchmarking commit (323f521): comparison URL. Overall result: ❌ regressions - ACTION NEEDEDBenchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf. Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @bors rollup=never Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)Results (secondary -1.9%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResults (primary 1.3%, secondary 7.3%)This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 769.756s -> 773.205s (0.45%) |
rustbot
added
the
perf-regression-triaged
This adds the most basic validity check to unsize coercions in MIR. The src and target of an unsize cast must at least implement
Src: CoerceUnsized<Target>for this to be valid.This doesn't the second, more subtle validity check that is taken of advantage in codegen here, but I did leave a beefy FIXME for that explaining what it is.
As a consequence, this also fixes an ICE with GVN and invalid unsize coercions. This is somewhat coincidental, since MIR inlining will check that a body is valid before inlining it; so now that we determine it to be invalid, we don't inline it, and we don't encounter the GVN ICE. I'm not certain if the same GVN ICE is triggerable without the inliner, and perhaps instead with trivial where clauses or something.
cc @RalfJung