Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace last usize -> ptr transmute in alloc with strict provenance API #138951

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Replace last usize -> ptr transmute in alloc with strict provenance API #138951

wants to merge 3 commits into from
+23 −6

Conversation

jwnrt
Copy link

@jwnrt jwnrt commented Mar 25, 2025

This conversion doesn't trip fuzzy_provenance_casts because it's a transmute, but it still causes CHERI targets to fail compiling because of the size difference.

While I was here I changed the align arg in the (internal) RawVecInner::new_in function to an Alignment type to encode the non-zero constraint of Unique.

I recognise that bit is slightly messy, especially now that there's an Alignment -> usize -> Alignment -> usize chain from Layout::align + Alignment::new_unchecked + Alignment::usize. Happy to drop that commit if it's not helpful.

@rustbot
Copy link
Collaborator

rustbot commented Mar 25, 2025

r? @Noratrieb

rustbot has assigned @Noratrieb.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Mar 25, 2025
@rust-log-analyzer

This comment has been minimized.

Sign in to view
joboet
joboet reviewed Mar 26, 2025
View reviewed changes
Copy link
Member

@joboet joboet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Transmuting between usize and pointers is completely fine and is (under the current semantics) equivalent to using the strict-provenance APIs. That's why e.g. addr is actually implemented via a transmute. Regardless, I still think the changes suggested here are worthwhile – it's always a good idea to make internal API safer to use.

RawVec is extremely hot code, so its performance is very sensitive to even small changes. Therefore we run a few tests to check that the code emitted for Vec is optimised enough. Your changes are currently breaking those tests because the helper methods you use insert additional debug assertions that can still inhibit some optimisations even in release builds. Those debug assertions are probably the reason why transmute was used here to begin with, as it doesn't emit those assertions. I do however think there is a way around that, I'll explain in the comments.

@jwnrt jwnrt force-pushed the alloc-raw-vec-strict-prov branch from c231e8a to 6b5302e Compare March 26, 2025 20:52
joboet
joboet reviewed Mar 26, 2025
View reviewed changes
jwnrt added 2 commits March 26, 2025 21:41
@jwnrt
Pass Alignment for RawVecInner::new_in
78e9621 
Encodes the safety constraint that `Unique`'s pointer must be non-zero
into the API.
@jwnrt
Swap usize -> ptr transmute for strict_pov API
aadfd81 
Removes some unsafety and reduces the number of `usize` -> `ptr`
transmutes which might be helpful for CHERI-like targets in the future.
@jwnrt jwnrt force-pushed the alloc-raw-vec-strict-prov branch from 6b5302e to aadfd81 Compare March 26, 2025 21:41
scottmcm
scottmcm reviewed Mar 28, 2025
View reviewed changes
library/core/src/alloc/layout.rs
Comment on lines +528 to +530
pub const fn alignment(&self) -> Alignment {
self.align
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool; I've been tempted to add this for a while, so happy to see it.

@scottmcm
Copy link
Member

I'm hopeful this is fine -- after all, GVN will collapse transmute chains now -- but because it touched RawVec and not just RawVecInner, let's run perf just in case

@bors try @rust-timer queue

@rust-timer

This comment has been minimized.

Sign in to view
@rustbot rustbot added the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Mar 28, 2025
@scottmcm scottmcm self-assigned this Mar 28, 2025
@bors
Copy link
Collaborator

bors commented Mar 28, 2025

⌛ Trying commit aadfd81 with merge 3230851...

bors added a commit to rust-lang-ci/rust that referenced this pull request Mar 28, 2025
@bors
Auto merge of rust-lang#138951 - jwnrt:alloc-raw-vec-strict-prov, r=<…
3230851 
…try>

Replace last `usize` -> `ptr` transmute in `alloc` with strict provenance API

This conversion doesn't trip `fuzzy_provenance_casts` because it's a `transmute`, but it still causes CHERI targets to fail compiling because of the size difference.

While I was here I changed the `align` arg in the (internal) `RawVecInner::new_in` function to an `Alignment` type to encode the non-zero constraint of `Unique`.

I recognise that bit is slightly messy, especially now that there's an `Alignment -> usize -> Alignment -> usize` chain from `Layout::align` + `Alignment::new_unchecked` + `Alignment::usize`. Happy to drop that commit if it's not helpful.
@bors
Copy link
Collaborator

bors commented Mar 29, 2025

☀️ Try build successful - checks-actions
Build commit: 3230851 (3230851bb3beb4974e6914f3ca72ca407d5ff07e)

@rust-timer

This comment has been minimized.

Sign in to view
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (3230851): comparison URL.

Overall result: ❌ regressions - no action needed

Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf.

@bors rollup=never
@rustbot label: -S-waiting-on-perf -perf-regression

Instruction count

This is the most reliable metric that we have; it was used to determine the overall result at the top of this comment. However, even this metric can sometimes exhibit noise.

mean range count
Regressions ❌
(primary)		 0.2% [0.2%, 0.2%] 1
Regressions ❌
(secondary)		 - - 0
Improvements ✅
(primary)		 - - 0
Improvements ✅
(secondary)		 - - 0
All ❌✅ (primary) 0.2% [0.2%, 0.2%] 1

Max RSS (memory usage)

Results (primary 3.9%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 10.0% [4.5%, 16.6%] 3
Regressions ❌
(secondary)		 - - 0
Improvements ✅
(primary)		 -2.2% [-2.6%, -1.4%] 3
Improvements ✅
(secondary)		 - - 0
All ❌✅ (primary) 3.9% [-2.6%, 16.6%] 6

Cycles

Results (primary 1.4%, secondary -1.6%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 1.4% [1.4%, 1.4%] 1
Regressions ❌
(secondary)		 2.6% [1.7%, 3.0%] 4
Improvements ✅
(primary)		 - - 0
Improvements ✅
(secondary)		 -2.8% [-3.8%, -1.9%] 13
All ❌✅ (primary) 1.4% [1.4%, 1.4%] 1

Binary size

Results (primary 0.1%, secondary 0.1%)

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

mean range count
Regressions ❌
(primary)		 0.1% [0.0%, 0.5%] 50
Regressions ❌
(secondary)		 0.1% [0.1%, 0.1%] 3
Improvements ✅
(primary)		 -0.0% [-0.0%, -0.0%] 1
Improvements ✅
(secondary)		 - - 0
All ❌✅ (primary) 0.1% [-0.0%, 0.5%] 51

Bootstrap: 778.47s -> 777.282s (-0.15%)
Artifact size: 365.96 MiB -> 365.98 MiB (0.01%)

@rustbot rustbot removed the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Mar 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottmcm scottmcm scottmcm left review comments

@joboet joboet joboet left review comments

Assignees

@scottmcm scottmcm

@Noratrieb Noratrieb

Labels
S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@jwnrt @rustbot @rust-log-analyzer @scottmcm @rust-timer @bors @joboet @Noratrieb