elaborate on slice wide pointer metadata #1499
Conversation
src/behavior-considered-undefined.md
Outdated
| * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for | ||
| `Trait` that matches the actual dynamic trait the pointer or reference points to. | ||
| `Trait` that matches the actual dynamic type the pointer or reference points to. |
There was a problem hiding this comment.
Preexisting but how can this be a requirement for wide pointers, whose data portion is allowed to dangle, I assume?
There was a problem hiding this comment.
Hm... yeah the actually implemented requirement is that the trait matches the trait given in the pointer type, i.e. a *const dyn Debug that points to a vtable for Display is UB.
|
@rust-lang/opsem / @RalfJung: In looking carefully at this on the rustdocs call, we realized it might be helpful, both to us and when the lang teams takes this up, if someone might be able annotate the changes here (e.g. using the GH review features), with some explanation for each of these (e.g. "this was incorrect because...", "this was already true because we had said...", "we're adding this guarantee here because..."). |
RalfJung
force-pushed
the
wide-ptr-meta
branch
2 times, most recently
from
46bcc6c
to
091b2f2
Compare
src/behavior-considered-undefined.md
Outdated
| * Invalid metadata in a wide reference, `Box<T>`, or raw pointer: | ||
| * A reference or `Box<T>` that is [dangling], misaligned, or points to an invalid value | ||
| (using the actual dynamic type of the pointee as determined by the vtable in | ||
| the metadata in case of dynamically sized types). |
There was a problem hiding this comment.
This does not change anything, it clarifies what the pointed-to value is in case of e.g. &dyn Trait.
| (using the actual dynamic type of the pointee as determined by the vtable in | ||
| the metadata in case of dynamically sized types). | ||
| * Invalid metadata in a wide reference, `Box<T>`, or raw pointer. The requirement | ||
| for the metadata is determined by the type of the unsized tail: |
There was a problem hiding this comment.
Another piece of clarification, previously we were not very clear on what the metadata requirements are for types like (u32, [u32]): we spoke about "slice metadata" and the fact that this covered all types whose unsized tail is a slice was left implicit. Now it is explicit.
| * A reference or `Box<T>` that is [dangling], misaligned, or points to an invalid value. | ||
| * Invalid metadata in a wide reference, `Box<T>`, or raw pointer: | ||
| * `dyn Trait` metadata is invalid if it is not a pointer to a vtable for | ||
| `Trait` that matches the actual dynamic trait the pointer or reference points to. |
There was a problem hiding this comment.
"that matches the actual dynamic trait" was clearly nonsense. Also this is now moved to the "points to an invalid value" point since it's not about the metadata, it's about using the metadata to keep going recursively through the reference.
| (i.e., it must not be read from uninitialized memory). | ||
| Furthermore, for wide references and `Box<T>`, slice metadata is invalid | ||
| if it makes the total size of the pointed-to value bigger than `isize::MAX`. |
There was a problem hiding this comment.
This is the only actual change, decided in rust-lang/unsafe-code-guidelines#510.
|
Note that the PR has two commits; it may help to consider them separately. |
|
Starting a lang RFC so it's officially approved, and we can use that to update docs elsewhere following this. @rfcbot fcp merge |
|
Team member @scottmcm has proposed to merge this. The next step is review by the rest of the tagged team members: No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns. |
|
@rfcbot reviewed |
|
🔔 This is now entering its final comment period, as per the review above. 🔔 psst @scottmcm, I wasn't able to add the |
|
@rustbot labels -I-lang-nominated +final-comment-period This is now in FCP so we can unnominate. |
As decided in rust-lang/unsafe-code-guidelines#510