Skip to content

Add validation to const fn CStr creation #99977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 2, 2022

Conversation

BlackHoleFox
Copy link
Contributor

@BlackHoleFox BlackHoleFox commented Jul 31, 2022

Improves upon the existing validation that only worked when building the stdlib from source. CStr::from_bytes_with_nul_unchecked now utilizes const_eval_select to validate the safety requirements of the function when used as const FOO: &CStr = CStr::from_bytes_with_nul_unchecked(b"Foobar\0");.

This can help catch erroneous code written by accident and, assuming a new enough rustc in use, remove the need for boilerplate safety comments for this function in const contexts.

I think this might need a UI test, but I don't know where to put it. If this is a worth change, a perf run would be nice to make sure the O(n) validation isn't too bad. I didn't notice a difference building the stdlib tests locally.

@rustbot rustbot added the T-libs Relevant to the library team, which will review and decide on the PR/issue. label Jul 31, 2022
@rust-highfive
Copy link
Contributor

r? @kennytm

(rust-highfive has picked a reviewer for you, use r? to override)

@rustbot
Copy link
Collaborator

rustbot commented Jul 31, 2022

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

  • Stabilizing library features
  • Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
  • Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
  • Changing public documentation in ways that create new stability guarantees
  • Changing observable runtime behavior of library APIs

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Jul 31, 2022
@rust-log-analyzer

This comment has been minimized.

@thomcc
Copy link
Member

thomcc commented Aug 1, 2022

Taking this review by request from @BlackHoleFox (since kennytm's backlog is big and seems to be busy).

r? @thomcc

@rust-highfive rust-highfive assigned thomcc and unassigned kennytm Aug 1, 2022
@thomcc
Copy link
Member

thomcc commented Aug 1, 2022

Going to do a perf run since this changes O(1) to O(n) in consteval. I suspect const CStrs are overwhelmingly short, but lets just double-check.

@bors try @rust-timer queue

@rust-timer
Copy link
Collaborator

Awaiting bors try build completion.

@rustbot label: +S-waiting-on-perf

@rustbot rustbot added the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Aug 1, 2022
@bors
Copy link
Collaborator

bors commented Aug 1, 2022

⌛ Trying commit 0e54d71 with merge 421f956964ea447066077b77384c2a256f300834...

@rust-timer
Copy link
Collaborator

Awaiting bors try build completion.

@rustbot label: +S-waiting-on-perf

@bors
Copy link
Collaborator

bors commented Aug 1, 2022

☀️ Try build successful - checks-actions
Build commit: 421f956964ea447066077b77384c2a256f300834 (421f956964ea447066077b77384c2a256f300834)

@rust-timer
Copy link
Collaborator

Queued 421f956964ea447066077b77384c2a256f300834 with parent 34805f3, future comparison URL.

@rust-timer
Copy link
Collaborator

Finished benchmarking commit (421f956964ea447066077b77384c2a256f300834): comparison url.

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results
  • Primary benchmarks: 😿 relevant regression found
  • Secondary benchmarks: no relevant changes found
mean1 max count2
Regressions 😿
(primary)
2.8% 2.8% 1
Regressions 😿
(secondary)
N/A N/A 0
Improvements 🎉
(primary)
N/A N/A 0
Improvements 🎉
(secondary)
N/A N/A 0
All 😿🎉 (primary) 2.8% 2.8% 1

Cycles

This benchmark run did not return any relevant results for this metric.

If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf.

Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf.

@bors rollup=never
@rustbot label: +S-waiting-on-review -S-waiting-on-perf -perf-regression

Footnotes

  1. the arithmetic mean of the percent change

  2. number of relevant changes

@rustbot rustbot removed the S-waiting-on-perf Status: Waiting on a perf run to be completed. label Aug 1, 2022
@thomcc
Copy link
Member

thomcc commented Aug 1, 2022

This has been a safety invariant since the function has been introduced, and only checking in const seems unlikely to hit surprise ecosystem breakage (it seems like you'd notice if you were calling this on a bytestring literal with extra embedded nulls, and that code that does it is broken at runtime in other ways regardless). The main concern I'd have is if this causes perf issues if someone uses it on a huge string, but we've done due diligence here and it's a nice UB check (especially if it catches a missing nul-terminator!).

Re: your question about a UI test, I don't think this needs one -- the fact that it uses panic (and not intrinsics::abort) is already nicer than most of our other const_eval_select-based UB detection code 😅.

@bors r+

@bors
Copy link
Collaborator

bors commented Aug 1, 2022

📌 Commit 0e54d71 has been approved by thomcc

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Aug 1, 2022
@bors
Copy link
Collaborator

bors commented Aug 2, 2022

⌛ Testing commit 0e54d71 with merge 792bc5a...

@bors
Copy link
Collaborator

bors commented Aug 2, 2022

☀️ Test successful - checks-actions
Approved by: thomcc
Pushing 792bc5a to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label Aug 2, 2022
@bors bors merged commit 792bc5a into rust-lang:master Aug 2, 2022
@rustbot rustbot added this to the 1.64.0 milestone Aug 2, 2022
@rust-timer
Copy link
Collaborator

Finished benchmarking commit (792bc5a): comparison url.

Instruction count

This benchmark run did not return any relevant results for this metric.

Max RSS (memory usage)

Results
  • Primary benchmarks: 🎉 relevant improvement found
  • Secondary benchmarks: no relevant changes found
mean1 max count2
Regressions 😿
(primary)
N/A N/A 0
Regressions 😿
(secondary)
N/A N/A 0
Improvements 🎉
(primary)
-1.1% -1.1% 1
Improvements 🎉
(secondary)
N/A N/A 0
All 😿🎉 (primary) -1.1% -1.1% 1

Cycles

Results
  • Primary benchmarks: no relevant changes found
  • Secondary benchmarks: 🎉 relevant improvement found
mean1 max count2
Regressions 😿
(primary)
N/A N/A 0
Regressions 😿
(secondary)
N/A N/A 0
Improvements 🎉
(primary)
N/A N/A 0
Improvements 🎉
(secondary)
-5.3% -5.3% 1
All 😿🎉 (primary) N/A N/A 0

If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf.

@rustbot label: -perf-regression

Footnotes

  1. the arithmetic mean of the percent change 2

  2. number of relevant changes 2

@BlackHoleFox BlackHoleFox deleted the cfte-cstr branch August 12, 2022 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants