[type-layout] Document minimum size and alignment #1482
Conversation
src/type-layout.md
Outdated
| - For a [trait object](#trait-object-layout), the minimum size is 0 and the minimum | ||
| alignment is 1 | ||
| - For a struct type with a dynamically-sized field, the minimum size is taken to be | ||
| the size of the struct when the dynamically-sized field has *its* minimum size. |
There was a problem hiding this comment.
Alignment affects size, so discussing the two separately here doesn't quite work.
There was a problem hiding this comment.
Are you suggesting just adjusting it to say this?
For a struct type with a dynamically-sized field, the minimum size is taken to be the size of the struct when the dynamically-sized field has its minimum size and alignment.
(Done. I can revert if I misunderstood your suggestion.)
src/type-layout.md
Outdated
| this property provides *no* guarantees about [`repr(Rust)`](#the-rust-representation) | ||
| types, as such a type can have arbitrarily large size and alignment regardless of | ||
| the sizes and alignments of its fields | ||
| - Every type's minimum size is less than or equal to `isize::MAX` |
There was a problem hiding this comment.
This bullet doesn't belong into the list of "notable cases of minimum size and alignment are", it belongs before or after the list. Also it should say what happens when one declares a type whose minimum size exceeds this limit.
There was a problem hiding this comment.
This bullet doesn't belong into the list of "notable cases of minimum size and alignment are", it belongs before or after the list.
Done.
Also it should say what happens when one declares a type whose minimum size exceeds this limit.
Do we need to specify that? Presumably the implication is just that such a program would not conform to the spec, and so we couldn't permit it to compile, but a) that's a logical implication of the text here and, b) I don't believe we need to specify the manner in which it fails to compile.
I'm happy to also specify that such programs won't compile - I just want to make sure I'm understanding correctly that this is just a nice-to-have rather than something that affects the semantics of this text.
There was a problem hiding this comment.
Do we need to specify that?
I think so, yes. If we leave it implicit it could understood to be anything from UB to a compile-time error. (We don't do "UB by omission" in Rust but people might think we do. And some sort of run-time panic does seem like a not unreasonable interpretation to me.)
There was a problem hiding this comment.
Sounds reasonable. Presumably resolving #1482 (comment) is required in order for us to agree on a wording for this?
There was a problem hiding this comment.
The questions of "which types are checked" and "what happens when a type fails the check" seem orthogonal to me, so I don't see an overlap with the other discussion.
|
There's a potential issue here -- not all types mentioned in the source code actually make it to codegen, so sometimes types that are "too big" do not lead to errors. This example fails to build in a debug build but succeeds as a release build: #![crate_type = "lib"]
pub fn f() {
g::<u16>();
}
pub fn g<T>() -> std::mem::MaybeUninit<[T; 1 << 47]> {
std::mem::MaybeUninit::uninit()
} |
ehuss
added
the
S-waiting-on-author
Good call. This shouldn't be a problem in our motivating use case, but obviously we need to be careful with what we promise. Intuitively, the guarantee is something like "a type which you can do anything with" or "a type which you can create a pointer to". But I'm not sure how to formalize that idea. For the motivating use case, we need to guarantee that this holds of |
|
The new wording sounds good to me. However, the issue with "which types actually end up being size-checked" remains. I don't have a good idea for how to express that. @rust-lang/opsem @rust-lang/lang: any thoughts? There's tow questions; the easy one is what you think about the text of the PR, but the harder one is this concern. Specifically, the question is for which types we guarantee that their size is less than I don't have a good idea for how to even say which types are guaranteed to be size-checked in the current implementation. Similar to what we did for const-eval failures, we could try to have a notion of "required types" such that if a function runs, these types are definitely size-checked -- but given the huge number of types in a typical program, that sounds like it could be quite expensive. |
|
Is there some notion of "observability" we could use here? As in, if a type's existence is "observable" in some way? Intuitively, I'd imagine this just means that if the execution of a program in any way depends on the existence of the type (calling |
|
The only things that are "observable" about a program are its IO behavior (and volatile accesses). That's the usual as-if rule. So I don't think that will help us here. |
| - For a [trait object](#trait-object-layout), the minimum size is 0 and the minimum | ||
| alignment is 1 | ||
| - For a struct type with a dynamically-sized field, the minimum size is taken to be | ||
| the size of the struct when the dynamically-sized field has *its* minimum size and |
There was a problem hiding this comment.
I am not clear on what "it" refers to in this sentence
There was a problem hiding this comment.
I think the answer is value-dependent, e.g., for Foo<dyn Blah> the alignment depends on the value stored in the vtable -- put another way, it's determined by the "erased information"
There was a problem hiding this comment.
You mean "its"? It is straight-forward recursion. If a struct has field types T, U, V where V is dyn-sized, then the min size of the struct is computed using the min size and min align of V.
There was a problem hiding this comment.
That formulation seems much clearer :)
There was a problem hiding this comment.
Though I still am not clear on what "the min align of V" is in the context I mentioned i.e., I would appreciate a note on whether it is value-dependent (I believe so)
There was a problem hiding this comment.
The minimum alignment is not value-dependent, no. Minimum size and minimum alignment are static properties that every type possesses.
|
FWIW after further discussion, my conclusion is that all we really need for @joshlf's usecase right now is rust-lang/rust#126152. That avoids having to document when exactly compilation fails due to types being bigger than IOW, the entire point of this PR is to be able to say "Every type's minimum size is less than or equal to |
|
@rustbot labels -I-lang-nominated OK. Per RalfJ's comment then, let's close in favor of rust-lang/rust#126152. If further discussion manages to work out some solution to the problems that RalfJ mentioned, feel free to reopen. |
This is a draft implementation of rust-lang/rust#117474 (comment). I'm happy to make any suggested edits.
cc @RalfJung