-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a noalias
language item
#1410
Conversation
So I presume this is like Q: would it make sense to allow more fine grained statement of the aliasing (or non-aliasing)? This appears to allow us to say one block doesn't alias any other block, but doesn't let us restrict that to something like |
I think that this is a good move for making |
This applies to every object that owns a pointer. |
@Undeterminant I'm not sure why this would be limited to the standard library. Isn't anyone that needs to write wrapper types similar to |
It seems this is essentially semantically |
|
But |
Maybe Unique could be implemented as follows pub struct Unique<T: ?Sized> {
pointer: NonZero<NoAlias<T>>,
_marker: PhantomData<T>,
} |
I've updated the text a bit. I guess the previous version wasn't strict enough to allow for any significant opitimizations. |
This reverts commit 55673e1. This is wrong and the real case is already covered in the section below.
I'm confused as to why this is happening anyway. Shouldn't all |
I don't think that's how it does or should work. unsafe fn f(x: *mut u8, y: *mut u8) -> u8 {
{
let x = &mut *x;
*x = 11;
}
{
let y = &mut *y;
*y = 22;
}
{
let x = &mut *x;
*x
}
} This code should allow x and y to point to the same addresses and return either 11 or 22. I'm sure there is code out there that relies on this. |
The whole
Where
Here is how those types of pointers are used today:
Note in particular that Whether the pointers can be copied:
More interestingly, some of those pointers can implement
It is clear that the One big problem is that implementing The solution of this problem is not to implement arrow syntax but to add
Assuming there are wrappers for the To come back to this RFC: The |
Uhm... Your code already does this, and what I said doesn't change it. The
That should most definitely not happen. If the pointers can alias, then changing the order must not be allowed. If the pointers cannot alias, then changing the order must not have any effect on the observable state. |
I didn't mean to imply that the value is unspecified but that the returned value depends on whether the pointers point to the same address.
That's exactly my point. The
I would agree that this proves that the pointers can't point to the same addresses. |
Does Rust have a formal aliasing model covering all interaction between references/pointers/cells beyond "LLVM's aliasing model + list of places in rustc where |
I rather have a notion of "disjoint lifetimes": it is OK to |
rust-lang/rust#19733 seems like the relevant issue |
There are examples of "aliasable mutable memory"; that's UnsafeCell (and the other cell types). UnsafeCell disables the usual noalias optimizations when behind a reference. |
Why did you opt to use |
@nikomatsakis noalias does not imply mutability. The data could be located in immutable memory or the pointer could be handed out through another mechanism that doesn't, in general, allow mutation but guarantees that there are no aliases as long as the pointer is live. Either way, |
I think you were the one who originally suggested (in the variance rfc) to use |
However I agree that having to choose either Linear markersCurrently there is only marker for raw pointers, namely Dereferencable<NoAlias<NonNull<*const T>>> Instead, one could allow structs to contain multiple markers that change the behavior of pointers contained in the struct: struct Uniqe<T> {
ptr: *const T,
_marker1: NonNull,
_marker2: NoAlias,
_marker3: Dereferencable,
} Other restrictions could be added, e.g., that structs containing such markers can only contain a single raw pointer or that they cannot contain any fields besides the markers and a single raw pointer field. In this case, one could also add a marker trait that has to be implemented (by impl<T> PointerMarkers for Unique<T> { } |
On Tue, Jan 05, 2016 at 06:30:41AM -0800, mahkoh wrote:
Yes, ok. And in fact I did the same in |
So I think this RFC is pointing in a good direction but is somewhat premature. I feel like before we go off and add more public-facing newtypes around unsafe pointers, we should clarify the aliasing story (#1447). In particular, I think the rules we settle on for what kind of aliasing is legal and what is not will really inform the precise set of wrapper types (or other sorts of unsafe hints) that we eventually want. Another factor is that we really need to do empirical evaluation of the overall effect of these sorts of changes. For example, as we found in rust-lang/rust#29485, the overall effects of aliasing annotations is often quite small, and it's not clear that they are worth the complexity they bring. I think my personal feeling at the moment is that we probably want fairly lax aliasing rules by default, with types perhaps like this one that allow you to "ratchet up" the level of optimization (and take on the commensurate risk) in particularly important places. But I think we have to be very, very careful in this area, because experience has shown that it is really hard for people to reason about abstract aliasing rules. (It's all well and good if we can blame bad code on an incorrect annotation, but it's better not to have the bad code in the first place.) So I'm inclined to close this RFC and "file it" under #1447. Thoughts? |
I'm fine with this but only if there is actually a plan to address #1447. From what I can tell, https://github.com/rust-lang/rfcs/issues is where ideas go to die (including postponed RFCs.) |
Well, let me set expectations correctly. I consider #1447 to be a I should also say that part of my motivation not to add |
Add a
noalias
language item and wrapper struct (similar tonon_zero
) tomark raw pointers as
noalias
.