Formatting code is in conflict with unnamed_addr #58320
Comments
jonas-schievink
added
T-libs-api
|
These uses are impossible to abuse for users (this is an |
miri: give non-generic functions a stable address This makes Miri correctly handle format string parameters despite rust-lang#58320. Matching Miri PR: rust-lang/miri#626 r? @oli-obk
miri: give non-generic functions a stable address This makes Miri correctly handle format string parameters despite rust-lang#58320. Matching Miri PR: rust-lang/miri#626 r? @oli-obk
miri: give non-generic functions a stable address This makes Miri correctly handle format string parameters despite rust-lang#58320. Matching Miri PR: rust-lang/miri#626 r? @oli-obk
I wonder which invariant you had in mind here? |
|
We are only using the |
|
So you are saying |
|
That's my reading of the code, but I might have missed some stuff. The formatting code is very... frameworky |
|
Yeah, But maybe we should benchmark (cc @anp) the cost of using an |
|
What if... we actually called the function?! And there was a |
|
That would increase We could switch the An alternative is to embed the usize (only used for the count of width/precision) directly into the format argument, instead of indirectly referencing it via index. I think that might not be entirely trivial with today's implementation in the compiler, not sure. I believe this should be possible as the format argument is |
I think that's |
|
What's true? That it cannot be the same argument? show_usize implies that it can't, in which case we can do the change that I suggested (simplifying the runtime logic, too). |
|
@Mark-Simulacrum Sorry, no, I mean that the |
|
Hm, but if you use it for a non-Debug/Display argument (e.g., LowerHex) then you're going to do the wrong thing? So we can't just have one show_usize.... unless we only deduplicate if it's specifically Display/Debug (equivalent for usize)....? |
|
I have no idea how this works, but this: println!("{0:#0$x}", 20)prints: |
|
That expands to, which has a dedicated from_usize field for the same argument. Seems like we generate a separate arg for it... The non-LowerHex code also expands to pretty much the same thing, so looks like we don't even deduplicate: |
|
The hard part in changing this is that whereas before we could refer to arg0 twice, since both were within the match and it was guaranteed to be a reference, it'll be more painful to do so now -- in particular, we can only evaluate the expression once still (it could have side effects) so we would need a more complicated desugaring if we want to drop |
{
let count0: usize;
::std::io::_print(::core::fmt::Arguments::new_v1_formatted(
&["", "\n"],
&match (&20,) {
(arg0,) => {
count0 = *arg0;
[
::core::fmt::ArgumentV1::new(arg0, ::core::fmt::Display::fmt),
]
},
},
&[::core::fmt::rt::v1::Argument {
position: 0usize,
format: ::core::fmt::rt::v1::FormatSpec {
fill: ' ',
align: ::core::fmt::rt::v1::Alignment::Unknown,
flags: 4u32,
precision: ::core::fmt::rt::v1::Count::Implied,
width: ::core::fmt::rt::v1::Count::Exact(count0),
},
}],
));
}I think this desugaring should work though. It preserves the evaluation order and keeps everything consistent from the perspective of the "real" arguments, I believe. |
|
@Mark-Simulacrum The problem with that is that the |
|
Hm, interesting. We could have a separate (third) array for just the counts, I guess, and store them as |
|
I mean, I did consider that, but do you want to take the hit of 16 extra bytes on the stack even when not needed? However, if we do that thing we've talked about, where the |
The code for passing arguments into format strings relies on equality of function pointers. This is in conflict with the fact that we set
unnamed_addron all functions.rust/src/libcore/fmt/mod.rs
Lines 295 to 301 in 618f5a0
It might be possible for a user to write a function that gets merged with
ArgumentV1::show_usize, and then cause bugs in the above code.@oli-obk @eddyb
The text was updated successfully, but these errors were encountered: