Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify UB around immutability & mutation #1385

Merged
merged 3 commits into from
Jul 27, 2023
Merged

Clarify UB around immutability & mutation #1385

merged 3 commits into from
Jul 27, 2023

Commits on Jul 24, 2023

  1. Clarify UB around immutability & mutation 

    I personally found this description of UB confusing, since the use of
"reached" suggests that UB only happens for read bytes, and the
definition of immutability is not given, allowing for multiple
interpretations: does the "data" have to be immutable from the first
read? From the creation of the reference? Between reads from the
immutable accessor, but not otherwise? etc.

This clarifies the actual UB conditions, based on this Zulip
interaction:
https://rust-lang.zulipchat.com/#narrow/stream/136281-t-opsem/topic/What.20exactly.20are.20.22immutable.22.20and.20.22reached.22.20in.20shared.20ref.20UB.3F
and this reference discussion:
rust-lang#1227
in two ways:
  * The definition of "data" is clarified to be stated in terms of
    bytes, in a way that should avoid ambiguity about which bytes are
    considered. Based on the GH issue, this clarification should also
    allow for use of a `*mut` pointer through a shared reference, which
    is not in itself UB. Based on the Zulip issue, the definition
    includes padding bytes, which may be surprising.
  * The definition of immutability & mutation for a set of bytes is
    clarified to mean forbidding *all* non-0-byte writes.
    @ivanbakel
    ivanbakel committed Jul 24, 2023
    Configuration menu
    Copy the full SHA
    69a6f70 View commit details
    Browse the repository at this point in the history

  2. Define immutability UB in terms of bytes 

    This is part of the feedback on rust-lang#1385.

Ralf made the point that the immutability definition could be restated
solely in terms of bytes, which has the added benefit of no longer
requiring the note on padding (since it's a natural consequence of the
byte version.)

The new wording for shared references also clarifies the case of mutable
references behind shared ones, and reintroduces some of the transitivity
property that I removed in my previous commit. The wording is separate
from that for immutable bindings, since those don't have transitive
immutability.

This also bumps the definition of bytes pointed to by references and
pointers into its own subsection, so that it can be linked to by the UB
definition, to avoid duplication.

Co-authored-by: Ralf Jung <[email protected]>
    @ivanbakel @RalfJung
    ivanbakel and RalfJung committed Jul 24, 2023
    Configuration menu
    Copy the full SHA
    70886e3 View commit details
    Browse the repository at this point in the history

Commits on Jul 25, 2023

  1. Style fixups in immutability UB 

    These changes should preserve the meaning of the contents.

Co-authored-by: Ralf Jung <[email protected]>
    @ivanbakel @RalfJung
    ivanbakel and RalfJung authored Jul 25, 2023
    Configuration menu
    Copy the full SHA
    f12eaec View commit details
    Browse the repository at this point in the history