-
Notifications
You must be signed in to change notification settings - Fork 506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add trait_upcasting related languages changes #1622
base: master
Are you sure you want to change the base?
Conversation
rust-lang/rust#101336 is still open, did we actually end up committing to something? |
@WaffleLapkin: Yes, it's just pending documentation rust-lang/rust#101336 (comment) -- presumably this is (A.) on Niko's list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You may also want to edit https://doc.rust-lang.org/reference/behavior-considered-undefined.html as Niko mentioned in the issue you linked; you may want to re-read the FCP, but I believe it's UB to conjure up a vtable now since it must be valid for upcasting.
What exactly are you referring to here? I assume the "issue" is rust-lang/rust#101336 (a link would have been good, it took clicking on 4 links to track this down :D ). Niko says a lot of things there, though. :) |
@compiler-errors doc.rust-lang.org/reference/behavior-considered-undefined.html already mentions invalid metadata in any kind of pointer makes an invalid value, so I don't think we need to add anything on top of that?
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this is ready and consistent with what is implemented on master. I think all that needs to be done w.r.t. trait upcasting is a fresh stabilization PR?
This comment has been minimized.
This comment has been minimized.
Any movement on this? |
@PoignardAzur I'm working on a stabilization PR (after which this can be merged) |
Co-authored-by: Michael Goulet <[email protected]>
This aligns the reference with the results of r-l/r/120248.
607255c
to
3139bd7
Compare
@compiler-errors could you take another look, do the changes still make sense? |
@rustbot ready |
In the original PR for this... ...there's a discussion about adding a line to the behavior considered undefined of:
There was some back and forth and it's not clear where that landed. Thoughts on that? |
The comment here is the answer https://github.com/rust-lang/reference/pull/1259/files#r1404804424. I don't think this needs further changing. It doesn't really matter if the pointer is bad; upcasting only cares about the vtable metadata. |
> Note: "unsizing" is a bit of a misnomer, | ||
> since this covers unsized->unsized coercions too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
> Note: "unsizing" is a bit of a misnomer, | |
> since this covers unsized->unsized coercions too. | |
> Note: These are sometimes called "unsizing" coercions, but that can be a bit of a misnomer, since these cover unsized->unsized coercions too. |
Not sure if something like this is what you meant to say or not. The Reference doesn't refer to "unsizing" anywhere -- even though, you're right, we often do in conversation -- so we'd need to introduce that somehow in this note.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm. There may not be the literal word "unsizing", but we do refer to this coercion as "unsize coercion".
The following coercions are called
unsized coercions
, since they
I do feel like it's clear what this means, given that this note is surrounded by mentions of unsize coercions. (but maybe not see you seem to be confused?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although I'd also say that replacing "unsized coercion" to "unsizing coercion" everywhere in the reference would be a good idea. It sounds better and more closely matches how people actually talk about this feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In conversation with @traviscross, I was one of the confused ones. TC pointed out that "unsized coercion" can be interpreted as the codomain so to speak. That is, it doesn't seem like a misnomer to me because it is only referring to coercions to something not sized, and thus seemed accurate.
It is true the word "unsizing" implies "to remove the size of", that is the domain is sized, and thus is not always an accurate term. However, we don't use "unsizing" here.
Probably a bit of a muddled interpretation on my part, but does that make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"unsized coercion" sounds like the coercion itself is unsized. I don't even know what that should mean.
@@ -195,10 +195,14 @@ r[coerce.unsize] | |||
|
|||
r[coerce.unsize.intro] | |||
The following coercions are called `unsized coercions`, since they | |||
relate to converting sized types to unsized types, and are permitted in a few | |||
relate to converting types to unsized types, and are permitted in a few |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
relate to converting types to unsized types, and are permitted in a few | |
relate to converting sized types to unsized types or converting from one unsized type to another, and are permitted in a few |
(more clarity, same meaning)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For me your proposed change kinda flushes the cache, I had to re-read it 4 times before I figured out what it means 💀 (then again, maybe I shouldn't be reading it at 3am)
Since it's the same meaning I'd think that more concise is better? Do you disagree?
* both the same trait object metadata, modulo dropping auto traits (`*dyn Debug` -> `*(u16, dyn Debug)`, `*dyn Debug + Send` -> `*dyn Debug`). | ||
* **Note**: *adding* auto traits is only allowed if the principal trait has the auto trait as a super trait | ||
(given `trait T: Send {}`, `*dyn T` -> `*dyn T + Send` is valid, but `*dyn Debug` -> `*dyn Debug + Send` is not). | ||
* **Note**: generics (including lifetimes) must match (`*dyn T<'a, A>` -> `*dyn T<'b, B>` requires `'a = 'b` and `A = B`). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does as
not permit upcasting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as
permits upcasting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To clarify my question, this text as written suggests as
is only permitted between the same trait modulo auto-traits. But I think as is more general now. Shouldn't this test say something like
T
is a subtrait ofV
with compatible metadata, e.g.,*dyn (Debug + Send) ->
*dyn Debug`*dyn Subtrait ->
*dyn Supertrait`
or perhaps simply refer to the definition of upcasts that is given in the unsizing section?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This section only explains [lacking a better word] proper pointer casts. The reason why you can *dyn Sub -> *dyn Super
via an as
cast is that there is a coercion *dyn Sub -> *dyn Super
and as
casts can be used to explicitly trigger an implicit coercion. The coercion is described in type-coercions.md
, so I think everything is good on this front.
We might add a note about this though, since it might be confusing otherwise.
Also, I feel like this does not precisely capture the behavior wrt wrapper types and dropping the principal trait, I'll have to fix that.
@@ -211,6 +215,13 @@ r[coerce.unsize.slice] | |||
r[coerce.unsize.trait-object] | |||
* `T` to `dyn U`, when `T` implements `U + Sized`, and `U` is [dyn compatible]. | |||
|
|||
r[coerce.unsize.trait-upcast] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there worth saying anything here about whether this can change the value of the data pointer, or whether it can only change the vtable pointer?
(Maybe it's just a non-normative note, but contrasting with *const [i32]
→ *const [i8]
that doesn't change the metadata -- even though people sometimes expect it to -- sounds potentially useful.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this whole section might need a retractor :p
Specifically I think it should more clearly state the difference between Unsize
and CoerceUnsize
, mention that the former is not actually a coercion, and the latter is only for pointers.
Then it would also make sense to add a note that unsizing coercion changes the metadata of a pointer, while all other coercions/casts don't.
But, if you don't mind I'll leave this as a follow up ^^'
@WaffleLapkin I think this isn't quite right. How I read the Behaviors Considered Undefined section, it says...
where "producing an invalid value is hence immediate UB". But the consensus from rust-lang/rust#101336 was that having an invalid vtable is not a failure of the validity invariant. Rather, the UB occurs when a
|
To be clear, consensus was that we are not ruling on the validity invariant at this point. The validity invariant for vtable metadata is an open question, discussed at rust-lang/unsafe-code-guidelines#516. Meanwhile, the reference says that the vtable pointer must point to a vtable of the right trait and Miri enforces this; this is following our usual strategy of having a bit more UB for now and possibly relaxing this in the future. |
Hmm, OK, that's not what I thought the consensus was. =) Maybe I'm misremembering, though when I read the text I quoted it seems clear-ish. We need to find some clearer way though to describe the "upper/lower bounds" of what is and is not UB, I think it's going to be very hard to keep things in sync over time the way it is now (where it is e.g. difficult to tell if the reference is out of date or over approximating).
…On Thu, Dec 19, 2024, at 1:51 AM, Ralf Jung wrote:
> But the consensus from rust-lang/rust#101336 <rust-lang/rust#101336> was that having an invalid vtable is not a failure of the validity invariant.
>
To be clear, consensus was that we are not ruling on the validity invariant at this point. The validity invariant for vtable metadata is an open question, discussed at rust-lang/unsafe-code-guidelines#516 <rust-lang/unsafe-code-guidelines#516>. Meanwhile, the reference says that the vtable pointer must point to a vtable of the right trait and Miri enforces this; this is following our usual strategy of having a bit more UB for now and possibly relaxing this in the future.
—
Reply to this email directly, view it on GitHub <#1622 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABF4ZX7ZXAI3MZZOHKHJNL2GJUI7AVCNFSM6AAAAABORRYCSKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJSHEYTOOBZGU>.
You are receiving this because you commented.Message ID: ***@***.***>
|
We currently say this above the UB list
So the entire thing should be considered as approximating. Maybe we should start slowly widdling this down to just a few items in the list, though I think we should always reserve the right to remove UB. Anyway this is getting off-topic for this PR. The validity invariant for vtables doesn't have to be settled for this one. |
i.e. document the behavior after r-l/r/119338
3139bd7
to
6c4f538
Compare
@rustbot labels +I-lang-nominated When we handled the nomination for starting the FCP on rust-lang/rust#134367, we reviewed this text, leading to some back and forth. Let's nominate to double check we're OK with where that landed. |
As a note I'm working on rewriting most of |
OK, so I re-read rust-lang/rust#101336 and in particular found this comment which was asking whether the validity invariant for vtables was a "decision" or just a "strong recommendation". I guess @RalfJung interpreted it as the latter, which seems fine. I have edited the issue to clarify. I agree then that no edits are needed to the list of UB, as no new validity invariants have been decided. |
Wearing lang-team hat: +1 EDIT: Well, +1 to the substance, I have some concerns lingering in comments actually that I would like to see resolved. Specifically the |
I applied review comments from #1259 and added updates from rust-lang/rust#120248.
Tracking issue: rust-lang/rust#65991
Stabilization proposal: rust-lang/rust#134367
cc @crlf0710 @compiler-errors @RalfJung