From 5a8a664e423165e5eeae7b33bd259dab8f27f949 Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Mon, 31 Jan 2022 14:05:27 +0100 Subject: [PATCH 1/7] Specify guarantees for repr(rust) structs --- src/type-layout.md | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/type-layout.md b/src/type-layout.md index 22b5752bb..9b23b9e68 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -86,9 +86,10 @@ String slices are a UTF-8 representation of characters that have the same layout ## Tuple Layout -Tuples do not have any guarantees about their layout. +Tuples have the same layout guarantees a struct with the same fields laid out +according to the default struct representation. -The exception to this is the unit tuple (`()`) which is guaranteed as a +The exception to this is the unit tuple (`()`), which is guaranteed as a zero-sized type to have a size of 0 and an alignment of 1. ## Trait Object Layout @@ -162,7 +163,24 @@ representation will not change the layout of `Inner`. Nominal types without a `repr` attribute have the default representation. Informally, this representation is also called the `rust` representation. -There are no guarantees of data layout made by this representation. +There are very few data layout guarantees made by this representation. The only +guarantees are: + + 1. The fields of the struct are properly aligned. + 2. The fields do not overlap. + 3. The alignment of the struct is not less than the alignment of any of its + fields. + +Formally, the first guarantee means that the offset of any field in the struct +is divisible by that field's alignment. The second guarantee means that the +fields can be ordered such that the offset plus the size of any field is less +than or equal to the offset of the next field in the ordering. The ordering does +not have to be the same as the order in which the field are specified in the +declaration of the struct. + +Be aware that the second guarantee does not imply that the fields have distinct +addresses: zero-sized types may have the same address as other fields in the +same struct. ### The `C` Representation From e9a1ddf72d41083433ffd3e8f71902cebf1c1775 Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Sun, 6 Feb 2022 16:13:00 +0100 Subject: [PATCH 2/7] Address review --- src/type-layout.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/type-layout.md b/src/type-layout.md index 9b23b9e68..915e9cbea 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -86,8 +86,8 @@ String slices are a UTF-8 representation of characters that have the same layout ## Tuple Layout -Tuples have the same layout guarantees a struct with the same fields laid out -according to the default struct representation. +Tuples have the same layout guarantees as a struct with the same fields when +laid out according to the default struct representation. The exception to this is the unit tuple (`()`), which is guaranteed as a zero-sized type to have a size of 0 and an alignment of 1. @@ -163,12 +163,12 @@ representation will not change the layout of `Inner`. Nominal types without a `repr` attribute have the default representation. Informally, this representation is also called the `rust` representation. -There are very few data layout guarantees made by this representation. The only -guarantees are: +The only data layout guarantees made by this representation are those required +for soundness. They are: 1. The fields of the struct are properly aligned. 2. The fields do not overlap. - 3. The alignment of the struct is not less than the alignment of any of its + 3. The minimum alignment of the struct is at least the maximum alignment of its fields. Formally, the first guarantee means that the offset of any field in the struct @@ -182,6 +182,8 @@ Be aware that the second guarantee does not imply that the fields have distinct addresses: zero-sized types may have the same address as other fields in the same struct. +There are no other guarantees of data layout made by this representation. + ### The `C` Representation The `C` representation is designed for dual purposes. One purpose is for From 377c524cf9d9a659eaa6d4c6ee2ee4d509f85118 Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Tue, 22 Mar 2022 18:58:39 +0100 Subject: [PATCH 3/7] Fix typo Co-authored-by: Josh Triplett --- src/type-layout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/type-layout.md b/src/type-layout.md index 915e9cbea..c63371ff7 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -175,7 +175,7 @@ Formally, the first guarantee means that the offset of any field in the struct is divisible by that field's alignment. The second guarantee means that the fields can be ordered such that the offset plus the size of any field is less than or equal to the offset of the next field in the ordering. The ordering does -not have to be the same as the order in which the field are specified in the +not have to be the same as the order in which the fields are specified in the declaration of the struct. Be aware that the second guarantee does not imply that the fields have distinct From f9ec1d2b90e80d7e7ae2f078a8888f29c7b7582e Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Mon, 9 May 2022 17:05:34 +0200 Subject: [PATCH 4/7] Be less struct-centric --- src/type-layout.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/type-layout.md b/src/type-layout.md index c63371ff7..b2e80b599 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -166,17 +166,17 @@ Informally, this representation is also called the `rust` representation. The only data layout guarantees made by this representation are those required for soundness. They are: - 1. The fields of the struct are properly aligned. + 1. The fields are properly aligned. 2. The fields do not overlap. - 3. The minimum alignment of the struct is at least the maximum alignment of its + 3. The minimum alignment of the type is at least the maximum alignment of its fields. -Formally, the first guarantee means that the offset of any field in the struct -is divisible by that field's alignment. The second guarantee means that the -fields can be ordered such that the offset plus the size of any field is less -than or equal to the offset of the next field in the ordering. The ordering does -not have to be the same as the order in which the fields are specified in the -declaration of the struct. +Formally, the first guarantee means that the offset of any field is divisible by +that field's alignment. The second guarantee means that the fields can be +ordered such that the offset plus the size of any field is less than or equal to +the offset of the next field in the ordering. The ordering does not have to be +the same as the order in which the fields are specified in the declaration of +the type. Be aware that the second guarantee does not imply that the fields have distinct addresses: zero-sized types may have the same address as other fields in the From 1275bcc033be63bd4175d989b4a147a90b2a277a Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Mon, 9 May 2022 17:11:10 +0200 Subject: [PATCH 5/7] Rephrase layout of tuples --- src/type-layout.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/type-layout.md b/src/type-layout.md index b2e80b599..c236addca 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -86,8 +86,7 @@ String slices are a UTF-8 representation of characters that have the same layout ## Tuple Layout -Tuples have the same layout guarantees as a struct with the same fields when -laid out according to the default struct representation. +Tuples are laid out according to the default representation. The exception to this is the unit tuple (`()`), which is guaranteed as a zero-sized type to have a size of 0 and an alignment of 1. From 3ecc681250d82aa401e1cc0049360af80769c6ad Mon Sep 17 00:00:00 2001 From: Alice Ryhl Date: Mon, 9 May 2022 17:13:17 +0200 Subject: [PATCH 6/7] Remove stray 'minimum' --- src/type-layout.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/type-layout.md b/src/type-layout.md index c236addca..467ad65d2 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -167,8 +167,7 @@ for soundness. They are: 1. The fields are properly aligned. 2. The fields do not overlap. - 3. The minimum alignment of the type is at least the maximum alignment of its - fields. + 3. The alignment of the type is at least the maximum alignment of its fields. Formally, the first guarantee means that the offset of any field is divisible by that field's alignment. The second guarantee means that the fields can be From 1ae7c2d5c6f56df070002788d355cd6c927c465d Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Mon, 19 Sep 2022 14:32:31 -0700 Subject: [PATCH 7/7] Link to default representation. --- src/type-layout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/type-layout.md b/src/type-layout.md index 467ad65d2..6154fe16a 100644 --- a/src/type-layout.md +++ b/src/type-layout.md @@ -86,7 +86,7 @@ String slices are a UTF-8 representation of characters that have the same layout ## Tuple Layout -Tuples are laid out according to the default representation. +Tuples are laid out according to the [default representation][Default]. The exception to this is the unit tuple (`()`), which is guaranteed as a zero-sized type to have a size of 0 and an alignment of 1.