improve offset_from docs #82751
Merged
improve offset_from docs #82751
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
r? @dtolnay (rust-highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
dtolnay
reviewed
Mar 4, 2021
|
Cc @rust-lang/lang I think this is already an established guarantee that "two pointers are within some allocated object of Rust type |
Wodann
reviewed
Mar 6, 2021
| /// For instance, no known 64-bit platform can ever serve a request | ||
| /// for 2<sup>63</sup> bytes due to page-table limitations or splitting the address space. | ||
| /// However, some 32-bit and 16-bit platforms may successfully serve a request for | ||
| /// more than `isize::MAX` bytes with things like Physical Address | ||
| /// Extension. As such, memory acquired directly from allocators or memory | ||
| /// mapped files *may* be too large to handle with this function. | ||
| /// (Note that [`offset`] and [`add`] also have a similar limitation and hence cannot be used on |
There was a problem hiding this comment.
Is the link for offset defined somewhere?
There was a problem hiding this comment.
Yeah, it already exists and is further up.
Wodann
approved these changes
Mar 6, 2021
dtolnay
approved these changes
Mar 6, 2021
|
@bors r+ rollup |
|
📌 Commit ebe0407 has been approved by |
bors
added
S-waiting-on-bors
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Mar 7, 2021
Rollup of 13 pull requests Successful merges: - rust-lang#77916 (Change built-in kernel targets to be os = none throughout) - rust-lang#82130 (Make some Option, Result methods unstably const) - rust-lang#82292 (Prevent specialized ZipImpl from calling `__iterator_get_unchecked` twice with the same index) - rust-lang#82402 (Remove RefCell around `module_trait_cache`) - rust-lang#82592 (Improve transmute docs with further clarifications) - rust-lang#82651 (Cleanup rustdoc warnings) - rust-lang#82720 (Fix diagnostic suggests adding type `[type error]`) - rust-lang#82751 (improve offset_from docs) - rust-lang#82793 (Move some tests to more suitable subdirs) - rust-lang#82803 (rustdoc: Add an unstable option to print all unversioned files) - rust-lang#82808 (Sync rustc_codegen_cranelift) - rust-lang#82822 (Fix typo) - rust-lang#82837 (tweak MaybeUninit docs) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@thomcc pointed out that the current docs leave it kind of unclear how one can satisfy the "no wrapping around
isizeor the address space" requirement ofoffset_from, so make the docs clearer about that.FWIW, I don't think I entirely agree with that second paragraph about large objects (that I left mostly unchanged here). LLVM, to my knowledge, fundamentally assumes that all allocations fit into an
isize::MAX. So in that sense creating a larger allocation is simply UB. I would expect a guarantee that Rust heap allocation methods will never return allocations larger thanisize::MAX(or rather, Rust heap allocation methods should require that theLayoutis no larger thanisize::MAX). However, I cannot find any such requirement documented currently. Large allocations are not mentioned at all in the allocator docs, which is quite surprising -- even if we say that such allocations are not insta-UB (which I think is incompatible with LLVM), they are still extremely footgunny sinceptr::offset/ptr::adddo not support offsetting by more thanisize::MAXbytes.Furthermore, the allocator docs don't even say anything about allocations wrapping around the address space. But that is certainly something allocators must ensure never happens; we cannot expect clients to defend against this.
Cc @rust-lang/wg-allocators