Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Based on #28] Getting alignment right #33

Open
wants to merge 34 commits into
base: master
Choose a base branch
from
Open

[Based on #28] Getting alignment right #33

wants to merge 34 commits into from

Conversation

HadrienG2
Copy link

@HadrienG2 HadrienG2 commented Oct 28, 2019
edited
Loading

This allows Abomonation to correctly align serialized data by providing...

  • An encode() implementation that inserts padding so that all output data can be well-aligned if the bytes are aligned on a sufficiently strong boundary (specified by Abomonation::alignment()).
  • A decode() implementation that handles said padding correctly if the input data is suitably aligned (otherwise UB may occur).
  • Supporting tools for reallocating bytes with proper alignment for decoding if such alignment cannot be guaranteed by the data source

Other noteworthy changes include extent() going away (because alignment-related padding makes a type's extent dependent on the context in which it is entombed) and unsafe_abomonate becoming even more messy, raising the question of when it should go away for good.

At the documentation level, padding bytes related UB was significantly clarified.

For convenience reasons, this PR is based on #22, #24, #25, #26 and #28. Reviewing these PRs first is recommended, but if you want to review this one in isolation, please consider doing so commit-by-commit in order to get a clean diff.

Fixes #23.

HadrienG2 and others added 20 commits September 26, 2019 09:25
@HadrienG2
Move to a NonNull-based exhume() interface
984b0b0
@HadrienG2
Port unsafe_abomonate to NonNull-based interface
e97de1b
@HadrienG2
Clarify that the tuple_abomonate macro takes types as input
5fd4957
@HadrienG2
Port tuple_abomonate to NonNull-based interface
b182a38
@HadrienG2
Port Box<T> abomonation to NonNull-based interface
d4a78e4
@HadrienG2
Port Rust enum abomonation to NonNull-based interface
421a486
@HadrienG2
Port slice-like abomonations to NonNull-based interface (and deduplic…
5ef07a7 
…ate them)
@HadrienG2
Require Debug and use assert_eq for improved test failure messages
b23d2dc
@HadrienG2
Clarify invalid data as a source of UB
b5f7b71
@HadrienG2
Remove outdated Abomonable notion
e4a4963
@HadrienG2
Make sure that black_box does its job
b8629a3
@HadrienG2
Remove some strange whitespace
48b2b9a
@HadrienG2
Snipe some unnecessary usage of Ok(())
7388af5
@HadrienG2
Don't use manual inlining where benchmarks don't show a benefit
3f84783
@HadrienG2
Add inline(always) where it matters in benchmarks
cb8e2af
@HadrienG2
Avoid multiple codegen units in benchmarks
17a0354
@HadrienG2
Improve Abomonation documentation and make the trait unsafe
ee283b0 
By its very nature, Abomonation does very unsafe (and UB-ish) things.
But we should strive to explain these as well as we can in the current
state of the unsafe Rust formalization effort in order to reduce the
potential for known misuse.
@HadrienG2
Take writer by value
6c12b2e
@HadrienG2
Do not rely on autoderef to select the right Abomonation impl
a4377f4
@HadrienG2
Make Box<T>::entomb simpler and more consistent with others
cda9ebb
@HadrienG2
Copy link
Author

@frankmcsherry So, this PR is getting into a pretty nice shape now. It would be useful if you could have a look at it and comment on the general design direction at some point.

In the end, I gave up on the idea of automatically reallocating decode()'s input data if it is misaligned, as I proposed in #23, because...

  1. Owned Abomonated data has ergonomic issues (in the presence of references) and should therefore not be something that we push onto users by default. Which we are forced to do in the decode API in the above design.
  2. decode() can already fail in so many ways due to broken input data invariants that adding an extra alignment invariant does not seem so terrible after all.

@HadrienG2
Copy link
Author

HadrienG2 commented Nov 11, 2019
edited
Loading

One safer alternative to the current design where passing unaligned bytes to decode is UB (and is checked only in debug build) would be to have decode() required AlignedBytes as input. But that might be perceived to be excessively intrusive by performance-conscious people who have other ways of guaranteeing data alignment...

EDIT: ...especially as it would interfere somewhat badly with Abomonated's current design, which accepts any kind of bytes container.

@HadrienG2
Copy link
Author

HadrienG2 commented Nov 11, 2019
edited
Loading

Alright, I squashed my commit mess a bit to make it easier for you to review. Also, I think I've found a way to make AlignedBytes and Abomonated play nice with each other, will try that via further commits...

EDIT: Nope, I don't think I can make it work without an unacceptable degree of type-level complexity.

@HadrienG2 HadrienG2 mentioned this pull request Nov 12, 2019
Open
@HadrienG2 HadrienG2 changed the title [WIP] [Based on #28] Getting alignment right [Based on #28] Getting alignment right Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Can the pointer alignment situation be improved?
1 participant
@HadrienG2