Fix UB when T contains uninit bytes and when T is zero-sized #4
Conversation
|
Added fix for #5 |
TyPR124
changed the title
|
Note that I'm editing this via Github's edit feature as I am away from my normal computer for a few days. That said I was able to run the tests via playground, and only the doc-tests fail but that seems to be due to playground using a different crate name. |
|
I'm actually not convinced of the presence of UB in the ZST case; I linked a relevant passage to the nomicon in #5. When you get to a computer, can you add a regression test case that checks the undefined bytes case? I have a |
|
I can add a regression test (and properly verify it) in the next day or two. No later than Monday. |
|
Sounds good. I've added a different implementation of ZST handling if that's alright; I don't really trust just feeding an |
Actually, this gives me an idea. You could actually just box all ZSTs. There is no allocation for boxing ZSTs, and Box will handle the pointer semantics for you. I'm pretty sure it will generate the same (optimized) assembly as maintaining the pointer yourself (I can verify this later if you want), except you only need to worry about Box's into_raw and from_raw safety considerations, can have all ZSTs follow the There shouldn't be any issue with de-referencing a properly aligned pointer to a ZST, since the actual read/write is still a no-op. The non-null and alignment requirements are really just to allow optimizations (example, compiler can assume that any raw pointer converted to a reference is non-null, which may allow other parts of the code to be better optimized). Also when I get to adding the test, I will close this PR and open a new one so that these changes don't interfere with whatever ZST changes you wish to make. |
|
Sounds good, thank you! And that's a very interesting point about the Zero Size Box; I'd be more than happy to go that way if you can confirm that that's what happens. |
Fixes #3 by always zero'ing the storage.