Re-write ResourceKey

[sffc]

Fixes #1148
Depends on #1504
Depends on #1514

I implemented it as

#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Copy, Clone, Hash)]
#[repr(transparent)]
pub struct ResourceKeyHash([u8; 4]);

#[repr(C)]
pub struct ResourceKey {
    path: &'static str,
    _tag0: [u8; 8],
    hash: ResourceKeyHash,
    _tag1: [u8; 2],
}

When we search the executables, we can find the hash, which is enough for what we need. I anticipate adding a global hash-to-ResourceKey map for all ICU4X components in the tools directory so that we can reproduce the ResourceKey from a ResourceKeyHash. I think this is the best path forward.

I have not yet updated all the components to the new ResourceKey because I would like approval on the approach first.

[sffc]

A few more notes:

1. I got rid of the macro and replaced it with a const function.
2. I am aware of @robertbastian's Implement icu4x-key-extract by string tagging  #1480. However, in this PR I am implementing an approach different from either that one or my original attempt. I will post more comments over there.

[Manishearth]

note that the rust compiler will happily generate (potentially expensive) runtime code for this when this is called in a non const context: i recommend using a macro the way my tinystr PR does to force it to be a static. That way you can also guarantee that the hash will be in the source and not generated at runtime.

[sffc]

I don't know if I agree.

1. We cannot prevent people from using the function, because the macro is just codegen and it needs to wrap a public function (although we could rename or hide the function).
2. The type name is included in the prelude and it's more clear what the function is for (it creates a new ResourceKey, by definition); macros are relatively less friendly for documentation and tooling.
3. My next step is going to be adding a const ResourceKey field to DataMarker, which will force these into a const context.
4. The problem of const functions "accidentally" resolving at runtime instead of build time is not unique to us. I'd rather not introduce the concept of using macros to solve this problem unless you can point to something that says that this is the "official" way to solve the footgun.

[Manishearth]

In this case because it's going to be rare to construct these on your own I'm less worried about preventing people from using this, and more about giving people a convenient way to instantiate a const. There is no such convenient way currently.

But given that most users will just use the exported const, I guess it's fine.

I don't have anything saying this is the "official" way to solve the footgun but it's basically the only way and I asked other community members: the const thing happens because rust doesn't really pick whether to const a function based on whether the argument is a literal, and the only way to say "my arguments must be literals" is via a macro. It's the right tool for the job.

[robertbastian]

Is there any way to disallow runtime key creation?

[Manishearth]

Yes, the typical way to do that is to remove all constructors (except often Default::default()), leave in a #[doc(hidden)] constructor with a name that has underscores in it (ResourceKey::__internal_construct() or something), and use it from the macro.

I don't think we need to here though

[sffc]

I added back the macro, and kept the try_new constructor but not the new constructor, with appropriate documentation.

[robertbastian]

I anticipate adding a global hash-to-ResourceKey map for all ICU4X components in the tools directory so that we can reproduce the ResourceKey from a ResourceKeyHash. I think this is the best path forward.

I think requiring a central directory of keys is a big downside of tagging the hashes instead of the strings. I've updated #1480 to have a similar API to this PR, but tag the path instead.

[robertbastian]

ResourceKeyHash has a fixed size, so we don't need the closing tag.

You could also use a single array for tag and key instead of making them separate fields and forcing them to be consecutive with repr(C):

    #[inline]
    pub const fn try_new(path: &'static str) -> Result<Self, ()> {
        match Self::check_path_syntax(path) {
            Ok(_) => {
              let mut bytes = *b"ICU4XK[\x02XXXX\x03]";
              bytes[9..=12] = helpers::fxhash_32(path.as_bytes()).to_le_bytes();
              Ok(Self { path, bytes })
            },
            Err(_) => Err(())
        }
    }

    #[inline]
    pub const fn get_hash(&self) -> ResourceKeyHash {
        self.bytes[9..=12] // modulo wrapping
    }

[sffc]

I had the closing tag to make it less likely to have false positives (based on the assumption that one instance of a tag is more likely to occur than two tags separated by a specific number of bytes).

I'll need to check to make sure that self.bytes[9..=12] doesn't generate panicky code. Since it's an array, theoretically it should figure out that the operation can't fail, but in general the index operator [] is panicky.

What's wrong with repr(C)?

[robertbastian]

Slicing is actually done by a trait, so self.bytes[9..=12] isn't const.

Regarding repr(C) it just seems like it's the wrong hammer. We're not interacting with C code, we're just trying to put data in a specific order, which I think is clearer by using a single array if the array types match like they do here.

[robertbastian]

based on the assumption that one instance of a tag is more likely to occur than two tags separated by a specific number of bytes

I don't think that holds if the single tag has the same length as the two tags combined.

[robertbastian]

If we're making tags human readable (instead of just being magic numbers), why use control characters?

[sffc]

They may as well be magic numbers. I have no scientific reason for doing what I did here other than to make it less likely to have collisions.

[robertbastian]

Is a 2 any less likely than a 57? I don't see how any string is less or more likely than any other (maybe other than all NUL), so I'd prefer if these were all printable bytes.

If I'm not mistaken the choice of tag length came from the previous PR because it fits exactly into a tinystr8 and not any architectural or probabilistic arguments. If the bytes in a binary are uniformly distributed then it's very unlikely that 64 consecutive bits match this.

In any case, I'd appreciate removing _tag1 and making the tag printable (alternatively, use arbitrary numbers).

[robertbastian]

I'd prefer to keep category, sub_category, version as the public API, rather than having the client assemble the string.

This implies using a macro that concat!s the literals, and then delegates to this const fn (as it cannot concat).

[sffc]

I did it this way because:

1. This new model allows multiple namespaces in key strings, rather than just category/subcategory, which was an artificial limitation
2. I find that writing the string in code is actually shorter and more readable than using an opaque concatenation algorithm

[robertbastian]

Is there any way to disallow runtime key creation?

[robertbastian]

This should be &str now as it's always borrowed.

[sffc]

Done.

[sffc]

I think requiring a central directory of keys is a big downside of tagging the hashes instead of the strings.

1. The existence of a central directory is a separate decision than tagging hashes vs strings. We could easily write out hashes in hex notation into the keys file. If a central directory existed, we only have more flexibility in what we put in the key file.
2. The primary purpose of a central directory is to prevent collisions. People would need to add their keys to the central directory only after hooking them up to icu4x-datagen.
3. A central directory has other use cases. For example, it could be used to make BlobDataProvider capable of exporting data, something you expressed a desire to do in Implementing IterableProvider for FsDataProvider and BlobDataProvider #1506.

[sffc]

I would like to decouple this PR from the static data slicing / keyextract questions. I will remove the tags and the repr(C) from the data model and add those back in a future PR.

[sffc]

Note: This PR comes with a code size win, most likely because the key string is computed at compile time.

Old:

-rwxr-xr-x 1 runner docker    43952 Jan 18 18:13 optim4.elf
-rwxr-xr-x 1 runner docker    33688 Jan 18 18:13 optim5.elf

New:

-rwxr-xr-x 1 runner docker    41584 Jan 18 20:12 optim4.elf
-rwxr-xr-x 1 runner docker    31736 Jan 18 20:12 optim5.elf

[robertbastian]

Wrong PR?

[sffc]

This was from #1514 which is now merged.

[robertbastian]

Remove?

[robertbastian]

We don't need the reprs here

[sffc]

I'd like to keep the repr(transparent) on ResourceKeyHash because that one will be used as a ULE in the BlobProvider. But I removed the repr(C) on ResourceKey.

[robertbastian]

Now that we have get_path, I don't see why we still (publicly) need this. Before this was the cheapest way to return the path, but now we can just return the static ref. So instead of doing path_buf.extend(key.iter_components()) we can do path_buf.push(key.get_path()).

[sffc]

#1516

[robertbastian]

I don't like these names at all...

Also, you just told me that you prefer the constructor to take a string instead of (category, subcategory, version) so there's more flexibility in how many namespaces a client uses, but this API very rigidly only supports the latter.

[sffc]

I deleted get_component_0 and get_component_1. I need get_last_component_no_version for compatibility with uprops provider. I filed #1515 to follow up on that dependency.

[robertbastian]

This is only ever used to extend a PathBuf. How about not constructing iterators and cows and instead doing something like:

pub fn push_to(&self, path_buf: &mut PathBuf) {
  match self.variant {
    Some(variant) => path_buf.push(*variant),
    _ => {}
  }
  match self.langid {
    Some(langid) => path_buf.push(langid.to_string()),
    _ => {}
  }
}

We could do something similar for ResourceKey (instead of exposing get_path and iter_components).

[sffc]

Hmm. Good observation. I agree that we should clean this up.

One issue is that std::path::PathBuf is not no_std. Currently these APIs are no_std and are used indirectly by other no_std code.

I filed #1516 to follow up.

[dpulls]

🎉 All dependencies have been resolved !