-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
target_feature 1.1 #2396
target_feature 1.1 #2396
Conversation
This looks good to me 👍. It's a nice conservative "obviously sound" next stop. I talked a little bit to @gnzlbg about the interaction with the portability lint and |
cc: @hsivonen , @alexcrichton , @nagisa, @rkruppe |
@newpavlov posted a pre-RFC about target restriction contexts: https://internals.rust-lang.org/t/pre-pre-rfc-target-restriction-contexts/7163/ I don't think this RFC is incompatible with that proposal, but that's something worth triple-checking since those are things that we might want to do later anyways. |
Beautiful RFC, big 👍 . One small point: You probably already know it, but to one important thing for soundness is probably that #[target_feature = "sse2"] fn bar() { }
fn test() {
let a: fn() = bar; // ERROR mismatched types expected fn() got #[target_feature ="sse2"] fn()
a();
let b: #[target_feature] fn() = bar; // works
b();
} To get the feature onto stable faster (syntax bikesheds are tiring), we could not implement the |
So right now (RFC2045) you can't have a safe function pointer to a This restriction can be relaxed later, but doing so adds some complexity, and I don't think that it buys us that much more, so I wouldn't want to delay anything here for that. The reason it doesn't buy us that much is that today one can already write safe wrappers around unsafe function pointers. The wrapper ensures that if you construct it properly, the function pointer is only set to a function that is actually safe to call, for example, by doing run-time or compile-time feature detection. |
@est31 yeah adding annotations to the type system like that is kind of a big deal. OTOH we can achieve that sort of thing with the portability lint (see rust-lang-nursery/portability-wg#17 for details). In general [i.e with enough squinting :D], the portability lint can be viewed as a sort of overlay effect system with subtyping, so it's perfect for this sort of thing. |
But the portability lint isn't sound, right? The solution for mismatched target features has to be sound because calling a function with the wrong target features is UB. |
@rkruppe the portability lint is only not sound because we choose to make it warn not err. I guess I got ahead of myself thinking of a future epoch where it does raise errors :). I'll back-pedal and say in the nearer term it would indeed be a separate feature as @est31 describes, but share the same implementation. Then in that future epoch we flip the switch and the features are unified. |
I just read RFC2212 twice and I still don't think I fully understands what it proposes, so these are the differences that I identify (please correct me if I understood RFC2212 incorrectly):
|
Ok cool, thanks for the clarification! I would personally be on board with the construction in this RFC, I think it definitely makes sense! |
I guess this RFC needs a shepherd then :) |
I can do that =) |
What about fn foo() { }
#[target_feature = "x"] fn bar() {
foo(); // is an unsafe block required?
} Am I right in assuming that no unsafe block is required here because currently we don't allow disabling features and have no negative features? In future when we add feature hierarchies then we can allow disabling features and negative features and the compiler can require a unsafe block here in those cases. |
AFAICT the substantive differences between RFC 2212 and this RFC are that
Correct?
I think this is quite unfortunate given how the SSE family is organized. I think it would be beneficial to define the hierarchy for the SSE family even if defining other hierarchies was deferred. I can understand why there could exist controversial hierarchies (esp. AVX-512 family not being strictly additive), but it seems sad to refuse to define any hierarchies when the most common case is a well-known hierarchy. Also, it seems unnecessarily strict to require the callee to have the same set of features as the caller, since logically a subset should suffice. Surely after this RFC functions with some
This RFC needs some information about the functions for the compiler to decide that In any case, as the author of RFC 2212, I'm in favor of this RFC, since this RFC is a step closer to the goal of RFC 2212 (and exceeds it on the issue of function pointers). Thank you! |
Yes, thanks for bringing this up. That example has to be written as: fn foo() { }
#[target_feature(enable = "x")] fn bar() {
foo(); // OK
} If we were to allow "negative" features, then: fn foo() { }
#[target_feature(disable = "y")] fn bar() {
foo(); // ERROR: foo is y but bar is not y
unsafe { foo() }; // OK
} I'll add how this could be extended to negative features to the unresolved questions part of the RFC.
Yes, that's correct! However, you spotted the following bug which changes point 2.
The guide-level explanation states:
while the reference section states:
which obviously don't match. So which is it? First, this is a bug in the RFC, thank you for spotting this. The reference section is wrong and it should state what the guide-level explanation says. That is, the calle and the caller must have the same target features enabled, but the caller can have more target features enabled than the callee.
I think that now that I prefer to not derail this RFC into a discussion about the hierarchy, but I'd gladly chime in into a tracking issue for that if somebody opens it. |
I was talking with @Centril on IRC the other day and I agree: this RFC does change the typing rules since programs that are now rejected would become accepted. For the cases introduced in this RFC, it might be enough to extend the checks of unsafe for expressions in |
…d this RFC does not change that
…fe trait methods.
I think I fixed most of these. Nobody has proposed a way to be parametric over
I could implement this, but my availability is very low lately. |
@rfcbot resolve review-comments |
What's the status of this RFC? |
still stuck on |
In an effort to get this unstuck: @gnzlbg I understand that you have limited availability. Rather than asking you to commit to implementing this, could you commit to answering questions for whoever does? (Ensuring that the RFC's "institutional memory" is maintained after being accepted.) I am hoping that might suffice, here, and might be an easier ask for you. |
Yes, I am available to mentor the implementation work if someone wants to go ahead and start it (just ping me in Zulip). I might become more available in February/March and might be able to do this myself but I cannot commit to that right now. |
Alright. Let's hope someone does show up to ask you some of those questions. :) @rfcbot resolve who-is-going-to-implement? |
🔔 This is now entering its final comment period, as per the review above. 🔔 |
* making all `#[target_feature]` functions `unsafe fn`s and requiring `unsafe | ||
{}` to call them everywhere hides other potential sources of `unsafe` within | ||
these functions. Users get used to upholding `#[target_feature]`-related |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related RFC: #2585
But the proposal here still makes sense regardless of that.
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. The RFC will be merged soon. |
Huzzah! The @rust-lang/lang team has decided to accept this RFC. Tracking issue: rust-lang/rust#69098 If you'd like to keep following the development of this feature, please subscribe to that issue, thanks! :) |
Rendered