Skip to content

Propose a 2025H2 goal for comprehensive niche checks #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Propose a 2025H2 goal for comprehensive niche checks #333

wants to merge 1 commit into from

Conversation

1c3t3a
Copy link
Member

@1c3t3a 1c3t3a commented Jul 15, 2025
edited by rustbot
Loading

This is a follow-up goal to the previous one that I did in H1. It's continuing the work by making the checks more efficient (broader coverage) and cover all niches.

cc @saethlin, @RalfJung who helped me with the previous goal

Rendered

@1c3t3a 1c3t3a force-pushed the niche-check-h2-goal branch 3 times, most recently from 7504415 to dd1dcbe Compare July 16, 2025 09:21
RalfJung
RalfJung reviewed Jul 16, 2025
View reviewed changes
src/2025h2/comprehensive-niche-checks.md Outdated
we e.g. inject the check for every use of an invalid enum, we already observe UB,
and the compiler may insert a `trunc` of the discriminant value when trying to
get the value. The UB may already have happened. Similar, any check for an
argument marked `nonnull` will be optimized out by the compiler.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this paragraph...

Copy link
Member Author

@1c3t3a 1c3t3a Jul 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oke I rephrased it and want to give a bit more background here. Essentially the problem I face when sanitizing for e.g. invalid enum discriminants is that the compiler already performs optimizations that make it impossible for us to check.

E.g. in this example, where we craft a repr(u8) enum that has two members. The compiler already optimizes the backing representation of the discriminant to be an i1, which means when we store a value of 42 here, the compiler truncates the bits and our "check" ends up not firing.

As a solution to this I'd like to propose a "checked load" operation that checks values when they are loaded from memory or something like a "shadow block" at the start of a function that checks validity of the arguments. What is your opinion on this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see. I don't have a good idea for how to resolve this, but I understand the question now. :) Please extend the text to make that more clear.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oke I see, happy to hear it is clearer now. I also changed the example to another one that saethlin@ proposed as it is easier to understand the problem. The i1 for enums is already fairly specific.

@1c3t3a 1c3t3a force-pushed the niche-check-h2-goal branch 3 times, most recently from 4336327 to 5e6e173 Compare July 17, 2025 15:29
saethlin
saethlin reviewed Jul 17, 2025
View reviewed changes
saethlin
saethlin reviewed Jul 17, 2025
View reviewed changes
@1c3t3a 1c3t3a force-pushed the niche-check-h2-goal branch from 5e6e173 to 7d71a55 Compare July 18, 2025 09:40
lqd
lqd reviewed Jul 18, 2025
View reviewed changes
@1c3t3a 1c3t3a force-pushed the niche-check-h2-goal branch from 7d71a55 to f6166fc Compare July 18, 2025 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lqd lqd lqd left review comments

@RalfJung RalfJung RalfJung left review comments

@saethlin saethlin saethlin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@1c3t3a @lqd @RalfJung @saethlin