Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add safety preconditions to alloc/src/boxed/thin.rs #119

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

Add safety preconditions to alloc/src/boxed/thin.rs #119

wants to merge 8 commits into from

Conversation

tautschnig
Copy link
Member

Note that I've added #[requires] attributes to represent the safety conditions as code contracts. These are based on the "SAFETY:" comments in the original code. The conditions are:

  1. For with_header, we require that the pointer is aligned.
  2. For drop, we require that the value pointer is either null or aligned.
  3. For header, we require that the pointer is aligned.

These contracts ensure that the safety conditions mentioned in the comments are checked at compile-time or runtime, depending on the contract system used.

@tautschnig
Add safety preconditions to alloc/src/boxed/thin.rs
bb44f4b 
Note that I've added `#[requires]` attributes to represent the safety conditions as code contracts. These are based on the "SAFETY:" comments in the original code. The conditions are:

1. For `with_header`, we require that the pointer is aligned.
2. For `drop`, we require that the value pointer is either null or aligned.
3. For `header`, we require that the pointer is aligned.

These contracts ensure that the safety conditions mentioned in the comments are checked at compile-time or runtime, depending on the contract system used.
@tautschnig tautschnig force-pushed the bedrock-library/alloc/src/boxed/thin.rs branch from 32efecb to bb44f4b Compare October 17, 2024 14:00
@tautschnig
Add safety dependency to alloc and std crates
35da25b 
Just as previously done for core: this will enable future use of
`safety::{ensures,requires}` in those crates.
@tautschnig
fixup! Add safety dependency to alloc and std crates
d77d7f6
@tautschnig
fixup! Add safety dependency to alloc and std crates
4683426
@tautschnig
Remove generated requires clauses from safe functions
f719a35 
These have SAFETY comments explaining why their `unsafe` sections are
indeed safe, but the overall function should be safe for all inputs.
@tautschnig
Fix harness
4be20fa
@tautschnig
Fix contract (incomplete)
e880520
celinval
celinval reviewed Oct 17, 2024
View reviewed changes
library/alloc/src/boxed/thin.rs
@@ -363,6 +369,8 @@ impl<H> WithHeader<H> {
// Safety:
// - Assumes that either `value` can be dereferenced, or is the
// `NonNull::dangling()` we use when both `T` and `H` are ZSTs.
#[requires((mem::size_of_val_raw(value) == 0 && size_of::<H>() == 0) ||
Copy link

@celinval celinval Oct 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're still missing the safety of self for type T.

@tautschnig tautschnig self-assigned this Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@celinval celinval celinval left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@tautschnig tautschnig

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tautschnig @celinval