Stream: t-lang/wg-unsafe-code-guidelines

Topic: fpenv


gnzlbg (Oct 18 2019 at 08:34, on Zulip):

@RalfJ I'm not sure I understand why modifying fpenv isn't an error in the abstract machine

gnzlbg (Oct 18 2019 at 08:35, on Zulip):

IIUC from your latest comment, the idea is that there is no fpenv in the abstract machine, so reading it or modifying it is not something that we can talk about at that level

gnzlbg (Oct 18 2019 at 08:36, on Zulip):

But OTOH Rust assumes that floating point math behaves in a certain way

gnzlbg (Oct 18 2019 at 08:38, on Zulip):

And one can configure the hardware to not behave in that way

gnzlbg (Oct 18 2019 at 08:38, on Zulip):

So I see this as a similar thing to "target-feature"

gnzlbg (Oct 18 2019 at 08:39, on Zulip):

That is, this is UB of the form of running the binary produced on hardware that does not support it

gnzlbg (Oct 18 2019 at 08:39, on Zulip):

Not that much different from trying to run an arm binary on x86

gnzlbg (Oct 18 2019 at 08:40, on Zulip):

I don't know what the right level is to talk about this kind of UB

gnzlbg (Oct 18 2019 at 08:42, on Zulip):

With the proposed definition, this is not an error in the abstract machine, but an user error maybe ?

gnzlbg (Oct 18 2019 at 08:43, on Zulip):

That is, when you tell your compiler to compile a program for x86, the abstract machine promises that, if that program has no UB, it will produce a program that runs on x86 with the same semantics

gnzlbg (Oct 18 2019 at 08:44, on Zulip):

If the user then goes and takes that program and runs it on something else, well, that's an error, but it is not an error in the abstract machine per se

gnzlbg (Oct 18 2019 at 08:44, on Zulip):

It is however something for which we do not provide any guarantees, and therefore a different form of UB

gnzlbg (Oct 18 2019 at 08:46, on Zulip):

This kinds of match what's mentioned in https://github.com/rust-lang/miri/issues/932#issuecomment-541567466

gnzlbg (Oct 18 2019 at 08:47, on Zulip):

Which makes UB due to incorrect usage of target-features an error on the "miri CPU", not the rust abstract machine.

RalfJ (Oct 19 2019 at 08:59, on Zulip):

IIUC from your latest comment, the idea is that there is no fpenv in the abstract machine, so reading it or modifying it is not something that we can talk about at that level

exactly

RalfJ (Oct 19 2019 at 08:59, on Zulip):

I think we came to agreement in https://github.com/rust-lang/unsafe-code-guidelines/issues/202#issuecomment-543604668 ?

Last update: Nov 20 2019 at 11:30UTC