Stream: t-lang/wg-unsafe-code-guidelines

Topic: meeting-2018-12-13


nikomatsakis (Dec 13 2018 at 14:34, on Zulip):

Just a note that we will have a meeting today (cc @WG-unsafe-code-guidelines) in approximately 1hour 45 minutes. Feel free to leave some notes in this topic re: agenda etc.

nikomatsakis (Dec 13 2018 at 14:35, on Zulip):
gnzlbg (Dec 13 2018 at 14:50, on Zulip):

I don't think so. Most people seem to be fine with bool == _Bool. We should just document exactly what that means, and what it entails for all platforms that Rust supports. Something like

Rust's bool has the same layout as C17's _Bool, that is its size and alignment are _implementation-defined_. On all platforms that Rust's currently supports, the size and alignment of bool are 1.

(or something like that, maybe also noting that its ABI class is INTEGER - is this the case for all supported platforms?)

gnzlbg (Dec 13 2018 at 14:53, on Zulip):

Once we talk about validity of bool, we should do the same:

Rust's bool has the same valid representations as C17's _Bool, that is, two valid _implementation-defined_ bit-patterns corresponding to true and false - all other bit-patterns are _invalid_. On all platforms that Rust's currently supports, 0x0 is the bit-pattern of false, and 0x1 is the bit-pattern of true.

gnzlbg (Dec 13 2018 at 14:56, on Zulip):

Maybe adding a note about C20 / C++20 (might be irrelevant, don't know):

Note: There are two proposals, NXYZW for C and PXYZW for C++, which propose defining 0x0 as the bit-pattern for false and 0x1 as the bit-pattern for true in the C and C++ standards.

gnzlbg (Dec 13 2018 at 15:03, on Zulip):

Or does anyone think differently ? cc @Gankro @rkruppe @RalfJ @briansmith ?

RalfJ (Dec 13 2018 at 15:09, on Zulip):

agreed. maybe with some warning (at least for size and align) that unsafe code should avoid hard-coding assumptions about the size of bool if it can.

avadacatavra (Dec 13 2018 at 15:20, on Zulip):

I'm planning on documenting the controversy (did not realize bools were so controversial) and the decision

rkruppe (Dec 13 2018 at 15:35, on Zulip):

@gnzlbg sounds good too me

RalfJ (Dec 13 2018 at 15:42, on Zulip):

(as mentioned yesterday, I'll not be able to attend. I am in a train with internet now, but will probably be changing buses and walking through the city center for most of the meeting.)

avadacatavra (Dec 13 2018 at 15:49, on Zulip):

Agenda

avadacatavra (Dec 13 2018 at 16:15, on Zulip):

Hello friends of UnsafeLand :) Anything to add to the agenda?

gnzlbg (Dec 13 2018 at 16:15, on Zulip):

I think it's good :)

Alan Jeffrey (Dec 13 2018 at 16:15, on Zulip):

Hi

avadacatavra (Dec 13 2018 at 16:17, on Zulip):

i'm editing the floating point et al writeup and i know niko is working on enums

gnzlbg (Dec 13 2018 at 16:17, on Zulip):

@avadacatavra

bool: I will document the controversy and decisions that have already been made

I think that for bool you can just verbatim use my quotes from above in the PR. There might be some nits to fix in those, but something along those lines suffices.

I wouldn't really document anything about the controversy, but if you really want to, one could add a note that clarifies things:

note: So which properties of bool can unsafe code actually rely on? It depends. "Fully portable" unsafe code cannot rely on _implementation-defined_ properties for correctness because these might change across implementations or targets. However, unsafe code that only wants to be portable to all platforms that Rust currently support and unsupported platforms in which bools behave the same, which are many, can rely on the _implementation-defined_ behavior that is known for those platforms.

EDIT: the controversy itself was about trying to answer that question without the "It depends".

nikomatsakis (Dec 13 2018 at 16:19, on Zulip):

:wave: I am indeed working on the enum PR

nikomatsakis (Dec 13 2018 at 16:19, on Zulip):

I had hoped to finish it this morning, but mostly I wound up just reading issues and things

Alan Jeffrey (Dec 13 2018 at 16:19, on Zulip):

And https://github.com/rust-rfcs/unsafe-code-guidelines/pull/51 is still dragging on.

Alan Jeffrey (Dec 13 2018 at 16:20, on Zulip):

(refs and pointers)

avadacatavra (Dec 13 2018 at 16:20, on Zulip):

@gnzlbg i was thinking writing something along the lines of :

there was some debate about what to pick as the "official" behavior:
Rust does what C does
- and in all cases you care about, that is 1 byte that is 0 or 1
or
rust makes it 1 byte with values 0 or 1
- and in all cases you care about, this is what C does
the "official lang team decision" at some point was for the former

avadacatavra (Dec 13 2018 at 16:20, on Zulip):

but i think we're all actually on the same page with that

avadacatavra (Dec 13 2018 at 16:20, on Zulip):

@Alan Jeffrey any sticking points on refs and pointers

nikomatsakis (Dec 13 2018 at 16:21, on Zulip):

it didn't seem like there were any genuine controversies there

nikomatsakis (Dec 13 2018 at 16:21, on Zulip):

mostly just debate about how to phrase things?

Alan Jeffrey (Dec 13 2018 at 16:21, on Zulip):

@avadacatavra nothing major, just nits being picked :)

avadacatavra (Dec 13 2018 at 16:23, on Zulip):

so, slow progress, but PROGRESS

avadacatavra (Dec 13 2018 at 16:23, on Zulip):

(understandable with all hands last week)

avadacatavra (Dec 13 2018 at 16:23, on Zulip):

/me still doesn't know what day it is

nikomatsakis (Dec 13 2018 at 16:23, on Zulip):

=)

gnzlbg (Dec 13 2018 at 16:23, on Zulip):

@nikomatsakis I guess the controversy was about what answer should the question: What can unsafe code rely on about bool? I and others wanted a simple answer at the cost of C interoperability on weird platforms. Others argued that the current answer is simple if you only consider non-weird platforms. Those two are just at tension.

nikomatsakis (Dec 13 2018 at 16:24, on Zulip):

Indeed.

avadacatavra (Dec 13 2018 at 16:25, on Zulip):

Are we ready to chat about december/january meetings?

gnzlbg (Dec 13 2018 at 16:26, on Zulip):

I think I could make it the 3rd, I can't make it the 27th.

nikomatsakis (Dec 13 2018 at 16:26, on Zulip):

I'm inclined to stick with the prior decision mostly because it exists, but I guess it also depends on what we do in other places. I'm not sure if similar things arise elsewhere, or if we've settled them, but if we were to say that we define our behavior to be "simple things that align with C on non-weird platforms" vs "aligning with C first", then it would probably make sense to be consistent. For this reason, I'm ok with leaving it as "semi-undecided"

nikomatsakis (Dec 13 2018 at 16:26, on Zulip):

I think I could make it the 3rd, I can't make it the 27th.

me too

avadacatavra (Dec 13 2018 at 16:26, on Zulip):

I'm inclined to skip the 27th because I'll be playing with my Christmas presents

nikomatsakis (Dec 13 2018 at 16:27, on Zulip):

yeah I think that's true for everyone

avadacatavra (Dec 13 2018 at 16:27, on Zulip):

ok, sounds good

nikomatsakis (Dec 13 2018 at 16:27, on Zulip):

or at least many

avadacatavra (Dec 13 2018 at 16:27, on Zulip):

sounds good, then we'll have a meeting next week and then reconvene in january

gnzlbg (Dec 13 2018 at 16:28, on Zulip):

@nikomatsakis i think changing the current decided behavior would need an RFC, and it doesn't make much sense to drag that discussion into our RFC

avadacatavra (Dec 13 2018 at 16:28, on Zulip):

Next topic: Rust2019 for this WG

avadacatavra (Dec 13 2018 at 16:28, on Zulip):

does anyone have specific goals/input/comments/etc

nikomatsakis (Dec 13 2018 at 16:29, on Zulip):

My sense is: the current process is OK, but moving very slowly, largely as a result of nobody having quite enough time.

nikomatsakis (Dec 13 2018 at 16:29, on Zulip):

I think it's a good idea to try and set some larger Rust 2019 goals

nikomatsakis (Dec 13 2018 at 16:30, on Zulip):

I'd hate for us to stop, in any case :) but we should also think about if there are ways to enable us to make faster progress

avadacatavra (Dec 13 2018 at 16:30, on Zulip):

@nikomatsakis what things are you thinking about

nikomatsakis (Dec 13 2018 at 16:30, on Zulip):

e.g., maybe we should plan for a special meeting, as we've sometimes discussed, if we could pull something like that together?

nikomatsakis (Dec 13 2018 at 16:30, on Zulip):

tbh i'm not really sure

nikomatsakis (Dec 13 2018 at 16:30, on Zulip):

I'd be really happy if we could close out this 1st discussion area before 2019 though :)

avadacatavra (Dec 13 2018 at 16:30, on Zulip):

@nikomatsakis do you think we should offline with aaron about that?

avadacatavra (Dec 13 2018 at 16:30, on Zulip):

oh. we will.

avadacatavra (Dec 13 2018 at 16:30, on Zulip):

/me makes a determined face

nikomatsakis (Dec 13 2018 at 16:31, on Zulip):

do you think we should offline with aaron about that?

probably, we won't decide now

avadacatavra (Dec 13 2018 at 16:32, on Zulip):

i'll follow up on that after this meeting

avadacatavra (Dec 13 2018 at 16:32, on Zulip):

and if anyone has comments about UCG2019, let me know

nikomatsakis (Dec 13 2018 at 16:32, on Zulip):

yeah, I'm not sure what else we would say beyond "we did this so far, next up is that".

nikomatsakis (Dec 13 2018 at 16:33, on Zulip):

(and maybe just outlining again how things are meant to work as a kind of advertisement)

avadacatavra (Dec 13 2018 at 16:33, on Zulip):

i think outlining some concrete goals now that we've done this a bit would be in scope

gnzlbg (Dec 13 2018 at 16:34, on Zulip):

Some advertisement definitely sounds good, advertising that we want to land an RFC in 2019 for things that unsafe code is allowed to rely on might get some attention.

gnzlbg (Dec 13 2018 at 16:34, on Zulip):

I am not sure how easy it is to jump into this given that we don't have basic terminology written down yet.

nikomatsakis (Dec 13 2018 at 16:34, on Zulip):

Hmm so one thing I could imagine, as a kind of roadmap

avadacatavra (Dec 13 2018 at 16:35, on Zulip):

@gnzlbg what sort of basic terminology are you thinking

nikomatsakis (Dec 13 2018 at 16:35, on Zulip):

is doing a better job outlining the 'larger areas' that we expect to focus on

Alan Jeffrey (Dec 13 2018 at 16:35, on Zulip):

@avadacatavra terminology like "representation" bogged down the defn of pointers,

Alan Jeffrey (Dec 13 2018 at 16:36, on Zulip):

I can imagine there's other instances.

gnzlbg (Dec 13 2018 at 16:36, on Zulip):

@avadacatavra "layout", "validity", "safety", etc. @Alan Jeffrey had some troubles jumping in because we were using these terms hmm very specially

avadacatavra (Dec 13 2018 at 16:36, on Zulip):

sounds good

nikomatsakis (Dec 13 2018 at 16:36, on Zulip):

right now I think we're focusing (and it makes sense) on relatively simple, contained properties. I think there are other, larger questions -- e.g., what about embedded platforms that know they have no threads, can they rely on that? Is that "safe"? What about the problem of unsafe composability? -- maybe we can try to draft up a sort of categorizatioon that tries to lay out those problems and specifies one or two we aim to tackle thus far?

gnzlbg (Dec 13 2018 at 16:37, on Zulip):

someone that doesn't know what is implied by them will definetely have trouble following, separating what the different discussions are about, etc. but a blog post would be a great place to introduce them more informally

nikomatsakis (Dec 13 2018 at 16:37, on Zulip):

(and yes, terminology is tricky too)

avadacatavra (Dec 13 2018 at 16:37, on Zulip):

i like everything that we're saying now

gnzlbg (Dec 13 2018 at 16:37, on Zulip):

@RalfJ wanted to write down basic terminology, but one problem there was that they wanted to write them very precisely, but their definitions aren't 100% precise or in stone yet

nikomatsakis (Dec 13 2018 at 16:37, on Zulip):

From my perspetive, though, I think it makes sense to keep our focus on "enabling compiler optimizations"

nikomatsakis (Dec 13 2018 at 16:37, on Zulip):

it's pretty concrete and also pretty universally relevant

gnzlbg (Dec 13 2018 at 16:38, on Zulip):

that's a good point

nikomatsakis (Dec 13 2018 at 16:38, on Zulip):

(in terms of that larger roadmap)

Alan Jeffrey (Dec 13 2018 at 16:38, on Zulip):

https://github.com/rust-rfcs/unsafe-code-guidelines/issues/50

avadacatavra (Dec 13 2018 at 16:38, on Zulip):

anything else is really the unsafe cherry on top

nikomatsakis (Dec 13 2018 at 16:39, on Zulip):

so how can we bring this "definition of terms" discussions to faster resolution?

avadacatavra (Dec 13 2018 at 16:39, on Zulip):

i think we have an open pr for one of them

avadacatavra (Dec 13 2018 at 16:39, on Zulip):

and idk what the status of that is

nikomatsakis (Dec 13 2018 at 16:39, on Zulip):

I could imagine trying to schedule an ad-hoc voice meeting with @RalfJ, @Alan Jeffrey, and maybe a few others

avadacatavra (Dec 13 2018 at 16:39, on Zulip):

we have a place to define them

gnzlbg (Dec 13 2018 at 16:39, on Zulip):

We could open an issue to nail them down at least, to a sufficient degree.

nikomatsakis (Dec 13 2018 at 16:39, on Zulip):

to help push consensus along

avadacatavra (Dec 13 2018 at 16:40, on Zulip):

why don't we say that we should have that by next week

Nicole Mazzuca (Dec 13 2018 at 16:40, on Zulip):

I'd like to be a part of that

nikomatsakis (Dec 13 2018 at 16:40, on Zulip):

why don't we say that we should have that by next week

have what exactly

Nicole Mazzuca (Dec 13 2018 at 16:40, on Zulip):

the voice discussion of terms

avadacatavra (Dec 13 2018 at 16:40, on Zulip):

have a list of terms to be defined at the least

avadacatavra (Dec 13 2018 at 16:40, on Zulip):

and hopefully the discussion

avadacatavra (Dec 13 2018 at 16:41, on Zulip):

i'd say
1. make a list of terms in the issue alan linked
2. identify terms that we can reach consensus on in the issue/on zulip (separate topic per term)
3. anything else, settle in a voice meeting

gnzlbg (Dec 13 2018 at 16:41, on Zulip):

I think that for people to jump in, a small informal definition of what we understand by "representation", "validity", and "safety" invariants of a type, would be enough.

nikomatsakis (Dec 13 2018 at 16:42, on Zulip):

it'd be good for somebody to prepare initial definitions (perhaps multiple someones)

Alan Jeffrey (Dec 13 2018 at 16:42, on Zulip):

I'm bringing https://github.com/rust-rfcs/unsafe-code-guidelines/issues/50 back to life

avadacatavra (Dec 13 2018 at 16:42, on Zulip):

and then we can put them in both the writeup/intro and i'll include them in UCG2019

gnzlbg (Dec 13 2018 at 16:42, on Zulip):

sounds good, I would like to focus on "informal" here, these don't have to be perfect

nikomatsakis (Dec 13 2018 at 16:43, on Zulip):

ok. What's next on agenda? if possible, I'd like to leave sharply at 11:45 (in a few minutes)

nikomatsakis (Dec 13 2018 at 16:43, on Zulip):

I guess there's Ralf's Intro?

avadacatavra (Dec 13 2018 at 16:43, on Zulip):

Last agenda topic: Validity intro

avadacatavra (Dec 13 2018 at 16:44, on Zulip):

ready to merge?

avadacatavra (Dec 13 2018 at 16:44, on Zulip):

I'm a +1 on it

gnzlbg (Dec 13 2018 at 16:45, on Zulip):

+1 from me

gnzlbg (Dec 13 2018 at 16:45, on Zulip):

might be enough to tell @RalfJ to merge it when they think its ready

nikomatsakis (Dec 13 2018 at 16:45, on Zulip):

I've not really read it yet

nikomatsakis (Dec 13 2018 at 16:45, on Zulip):

I'm leaving one comment, but generally :+1:

avadacatavra (Dec 13 2018 at 16:46, on Zulip):

@nikomatsakis sounds good

avadacatavra (Dec 13 2018 at 16:46, on Zulip):

/me left a comment

avadacatavra (Dec 13 2018 at 16:46, on Zulip):

ok--that's all i have

avadacatavra (Dec 13 2018 at 16:46, on Zulip):

any last comments?

gnzlbg (Dec 13 2018 at 16:46, on Zulip):

i've left some comments but I think its fine to not discuss some of the things in the initial round

gnzlbg (Dec 13 2018 at 16:46, on Zulip):

so I pretty much agree with @RalfJ replies there

nikomatsakis (Dec 13 2018 at 16:47, on Zulip):

The only thing I would say before we close is it's probably good if everyone states their plan over next week, particularly if our goal is to finish up reprsentation stuff:

Alan Jeffrey (Dec 13 2018 at 16:48, on Zulip):

I'd really really like to merge refs + pointers.

avadacatavra (Dec 13 2018 at 16:48, on Zulip):

My goal is to make edits to floating point writeup, submit the intro and start work on UCG2019. And start nagging you all before thursday

nikomatsakis (Dec 13 2018 at 16:48, on Zulip):

I'm leaving one comment, but generally :+1:

my comment is here

Alan Jeffrey (Dec 13 2018 at 16:48, on Zulip):

Also a voice meeting if we decide to have one.

gnzlbg (Dec 13 2018 at 16:50, on Zulip):

@Alan Jeffrey i think refs+pointers is pretty much ready to go

avadacatavra (Dec 13 2018 at 16:51, on Zulip):

/me disappears

avadacatavra (Dec 13 2018 at 16:51, on Zulip):

Nice chat all!

gnzlbg (Dec 13 2018 at 16:51, on Zulip):

i left a comment today, but I don't think the current text is incorrect, also, if someone cares a lot, they can always send a PR later

gnzlbg (Dec 13 2018 at 16:51, on Zulip):

bye!

Alan Jeffrey (Dec 13 2018 at 16:57, on Zulip):

bye

Last update: Nov 19 2019 at 17:35UTC