Add NonMaxU32 as integer variant for PropertyKey

[raskad]

This Pull Request supersedes #2131

It changes the following:

• Add a NonMaxU32 that is used as the integer variant for PropertyKey.

[github-actions]

Test262 conformance changes

Test result	main count	PR count	difference
Total	95,574	95,574	0
Passed	75,195	75,197	+2
Ignored	19,482	19,482	0
Failed	897	895	-2
Panics	0	0	0
Conformance	78.68%	78.68%	+0.00%

Fixed tests (2):

test/built-ins/Reflect/ownKeys/return-on-corresponding-order-large-index.js [strict mode] (previously Failed)
test/built-ins/Reflect/ownKeys/return-on-corresponding-order-large-index.js (previously Failed)

[codecov]

Codecov Report

Attention: 34 lines in your changes are missing coverage. Please review.

Comparison is base (70ee050) 49.72% compared to head (1c4dde4) 49.34%.
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3321      +/-   ##
==========================================
- Coverage   49.72%   49.34%   -0.39%     
==========================================
  Files         443      445       +2     
  Lines       43378    43892     +514     
==========================================
+ Hits        21570    21657      +87     
- Misses      21808    22235     +427     

Files	Coverage Δ
boa_engine/src/builtins/object/for_in_iterator.rs	100.00% <100.00%> (ø)
boa_engine/src/builtins/object/mod.rs	62.08% <100.00%> (ø)
boa_engine/src/object/internal_methods/array.rs	75.55% <100.00%> (+0.27%)	⬆️
boa_engine/src/object/internal_methods/string.rs	50.00% <100.00%> (ø)
boa_engine/src/object/operations.rs	48.70% <100.00%> (ø)
boa_engine/src/value/display.rs	62.80% <ø> (ø)
boa_engine/src/vm/opcode/get/property.rs	75.43% <100.00%> (+5.94%)	⬆️
boa_engine/src/vm/opcode/set/property.rs	62.36% <100.00%> (-5.54%)	⬇️
boa_engine/src/builtins/function/mod.rs	39.54% <0.00%> (ø)
boa_engine/src/object/property_map.rs	68.95% <75.00%> (ø)
... and 6 more

... and 48 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[HalidOdat]

Looks good, just some comments :)

[HalidOdat]

Looks perfect to me! :)

[jedel1043]

I think this should be an unsafe function. My reasoning is that, in the future, we could implement an optimization that assumes that the invariant holds. However, if we leave this function as safe, we'd have to make a breaking change to add unsafe at that moment. So, in preparation to that I'd mark it as unsafe.

[raskad]

I would argue that if we need to change this to be unsafe later, we just do the breaking change. In my opinion it is more important to have a clean API that does what is expected, than to avoid breaking changes.

[jedel1043]

It's not only a matter of doing the breaking change though. If, for example, someone tried to do an unsafe optimization assuming the invariant holds, and the invariant didn't hold, it would mean that a safe function would be the cause of UB.

[jedel1043]

E.g. String::from_utf8_unchecked and its safety comment.

[raskad]

Well but currently we do not have any optimizations based on the invariant, right? If we add some, we would have to mark the function as unsafe in that same change. In contrast I think there are unsafe optimizations in String that depend on the bytes being UTF-8.

[jedel1043]

Well but currently we do not have any optimizations based on the invariant, right?

Note that the safety comment doesn't specify that there are uses of that method that unsafely assume the string is utf8:

If this constraint is violated, it may cause memory unsafety issues with future users [sic] of the String, ...

Emphasis on "... with future uses of the String"

If we add some, we would have to mark the function as unsafe in that same change.

I don't think it's ideal to rely on the fact that all of us have to remember to change the function to unsafe in the same PR.

[raskad]

I think the String documentation is not talking about "future" in the sense of functionality that may or may be not added in the future but rather the future of the created String itself. I think the next sentence makes it a little more clear: [...] as the rest of the standard library assumes that Strings are valid UTF-8.

I don't think it's ideal to rely on the fact that all of us have to remember to change the function to unsafe in the same PR.

I very much disagree with this. When we add unsafe optimizations, we have to check that there is no way the constraints that the optimizations depend on can be violated outside of unsafe functions themselves. In this case, we would have to make sure that there is no way a NonMaxU32 can be constructed without a u32::MAX value, expect from an unsafe function that documents this constraint.

Nevermind all of that, let's not get too hung up on this. If you think the function should be unsafe, I will add it back and remove the debug_assert.

[jedel1043]

Nice work! And thank you for dealing with my pedantry 😅