-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't warn an empty pattern unreachable if we're not sure the data is valid #118308
Don't warn an empty pattern unreachable if we're not sure the data is valid #118308
Conversation
r? @TaKO8Ki (rustbot has picked a reviewer for you, use r? to override) |
This comment has been minimized.
This comment has been minimized.
2132b1a
to
e35c5cb
Compare
This comment has been minimized.
This comment has been minimized.
e35c5cb
to
92b5188
Compare
This comment has been minimized.
This comment has been minimized.
24eb568
to
294f6f0
Compare
This comment has been minimized.
This comment has been minimized.
294f6f0
to
4f93aba
Compare
Perf looked neutral on my machine but just in case @bors try @rust-timer queue |
This comment has been minimized.
This comment has been minimized.
…take-3, r=<try> Don't warn an empty pattern unreachable if we're not sure the data is valid Exhaustiveness checking used to be naive about the possibility of a place containing invalid data. This could cause it to emit an "unreachable pattern" lint on an arm that was in fact reachable, as in rust-lang#117119. This PR fixes that. We now track whether a place that is matched on may hold invalid data. This also forced me to be extra precise about how exhaustiveness manages empty types. Note that this now errs in the opposite direction: the following arm is truly unreachable but not linted as such. I'd rather not recommend writing a `match ... {}` that has the implicit side-effect of loading the value. [Never patterns](rust-lang#118155) will solve this cleanly. ```rust match union.value { _x => unreachable!(), } ``` I recommend reviewing commit by commit. I went all-in on the test suite because this went through a lot of iterations and I kept everything. The bit I'm least confident in is `is_known_valid_scrutinee` in `check_match.rs`. Fixes rust-lang#117119.
☀️ Try build successful - checks-actions |
This comment has been minimized.
This comment has been minimized.
Finished benchmarking commit (f8b2ffa): comparison URL. Overall result: ❌ regressions - ACTION NEEDEDBenchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf. Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @bors rollup=never Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 674.277s -> 675.27s (0.15%) |
r? @compiler-errors if you have the time |
Do you have justification for the perf regression? Is there any way around it? I assume if no, then we can land this since it's obviously a correctness fix, but I do want to be certain that it's necessary before accepting this (admittedly somewhat minor) perf hit. |
Yeah I expected a perf regression because of the validity tracking. It adds an extra step for every constructor we try, and match-stress has an enum with 8000 of these. I don't think there's a way around it, I need to know the validity of every inspected place. My guess is that it's particularly impactful because it allocates; that's not easily avoided, I'm planning to try arena allocation of the |
OK I shall review this PR tomorrow then with that in mind. |
| Repeat { .. } | ||
| StaticRef { .. } | ||
| ThreadLocalRef { .. } | ||
| Tuple { .. } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need to recurse into aggregates?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, this function conservatively returns true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, unless I misunderstand what these constructs do, this means we have match (x, y, z) { ... }
. A (x, y, z)
expression evaluates to a value, not a place, and thus cannot hold invalid data without UB. The conservative direction would in fact be false
.
- `ConstructorSet` knows about both empty and nonempty constructors; - If an empty constructor is present in the column, we output it in `split().present`.
This is for post-monomorphization cycles. These are only caught later (in drop elaboration for the example that I saw), so we need to handle them here. This issue wasn't noticed before because exhaustiveness only checked inhabitedness when `exhaustive_patterns` was on. The preceding commit now check inhabitedness always, which revealed the problem.
4f93aba
to
76018cd
Compare
76018cd
to
c3df51a
Compare
@bors r+ rollup=never |
☀️ Test successful - checks-actions |
Finished benchmarking commit (06e02d5): comparison URL. Overall result: ❌ regressions - ACTION NEEDEDNext Steps: If you can justify the regressions found in this perf run, please indicate this with @rustbot label: +perf-regression Instruction countThis is a highly reliable metric that was used to determine the overall result at the top of this comment.
Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
CyclesResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.
Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 667.911s -> 668.865s (0.14%) |
fn is_known_valid_scrutinee(&self, scrutinee: &Expr<'tcx>) -> bool { | ||
use ExprKind::*; | ||
match &scrutinee.kind { | ||
// Both pointers and references can validly point to a place with invalid data. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For references I'd say this is an open question, but we want to be conservative here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah indeed, I'll update the comment to say that. Does the rest of this function seem right to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't quite understand how it is used, but it treats unions and raw ptr deref specially so that seems right. For reference deref I guess we have to see how we want to treat them in the end, but it seems good to be conservative -- and I assume "not known to be valid" is the conservative answer here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I am missing is test coverage, is there any test for the case of a union with an uninhabited field, or raw pointers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume "not known to be valid" is the conservative answer here
Yep
Here's the test cases: https://github.com/Nadrieril/rust/blob/c3df51a976dfa69f0f1869997fdf79516ba6afab/tests/ui/pattern/usefulness/empty-types.rs#L191-L271
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, nice! The tests for references should also have the comment about this being undecided so the lint being conservative.
Feel free to r? me on the PR that adds the comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sneaking the comments along with #118803
Assignment is not allowed on a closed PR. |
… r=compiler-errors add test for coercing never to infinite type Closes rust-lang#113197. This was fixed in rust-lang#118308, probably rust-lang@1978168.
Rollup merge of rust-lang#119323 - lukas-code:test-never-to-infinite, r=compiler-errors add test for coercing never to infinite type Closes rust-lang#113197. This was fixed in rust-lang#118308, probably rust-lang@1978168.
Exhaustiveness checking used to be naive about the possibility of a place containing invalid data. This could cause it to emit an "unreachable pattern" lint on an arm that was in fact reachable, as in #117119.
This PR fixes that. We now track whether a place that is matched on may hold invalid data. This also forced me to be extra precise about how exhaustiveness manages empty types.
Note that this now errs in the opposite direction: the following arm is truly unreachable (because the binding causes a read of the value) but not linted as such. I'd rather not recommend writing a
match ... {}
that has the implicit side-effect of loading the value. Never patterns will solve this cleanly.I recommend reviewing commit by commit. I went all-in on the test suite because this went through a lot of iterations and I kept everything. The bit I'm least confident in is
is_known_valid_scrutinee
incheck_match.rs
.Fixes #117119.