-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace uninitialized
with MaybeUninit
#238
The head ref may contain hidden characters: "demi-uninitialized\u2192maybeuninit"
Conversation
`mem::uninitialized` is deprecated and unsafe. This replaces its use with `mem::MaybeUninit` and adds a proof that the use of `mem::MaybeUninit` is correct. Requested by @niklasad1.
It looks like @demimarie-parity hasn't signed our Contributor License Agreement, yet.
You can read and sign our full Contributor License Agreement at the following URL: https://cla.parity.io Once you've signed, please reply to this thread with Many thanks, Parity Technologies CLA Bot |
@demimarie-parity have you tried to measure if zeroing memory has no perf impact? (#233 (comment)) |
@ordian I haven’t. It would be worthwhile, though ― LLVM might even be able to optimize out the initialization. |
@ordian |
This generates the same assembly and is safer.
@niklasad1 how did you do this? Also @ordian my latest commit removes all use of uninitialized memory. |
I created temporary initialization of then this: diff --git a/uint/src/lib.rs b/uint/src/lib.rs
index 352ccf7..751766d 100644
--- a/uint/src/lib.rs
+++ b/uint/src/lib.rs
@@ -31,3 +31,8 @@ pub use crunchy::unroll;
#[macro_use]
mod uint;
pub use crate::uint::*;
+
+
+construct_uint! {
+ pub struct U1024(16);
+}
diff --git a/uint/src/uint.rs b/uint/src/uint.rs
index cc58ee2..0cdec03 100644
--- a/uint/src/uint.rs
+++ b/uint/src/uint.rs
@@ -72,13 +72,14 @@ macro_rules! impl_try_from_for_primitive {
#[macro_export]
#[doc(hidden)]
+#[inline(never)]
macro_rules! uint_overflowing_binop {
($name:ident, $n_words: tt, $self_expr: expr, $other: expr, $fn:expr) => ({
let $name(ref me) = $self_expr;
let $name(ref you) = $other;
- let mut ret = unsafe { $crate::core_::mem::uninitialized() };
- let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64;
+ let mut ret = [0_u64; $n_words];
+ let ret_ptr = ret.as_mut_ptr();
let mut carry = 0u64;
unroll! {
@@ -876,7 +877,7 @@ macro_rules! construct_uint {
}
/// Add with overflow.
- #[inline(always)]
+ #[inline(never)]
pub fn overflowing_add(self, other: $name) -> ($name, bool) {
uint_overflowing_binop!(
$name,
(END) finally, $ cargo asm --no-color uint::U1024::overflowing_add |
let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; | ||
let mut carry = 0u64; | ||
$crate::static_assertions::const_assert!(core::isize::MAX as usize / core::mem::size_of::<u64>() > $n_words); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
BTW, is isize::MAX
used because of offset?
let $name(ref me) = $self_expr; | ||
let $name(ref you) = $other; | ||
|
||
let mut ret = unsafe { $crate::core_::mem::uninitialized() }; | ||
let mut ret = [0u64; $n_words]; | ||
let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; | |
let ret_ptr = ret.as_mut_ptr(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The zero initialization and safety comments look good to me, there is a small caveat with static_assertions
bump, but I think it's fine.
@@ -18,7 +18,7 @@ rand = { version = "0.7", optional = true, default-features = false } | |||
rustc-hex = { version = "2.0", optional = true, default-features = false } | |||
quickcheck = { version = "0.9", optional = true } | |||
byteorder = { version = "1.2", optional = true, default-features = false } | |||
static_assertions = "0.3" | |||
static_assertions = "1.0.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid this is technically a breaking change, since we pub use static_assertions;
, but this is unlikely to be a problem in practice.
needs resolving |
Can you please clarify what it is that needs resolving here? |
Sorry, I meant merge conflict needs to be resolved. |
mem::uninitialized
is deprecated and unsafe. This replaces its usewith
mem::MaybeUninit
and adds a proof that the use ofmem::MaybeUninit
is correct.Requested by @niklasad1.
Fixes #238.