-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pre-allocation and alignment #138
Comments
|
@elichai it happens here https://github.com/bitcoin-core/secp256k1/blob/master/src/secp256k1.c#L117 (note that |
I think Note that upstream libsecp uses the constant 16. |
@apoelstra Yeah I'm not sure about |
No, we cannot assume that :) |
Right, it's impossible to guarantee it for all architectures and instruction sets. I remember some SIMD primitives on x86 at least require 16-byte alignment. Maybe the compiler might start generating them in the future. I don't know! |
@laanwj we can definitely enforce 16 byte alignment (https://play.rust-lang.org/?gist=0f30929ccbc1acd321776418ed8861b2) the question is, is this the correct alignment to do and if not then which is. |
Yeah, let's just copy 16 from upstream. |
Ok, I'll do it later today, (with a |
Just a note, doesn't matter here: Upstream first uses |
If we don't want to do this, here's an ugly hack: But I'd prefer to raise the minimum Rust version if this doesn't imply other issues. |
Yeah, I just tested a bunch of reprs and the only ones that work in 1.22 are |
Personally I would love to use 1.34, we could do a bunch of nice things with it. Otherwise maybe 8 alignment is enough? (align_of) could we somehow add a check in upstream for this that will at least call the callbacks if the alignment is bad? (so we won't trigger any UB) |
I didn't include this check upstream because there is no way to check alignment in C. The only thing you can do is to 1) cast the pointer to an integer and 2) check that resulting is divisible by the desired alignment but the result of 1) is implementation-defined. I except it to be reasonable on all reasonable platforms though... |
@real-or-random our reason for using 1.22 is to support building with mrustc (which currently supports only 1.19, so there are a couple layers of bootstrapping required). Every version after 1.19 adds work to the bootstrap; I forget what feature 1.22 had that made us consider it worth the tradeoff, but 1.34 is definitely a no. Also, in general, we can't be increasing the version all the time. 1.34 is not even 4 months old. It is unreasonable to demand our users update their toolchain every 4 months. |
@apoelstra Good point about the layers. https://guix.gnu.org/blog/2018/bootstrapping-rust/ Not fun to need to compile 17 times to get to 1.34 |
@apoelstra lol sorry indeed, I had already forgotten about that. Maybe we should add this rationale to the README...
Yeah I don't know to be honest. We should have proper guidelines to avoid having this discussing every few month. Debian stable was a rationale once. The best I can come up with after this discussion is "not too far from mrustc's target, supported on Debian stable, and definitively older than 4 months". This is a pretty imprecise and unsatisfactory answer, in particular since we don't know what will happen happen to mrustc, which is already considering to patch rust (thepowersgang/mrustc#95 (comment)). |
We can have a discussion about 1.29 when it's mrustc-compatible, which probably center around how old it is (I agree, we ought to have some concrete criteria for that). But after that we have to have a discussion about Rust 2018, and I don't see the value in trying to nail down a specific policy until we've sorted that out. |
Yes. Rust 2018 is an interesting one, it might come with a big refactoring of the code (hopefully we could use the opportunity to discard a bunch of the old stuff and add some clippy/rustfmt thingy) |
If we do want to realign ourselves: |
Secp256k1::preallocated_*(buf)
takes an arbitrary mutable slice of u8 as buffer; however it seems that, as it will be used to store pointers, it needs to be aligned to at least the pointer size of the platform.I'm using a static buffer in my embedded project, and I've had it crash on
ret->illegal_callback = default_illegal_callback
insecp256k1_context_preallocated_create
for no apparent reason until I discovered this requirement.*mut [u64]
or*mut [usize]
instead. This at least makes sure it's aligned enough to accept pointersassert!
and at least document this. I now see it's documented at the C side:The text was updated successfully, but these errors were encountered: