This PR contains a massive refactoring of various internals. Now, all
unit tests pass Miri, thus we removed lots of undefined behaviour and
increased the memory safety! 🎉 Only a small part of these internal refactorings
leak to the public interface. If you don't provide external custom tags, you
should be fine.
Impact of Release
Please note that all previous releases must be considered unsafe, as they
contain UB. However, it is never clear how UB results in immediate incorrect
behaviour and it might work. Nevertheless, users should migrate to the latest
release and they will be fine!
All previous releases on crates.io will be yanked, once this is released.
Code Changes
It was not really possible to split this into smaller commits or smaller PRs. At least not without massive time investment. The main changes are that there are now the internal types GenericTag and TagBytesRef, the refactoring of TagTrait, and that BoxedDst was replaced by new_boxed() which returns a normal Box.
Miri is now 100% happy - This is great success and a big improvement. #160 is entirely closed.
Technical Insights
Memory Properties of this crate:
Tags are 8-byte aligned.
Rust allocates (on the stack or the heap) not just the true size of a type, but increases the allocation size to the next multiple of the alignment
Some tags are modelled as DSTs (terminating [u8] field as this is the best Rusty representation for tags. This needs fat pointers which are complex for itself. A solution is to use the ptr_meta crate
Miri wants to track all lifetimes and memory accesses
In Rust, we can't cast a small type to a bigger type with Miri being happy
All these things are now solved. This is also done in a nice, non-hacky way.
About
This PR contains a massive refactoring of various internals. Now, all unit tests pass Miri, thus we removed lots of undefined behaviour and increased the memory safety! 🎉 Only a small part of these internal refactorings leak to the public interface. If you don't provide external custom tags, you should be fine.
Impact of Release
Please note that all previous releases must be considered unsafe, as they contain UB. However, it is never clear how UB results in immediate incorrect behaviour and it might work. Nevertheless, users should migrate to the latest release and they will be fine!
All previous releases on crates.io will be yanked, once this is released.
Code Changes
It was not really possible to split this into smaller commits or smaller PRs. At least not without massive time investment. The main changes are that there are now the internal types
GenericTagandTagBytesRef, the refactoring ofTagTrait, and thatBoxedDstwas replaced bynew_boxed()which returns a normal Box.Miri is now 100% happy - This is great success and a big improvement. #160 is entirely closed.
Technical Insights
Memory Properties of this crate:
[u8]field as this is the best Rusty representation for tags. This needs fat pointers which are complex for itself. A solution is to use theptr_metacrateAll these things are now solved. This is also done in a nice, non-hacky way.