Skip to content

transmutability: unexpected behaviour when both init and uninit transitions are present #140337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tmiasko opened this issue Apr 26, 2025 · 2 comments · Fixed by #140380
Closed

transmutability: unexpected behaviour when both init and uninit transitions are present #140337

tmiasko opened this issue Apr 26, 2025 · 2 comments · Fixed by #140380
Labels
C-bug Category: This is a bug. F-transmutability `#![feature(transmutability)]` T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@tmiasko
Copy link
Contributor

tmiasko commented Apr 26, 2025 

#![feature(transmutability)]
use std::mem::{Assume, MaybeUninit, TransmuteFrom};

pub fn is_transmutable<Src, Dst>() where Dst: TransmuteFrom<Src, { Assume::SAFETY }>{}

#[derive(Copy, Clone)]
#[repr(u8)]
enum B0 { Value = 0 }

#[derive(Copy, Clone)]
#[repr(u8)]
enum B1 { Value = 1 }

fn main() {
    is_transmutable::<(B0, B0), MaybeUninit<(B0, B0)>>(); // ok
    is_transmutable::<(B0, B0), MaybeUninit<(B0, B1)>>(); // unexpected error: `(B0, B0)` cannot be safely transmuted into `MaybeUninit<(B0, B1)>`
    is_transmutable::<(B0, B0), MaybeUninit<(B1, B0)>>(); // ok
    is_transmutable::<(B0, B0), MaybeUninit<(B1, B1)>>(); // ok
}

cc @jswrenn
@tmiasko tmiasko added C-bug Category: This is a bug. F-transmutability `#![feature(transmutability)]` labels Apr 26, 2025
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Apr 26, 2025
@tmiasko
Copy link
Contributor Author

tmiasko commented Apr 26, 2025

Currently an uninit transition matches both an uninit byte and all values in
[0..255]. When both kinds of transitions are present in a state, an automaton
becomes non-deterministic.

I was thinking about addressing this by changing uninit transition to match
uninit byte only, while at the same time generating complete set of edges for
Tree::uninit.

@tmiasko tmiasko removed the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Apr 26, 2025
@tmiasko tmiasko self-assigned this Apr 26, 2025
@tmiasko tmiasko added the T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. label Apr 26, 2025
@jswrenn
Copy link
Member

jswrenn commented Apr 26, 2025

Our union support has some potential soundness holes, since the validity rules of unions aren't fully decided. See here for a description of the issue and the solution we'd like to work towards: rust-lang/project-safe-transmute#19

That aside, the issue you've found is very weird and we should fix it. There's no good reason those two middle tests should behave differently, and I don't yet follow why that would be the case.

@tmiasko tmiasko mentioned this issue Apr 28, 2025
Merged
Zalathar added a commit to Zalathar/rust that referenced this issue Apr 30, 2025
@Zalathar
Rollup merge of rust-lang#140380 - tmiasko:dfa, r=jswrenn
ba7842c 
transmutability: uninit transition matches unit byte only

The previous implementation was inconsistent about transitions that
apply for an init byte. For example, when answering a query, an init
byte could use corresponding init transition. Init byte could also use
uninit transition, but only when the corresponding init transition was
absent. This behaviour was incompatible with DFA union construction.

Define an uninit transition to match an uninit byte only and update
implementation accordingly. To describe that `Tree::uninit` is valid
for any value, build an automaton that accepts any byte value.

Additionally, represent byte ranges uniformly as a pair of integers to
avoid special case for uninit byte.

Fixes rust-lang#140337.
Fixes rust-lang#140168 (comment).

r? `@jswrenn` `@joshlf`
Zalathar added a commit to Zalathar/rust that referenced this issue Apr 30, 2025
@Zalathar
Rollup merge of rust-lang#140380 - tmiasko:dfa, r=jswrenn
170603d 
transmutability: uninit transition matches unit byte only

The previous implementation was inconsistent about transitions that
apply for an init byte. For example, when answering a query, an init
byte could use corresponding init transition. Init byte could also use
uninit transition, but only when the corresponding init transition was
absent. This behaviour was incompatible with DFA union construction.

Define an uninit transition to match an uninit byte only and update
implementation accordingly. To describe that `Tree::uninit` is valid
for any value, build an automaton that accepts any byte value.

Additionally, represent byte ranges uniformly as a pair of integers to
avoid special case for uninit byte.

Fixes rust-lang#140337.
Fixes rust-lang#140168 (comment).

r? ``@jswrenn`` ``@joshlf``
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Apr 30, 2025
@matthiaskrgr
Rollup merge of rust-lang#140380 - tmiasko:dfa, r=jswrenn
2dc90af 
transmutability: uninit transition matches unit byte only

The previous implementation was inconsistent about transitions that
apply for an init byte. For example, when answering a query, an init
byte could use corresponding init transition. Init byte could also use
uninit transition, but only when the corresponding init transition was
absent. This behaviour was incompatible with DFA union construction.

Define an uninit transition to match an uninit byte only and update
implementation accordingly. To describe that `Tree::uninit` is valid
for any value, build an automaton that accepts any byte value.

Additionally, represent byte ranges uniformly as a pair of integers to
avoid special case for uninit byte.

Fixes rust-lang#140337.
Fixes rust-lang#140168 (comment).

r? ```@jswrenn``` ```@joshlf```
@tmiasko tmiasko removed their assignment May 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Category: This is a bug. F-transmutability `#![feature(transmutability)]` T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

transmutability: uninit transition matches unit byte only tmiasko/rust
3 participants
@jswrenn @rustbot @tmiasko