Skip to content

Expand core::hint::unreachable_unchecked() docs #96154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 13, 2022
Merged

Expand core::hint::unreachable_unchecked() docs #96154

merged 2 commits into from
May 13, 2022

Conversation

lukaslueg
Copy link
Contributor

Rework the docs for unreachable_unchecked, encouraging deliberate use, and providing a better example for action at a distance.

Fixes #95865

@rust-highfive
Copy link
Contributor

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with r? rust-lang/libs-api @rustbot label +T-libs-api -T-libs to request review from a libs-api team reviewer. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

  • Stabilizing library features
  • Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
  • Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
  • Changing public documentation in ways that create new stability guarantees
  • Changing observable runtime behavior of library APIs

@rustbot rustbot added the T-libs Relevant to the library team, which will review and decide on the PR/issue. label Apr 17, 2022
@rust-highfive
Copy link
Contributor

r? @scottmcm

(rust-highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 17, 2022
Noratrieb
Noratrieb reviewed Apr 20, 2022
View reviewed changes
library/core/src/hint.rs Outdated
/// divisors.retain(|divisor| *divisor != 0)
/// }
///
/// fn do_computation(i: u32, divisors: &[u32]) -> u32 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function should be marked unsafe, to make it clear that the invariants established in prepare_inputs must be upheld.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, and have a comment on it like

Suggested change
/// fn do_computation(i: u32, divisors: &[u32]) -> u32 {
/// /// # Safety
/// /// All the elements of `divisors` must be non-zero.
/// fn do_computation(i: u32, divisors: &[u32]) -> u32 {

As well as // Safety: ... comment on the unsafe block for the call.

@Noratrieb
Copy link
Member

Noratrieb commented Apr 20, 2022
edited
Loading

Thank you for cleaning up the docs and providing an example! I think this example is not ideal, since it could be replaced by using NonZeroU32. A more common thing that I've seen it being used for is to unwrap enum values uncheckedly, for example

enum Mascot {
    Ferris,
    Corro {
        unsafe_permit: String,
    },
}

impl Mascot {
    unsafe fn get_unsafe_permit_unchecked(&self) -> &str {
        match self {
            Mascot::Corro { unsafe_permit } => {
                unsafe_permit
            }
            Mascot::Ferris => {
                std::hint::unreachable_unchecked()
            }
        }
    }
}

I think using such an example would better illustrate the unique capabilities of this function, since it cannot be implemented in other ways. (feel free to use my example or choose another one)

@lukaslueg
Copy link
Contributor Author

@Nilstrieb I know about NonZero and deliberately chose the example given anyway because it shows the possibly beneficial side effects of unreachable_unchecked.

scottmcm
scottmcm reviewed May 6, 2022
View reviewed changes
library/core/src/hint.rs Outdated
/// therefore will eliminate all branches that reach to a call to
/// Reaching this function is *Undefined Behavior* (UB). In particular, as the
/// compiler assumes that all forms of Undefined Behavior can never happen, it
/// will eliminate all branches which themselves reach a call to
Copy link
Member

@scottmcm scottmcm May 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: like you said "possibly enabling" above, I think this should also update accordingly. And I maybe "reach" could be tweaked too, since the branch arguably doesn't directly "reach" a call, but reaches a block containing the call?

Suggested change
/// will eliminate all branches which themselves reach a call to
/// may eliminate all branches which themselves lead to a call to

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are referring to "possibly" -> "it will possibly eliminate"? I suggest keeping using strong language here because the programmer should always assume that the compiler does eliminate those branches, even if it technically doesn't, yet does other funky stuff which causes time travel and nose daemons.

Maybe more clear: "it will eliminate all branches in the surrounding code which the compiler can determine will invariably lead to a call to unreachable_unchecked!."

scottmcm
scottmcm reviewed May 6, 2022
View reviewed changes
library/core/src/hint.rs Outdated
///
/// ```
///
/// While using `unreachable_unchecked()` is perfectly safe in the following
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix: We try to be really careful about "safe" in these docs, since it implies "not unsafe". I think this should be

Suggested change
/// While using `unreachable_unchecked()` is perfectly safe in the following
/// While using `unreachable_unchecked()` is perfectly sound in the following

@scottmcm scottmcm added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 6, 2022
@lukaslueg lukaslueg requested a review from scottmcm May 6, 2022 08:16
@lukaslueg
Copy link
Contributor Author

Addressed previous comments. Maybe I should add a comment to the tune that the behavior shown in the example is provided by core::num::NotZero... automatically?

scottmcm
scottmcm reviewed May 13, 2022
View reviewed changes
library/core/src/hint.rs
/// that is, if the site which is calling `unreachable_unchecked()` is actually
/// reachable at runtime - the compiler may have generated nonsensical machine
/// instructions for this situation, including in seemingly unrelated code,
/// causing difficult-to-debug problems.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arguably "difficult to debug" is the least of the problems with UB, but that was already here, so this PR doesn't really need to fix it.

@scottmcm
Copy link
Member

Thanks! I agree this is better than what was there before, so it's good to go in:

@bors r+ rollup=always

For future reference, to update the attributes on a PR once you've made changes, you can use @rustbot ready.

@bors
Copy link
Collaborator

bors commented May 13, 2022

📌 Commit cd1746b has been approved by scottmcm

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 13, 2022
@matthiaskrgr matthiaskrgr mentioned this pull request May 13, 2022
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request May 13, 2022
@bors
Auto merge of rust-lang#97013 - matthiaskrgr:rollup-c1pc6pc, r=matthi…
f1f721e 
…askrgr

Rollup of 5 pull requests

Successful merges:

 - rust-lang#96154 (Expand core::hint::unreachable_unchecked() docs)
 - rust-lang#96615 (Add a regression test for rust-lang#54779)
 - rust-lang#96982 (fix clippy expect_fun_call)
 - rust-lang#97003 (Remove some unnecessary `rustc_allow_const_fn_unstable` attributes.)
 - rust-lang#97011 (Add regression test for rust-lang#28935)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit feb18d1 into rust-lang:master May 13, 2022
@rustbot rustbot added this to the 1.62.0 milestone May 13, 2022
@lukaslueg lukaslueg deleted the unreachablehint branch May 14, 2022 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottmcm scottmcm scottmcm left review comments

@Noratrieb Noratrieb Noratrieb left review comments

Assignees

@scottmcm scottmcm

Labels
S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.62.0
Development

Successfully merging this pull request may close these issues.

std::hint::unreachable_unchecked: docs note about compiler optimizations being sufficient?
6 participants
@lukaslueg @rust-highfive @Noratrieb @scottmcm @bors @rustbot