Replace uninitialized with MaybeUninit#238
Hidden character warning
Conversation
`mem::uninitialized` is deprecated and unsafe. This replaces its use with `mem::MaybeUninit` and adds a proof that the use of `mem::MaybeUninit` is correct. Requested by @niklasad1.
|
It looks like @demimarie-parity hasn't signed our Contributor License Agreement, yet.
You can read and sign our full Contributor License Agreement at the following URL: https://cla.parity.io Once you've signed, please reply to this thread with Many thanks, Parity Technologies CLA Bot |
|
@demimarie-parity have you tried to measure if zeroing memory has no perf impact? (#233 (comment)) |
Demi-Marie
requested review from
Robbepop,
debris and
ordian
and removed request for
debris
|
@ordian I haven’t. It would be worthwhile, though ― LLVM might even be able to optimize out the initialization. |
|
@ordian |
This generates the same assembly and is safer.
|
@niklasad1 how did you do this? Also @ordian my latest commit removes all use of uninitialized memory. |
|
I created temporary initialization of then this: diff --git a/uint/src/lib.rs b/uint/src/lib.rs
index 352ccf7..751766d 100644
--- a/uint/src/lib.rs
+++ b/uint/src/lib.rs
@@ -31,3 +31,8 @@ pub use crunchy::unroll;
#[macro_use]
mod uint;
pub use crate::uint::*;
+
+
+construct_uint! {
+ pub struct U1024(16);
+}
diff --git a/uint/src/uint.rs b/uint/src/uint.rs
index cc58ee2..0cdec03 100644
--- a/uint/src/uint.rs
+++ b/uint/src/uint.rs
@@ -72,13 +72,14 @@ macro_rules! impl_try_from_for_primitive {
#[macro_export]
#[doc(hidden)]
+#[inline(never)]
macro_rules! uint_overflowing_binop {
($name:ident, $n_words: tt, $self_expr: expr, $other: expr, $fn:expr) => ({
let $name(ref me) = $self_expr;
let $name(ref you) = $other;
- let mut ret = unsafe { $crate::core_::mem::uninitialized() };
- let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64;
+ let mut ret = [0_u64; $n_words];
+ let ret_ptr = ret.as_mut_ptr();
let mut carry = 0u64;
unroll! {
@@ -876,7 +877,7 @@ macro_rules! construct_uint {
}
/// Add with overflow.
- #[inline(always)]
+ #[inline(never)]
pub fn overflowing_add(self, other: $name) -> ($name, bool) {
uint_overflowing_binop!(
$name,
(END)finally, $ cargo asm --no-color uint::U1024::overflowing_add |
| let mut ret = [0u64; $n_words]; | ||
| let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; | ||
| let mut carry = 0u64; | ||
| $crate::static_assertions::const_assert!(core::isize::MAX as usize / core::mem::size_of::<u64>() > $n_words); |
|
|
||
| let mut ret = unsafe { $crate::core_::mem::uninitialized() }; | ||
| let mut ret = [0u64; $n_words]; | ||
| let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; |
There was a problem hiding this comment.
| let ret_ptr = &mut ret as *mut [u64; $n_words] as *mut u64; | |
| let ret_ptr = ret.as_mut_ptr(); |
ordian
left a comment
ordian
left a comment
There was a problem hiding this comment.
The zero initialization and safety comments look good to me, there is a small caveat with static_assertions bump, but I think it's fine.
| quickcheck = { version = "0.9", optional = true } | ||
| byteorder = { version = "1.2", optional = true, default-features = false } | ||
| static_assertions = "0.3" | ||
| static_assertions = "1.0.0" |
There was a problem hiding this comment.
I'm afraid this is technically a breaking change, since we pub use static_assertions;, but this is unlikely to be a problem in practice.
|
needs resolving |
Can you please clarify what it is that needs resolving here? |
Sorry, I meant merge conflict needs to be resolved. |
5 participants
mem::uninitializedis deprecated and unsafe. This replaces its usewith
mem::MaybeUninitand adds a proof that the use ofmem::MaybeUninitis correct.Requested by @niklasad1.
Fixes #238.