Toggle assert_unsafe_precondition in codegen instead of expansion by saethlin · Pull Request #120594 · rust-lang/rust

saethlin · 2024-02-02T23:45:48Z

The goal of this PR is to make some of the unsafe precondition checks in the standard library available in debug builds. Some UI tests are included to verify that it does that.

The diff is large, but most of it is blessing mir-opt tests and I've also split up this PR so it can be reviewed commit-by-commit.

This PR:

Adds a new intrinsic, debug_assertions which is lowered to a new MIR NullOp, and only to a constant after monomorphization
Rewrites assume_unsafe_precondition to check the new intrinsic, and be monomorphic.
Skips codegen of the assume intrinsic in unoptimized builds, because that was silly before but with these checks it's very silly
The checks with the most overhead are ptr::read/ptr::write and NonNull::new_unchecked. I've simply added #[cfg(debug_assertions)] to the checks for ptr::read/ptr::write because I was unable to come up with any (good) ideas for decreasing their impact. But for NonNull::new_unchecked I found that the majority of callers can use a different function, often a safe one.

Yes, this PR slows down the compile time of some programs. But in our benchmark suite it's never more than 1% icount, and the average icount change in debug-full programs is 0.22%. I think that is acceptable for such an improvement in developer experience.

#120539 (comment)

saethlin · 2024-02-03T04:06:13Z

@bors try @rust-timer queue

Toggle assert_unsafe_precondition in codegen instead of expansion r? `@ghost` rust-lang#120539 (comment)

bors · 2024-02-03T04:07:23Z

⌛ Trying commit 6dd581b with merge 919a9f5...

bors · 2024-02-03T08:22:23Z

💥 Test timed out

saethlin · 2024-02-03T18:07:41Z

@bors try @rust-timer queue

saethlin · 2024-02-03T18:08:26Z

@bors retry

bors · 2024-02-03T18:08:50Z

⌛ Trying commit 6dd581b with merge 4ec6b4e...

Toggle assert_unsafe_precondition in codegen instead of expansion r? `@ghost` rust-lang#120539 (comment)

bors · 2024-02-03T19:39:12Z

☀️ Try build successful - checks-actions
Build commit: 4ec6b4e (4ec6b4eea2432e96b694a0b73a6a5a664e3ff17c)

rust-timer · 2024-02-03T20:54:52Z

Finished benchmarking commit (4ec6b4e): comparison URL.

Overall result: ❌✅ regressions and improvements - ACTION NEEDED

Benchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf.

Next Steps: If you can justify the regressions found in this try perf run, please indicate this with @rustbot label: +perf-regression-triaged along with sufficient written justification. If you cannot justify the regressions please fix the regressions and do another perf run. If the next run shows neutral or positive results, the label will be automatically removed.

@bors rollup=never
@rustbot label: -S-waiting-on-perf +perf-regression

Instruction count

This is a highly reliable metric that was used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	2.0%	[0.2%, 9.4%]	111
Regressions ❌ (secondary)	2.6%	[0.3%, 36.6%]	39
Improvements ✅ (primary)	-0.7%	[-0.8%, -0.5%]	3
Improvements ✅ (secondary)	-0.6%	[-1.3%, -0.3%]	9
All ❌✅ (primary)	1.9%	[-0.8%, 9.4%]	114

Max RSS (memory usage)

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	5.5%	[1.6%, 8.9%]	12
Regressions ❌ (secondary)	4.3%	[2.5%, 6.4%]	4
Improvements ✅ (primary)	-1.2%	[-1.5%, -1.0%]	3
Improvements ✅ (secondary)	-2.7%	[-3.3%, -2.1%]	2
All ❌✅ (primary)	4.1%	[-1.5%, 8.9%]	15

Cycles

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	3.4%	[1.1%, 9.0%]	58
Regressions ❌ (secondary)	8.4%	[2.0%, 36.0%]	9
Improvements ✅ (primary)	-2.4%	[-2.4%, -2.4%]	1
Improvements ✅ (secondary)	-3.8%	[-7.0%, -0.9%]	7
All ❌✅ (primary)	3.3%	[-2.4%, 9.0%]	59

Binary size

Results

This is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment.

	mean	range	count
Regressions ❌ (primary)	4.4%	[0.2%, 9.3%]	95
Regressions ❌ (secondary)	4.5%	[0.2%, 33.6%]	28
Improvements ✅ (primary)	-1.1%	[-3.9%, -0.1%]	18
Improvements ✅ (secondary)	-1.0%	[-2.0%, -0.0%]	2
All ❌✅ (primary)	3.5%	[-3.9%, 9.3%]	113

Bootstrap: 662.752s -> 669.21s (0.97%)
Artifact size: 308.09 MiB -> 307.83 MiB (-0.08%)

saethlin · 2024-02-03T21:03:10Z

The few improvements are probably because the precondition checks are always kept in MIR, so we do less MIR inlining generally, and in some cases that happens to help.

Now I'm going to try to find the precondition checks that I think are least profitable and make those get toggled early.

saethlin · 2024-02-03T23:26:30Z

@bors try @rust-timer queue

bors · 2024-02-03T23:27:41Z

⌛ Trying commit 3ef4a60 with merge 4da3573...

Toggle assert_unsafe_precondition in codegen instead of expansion r? `@ghost` rust-lang#120539 (comment)

dianqk · 2024-02-26T13:16:35Z

tests/mir-opt/inline/unwrap_unchecked.unwrap_unchecked.Inline.panic-abort.diff

+      bb1: {
+         StorageLive(_4);
+         _4 = cfg!(debug_assertions);
+         assume(_4);


So it's expected that it doesn't directly convert to unreachable here, right?

I didn't notice the associated comments. This is for the standard library. :)

rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Feb 2, 2024