You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: wip/tree-borrows.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,31 +21,32 @@ Tree Borrows maintains a tree for each allocation. Each pointer has a tag, that
21
21
Each node, for each offset/byte in the allocation, tracks a permission. The permission is per-byte, i.e. each byte has its own independent permission.
22
22
The permission evolves according to a state machine, which depends on the access (read/write), the relation between accessed and affected node (local/foreign), the current state, and whether the current node is protected by a protector.
23
23
24
-
There is also an "initialized" tracking which makes protectors behave different on offsets "out of bounds" of a retag, that have not yet been accessed.
24
+
There is also an "accessed" bit in each node for each byte, tracking whether this byte has already been accessed by a pointer tagged with this node.
25
+
This is relevant for protectors, because only "accessed" nodes are being protected.
25
26
These differences are not reflected in the state machines in the paper, we refer to the MiniRust implementation for the full details.
26
27
27
28
28
29
### Differences between MiniRust and Miri
29
30
MiniRust includes an idealized implementation of Tree Borrows, intended for easy readability.
30
-
In particular, it models provenance/tags as tree addresses, which uniquely identify a node in the borrow tree. Miri however uses unique integer IDs, with the Tree being tracked more implicitly as maps/relations between these IDs. The precise implementation of the tree is an implementation detail and not relevant for the semantics.
31
+
In particular, it models provenance/tags as tree addresses, which uniquely identify a node in the borrow tree. Miri however uses unique integer IDs, with the Tree being tracked more implicitly as maps/relations between these IDs. The precise implementation of the tree is an implementation detail and not relevant for the semantics.
31
32
32
-
Besides this representation difference, Miri also includes a number of optimizations that make Tree Borrows have acceptable performance. These include
33
+
Besides this representation difference, Miri also includes a number of optimizations that make Tree Borrows have acceptable performance. These include:
33
34
* skipping nodes based on past foreign accesses, exploiting idempotence properties in the state machine
34
35
* garbage collection of unused references, which allows shrinking trees
35
36
* skipping nodes based on the permissions found therein
36
37
37
38
## Concepts Inherited From Stacked Borrows
38
39
39
40
### Retags
40
-
Tree Borrows has retags happen in the same place as Stacked Borrows. But note that Tree Borrows treats raw pointer retags as NOPs, i.e. it does not attempt to track these.
41
+
Tree Borrows has retags happen in the same place as Stacked Borrows. But note that Tree Borrows treats raw pointer retags as NOPs, i.e. it does not distinguish a raw pointer from the references it is derived from.
41
42
42
43
### Protectors
43
-
Like Stacked Borrows, Tree Borrows has protectors. These serve to ensure that references remain live throughout a function. Protectors are strong and weak, as in SB, and they protect the same places in the same way.
44
+
Like Stacked Borrows, Tree Borrows has protectors. These serve to ensure that references remain live throughout a function. Protectors come in "strong" and "weak" forms, as in SB, and they protect the same places in the same way.
44
45
45
46
### Implicit Reads and Writes
46
47
Like Stacked Borrows, Tree Borrows performs implicit accesses as part of retags. Unlike Stacked Borrows, these are always reads, even for `&mut` references.
47
48
48
-
A new concept in TB are protector end accesses. These can be writes. See the section on "protector end semantics" in the paper for more info.
49
+
A new concept in TB are implicit protector end accesses. These can be writes. See the section on "protector end semantics" in the paper for more info.
49
50
50
51
### UnsafeCell tracking
51
52
Like Stacked Borrows, Tree Borrows tracks where there are UnsafeCells, and treats these bytes differently from other bytes. UnsafeCells are tracked in structs and tuple fields, but enums are not inspected further.
@@ -61,5 +62,5 @@ The following is a list of things that are _not_ UB in Tree Borrows. Some people
61
62
* Tree Borrows does not initially consider `&mut` references writable, it only does so after the first write. In practice, this might mean that optimizations moving writes up above the first write are forbidden.
62
63
63
64
## Other problems
64
-
* The interaction of protector end writes with the data race model is not fully thought out.
65
+
* The interaction of protector end writes with the data race model is not fully resolved.
65
66
* Finding a good model of exposed provenance in Tree Borrows (that does not use angelic nondeterminism) is an open research question. Until then, Tree Borrows does not support `-Zmiri-permissive-provenance`.
0 commit comments