Make unsound code opt-in. #51

finnbear · 2025-01-01T17:12:02Z

Fixes #50

Benchmarked on i7-7700k

Before (default features) or After (unsound feature):
test str::tests2::bench_str_vec_encode                      ... bench:      98,474.54 ns/iter (+/- 34,320.73)
test derive::option::tests2::bench_option_u16_vec_encode    ... bench:         674.79 ns/iter (+/- 102.70)
test bool::test2::bench_bool_vecs_encode                    ... bench:         327.71 ns/iter (+/- 9.80)
test derive::vec::test::bench_vec_encode                    ... bench:          35.98 ns/iter (+/- 2.39)

After (default features):
test str::tests2::bench_str_vec_encode                      ... bench:     126,276.70 ns/iter (+/- 4,599.54)
test derive::option::tests2::bench_option_u16_vec_encode    ... bench:         767.94 ns/iter (+/- 26.88)
test bool::test2::bench_bool_vecs_encode                    ... bench:         454.65 ns/iter (+/- 18.57)
test derive::vec::test::bench_vec_encode                    ... bench:          38.67 ns/iter (+/- 4.02)

Edit: need to benchmark again to show worst case performance difference.

Massou31 · 2025-04-02T19:21:25Z

src/derive/vec.rs

+        // the latter from seeing it with `not(debug_assertions)`.
+        #[cfg(all(feature = "unsound", not(debug_assertions)))]
+        {
+            let page_size = 4096;


Hello
I was skimming rust serialization libraries and somewhat ended up here.

I'm not 100% sure, but I think that for posix systems the hardcoded page size could be replaced by something likesysconf(PAGE_SIZE); (man sysconf) then in theory be sound on compliant posix systems.

Feel free to take or toss my comment

have a nice day.

Hello, thanks for your comment. Note that this optimization is most efficient if the page size is known statically and sysconf appears to retrieve it at runtime. AFAIK 4096 is safe because the page size won't be lower than 4096.

Hello, thanks for your comment. Note that this optimization is most efficient if the page size is known statically and sysconf appears to retrieve it at runtime. AFAIK 4096 is safe because the page size won't be lower than 4096.

Oh makes sense for the compile time optimisations.

Sysconf at runtime could also be used to choose the correct implementation something akin to:

if sysconf(SC_PAGESIZE) == 4096 { // or using something like a lazy static // read_mem aligned } else { ptr.copy_non_overlapping(); }

Downside: using sysconf would introduce a dependency on libc.

Well a higher page size wouldn't require falling back to copy_non_overlapping. It would just slightly reduce the probability of the fallback, as the fast path could copy over 4096 byte boundaries within the larger page. The run-time overhead of this check (at least one predicted branch) might outweigh the benefits of this.

A lower page size would require something like this but, AFAIK, that's not possible.

Make unsound code opt-in.

0f3cdf4

finnbear mentioned this pull request Jan 1, 2025

unsafe_wild_copy is undefined behaviour #50

Open

Massou31 reviewed Apr 2, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make unsound code opt-in. #51

Make unsound code opt-in. #51

finnbear commented Jan 1, 2025 •

edited

Loading

Massou31 Apr 2, 2025

finnbear Apr 2, 2025

Massou31 Apr 2, 2025

finnbear Apr 2, 2025

Make unsound code opt-in. #51

Are you sure you want to change the base?

Make unsound code opt-in. #51

Conversation

finnbear commented Jan 1, 2025 • edited Loading

Massou31 Apr 2, 2025

Choose a reason for hiding this comment

finnbear Apr 2, 2025

Choose a reason for hiding this comment

Massou31 Apr 2, 2025

Choose a reason for hiding this comment

finnbear Apr 2, 2025

Choose a reason for hiding this comment

finnbear commented Jan 1, 2025 •

edited

Loading