Tree Borrows: improve protector end access child skipping #4766
+253
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
Thank you for contributing to Miri! A reviewer will take a look at your PR, typically within a week or two. |
RalfJung
requested changes
Dec 18, 2025
| global, | ||
| ChildrenVisitMode::VisitChildrenOfAccessed, | ||
| &diagnostics, | ||
| None, // min_exposed_child only matters for protector end access, |
Member
There was a problem hiding this comment.
Suggested change
| None, // min_exposed_child only matters for protector end access, | |
| /* min_exposed_child */ None, // only matters for protector end access, |
| let min_exposed_child = if self.roots.len() > 1 { | ||
| LocationTree::get_min_exposed_child(source_idx, &self.nodes) | ||
| } else { | ||
| None |
Member
There was a problem hiding this comment.
Is this correct?
Suggested change
| None | |
| // There's no point in computing this when there is just one tree. | |
| None |
| while let Some(idx) = stack.pop() { | ||
| let node = nodes.get(idx).unwrap(); | ||
| if min_tag.is_some_and(|min| min < node.tag) { | ||
| continue; |
Member
There was a problem hiding this comment.
Suggested change
| continue; | |
| // The minimum we found before is bigger than this tag, and therefore | |
| // also bigger than all its children, so we can skip this subtree. | |
| continue; |
Comment on lines
+954
to
+955
| if let Some(min_exposed_child) = min_exposed_child | ||
| && tag > min_exposed_child |
Member
There was a problem hiding this comment.
Shouldn't this condition check visit_children?
Comment on lines
+946
to
+947
| // On a protector release access we skip the children of the accessed tag so that | ||
| // we can correctly return references from functions. However, if the tag has |
Member
There was a problem hiding this comment.
Suggested change
| // On a protector release access we skip the children of the accessed tag so that | |
| // we can correctly return references from functions. However, if the tag has | |
| // On a protector release access we have to skip the children of the accessed tag. | |
| // However, if the tag has |
|
|
||
| /// This is a variant of the test in `../protector-write-lazy.rs`, but with | ||
| /// wildcard references. | ||
| /// Checks that a protector release transitions a foreign reference on a reference, |
Member
There was a problem hiding this comment.
What does "transitions a foreign reference on a reference" mean?
| /// wildcard references. | ||
| /// Checks that a protector release transitions a foreign reference on a reference, | ||
| /// if we can determine that it's not a child of the released tag. | ||
| /// For this version we know the tag is not a child, because its wildcard root has |
Member
There was a problem hiding this comment.
Suggested change
| /// For this version we know the tag is not a child, because its wildcard root has | |
| /// For this version we know the tag is not a child because its wildcard root has |
| // │ │ | ||
| // ▼ ▼ | ||
| // ┌───────────┐ ┌───────────┐ | ||
| // │ arg4 │ │ ref6│ |
Member
There was a problem hiding this comment.
Does the horizontal alignment of ref6 mean anything?
Member
There was a problem hiding this comment.
This test seems very similar to the previous one, why did you add it as a separate test? Is there some plausible bug in the code that could make a difference between these tests?
Comment on lines
+912
to
+915
| /// * `min_exposed_child`: any subtree that could be a child of `access_source` must | ||
| /// have a root with a larger tag than this. If None then no other subtree can be | ||
| /// a child of `access_source`. | ||
| /// This only gets read if `visit_children==SkipChildrenOfAccessed`. |
Member
There was a problem hiding this comment.
The comment doesn't match the name. What about something like this?
Suggested change
| /// * `min_exposed_child`: any subtree that could be a child of `access_source` must | |
| /// have a root with a larger tag than this. If None then no other subtree can be | |
| /// a child of `access_source`. | |
| /// This only gets read if `visit_children==SkipChildrenOfAccessed`. | |
| /// * `min_exposed_child`: The tag of the smallest exposed (transitive) child of the accessed node. | |
| /// This is useful with `visit_children == SkipChildrenOfAccessed`, where we need to skip children | |
| /// of the accessed. |
rustbot
added
S-waiting-on-author
Collaborator
|
Reminder, once the PR becomes ready for a review, use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, if we do a protector release access we assume that any other subtree (including the main subtree) could be a child of the accessed node, meaning we conservatively don't update them based on the access.
This PR determines as accurately as possible (under the current model), which other subtrees could be children of the accessed tag.
This means we now accurately reflect: