Use 128 bits for TypeId hash by thomcc · Pull Request #109953 · rust-lang/rust ·...
source link: https://github.com/rust-lang/rust/pull/109953
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Use 128 bits for TypeId hash #109953
Conversation
Collaborator
r? @davidtwco (rustbot has picked a reviewer for you, use r? to override) |
added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue.
labels
|
Member
Author
Oh, it fails because tracing-subscriber relies on TypeId being u64. :| |
I've added a hacky |
Member
Author
Going to do a perf run, since it was mentioned as a concern. @bors try @rust-timer queue |
This comment has been minimized.
added the S-waiting-on-perf Status: Waiting on a perf run to be completed. label
Contributor
Try build successful - checks-actions |
This comment has been minimized.
Collaborator
Finished benchmarking commit (95d90d2): comparison URL. Overall result: no relevant changes - no action neededBenchmarking this pull request likely means that it is perf-sensitive, so we're automatically marking it as not fit for rolling up. While you can manually mark this PR as fit for rollup, we strongly recommend not doing so since this PR may lead to changes in compiler perf. @bors rollup=never Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)Results CyclesResults |
removed the S-waiting-on-perf Status: Waiting on a perf run to be completed. label
Collaborator
Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
Some changes occurred to the CTFE / Miri engine cc @rust-lang/miri |
Outdated
// (especially given the previous point about the lower 64 bits being |
||
// high quality on their own). |
||
// |
||
// That said, this is a bit of a hack. (FIXME(thom): nominate this for |
Member
Author
Don't land without me doing this (but it probably would be premature before the MCP completes).
ping: the MCP was completed, do you still want to nominate this for T-libs
?
(IMO this impl can be changed after/asynchronously to this PR — as discussed here previously, this implementation is totally fine for the Hash
trait)
Contributor
cc @alice-i-cecile maybe this should be benchmarked with Bevy? |
Member
cc-ing @Badel2 @CAD97 @m-ou-se @digama0 @RalfJung @nikomatsakis @joshtriplett (based on comments you each had on #95845 regarding hashes - apologies if this PR isn't relevant, but I wanted to at least connect those dots) |
Implementation LGTM
Contributor
Wow, so excited to see this finally being fixed! Regarding hashing only the lower u64 in the Hash impl, that it is a common and perfectly valid way to truncate a cryptographically secure hash function, it is even in the standard for SHA-2. And even if the hash function used by TypeId is not cryptographically secure, the worst attack which is creating hash collisions will have the same cost as if we were hashing the full u128 since the output of Hash::finish is a u64 anyway. The only problem is that it is possible to create a TypeId using transmute, and in that case creating a collision is free because we can modify the output of the first hash function. (transmute TypeId to u128, modify without touching lower u64, transmute back to TypeId). The impact of that problem is that you can make a hashmap O(n^2), but only in your own code, so I will let someone else decide if it is worth to fix it. After taking a look at the offending code that breaks, here: https://github.com/tokio-rs/tracing/blob/3392be93cb9262a5da54c23e5772e79a8736d50e/tracing-subscriber/src/registry/extensions.rs#L27 I propose to just call write_u64 twice. This will avoid worrying about the hash collisions created using transmute, and it will not break tracing-subscriber, which will only use the input of the second call as the hash. Also the last time I remember talking about this, the problem was that some crates are using transmute between TypeId and u64, how is that fixed here? Was that fixed in those crates at some point? Thank you for moving this issue forward! |
Member
Author
This is what I did initially, after looking at the same code. That said, I find @eddyb's argument that it's fine to just use 64 bits pretty compelling.
We're not really concerned about attacks, so much as accidental collisions.
It's not. Those crates are going to be broken no matter how we fix this issue (even the string pointer approach probably won't work right for them, although I suppose on 64 bit targets they might be less broken), the only way to keep them working is to decide this never changes, which seems unreasonable. In the past we haven't really considered that reason to avoid a motivated fix; for example, plenty of code used to do type punning between std::net types and libc... although it's possible the breakage in this case could be too much to bear. It's worth doing a crater run for this at least, if for no other reason than to give such code a heads up. |
removed the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label
Member
We discussed this in the libs meeting today. We're happy to keep the hash implementation as it is with just using the low 64 bits of the TypeId. However we would like one changes to be made to the comment:
|
added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. S-waiting-on-team Status: Awaiting decision from the relevant subteam (see the T-<team> label). I-libs-nominated Indicates that an issue has been nominated for discussion during a libs team meeting.
and removed I-libs-nominated Indicates that an issue has been nominated for discussion during a libs team meeting. S-waiting-on-team Status: Awaiting decision from the relevant subteam (see the T-<team> label).
labels
Member
Author
I ended up squashing the changes as part of the rebase, to avoid having to resolve conflicts in some of the over-complicated intermediate approaches I tried. The only material change in the update (besides the rebase) is a rewritten comment inside the Hash implementation. |
Member
Author
@rustbot ready |
added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties.
and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author.
labels
Member
Given the T-libs approval modulo comment in #109953 (comment) and the comment being fixed, @bors r+ rollup |
added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties.
labels
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Successfully merging this pull request may close these issues.
None yet
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK