-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unsafe: double-check specified semantics for Slice((*T)(nil), 0) for Go 1.17 #46742
Comments
👍/👎: Option 1: Keep the current semantics for Go 1.17 (i.e., |
👍/👎: Option 2: Change the semantics to be unspecified in Go 1.17 (i.e., |
👍/👎: Option 3: Change |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Defining unsafe.Slice in terms of this conversion was a nice shorthand. Right now the rule is "you can't use nil". The question is whether the rule should be "you can't use nil, except with zero you can". It does seem like the old conversion and the new one should be consistent at least. It seems a little late to be changing the old one though, although we could maybe consider it for Go 1.18 if people felt strongly. On the other hand it is weird that unsafe.Slice is incapable of creating a slice == nil. It does seem like that's a significant hole. Discussed with @griesemer and @iant who are okay with allowing unsafe.Slice((*T)(nil), 0) == []T(nil) for Go 1.17. Does anyone object to this? |
This proposal has been added to the active column of the proposals project |
We are in the quiet weeks and not holding proposal review again until July 12. Given that @mdempsky, please go ahead and make the change. If you run into any gotchas that we haven't considered, please let us know. Thanks! |
Change https://golang.org/cl/331069 mentions this issue: |
Change https://golang.org/cl/331070 mentions this issue: |
Updates #46742. Change-Id: I044933a657cd1a5cdb29863e49751df5fe9c258a Reviewed-on: https://go-review.googlesource.com/c/go/+/331069 Run-TryBot: Matthew Dempsky <mdempsky@google.com> Trust: Matthew Dempsky <mdempsky@google.com> Trust: Robert Griesemer <gri@golang.org> Reviewed-by: Robert Griesemer <gri@golang.org>
…nil) This CL removes the unconditional OCHECKNIL check added in walkUnsafeSlice by instead passing it as a pointer to runtime.unsafeslice, and hiding the check behind a `len == 0` check. While here, this CL also implements checkptr functionality for unsafe.Slice and disallows use of unsafe.Slice with //go:notinheap types. Updates #46742. Change-Id: I743a445ac124304a4d7322a7fe089c4a21b9a655 Reviewed-on: https://go-review.googlesource.com/c/go/+/331070 Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Matthew Dempsky <mdempsky@google.com> Reviewed-by: Keith Randall <khr@golang.org>
The code changes are in now. I'm assuming this is technically still a release blocker to ratify the changes made, but that it shouldn't hinder releasing a release-candidate. /cc @toothrot |
Based on the discussion above, this proposal seems like a likely accept. |
No change in consensus, so accepted. 🎉 |
This is implemented. |
For #19367, we ultimately specified that
Slice(ptr, len)
means the same as(*[len]T)(unsafe.Pointer(ptr))[:]
. A consequence of this is thatSlice((*T)(nil), 0)
panics, because(*[0]T)(nil)[:]
panics. However, users would probably prefer that it instead evaluated to[]T(nil)
, and changing the semantics has been suggested in #19367.In prior discussion on the issue, I had pointed out
ptr == nil && len > 0
as a failure case to consider, which perhaps implied the expected behavior would be forSlice((*T)(nil), 0)
to evaluate to[]T(nil)
. But I don't see any other specific mention of "nil" in the discussions.A few options I see:
(*[0]T)(nil)[:]
. Changes in the future require conditioning on-lang
(e.g., functions appearing in the source of packages compiled with-lang=go1.17
would panic, but would returnnil
when compiled with-lang=go1.18
; I think this is an allowed use of-lang
, but it would be the first backwards incompatible change tied to-lang
).ptr
must be non-nil, sidestepping the issue for Go 1.17 and letting us decide on semantics in the future. Probably continue panicking, but make-d=checkptr
throw instead to emphasize it's really not specified.[]T(nil)
, intentionally diverging from(*[0]T)(nil)[:]
as a special case.Filing as a release blocking issue to make sure we agree on an option for Go 1.17.
The text was updated successfully, but these errors were encountered: