intel-intrinsics icon indicating copy to clipboard operation
intel-intrinsics copied to clipboard

Published 20 hours ago verified publisher icon AuburnSounds

Safety-washing

Open p0nce opened this issue 4 years ago • 4 comments

Function that takes a pointer which is then accessed too greedily should be @system. This is breaking unfortunately.

Find and fix all such functions that either cast a pointer to __m128*,__m128i*, __m128d*, or assume alignment.

p0nce avatar Dec 20 '20 22:12 p0nce

To be clear:

  • this is @safe:
float readOne(float* adr) @safe
{
    return *adr;
}

In D "memory safety" doesn't include null-safety.

  • this should be @system 
__m128 _mm_load_ps(const(float)*p) pure @trusted
{
    return *cast(__m128*)p;
}

Rules from Adam:

so trusted functions are not supposed to depend on their arguments from the outside to be memory safe or not trusted should be self-contained and do any necessary checks it needs on its args inside itself if you rely on the caller doing the right thing, that means you are system (unless the argument is guaranteed correct by its type signature)

p0nce avatar Dec 20 '20 22:12 p0nce

Does D @safety includes "lack memory error caused by misaligned load"?

p0nce avatar Dec 21 '20 01:12 p0nce

Also: same but with purity. Function that depend on, or change the rounding mode perhaps shouldn't be marked pure.

p0nce avatar Aug 09 '21 08:08 p0nce

As a frst step, none of the newly introduced intrinsics are incorrectly labelled

p0nce avatar Feb 25 '23 17:02 p0nce