Compile-time set operations for tuples

danvil · June 22, 2023, 7:10am

I would like to check at compile time if a tuple is a subset of another wrt to their types.

For example:

is_subset::<((A,B), (A,B,C))>(); // compile to no-op
is_subset::<((A,B), (A,C))>(); // should not compile

In C++ this could be done with variadic templates. How can I achieve this in Rust?

SkiFire13 · June 22, 2023, 7:14am

AFAIK this is not possible, at least not without writing tons of macro boilerplate. What are you trying to achieve?

steffahn · June 22, 2023, 7:18am

Might be impossible, depending on the precise constraints of what is to be achieved. Sometimes allowing for type inference to deduce extra information can help with such things; and some nighty features, particularly marker traits and/or specialization, might help.

It’s also not clear what you want to use this check for. You probably want to do something that relies on the is_subset property in order to work, but then the problem of pulling off implementing that thing might be the main challenge, at least as hard, possibly (but not necessarily) harder to pull off using trait implementation and/or macro trickery than the original is_subset implementation in the first place.

A good minimal example of what kind of operation one needs to find a way to implement in order to also make is_subset work: It need to at least be possible to create an operation like

is_one_of<A, B, C>(); // fails
is_one_of<A, A, B>(); // compiles
is_one_of<A, B, A>(); // compiles

that checks whether the first argument is one of the other two types. I also believe that this kind of thing might be one of the main hurdles, as it has a specialization-like quality to it.

danvil · June 22, 2023, 7:27am

I want to split access to a database-like structure which holds elements of many different types such that the left view can only access certain selected types (check is_subset) and the right view can access the complement types (check is_disjoint). A bit similar to slice::split_mut but with types instead of indices. I have some machinery to do those checks at runtime, but was wondering if it is also possible at compile-time to avoid the runtime overhead.

mdHMUpeyf8yluPfXI · June 22, 2023, 8:53am

The is_one_of already exists (at leasts for a set of traits) in static_assertions::assert_impl_one - Rust

H2CO3 · June 22, 2023, 9:13am

This sounds like you are confusing a tuple projection (of fields/elements) with types. Or is it guaranteed that every field of such a tuple is going to be a different type? What should happen if it's not the case?

danvil · June 22, 2023, 6:24pm

My database does guarantee that internally and I can do those checks at runtime with the help of Type::of::<A> and the corresponding set operations.

For example at the moment it looks like this as very rough pseudo code:

struct Db {...};
db.push(43i32); // store some i32
db.push(2.4f32); // store some f32
fn split<A>(db: &Db) -> (DbView, DbView) {...}
struct DbView { allow: TypeSet, disallow: TypeSet, db: *mut Db }
let (left, right) = db.split::<i32>(); // left can only access i32
                                       // right can access everything else
left.get::<i32>(); // OK
left.get::<f32>(); // panic!
right.get::<i32>(); // panic!
right.get::<f32>(); // OK

And I am wondering if something like this is possible:

fn split<A>(db: &Db) -> (DbView<A, ()>, DbView<(), A>) {...}
struct DbView<ALLOW, DISALLOW> { db: *mut Db }
let (left, right) = db.split::<i32>();
left.get::<i32>(); // OK
left.get::<f32>(); // ERR does not compile
right.get::<i32>(); // ERR does not compile
right.get::<f32>(); // OK

The general idea being that DbView can hand out &mut and I can guarantee that there are no &mut pointing to the same item.

danvil · June 22, 2023, 7:33pm

This looks interesting but I am not sure how that could be changed to a is_one_of with exact type check instead of "trait implementation".

I think at the very least it needs to be possible to have is_equal::<A,B>(). I found a post which says this is possible "with specialization", but not sure what that means. I also found the lhlist crate which seems to use a technique for a similar problem, but that requires to "pre-declare" all types so that some macro can create some annotations for those types.

Michael-F-Bryan · June 23, 2023, 8:40am

This sounds very similar to what the specs crate did for implementors of their System trait.

The general premise is that you've got an ECS and want a way to access the storage for different components with different levels of mutability and pass all the different component storages in as a tuple. For example, the physics system might accept a (Mut<Position>, Ref<Velocity>), which is the equivalent of accepting (&mut Position, &Velocity) but for operating on bulk data. The Mut and Ref wrappers would guarantee shared/exclusive access for all entities with those components.

SkiFire13 · June 23, 2023, 10:29am

Here's some very cursed macro + const monomorphization hackery that implements this Rust Playground

Note that this needs to do a bunch of sketchy things:

it requires the const_type_id feature, which has a bunch of problems and might even be unsound https://github.com/rust-lang/rust/issues/77125
it does a transmute of TypeId to u128 just to compare them. It might not be needed when TypeId will get back its const PartialEq implementation (currently removed along will all the other const impls due to some implementation flaws)

This is just for demonstration purposes of what could be possible in the future. Please don't use this in production.

danvil · June 23, 2023, 8:48pm

As far as I can tell from the source code specs (and also legion and bevy) are doing these access checks at runtime. Which make sense the way systems are scheduled as "dynamic" functions. I am wondering if it is also possible to do them at compile time.

danvil · June 23, 2023, 8:53pm

"const type id" looks very interesting, although it is unfortunately not ready for production.

May I ask why you transmute TypeId to an u128 although the source shows that is uses u64?

SkiFire13 · June 23, 2023, 9:10pm

I'm using nightly and it has recently been changed to use a u128

quinedot · June 23, 2023, 9:28pm

github.com/rust-lang/rust

`TypeId` exposes equality-by-subtyping vs normal-form-syntactic-equality unsoundness.

opened 10:18PM - 18 May 22 UTC

lcnr

I-unsound C-bug T-types

EDIT by @BoxyUwU [playground](https://play.rust-lang.org/?version=stable&mode=…debug&edition=2021&gist=26bb0a79a4d10d40ed0fd03b96b36acf) ```rust type One = for<'a> fn(&'a (), &'a ()); type Two = for<'a, 'b> fn(&'a (), &'b ()); mod my_api { use std::any::Any; use std::marker::PhantomData; pub struct Foo<T: 'static> { a: &'static dyn Any, _p: PhantomData<*mut T>, // invariant, the type of the `dyn Any` } impl<T: 'static> Foo<T> { pub fn deref(&self) -> &'static T { match self.a.downcast_ref::<T>() { None => unsafe { std::hint::unreachable_unchecked() }, Some(a) => a, } } pub fn new(a: T) -> Foo<T> { Foo::<T> { a: Box::leak(Box::new(a)), _p: PhantomData, } } } } use my_api::*; fn main() { let foo = Foo::<One>::new((|_, _| ()) as One); foo.deref(); let foo: Foo<Two> = foo; foo.deref(); } ``` has UB from hitting the `unreachable_unchecked` because `TypeId::of::<One>()` is not the same as `TypeId::of::<Two>()` despite them being considered the same types by the type checker. Originally this was thought to be a nightly-only issue with `feature(generic_const_exprs)` but actually the weird behaviour of `TypeId` can be seen on stable and result in crashes or UB in unsafe code. original description follows below: --- ```rust #![feature(const_type_id, generic_const_exprs)] use std::any::TypeId; // `One` and `Two` are currently considered equal types, as both // `One <: Two` and `One :> Two` holds. type One = for<'a> fn(&'a (), &'a ()); type Two = for<'a, 'b> fn(&'a (), &'b ()); trait AssocCt { const ASSOC: usize; } const fn to_usize<T: 'static>() -> usize { const WHAT_A_TYPE: TypeId = TypeId::of::<One>(); match TypeId::of::<T>() { WHAT_A_TYPE => 0, _ => 1000, } } impl<T: 'static> AssocCt for T { const ASSOC: usize = to_usize::<T>(); } trait WithAssoc<U> { type Assoc; } impl<T: 'static> WithAssoc<()> for T where [(); <T as AssocCt>::ASSOC]: { type Assoc = [u8; <T as AssocCt>::ASSOC]; } fn generic<T: 'static, U>(x: <T as WithAssoc<U>>::Assoc) -> <T as WithAssoc<U>>::Assoc where [(); <T as AssocCt>::ASSOC]:, T: WithAssoc<U>, { x } fn unsound<T>(x: <One as WithAssoc<T>>::Assoc) -> <Two as WithAssoc<T>>::Assoc where One: WithAssoc<T>, { let x: <Two as WithAssoc<T>>::Assoc = generic::<One, T>(x); x } fn main() { println!("{:?}", unsound::<()>([])); } ``` `TypeId` being different for types which are considered equal types allows us to take change the value of a projection by switching between the equal types in its substs and observing that change by looking at their `TypeId`. This is possible as switching between equal types is allowed even in invariant positions. This means that stabilizing `const TypeId::of` and allowing constants to flow into the type system, e.g. some minimal version of `feature(generic_const_exprs)`, will be currently unsound. I have no idea on how to fix this. I don't expect that we're able to convert higher ranked types to some canonical representation. Ah well, cc @rust-lang/project-const-generics @nikomatsakis

The above could perhaps be fixed if the compiler gains a way to be consistent about type equality.

system · September 21, 2023, 9:28pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.