[multi-vector] Verify Standard won't overflow in its constructor.#757
Merged
hildebrandmw merged 1 commit intomainfrom Feb 11, 2026
Merged
[multi-vector] Verify Standard won't overflow in its constructor.#757hildebrandmw merged 1 commit intomainfrom
Standard won't overflow in its constructor.#757hildebrandmw merged 1 commit intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the multi_vector::Standard matrix representation by moving overflow/size validation into Standard::new(), so downstream element-count and allocation-size computations can rely on a checked constructor invariant.
Changes:
- Change
Standard::new(nrows, ncols)to returnResult<Standard<T>, Overflow>and validate element-count overflow andisize::MAXallocation bounds. - Make
Standard::num_elements()infallible (usize) and remove theSliceError::Overflowpath. - Update docs/tests/compile-fail fixtures to handle the new fallible constructor and add targeted overflow tests.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| diskann-quantization/src/multi_vector/matrix.rs | Implements fallible Standard::new with overflow checks, adds Overflow error, updates num_elements and tests. |
| diskann-quantization/src/multi_vector/mod.rs | Updates doctest examples and re-exports the new Overflow type. |
| diskann-quantization/src/multi_vector/distance/simple.rs | Updates doctest/test helpers to unwrap the now-fallible Standard::new. |
| diskann-quantization/src/multi_vector/distance/mod.rs | Updates module-level doctest examples to unwrap Standard::new. |
| diskann-quantization/src/minmax/multi/mod.rs | Updates doctest examples to unwrap Standard::new. |
| diskann-quantization/src/minmax/multi/meta.rs | Updates tests to unwrap Standard::new when building MatRef. |
| diskann-quantization/src/minmax/multi/max_sim.rs | Updates tests to unwrap Standard::<f32>::new. |
| diskann-quantization/tests/compile-fail/multi/matref_rows.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matref_get_row.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_rows_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_rows.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_reborrow_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_reborrow.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_get_row_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_get_row.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/matmut_as_view_borrows.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_rows_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_rows.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_reborrow_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_reborrow.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_get_row_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_get_row.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_as_view_mut.rs | Updates compile-fail fixture to unwrap Standard::new. |
| diskann-quantization/tests/compile-fail/multi/mat_as_view.rs | Updates compile-fail fixture to unwrap Standard::new. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
metajack
approved these changes
Feb 11, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #757 +/- ##
=======================================
Coverage 88.99% 89.00%
=======================================
Files 428 428
Lines 78235 78291 +56
=======================================
+ Hits 69627 69680 +53
- Misses 8608 8611 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Contributor
|
@hildebrandmw I've opened a new pull request, #758, to work on those changes. Once the pull request is ready, I'll request review from you. |
Contributor
Author
Ugh - that's not what I meant to happen 😞. |
Merged
hildebrandmw
added a commit
that referenced
this pull request
Feb 13, 2026
## What's Changed ### API Breaking Changes * Remove the `experimental_avx512` feature. by @hildebrandmw in #732 * Use VirtualStorageProvider::new_overlay(test_data_root()) in tests by @Copilot in #726 * save and load max_record_size and leaf_page_size for bftrees by @backurs in #724 * [multi-vector] Verify `Standard` won't overflow in its constructor. by @hildebrandmw in #757 * VirtualStorageProvider: Make new() private, add new_physical by @Copilot in #764 * [minmax] Refactor full query by @arkrishn94 in #770 * Bump diskann-quantization to edition 2024. by @hildebrandmw in #772 ### Additions * [multi-vector] Enable cloning of `Mat` and friends. by @hildebrandmw in #759 * adding bftreepaths in mod.rs by @backurs in #775 * [quantization] Add `as_raw_ptr`. by @hildebrandmw in #774 ### Bug Fixes * Fix `diskann` compilation without default-features and add CI tests. by @hildebrandmw in #722 ### Docs and Comments * Updating the benchmark README to use diskann-benchmark by @bryantower in #709 * Fix doc comment: Windows line endings are \r\n not \n\r by @Copilot in #717 * Fix spelling errors in streaming API documentation by @Copilot in #715 * Add performance diagnostic to `diskann-benchmark` by @hildebrandmw in #744 * Add agents.md onboarding guide for coding agents by @Copilot in #765 * [doc] Fix lots of little typos in `diskann-wide` by @hildebrandmw in #771 ### Performance * [diskann-wide] Optimize `load_simd_first` for 8-bit and 16-bit element types. by @hildebrandmw in #747 ### Dependencies * Bump bytes from 1.11.0 to 1.11.1 by @dependabot[bot] in #723 * [diskann] Add note on the selection of `PruneKind` in `graph::config::Builder`. by @hildebrandmw in #734 * [diskann-providers] Remove the LRU dependency and make `vfs` and `serde_json` optional. by @hildebrandmw in #733 ### Infrastructure * Add initial QEMU tests for `diskann-wide`. by @hildebrandmw in #719 * [CI] Skip coverage for Dependabot. by @hildebrandmw in #725 * Add miri test coverage to CI workflow by @Copilot in #729 * [CI] Add minimal ARM checks by @hildebrandmw in #745 * Enable CodeQL security analysis by @Copilot in #754 ## New Contributors * @backurs made their first contribution in #724 * @arkrishn94 made their first contribution in #770 **Full Changelog**: 0.45.0...0.46.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move the check that:
nrows * ncolswill not overflownrows * ncols * std::mem::size_of::<T>()will not exceedisize::MAXinto the constructor
Standard::new(). This allows the calculation of the number of elements and allocation sizes to be performed with safely with reckless abandon in implementation code as we no longer need to worry about overflow. The constructorStandard::new()can now return an error, which is slightly less ergonomic, but I think the improved safety in the implementation is worth it.