Layout of repr(C) unions has padding

[gnzlbg]

In this thread and the comments that follow, the following new information was discovered.

repr(C) unions have padding bits of the form:

• trailing padding: if the union size is larger than the size of its largest field, all union_size - largest_field_size trailing bits are padding bits.
• interior padding: if the bit i of all union fields is a padding bit, the bit i of the inion is a padding bit

Note: because all repr(C) union fields are at offset 0, there is no padding before any field.

The content of padding bits of repr(C) unions is always uninitialized. That is, they are not required to be preserved on copy / move / pass by value, etc. The implementation of the call ABI can exploit this knowledge.

For example, Rust, clang, and GCC all implement the SysV64 ABI, and when passing a #[repr(C)] union U { x: (u8, u32) } around by value, @eddyb mentioned that Rust and GCC pass the bottom 32-bits (where the u8 is stored) while clang passes the bottom 8-bits. Both implementations are allowed. @comex also mentioned that in some ABIs like RISC-V ELF "appears to require callers to zero- or sign-extend
arguments in registers in a particular way. In other words, it requires the upper bits (which correspond to padding bytes) to have a specific value, and the callee can assume that they do have that value". That would be incompatible with allowing users to use the padding bits.

That is, repr(C) unions are not and cannot be just "bags of bits" where one could write to any bit, and that bit value would need to be preserved on copy / move / pass-by-value.

We should document this for repr(C) unions in the Unsafe Code Guidelines, so I'm re-opening this issue until that is resolved.

[BurntSushi]

I think you meant to ping @comex here. :-) (Not comes.)

[RalfJung]

That is, repr(C) unions are not and cannot be just "bags of bits" where one could write to any bit, and that bit value would need to be preserved on copy / move / pass-by-value.

I do not understand why this is a consequence. Your summary (and thanks for the writeup!) says that "Rust and GCC pass the bottom 32-bits". So it is possible to implement this in a way that preserves all bits. Correct?

Note: I am not concerned about bits getting preserved when Rust calls a C function and then C passes data back to Rust. At that point, C rules apply. But I am concerned about the case where Rust code calls an extern "C" function that is also implemented in Rust.

[gnzlbg]

I do not understand why this is a consequence. Your summary (and thanks for the writeup!) says that "Rust and GCC pass the bottom 32-bits". So it is possible to implement this in a way that preserves all bits. Correct?

So that's a good question. Consider this:

#[repr(C)] union U { x: (u8, u32 ) }
extern "C" {
      fn foo() -> U;
}

If the foo implementation is C code compiled with a C compiler, then the padding bytes of the returned U will probably be undef because the C compiler does not need to put anything initialized in there.

OTOH, if we were to somehow make Rust to always copy padding bytes for repr(C) unions, and enforce that in extern "C" fn foo() -> U { ... } function definitions, then those padding bytes could be initialized to something meaningful.

We can't tell whether the code at the other side is Rust or C, so if we want to be able to treat a repr(C) union as a bag of bytes here, we would always need to freeze the union when doing FFI.

I tend to think that an extern "C" declaration should be assumed to follow C rules (e.g. no panics), and that most people use them for interfacing with C, and that therefore we should aim to optimize according to those rules. In this particular case, it would mean that we don't have to copy padding when dealing with these unions, however minor this optimization is for this example, or even in general.

[RalfJung]

My reading of rust-lang/rust#60405 (comment) is that it is impossible to achieve "raw bit copy" for extern "C" with a repr(C) union, but I might be misinterpreting that.

[gnzlbg]

@comex mentions there that Rust->Rust could be extended to support this.

[comex]

I said that it would be possible for some ABIs but not all.

[eddyb]

@RalfJung If you have 8 bytes or more of padding you might not have where to put them.

When only some bytes of an u64 group (passed as one register) are padding, you can pass them alongside the non-padding bytes, but if they're all padding, they won't get a register at all.