Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

type_id is not sufficiently collision-resistant #774

Closed
apiraino opened this issue Aug 22, 2024 · 4 comments
Closed

type_id is not sufficiently collision-resistant #774

apiraino opened this issue Aug 22, 2024 · 4 comments
Labels
meeting-proposal meeting-scheduled

Comments

@apiraino
Copy link
Contributor

Meeting proposal info

  • Title: type_id is not sufficiently collision-resistant
  • Type: technical

Summary

See opening comment in rust#129014:

The soundness of functions like downcast relies on the type_id of two different types never being equal. Currently, the type_id is a 128-bit hash of the full type identity, computed specifically via SipHash-1-3 with an all-zero key. This is not a strong enough hash function for this purpose.

and:

We should do one of the following:

  1. switch to a stronger hash function, or
  2. switch to a different scheme that doesn't rely on collision-resistance of the hash function.

Discussed on Zulip during triage meeting.

About this issue

This issue corresponds to a meeting proposal for the compiler team
steering meeting. It corresponds to a possible topic of
discussion. You can read more about the steering meeting procedure
here.

Comment policy

These issues are meant to be used as an "announcements channel"
regarding the proposal, and not as a place to discuss the technical
details. Feel free to subscribe to updates. We'll post comments when
reviewing the proposal in meetings or making a scheduling decision.
In the meantime, if you have questions or ideas, ping the proposers
on Zulip (or elsewhere).
@apiraino apiraino mentioned this issue Aug 22, 2024
Open
@RalfJung
Copy link
Member

Cc rust-lang/rust#129030

@apiraino
Copy link
Contributor Author

apiraino commented Nov 8, 2024

Meeting has been scheduled on Zulip for Dec, 6th

@rustbot label +meeting-scheduled

@weihanglo weihanglo mentioned this issue Nov 25, 2024
Closed
@RalfJung
Copy link
Member

What was the conclusion of the meeting?

This is on the critical path for rust-lang/rust#77125; it'd be nice to make some progress. :)

@apiraino
Copy link
Contributor Author

@RalfJung sorry, this went out of my radar. Meeting took place on Zulip.

The summary: Out of the options suggested, seems that switching to not rely on hashing for soundness could give us the best results, also taking into account an increased size and perf. cost. Instead use a pair of a (not-soundness-critical) hash and a pointer but still use hashing as an optimization.

The meeting didn't set any actionables so I'm not sure about them. You can probably talk to us, T-compiler.

(David also posted a brief comment about not treating is as a security concern because - so far - we have no concrete threat-model scenario)

@apiraino apiraino mentioned this issue Jan 28, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meeting-proposal meeting-scheduled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RalfJung @apiraino @rustbot