fix: use better types in HAMT hashing (#1865)

Stebalien · web-flow · commit fc56bb248f4a · 2023-09-08T13:58:57.000-07:00
Using a u8 here means we can statically guarantee that no bitfield
access will panic due to a bounds error.
diff --git a/ipld/hamt/src/bitfield.rs b/ipld/hamt/src/bitfield.rs
@@ -69,20 +69,20 @@ impl Default for Bitfield {
 }
 
 impl Bitfield {
-    pub fn clear_bit(&mut self, idx: u32) {
+    pub fn clear_bit(&mut self, idx: u8) {
         let ai = idx / 64;
         let bi = idx % 64;
         self.0[ai as usize] &= u64::MAX - (1 << bi);
     }
 
-    pub fn test_bit(&self, idx: u32) -> bool {
+    pub fn test_bit(&self, idx: u8) -> bool {
         let ai = idx / 64;
         let bi = idx % 64;
 
         self.0[ai as usize] & (1 << bi) != 0
     }
 
-    pub fn set_bit(&mut self, idx: u32) {
+    pub fn set_bit(&mut self, idx: u8) {
         let ai = idx / 64;
         let bi = idx % 64;
 
@@ -106,14 +106,14 @@ impl Bitfield {
         Bitfield([0, 0, 0, 0])
     }
 
-    pub fn set_bits_le(self, bit: u32) -> Self {
+    pub fn set_bits_le(self, bit: u8) -> Self {
         if bit == 0 {
             return self;
         }
         self.set_bits_leq(bit - 1)
     }
 
-    pub fn set_bits_leq(mut self, bit: u32) -> Self {
+    pub fn set_bits_leq(mut self, bit: u8) -> Self {
         if bit < 64 {
             self.0[0] = set_bits_leq(self.0[0], bit);
         } else if bit < 128 {
@@ -135,7 +135,7 @@ impl Bitfield {
 }
 
 #[inline]
-fn set_bits_leq(v: u64, bit: u32) -> u64 {
+fn set_bits_leq(v: u64, bit: u8) -> u64 {
     (v as u128 | ((1u128 << (1 + bit)) - 1)) as u64
 }
 
diff --git a/ipld/hamt/src/hash_bits.rs b/ipld/hamt/src/hash_bits.rs
@@ -16,9 +16,10 @@ pub struct HashBits<'a> {
     pub consumed: u32,
 }
 
+// n must be less than 8
 #[inline]
-pub(crate) fn mkmask(n: u32) -> u32 {
-    ((1u64 << n) - 1) as u32
+pub(crate) fn mkmask(n: u32) -> u8 {
+    ((1u16 << n) - 1) as u8
 }
 
 impl<'a> HashBits<'a> {
@@ -36,7 +37,7 @@ impl<'a> HashBits<'a> {
 
     /// Returns next `i` bits of the hash and returns the value as an integer and returns
     /// Error when maximum depth is reached
-    pub fn next(&mut self, i: u32) -> Result<u32, Error> {
+    pub fn next(&mut self, i: u32) -> Result<u8, Error> {
         if i > 8 || i == 0 {
             return Err(Error::InvalidHashBitLen);
         }
@@ -49,11 +50,12 @@ impl<'a> HashBits<'a> {
         Ok(self.next_bits(std::cmp::min(i, maxi)))
     }
 
-    fn next_bits(&mut self, i: u32) -> u32 {
+    // `i` must be between 1 and 8, inclusive.
+    fn next_bits(&mut self, i: u32) -> u8 {
         let curbi = self.consumed / 8;
         let leftb = 8 - (self.consumed % 8);
 
-        let curb = self.b[curbi as usize] as u32;
+        let curb = self.b[curbi as usize];
         match i.cmp(&leftb) {
             Ordering::Equal => {
                 // bits to consume is equal to the bits remaining in the currently indexed byte
@@ -71,11 +73,11 @@ impl<'a> HashBits<'a> {
             }
             Ordering::Greater => {
                 // Consumes remaining bits and remaining bits from a recursive call
-                let mut out = (mkmask(leftb) & curb) as u64;
+                let mut out = mkmask(leftb) & curb;
                 out <<= i - leftb;
                 self.consumed += leftb;
-                out += self.next_bits(i - leftb) as u64;
-                out as u32
+                out += self.next_bits(i - leftb);
+                out
             }
         }
     }
diff --git a/ipld/hamt/src/node.rs b/ipld/hamt/src/node.rs
@@ -478,18 +478,18 @@ where
         Ok(())
     }
 
-    fn rm_child(&mut self, i: usize, idx: u32) -> Pointer<K, V, H, Ver> {
+    fn rm_child(&mut self, i: usize, idx: u8) -> Pointer<K, V, H, Ver> {
         self.bitfield.clear_bit(idx);
         self.pointers.remove(i)
     }
 
-    fn insert_child(&mut self, idx: u32, key: K, value: V) {
+    fn insert_child(&mut self, idx: u8, key: K, value: V) {
         let i = self.index_for_bit_pos(idx);
         self.bitfield.set_bit(idx);
         self.pointers.insert(i, Pointer::from_key_value(key, value))
     }
 
-    fn insert_child_dirty(&mut self, idx: u32, node: Box<Node<K, V, H, Ver>>) {
+    fn insert_child_dirty(&mut self, idx: u8, node: Box<Node<K, V, H, Ver>>) {
         let i = self.index_for_bit_pos(idx);
         self.bitfield.set_bit(idx);
         self.pointers.insert(i, Pointer::Dirty(node))
@@ -517,9 +517,9 @@ where
 }
 
 impl<K, V, H, Ver> Node<K, V, H, Ver> {
-    pub(crate) fn index_for_bit_pos(&self, bp: u32) -> usize {
+    pub(crate) fn index_for_bit_pos(&self, bp: u8) -> usize {
         let mask = Bitfield::zero().set_bits_le(bp);
-        assert_eq!(mask.count_ones(), bp as usize);
+        debug_assert_eq!(mask.count_ones(), bp as usize);
         mask.and(&self.bitfield).count_ones()
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -69,20 +69,20 @@ impl Default for Bitfield {`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`impl Bitfield {`
`72`		`- pub fn clear_bit(&mut self, idx: u32) {`
	`72`	`+ pub fn clear_bit(&mut self, idx: u8) {`
`73`	`73`	`let ai = idx / 64;`
`74`	`74`	`let bi = idx % 64;`
`75`	`75`	`self.0[ai as usize] &= u64::MAX - (1 << bi);`
`76`	`76`	`}`
`77`	`77`
`78`		`- pub fn test_bit(&self, idx: u32) -> bool {`
	`78`	`+ pub fn test_bit(&self, idx: u8) -> bool {`
`79`	`79`	`let ai = idx / 64;`
`80`	`80`	`let bi = idx % 64;`
`81`	`81`
`82`	`82`	`self.0[ai as usize] & (1 << bi) != 0`
`83`	`83`	`}`
`84`	`84`
`85`		`- pub fn set_bit(&mut self, idx: u32) {`
	`85`	`+ pub fn set_bit(&mut self, idx: u8) {`
`86`	`86`	`let ai = idx / 64;`
`87`	`87`	`let bi = idx % 64;`
`88`	`88`
`@@ -106,14 +106,14 @@ impl Bitfield {`
`106`	`106`	`Bitfield([0, 0, 0, 0])`
`107`	`107`	`}`
`108`	`108`
`109`		`- pub fn set_bits_le(self, bit: u32) -> Self {`
	`109`	`+ pub fn set_bits_le(self, bit: u8) -> Self {`
`110`	`110`	`if bit == 0 {`
`111`	`111`	`return self;`
`112`	`112`	`}`
`113`	`113`	`self.set_bits_leq(bit - 1)`
`114`	`114`	`}`
`115`	`115`
`116`		`- pub fn set_bits_leq(mut self, bit: u32) -> Self {`
	`116`	`+ pub fn set_bits_leq(mut self, bit: u8) -> Self {`
`117`	`117`	`if bit < 64 {`
`118`	`118`	`self.0[0] = set_bits_leq(self.0[0], bit);`
`119`	`119`	`} else if bit < 128 {`
`@@ -135,7 +135,7 @@ impl Bitfield {`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`#[inline]`
`138`		`-fn set_bits_leq(v: u64, bit: u32) -> u64 {`
	`138`	`+fn set_bits_leq(v: u64, bit: u8) -> u64 {`
`139`	`139`	`(v as u128 \| ((1u128 << (1 + bit)) - 1)) as u64`
`140`	`140`	`}`
`141`	`141`
Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,10 @@ pub struct HashBits<'a> {`
`16`	`16`	`pub consumed: u32,`
`17`	`17`	`}`
`18`	`18`
	`19`	`+// n must be less than 8`
`19`	`20`	`#[inline]`
`20`		`-pub(crate) fn mkmask(n: u32) -> u32 {`
`21`		`- ((1u64 << n) - 1) as u32`
	`21`	`+pub(crate) fn mkmask(n: u32) -> u8 {`
	`22`	`+ ((1u16 << n) - 1) as u8`
`22`	`23`	`}`
`23`	`24`
`24`	`25`	`impl<'a> HashBits<'a> {`
`@@ -36,7 +37,7 @@ impl<'a> HashBits<'a> {`
`36`	`37`
`37`	`38`	/// Returns next `i` bits of the hash and returns the value as an integer and returns
`38`	`39`	`/// Error when maximum depth is reached`
`39`		`- pub fn next(&mut self, i: u32) -> Result<u32, Error> {`
	`40`	`+ pub fn next(&mut self, i: u32) -> Result<u8, Error> {`
`40`	`41`	`if i > 8 \|\| i == 0 {`
`41`	`42`	`return Err(Error::InvalidHashBitLen);`
`42`	`43`	`}`
`@@ -49,11 +50,12 @@ impl<'a> HashBits<'a> {`
`49`	`50`	`Ok(self.next_bits(std::cmp::min(i, maxi)))`
`50`	`51`	`}`
`51`	`52`
`52`		`- fn next_bits(&mut self, i: u32) -> u32 {`
	`53`	+ // `i` must be between 1 and 8, inclusive.
	`54`	`+ fn next_bits(&mut self, i: u32) -> u8 {`
`53`	`55`	`let curbi = self.consumed / 8;`
`54`	`56`	`let leftb = 8 - (self.consumed % 8);`
`55`	`57`
`56`		`- let curb = self.b[curbi as usize] as u32;`
	`58`	`+ let curb = self.b[curbi as usize];`
`57`	`59`	`match i.cmp(&leftb) {`
`58`	`60`	`Ordering::Equal => {`
`59`	`61`	`// bits to consume is equal to the bits remaining in the currently indexed byte`
`@@ -71,11 +73,11 @@ impl<'a> HashBits<'a> {`
`71`	`73`	`}`
`72`	`74`	`Ordering::Greater => {`
`73`	`75`	`// Consumes remaining bits and remaining bits from a recursive call`
`74`		`- let mut out = (mkmask(leftb) & curb) as u64;`
	`76`	`+ let mut out = mkmask(leftb) & curb;`
`75`	`77`	`out <<= i - leftb;`
`76`	`78`	`self.consumed += leftb;`
`77`		`- out += self.next_bits(i - leftb) as u64;`
`78`		`- out as u32`
	`79`	`+ out += self.next_bits(i - leftb);`
	`80`	`+ out`
`79`	`81`	`}`
`80`	`82`	`}`
`81`	`83`	`}`
Original file line number	Diff line number	Diff line change
`@@ -478,18 +478,18 @@ where`
`478`	`478`	`Ok(())`
`479`	`479`	`}`
`480`	`480`
`481`		`- fn rm_child(&mut self, i: usize, idx: u32) -> Pointer<K, V, H, Ver> {`
	`481`	`+ fn rm_child(&mut self, i: usize, idx: u8) -> Pointer<K, V, H, Ver> {`
`482`	`482`	`self.bitfield.clear_bit(idx);`
`483`	`483`	`self.pointers.remove(i)`
`484`	`484`	`}`
`485`	`485`
`486`		`- fn insert_child(&mut self, idx: u32, key: K, value: V) {`
	`486`	`+ fn insert_child(&mut self, idx: u8, key: K, value: V) {`
`487`	`487`	`let i = self.index_for_bit_pos(idx);`
`488`	`488`	`self.bitfield.set_bit(idx);`
`489`	`489`	`self.pointers.insert(i, Pointer::from_key_value(key, value))`
`490`	`490`	`}`
`491`	`491`
`492`		`- fn insert_child_dirty(&mut self, idx: u32, node: Box<Node<K, V, H, Ver>>) {`
	`492`	`+ fn insert_child_dirty(&mut self, idx: u8, node: Box<Node<K, V, H, Ver>>) {`
`493`	`493`	`let i = self.index_for_bit_pos(idx);`
`494`	`494`	`self.bitfield.set_bit(idx);`
`495`	`495`	`self.pointers.insert(i, Pointer::Dirty(node))`
`@@ -517,9 +517,9 @@ where`
`517`	`517`	`}`
`518`	`518`
`519`	`519`	`impl<K, V, H, Ver> Node<K, V, H, Ver> {`
`520`		`- pub(crate) fn index_for_bit_pos(&self, bp: u32) -> usize {`
	`520`	`+ pub(crate) fn index_for_bit_pos(&self, bp: u8) -> usize {`
`521`	`521`	`let mask = Bitfield::zero().set_bits_le(bp);`
`522`		`- assert_eq!(mask.count_ones(), bp as usize);`
	`522`	`+ debug_assert_eq!(mask.count_ones(), bp as usize);`
`523`	`523`	`mask.and(&self.bitfield).count_ones()`
`524`	`524`	`}`
`525`	`525`	`}`