[IshKebab]

Is that even true at a hardware level? What if you read into an unmapped page or into protected memory? (I haven't read the code, maybe it has alignment guarantees that avoid this?)

[mpweiher]

You make sure you don't do that.

A trick to avoid reading beyond the end of the buffer is to make sure the end of the buffer lies on the same page. Typically, the OS will allocate memory in pages of 4KB, thus we can make a function that checks whether it is okay to read beyond or if we should fallback to the copy version.

-- https://ogxd.github.io/articles/unsafe-read-beyond-of-death/

[IshKebab]

That's not a guarantee. On some systems memory protection can be sub-page (not sure about x86).

But it sounds like the masking feature mentioned in a sibling comment takes care of it anyway.

[dzaima]

Masking is nice, but not available everywhere (i.e. intel is still making new generations of CPUs without AVX-512, and apple silicon doesn't have any masked loads/stores either).

It might not be the nicest thing to assume to be the case on all hardware, but it shouldn't be too unreasonable to put it under an "if (arch_has_a_minimum_page_size)". So many things already assume at least 4KB pages, Intel/AMD aren't gonna break like half the world. If anything, they'd want to make larger pages to make larger L1 caches more feasible.

[slaymaker1907]

There's a debate on how unsafe/unsound this technique actually is. https://github.com/ogxd/gxhash/issues/82

I definitely see the conundrum since the dangerous code is such a huge performance gain.

[b3orn]

The code uses unaligned load and store instructions, so it should be possible to trigger memory access to unmapped addresses.

[csande17]

Isn't the point of the "masked load" instruction discussed in the article to avoid that? https://stackoverflow.com/a/54530225

[janwas]

Unfortunately, AMD's masked AVX2 instructions reserve the right to fault even for masked-off elements :(