Re: [WIP 0/3] Memory model and atomic API in Rust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Mar 27, 2024, at 2:56 PM, comex <comexk@xxxxxxxxx> wrote:
> 
> Right.  When I said “strict aliasing” I meant type-based aliasing rules, which is what GCC calls “strict aliasing".  But Rust does have stricter aliasing rules than C in a different way.  Both mutable and immutable references are annotated with LLVM `noalias` by default, equivalent to C `restrict`.

…oops, this should say “reference-typed function parameters”.

> On Mar 27, 2024, at 2:49 PM, Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote:
> 
> That's not really a workable rule because in practice every data
> structure has unsafe Rust underneath. Strict aliasing would mean that
> unsafe Rust very much has to follow the aliasing rules too.


There have indeed been a lot of issues where some innocent-seeming piece of unsafe Rust turns out to violate the reference aliasing rules.  Miri helps (it’s a tool that can detect violations at runtime), and there have been attempts to loosen the rules where possible.  But it is definitely a case where Rust’s UB rules are more subtle than one would like.  At least it only applies to unsafe code.




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux