Re: [WIP 0/3] Memory model and atomic API in Rust

From: comex
Date: Wed Mar 27 2024 - 18:03:10 EST

Next message: Andreas Kemnade: "Re: [PATCH v2 2/2] mfd: rohm-bd71828: Add power off functionality"
Previous message: Jeff Johnson: "Re: [PATCH v2][next] wifi: wil6210: wmi: Use __counted_by() in struct wmi_set_link_monitor_cmd and avoid -Wfamnae warning"
In reply to: comex: "Re: [WIP 0/3] Memory model and atomic API in Rust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mar 27, 2024, at 2:56 PM, comex <comexk@xxxxxxxxx> wrote:
>
> Right. When I said “strict aliasing” I meant type-based aliasing rules, which is what GCC calls “strict aliasing". But Rust does have stricter aliasing rules than C in a different way. Both mutable and immutable references are annotated with LLVM `noalias` by default, equivalent to C `restrict`.

…oops, this should say “reference-typed function parameters”.

> On Mar 27, 2024, at 2:49 PM, Kent Overstreet <kent.overstreet@xxxxxxxxx> wrote:
>
> That's not really a workable rule because in practice every data
> structure has unsafe Rust underneath. Strict aliasing would mean that
> unsafe Rust very much has to follow the aliasing rules too.

There have indeed been a lot of issues where some innocent-seeming piece of unsafe Rust turns out to violate the reference aliasing rules. Miri helps (it’s a tool that can detect violations at runtime), and there have been attempts to loosen the rules where possible. But it is definitely a case where Rust’s UB rules are more subtle than one would like. At least it only applies to unsafe code.

Next message: Andreas Kemnade: "Re: [PATCH v2 2/2] mfd: rohm-bd71828: Add power off functionality"
Previous message: Jeff Johnson: "Re: [PATCH v2][next] wifi: wil6210: wmi: Use __counted_by() in struct wmi_set_link_monitor_cmd and avoid -Wfamnae warning"
In reply to: comex: "Re: [WIP 0/3] Memory model and atomic API in Rust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]