Stream: t-lang/wg-unsafe-code-guidelines

Topic: Converting pointer to one struct field to another UB


ecstatic-morse (Oct 04 2019 at 23:29, on Zulip):

Hi unsafe-code-guidelines. I raised #65006, which details a way that a dataflow analysis I wrote for const qualification could be unsound in the presence of unsafe code. The soundness hole hinges upon taking a reference to one field of a struct on the stack, casting it to a raw pointer, and offsetting it to point at another field of the same struct. You can see an example here

Is this example UB? According to the (non-normative) pointer::offset docs:

Both the starting and resulting pointer must be either in bounds or one byte past the end of the same allocated object. Note that in Rust, every (stack-allocated) variable is considered a separate allocated object.
which suggests to me that this is not UB. However, it seems like this should in fact be UB, and users must take the address of the entire struct if they wish to do these kinds of shenanigans with pointer::offset.

Last update: Nov 19 2019 at 18:45UTC