Stream: t-lang/wg-unsafe-code-guidelines

Topic: "fun" anti-as_mut_slice in Bytes crate


Gankro (Jun 07 2019 at 03:02, on Zulip):

it explicitly creates an &mut [u8] for all the uninitialized memory in a vec: https://docs.rs/bytes/0.4.12/src/bytes/buf/buf_mut.rs.html#1150

Lokathor (Jun 07 2019 at 05:08, on Zulip):

I think the final expression was meant to be &mut slice::from_raw_parts_mut(ptr, cap)[..len] ? But even that would be wrong, there's no reason at all to over create a first slice and then try to reslice down to the real size.

RalfJ (Jun 07 2019 at 08:28, on Zulip):

yeah that should be a *mut [u8]... if only those were not so painful to use^^

RalfJ (Jun 07 2019 at 08:28, on Zulip):

this also reminds me https://github.com/rust-lang/rust/pull/60667 is still open?

Gankro (Jun 07 2019 at 12:45, on Zulip):

Lokathor: no, the API is explicitly intended to create a slice for the uninitialized memory, so you can initialize it

Lokathor (Jun 07 2019 at 16:55, on Zulip):

Well that's just psychotic

Ehsan M. Kermani (Jun 10 2019 at 05:37, on Zulip):

Hi everyone, sorry if this is not the right place. This is my very first time I'm posting here. Things discussed here are new to me but I'm curious and want to know more. I've been trying to educate myself with UB (what is it exactly?) reading John Regehr's and Ralf's blogs etc. I have to confess that I've got an uneasy feeling that many unanswered questions have deep roots in LLVM itself. I'd like to ask you to what extent we can prove safety? (I mean mathematical, rigorous proofs). I'm aware of miri and Rustbelt, though these're not accessible to me and I don't know the minimum requirements, but what I'm looking at is ideas and intuitions behind validity and safety proofs (if there're some!). Is there any place I can get most of the idea from? (blogs etc.)

Ehsan M. Kermani (Jun 10 2019 at 05:46, on Zulip):

I should add that the current attempt in https://rust-lang.github.io/unsafe-code-guidelines/glossary.html and previously https://github.com/nikomatsakis/rust-memory-model are good places to get some idea about the basics, I don't know of any material that equip me with reasoning about what's valid and what's not. Since there're many unanswered questions and the whole point of wg is try to answer them, I'd like to help to be a test audience proof-reading and trying to clarify things from scratch. Would that be any useful or I'm in a wrong place?

RalfJ (Jun 10 2019 at 09:36, on Zulip):

(you posted these in the wrong topic but that's okay, Zulip's UI can be confusing in the beginning. try to make sure that you have selected a matching topic in the left-hand panel, or click "new topic" if you want to start a new conversation like you did here)

RalfJ (Jun 10 2019 at 09:37, on Zulip):

I should add that the current attempt in https://rust-lang.github.io/unsafe-code-guidelines/glossary.html and previously https://github.com/nikomatsakis/rust-memory-model are good places to get some idea about the basics, I don't know of any material that equip me with reasoning about what's valid and what's not. Since there're many unanswered questions and the whole point of wg is try to answer them, I'd like to help to be a test audience proof-reading and trying to clarify things from scratch. Would that be any useful or I'm in a wrong place?

yes, test audiences are always useful! This reminds of a recent discussions in the forums.

RalfJ (Jun 10 2019 at 09:39, on Zulip):

that said, currently the goal of the WG is not to enable rigorous proofs; at least my thinking is that we are very far from making those accessible enough that they become widely doable for unsafe code authors. The idea is more to come up with guidelines/checklists, examples, that kind of stuff.

Last update: Nov 20 2019 at 12:35UTC