Stream: t-lang/wg-unsafe-code-guidelines

Topic: Offsetting pointer to one struct field to another UB?


Lokathor (Oct 05 2019 at 18:07, on Zulip):

I believe that it is UB

ecstatic-morse (Oct 05 2019 at 18:10, on Zulip):

@Lokathor could you point me towards a reference? Nomicon, LLVM docs or a previous zulip conversation?

ecstatic-morse (Oct 05 2019 at 18:11, on Zulip):

If you have one at hand that is

ecstatic-morse (Oct 05 2019 at 18:25, on Zulip):

I believe I've seen the validity of &arr[0] as *const u8 vs &arr as *const u8 discussed here before, which is basically the same issue, but I can't seem to find it searching for "pointer offset"

ecstatic-morse (Oct 05 2019 at 18:35, on Zulip):

rust-lang/unsafe-code-guidelines#134

Lokathor (Oct 05 2019 at 18:57, on Zulip):

well I'm going by that discussion you just mentioned

Lokathor (Oct 05 2019 at 18:58, on Zulip):

it's my understanding that the pointer to just that one field had its validity narrowed to just that field, it is no longer legal for the whole struct

Lokathor (Oct 05 2019 at 18:58, on Zulip):

this is how "split borrows" work

ecstatic-morse (Oct 05 2019 at 18:58, on Zulip):

Yes, I was asking for a link to that discussion (I hadn't seen it before now)

ecstatic-morse (Oct 05 2019 at 18:58, on Zulip):

I closed the outstanding issue

ecstatic-morse (Oct 05 2019 at 18:59, on Zulip):

What's "split borrows"?

Lokathor (Oct 05 2019 at 19:12, on Zulip):

when you borrow two fields of the same struct separately

Lokathor (Oct 05 2019 at 19:12, on Zulip):

like how slice::split(...) works

Lokathor (Oct 05 2019 at 19:13, on Zulip):

unfortunately i also cannot easily locate the pointer validity span discussion (on my phone right now)

ecstatic-morse (Oct 05 2019 at 19:23, on Zulip):

Ah okay, I understand

nagisa (Oct 05 2019 at 20:18, on Zulip):

@Lokathor a counter example could be arrays and borrowing of its first element, no?

nagisa (Oct 05 2019 at 20:19, on Zulip):

you still want to be able to iterate through the array by doing pointer arithmetic on the pointer.

nagisa (Oct 05 2019 at 20:19, on Zulip):

although at this point we hit raw pointer vs reference.

Lokathor (Oct 05 2019 at 20:21, on Zulip):

I'm not sure that's a counter-example

Lokathor (Oct 05 2019 at 20:21, on Zulip):

you need a reference to the whole array to make a legal reference to an element of the array

Lokathor (Oct 05 2019 at 20:22, on Zulip):

once you have converted &[T] into a particular &T, you can't just jump that to another element, you have to go back to the full slice reference

nagisa (Oct 05 2019 at 20:24, on Zulip):

That’s definitely not something anybody does, though. (again, they usually use pointers). Even the slice iterator is 2 element pointers and fn next() { ...; start = ptr::offset(start, 1); ... }.

nagisa (Oct 05 2019 at 20:25, on Zulip):

However for the particular optimisation @ecstatic-morse cares about, they need to handle both pointers and references equally… well.

nagisa (Oct 05 2019 at 20:26, on Zulip):

(esp. since MIR does not yet have raw & operation AFAIK)

rkruppe (Oct 05 2019 at 20:27, on Zulip):

Nothing that was said conflicts with any of that, you just gotta use slice.as_ptr() (or copy its body) instead of &slice[0] for creating the raw pointer.

nagisa (Oct 05 2019 at 20:28, on Zulip):

Fair.

RalfJ (Oct 09 2019 at 13:27, on Zulip):

Is this example UB? According to the (non-normative) pointer::offset docs:

note that those docs just say when pointer::offset is UB; they do not specify when it is (not) UB to actually use the resulting ptr

RalfJ (Oct 09 2019 at 13:27, on Zulip):

this is aliasing model territory which is very unspecified (Nomicon and Reference both explicitly keep that open)

RalfJ (Oct 09 2019 at 13:28, on Zulip):

@ecstatic-morse ^

Last update: Nov 20 2019 at 11:25UTC