Stream: wg-secure-code

Topic: yet another safe abstraction

Shnatsel (Oct 30 2018 at 16:12, on Zulip):
Someone's made a safe abstraction for writing lock-free data structures. Should we maybe assemble a list of such things? I just randomly stumble upon these. Once I feel I can't make my code fast without unsafe there is no repository of existing safe abstractions that would maybe solve my problem

Joshua Liebow-Feeser (Oct 30 2018 at 20:37, on Zulip):

I think that's a good idea. What do other folks think? It'd be nice if there were a single place to go when you want to do something unsafe and you're wondering whether there's a crate that does it for you.

Alex Gaynor (Oct 30 2018 at 21:10, on Zulip):

Yes, I think that'd be super helpful.

Tony Arcieri (Nov 01 2018 at 23:39, on Zulip):

I think we could definitely use some lists of recommended crates

brycx (Nov 06 2018 at 12:09, on Zulip):

I just stumbled upon this crate, might be worth keeping an eye out for:

brycx (Nov 22 2018 at 21:02, on Zulip):

A safe-ish abstraction for mem::transmute

JP Sugarbroad (Nov 22 2018 at 22:58, on Zulip):

Are you planning to implement alignment checks?

JP Sugarbroad (Nov 22 2018 at 23:02, on Zulip):

FYI armv6 says that unaligned access is unpredictable.

brycx (Nov 23 2018 at 06:49, on Zulip):

This isn't my crate :slight_smile: But I'm guessing that's why the authors didn't implement alignment checks, since they support no_std.

brycx (Nov 23 2018 at 07:02, on Zulip):

Plus, I wouldn't know how to.

RalfJ (Nov 24 2018 at 10:34, on Zulip):

unaligned accesses are UB in LLVM, so it doesn't really matter what the HW does, your code could already get misoptimized before than. or is this about assembly code?

RalfJ (Nov 24 2018 at 10:38, on Zulip):

Uh.... that crate has tons of soundness problems

RalfJ (Nov 24 2018 at 10:38, on Zulip):

like, I can transmute &[u8] to &u32 and alignment is not checked -> insta-UB

RalfJ (Nov 24 2018 at 10:44, on Zulip):

Also they seem to transmute Vec?!?

brycx (Nov 24 2018 at 10:46, on Zulip):

Thanks for pointing that out @RalfJ. I'm not competent enough to validate it's soundness. I wasn't aware that it was in such a bad shape... At least it's now clear that this should not be included in a list of recommended safe abstractions!

RalfJ (Nov 24 2018 at 10:50, on Zulip):

TBH I can only recommend to stay away from that crate^^

RalfJ (Nov 24 2018 at 11:06, on Zulip):

I'll stop after finding one concrete example of unsoundness:

Tony Arcieri (Nov 24 2018 at 19:49, on Zulip):

haha, I'm a little taken aback by "safe" and "transmute" appearing in succession

Tony Arcieri (Nov 24 2018 at 19:50, on Zulip):

also I really like how clippy tells you which transmutes can be replaced with pointer casts

Tony Arcieri (Nov 24 2018 at 19:51, on Zulip):

not that pointer casts are all that great either, but they seem marginally safer

Last update: Apr 04 2020 at 04:00UTC