[WIP 0/3] Memory model and atomic API in Rust
comex
comexk at gmail.com
Wed Mar 27 15:02:41 PDT 2024
> On Mar 27, 2024, at 2:56 PM, comex <comexk at gmail.com> wrote:
>
> Right. When I said “strict aliasing” I meant type-based aliasing rules, which is what GCC calls “strict aliasing". But Rust does have stricter aliasing rules than C in a different way. Both mutable and immutable references are annotated with LLVM `noalias` by default, equivalent to C `restrict`.
…oops, this should say “reference-typed function parameters”.
> On Mar 27, 2024, at 2:49 PM, Kent Overstreet <kent.overstreet at linux.dev> wrote:
>
> That's not really a workable rule because in practice every data
> structure has unsafe Rust underneath. Strict aliasing would mean that
> unsafe Rust very much has to follow the aliasing rules too.
There have indeed been a lot of issues where some innocent-seeming piece of unsafe Rust turns out to violate the reference aliasing rules. Miri helps (it’s a tool that can detect violations at runtime), and there have been attempts to loosen the rules where possible. But it is definitely a case where Rust’s UB rules are more subtle than one would like. At least it only applies to unsafe code.
More information about the linux-arm-kernel
mailing list