[WIP 0/3] Memory model and atomic API in Rust

comex comexk at gmail.com
Wed Mar 27 15:02:41 PDT 2024



> On Mar 27, 2024, at 2:56 PM, comex <comexk at gmail.com> wrote:
> 
> Right.  When I said “strict aliasing” I meant type-based aliasing rules, which is what GCC calls “strict aliasing".  But Rust does have stricter aliasing rules than C in a different way.  Both mutable and immutable references are annotated with LLVM `noalias` by default, equivalent to C `restrict`.

…oops, this should say “reference-typed function parameters”.

> On Mar 27, 2024, at 2:49 PM, Kent Overstreet <kent.overstreet at linux.dev> wrote:
> 
> That's not really a workable rule because in practice every data
> structure has unsafe Rust underneath. Strict aliasing would mean that
> unsafe Rust very much has to follow the aliasing rules too.


There have indeed been a lot of issues where some innocent-seeming piece of unsafe Rust turns out to violate the reference aliasing rules.  Miri helps (it’s a tool that can detect violations at runtime), and there have been attempts to loosen the rules where possible.  But it is definitely a case where Rust’s UB rules are more subtle than one would like.  At least it only applies to unsafe code.


More information about the linux-arm-kernel mailing list