lru-rs
stable_deref_trait
lru-rs | stable_deref_trait | |
---|---|---|
3 | 4 | |
590 | 29 | |
- | - | |
6.7 | 1.2 | |
2 months ago | about 1 year ago | |
Rust | Rust | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lru-rs
-
“Rust is safe” is not some kind of absolute guarantee of code safety
For reference, the fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45720 was as simple as this commit: https://github.com/jeromefroe/lru-rs/commit/ea64c8f932a45434cbc71d3843d28af7c1819864.
-
How Safe Is Zig?
You didn't seem to click the commit the guy linked with the rust code https://github.com/jeromefroe/lru-rs/pull/121/commits/416a2d...
It has nothing to do with opting out. Zig, Rust and no language saves you when you write incorrect unsafe code. My original point is disqualifying c tools is misleading and everything suffers from incorrect unsafe code
stable_deref_trait
-
Build a PinePhone App with Zig and Zgt
To elaborate, there is a recurring trend of sound C programs turning into unsound Rust programs, because shared mutability is often necessary but Stacked Borrows places strict conditions on constructing &mut T (they invalidate some but not all aliasing *const T), and it's less ergonomic to work solely in raw pointers and avoid creating Box or long-lasting &mut T (or for intrusive collections, any &mut T at all).
For example, matklad (the author of rust-analyzer, one of the preeminent Rust programmers and someone I'd expect to get code right) made a recent blog post on "Caches In Rust" (https://matklad.github.io/2022/06/11/caches-in-rust.html). The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait..., which is unsound for Box and violates stacked borrows in its current form (https://github.com/Storyyeller/stable_deref_trait/issues/15). However, the rules may be relaxed or more ergonomic alternatives added (https://github.com/rust-lang/unsafe-code-guidelines/issues/3...), it's uncertain right now.
(Also I go by "they".)
-
How Safe Is Zig?
Unsafe Rust is an esoteric language without iron-clad guarantees, and type-level programming and async Rust is an esoteric metalanguage (https://hirrolot.github.io/posts/rust-is-hard-or-the-misery-...). For example, matklad made a recent blog post on "Caches In Rust" (https://matklad.github.io/2022/06/11/caches-in-rust.html). The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait..., which is unsound for Box and violates stacked borrows: https://github.com/Storyyeller/stable_deref_trait/issues/15
There is a recurring trend of sound C programs turning into unsound Rust programs, because shared mutability is often necessary but it's difficult to avoid creating &mut, and Stacked Borrows places strict conditions on constructing &mut T (they invalidate some but not all aliasing *const T).
-
Blog Post: Caches In Rust
The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait/trait.StableDeref.html, which is unsound for Box and violates stacked borrows: https://github.com/Storyyeller/stable_deref_trait/issues/15
-
munge 0.2: Destructure raw pointers, MaybeUninit, cells, pins, and more
StableDeref has multiple issues under the current Stacked Borrows model: https://github.com/Storyyeller/stable_deref_trait/issues/15
What are some alternatives?
zorrow - Borrowchecker in Zig
mmsd
tigerbeetle - A distributed financial accounting database designed for mission critical safety and performance. [Moved to: https://github.com/tigerbeetledb/tigerbeetle]
arm-trusted-firmware - Read-only mirror of Trusted Firmware-A
phosh-antispam
rust - Empowering everyone to build reliable and efficient software.
munge
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
vvmplayer
pure - A static analysis file format checker.