stable_deref_trait
unsafe-code-guidelines
stable_deref_trait | unsafe-code-guidelines | |
---|---|---|
4 | 74 | |
29 | 645 | |
- | 0.9% | |
1.2 | 6.9 | |
about 1 year ago | 3 months ago | |
Rust | ||
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
stable_deref_trait
-
Build a PinePhone App with Zig and Zgt
To elaborate, there is a recurring trend of sound C programs turning into unsound Rust programs, because shared mutability is often necessary but Stacked Borrows places strict conditions on constructing &mut T (they invalidate some but not all aliasing *const T), and it's less ergonomic to work solely in raw pointers and avoid creating Box or long-lasting &mut T (or for intrusive collections, any &mut T at all).
For example, matklad (the author of rust-analyzer, one of the preeminent Rust programmers and someone I'd expect to get code right) made a recent blog post on "Caches In Rust" (https://matklad.github.io/2022/06/11/caches-in-rust.html). The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait..., which is unsound for Box and violates stacked borrows in its current form (https://github.com/Storyyeller/stable_deref_trait/issues/15). However, the rules may be relaxed or more ergonomic alternatives added (https://github.com/rust-lang/unsafe-code-guidelines/issues/3...), it's uncertain right now.
(Also I go by "they".)
-
How Safe Is Zig?
Unsafe Rust is an esoteric language without iron-clad guarantees, and type-level programming and async Rust is an esoteric metalanguage (https://hirrolot.github.io/posts/rust-is-hard-or-the-misery-...). For example, matklad made a recent blog post on "Caches In Rust" (https://matklad.github.io/2022/06/11/caches-in-rust.html). The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait..., which is unsound for Box and violates stacked borrows: https://github.com/Storyyeller/stable_deref_trait/issues/15
There is a recurring trend of sound C programs turning into unsound Rust programs, because shared mutability is often necessary but it's difficult to avoid creating &mut, and Stacked Borrows places strict conditions on constructing &mut T (they invalidate some but not all aliasing *const T).
-
Blog Post: Caches In Rust
The cache is built around https://docs.rs/elsa, which is built around https://docs.rs/stable_deref_trait/latest/stable_deref_trait/trait.StableDeref.html, which is unsound for Box and violates stacked borrows: https://github.com/Storyyeller/stable_deref_trait/issues/15
-
munge 0.2: Destructure raw pointers, MaybeUninit, cells, pins, and more
StableDeref has multiple issues under the current Stacked Borrows model: https://github.com/Storyyeller/stable_deref_trait/issues/15
unsafe-code-guidelines
-
Passing nothing is surprisingly difficult
Useful context on the Rust side is this issue [1]. It sounds like some of the author's concerns are addressed already.
[1]: https://github.com/rust-lang/unsafe-code-guidelines/issues/4...
-
Blog Post: Non-Send Futures When?
Is this captured by one of the known soundness conflicts? If not then should consider adding it to the list.
- Are crates like vcell and volatile cell still unsound?
-
Question: Are there things for Unsafe Rust learn from Zig?
There are some competing proposals for different memory models. Stacked borrows is the current proposal, but there are more work in the approproate WG.
-
Let's thank who have helped us in the Rust Community together!
Thank you /u/RalfJung for bringing formal methods to Rust, both through models like Stacked Borrows, by developing miri, and by working on unsafe-code-guidelines which aims to specify exactly what is and isn't allowed in unsafe code (surprisingly, it's an open question as 2023!)
- Questions about ownership rule
-
Noob Here: Why doesn't this work?
You could imagine some way to make this safe for example automatically convert &'short &'long mut T to &'short &'short T, but it's non-trivial to prove they are safe at all, not to mention ensuring this is correctly implemented in the compiler. If you're interested there's also a discussion on whether the opposite (& & T to & &mut T) is sound here.
-
When Zig is safer and faster than (unsafe) Rust
Agreed! MIRI is so good, it still feels like magic to me. It also comforts me that the Rust team takes improving unsafe semantics seriously, with the past Unsafe Code Guidelines WG and today's operational semantics team (t-opsem).
-
Safety and Soundness in Rust
I think there are some aspects of this rule that are still undecided. See for example:
- https://github.com/rust-lang/unsafe-code-guidelines/issues/8...
- https://github.com/rust-lang/miri/issues/2732
-
I wanna be a crab.
C is much better specified than unsafe Rust. Some things are just not worked out yet in Rust. This may sometimes even bite very experienced devs, such as this issue with Box's aliasing semantics, which tripped up the author of left-right.
What are some alternatives?
mmsd
tokio - A runtime for writing reliable asynchronous applications with Rust. Provides I/O, networking, scheduling, timers, ...
zorrow - Borrowchecker in Zig
rust - Empowering everyone to build reliable and efficient software.
lru-rs - An implementation of a LRU cache
rfcs - RFCs for changes to Rust
phosh-antispam
x11rb - X11 bindings for the rust programming language, similar to xcb being the X11 C bindings
munge
bevy - A refreshingly simple data-driven game engine built in Rust
vvmplayer
miri - An interpreter for Rust's mid-level intermediate representation