(plf.inf.ethz.ch)

564 points zdw | 1 comments | 09 Jul 25 14:40 UTC | HN request time: 0.219s | source

Show context

wavemode ◴[09 Jul 25 15:17 UTC] No.44511091[source]▶

From the paper:

> The problem with unsafe code is that it can do things like this:

    fn main() {
        let mut x = 42;
        let ptr = &mut x as *mut i32;
        let val = unsafe { write_both(&mut *ptr, &mut *ptr) };
        println!("{val}");
    }

No it can't? Using pointers to coexist multiple mutable references to the same variable is undefined behavior. Unless I'm just misunderstanding the point they're trying to make here.

replies(6): >>44511182 #>>44511227 #>>44511321 #>>44511369 #>>44511392 #>>44512352 #

1. ehsanu1 ◴[09 Jul 25 15:25 UTC] No.44511227[source]▶

>>44511091 #

I believe that's exactly the point: it's too easy to violate constraints like not allowing multiple mutable references. Unsafe is meant for cases where the validity of the code is difficult to prove with rust's lifetime analysis, but can be abused to do much more than that.

↑

Tree Borrows