←back to thread

Tree Borrows

(plf.inf.ethz.ch)
564 points zdw | 1 comments | | HN request time: 0.219s | source
Show context
wavemode ◴[] No.44511091[source]
From the paper:

> The problem with unsafe code is that it can do things like this:

    fn main() {
        let mut x = 42;
        let ptr = &mut x as *mut i32;
        let val = unsafe { write_both(&mut *ptr, &mut *ptr) };
        println!("{val}");
    }
No it can't? Using pointers to coexist multiple mutable references to the same variable is undefined behavior. Unless I'm just misunderstanding the point they're trying to make here.
replies(6): >>44511182 #>>44511227 #>>44511321 #>>44511369 #>>44511392 #>>44512352 #
1. ehsanu1 ◴[] No.44511227[source]
I believe that's exactly the point: it's too easy to violate constraints like not allowing multiple mutable references. Unsafe is meant for cases where the validity of the code is difficult to prove with rust's lifetime analysis, but can be abused to do much more than that.