Comment by uecker

Comment by uecker 2 days ago

Of course, one you have identifies the bounds to each pointer you could just do bounds checking in C.

That's not actually sufficient in the general case where the pointer may not be the type of the underlying object. You also have to respect strict aliasing even if the bounds are correct. This isn't true in the same way in Rust because memory is untyped. You only need to ensure basic memory validity (range, initialization, alignment, etc).

Reply View 13 replies

uecker 2 days ago

Yes, you also do not want to do random casts, but this is even easier. I do not get your point out memory validity in Rust. What if you write where a pointer is stored, or even a boolean?

Reply View | 9 replies
- AlotOfReading 2 days ago
  
  I'm talking about type punning specifically here. There's a lot of old C code out there that stores everything in int * buffers and casts pointers back to the correct type. I'm even aware of one toolchain for a widely used MCU that typedef'd char to int (i16).
  I believe this would be legal in Rust today if you respected the other rules, with the caveat that it wouldn't be remotely idiomatic or possible without unsafe.
  
  Reply View | 8 replies
  
  kant2002 12 hours ago
  
  I did take a look at the projects which attempt to address conversion of C to Rust and even if article talk about about uplifting C to idiomatic Rust, or to utilize decompilation techniques, I do not see anything of that in any existing project.
  - C2Rust: https://github.com/immunant/c2rust From what I see, very limited testing of what C can be uplifted. - Citrus: https://gitlab.com/citrus-rs/citrus Overall almost no tests. I would not even mention this project, since it seems to be working on hope. https://gitlab.com/citrus-rs/citrus/-/tree/master/tests?ref_... - Corrode: https://github.com/jameysharp/corrode Written in Haskel, not in Rust as others, have potential, since they utilize csmith for testing.But still lack of testing. https://github.com/jameysharp/corrode/tree/master/scripts
  I really don't see any project which attempt to reverse engineer Rust idioms from C, even if in limited contexts. Maybe the goal of the article to inspire all of us. Or Maybe I miss some other existings projects?
  
  Reply View | 2 replies
  
  steveklabnik 2 days ago
  
  Rust does not have strict aliasing, that’s correct.
  
  Reply View | 4 replies
zozbot234 2 days ago

Rust has pointer provenance which implies very similar constraints to the "typed memory" wording of C/C++.

Reply View | 2 replies
- AlotOfReading 2 days ago
  
  Does it? It's very unclear to me whether something like type punning is prohibited by provenance today. The docs don't provide much clarity, and the comments I can find by ralf suggest the details are undecided. I can't imagine it won't be eventually prohibited since we already have hardware designs prohibiting it and it's a terrible code pattern to begin with, but I don't know if the language currently does so.
  
  Reply View | 0 replies
- steveklabnik 2 days ago
  
  This isn’t correct. Just because Rust has aliasing rules doesn’t mean they’re the same sorts of rules.
  C and C++ are also looking to adopt more formal provenance rules.
  
  Reply View | 0 replies