Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

What's the definition of mutable aliasing for ZSTs?

See original GitHub issue

For sizeof(T)>0, I understand the rules: no two &muts can reference overlapping memory.

What exactly are the rules for ZSTs, though?

For x: ((),()) to be a ZST (which we want), &mut x.0 and &mut x.1 are allowed, but are NOP transformations of &mut x, with the same value. But with unsafe code, I can take &mut x as *mut _, perform two NOP transformations to it, cast it as *mut (), and dereference it, and I don’t know how to determine whether I’m reading the “first” or “second” fields, and thus whether I’m violating aliasing. Similar arguments apply to things like split_at_mut on a &mut [()], which is also creating multiple pointers of the same value.

But if all ZST reads are legal, that means all ZSTs are effectively Copy, which means a private-constructor ZST cannot safely be used as an access token, as it can be copied by ptr::read’ing it twice (legal because all ZST reads are legal, by premise).

Issue Analytics

State:
Created 6 years ago
Comments:14 (12 by maintainers)

Top GitHub Comments

6reactions

RalfJungcommented, Jan 3, 2018

I agree with @nagisa. Moreover, this has no bearing on whether a private-constructor ZST can be used as an access token: If unsafe code forges such a private-constructor ZST, while no immediate UB is raised, that’s still clearly misbehaving unsafe code. Compare this to a repr(C) struct with two private fields that has an invariant: While it is no immediate UB to use unsafe code to modify the fields of this struct, that’s still misbehaving unsafe code and safe code may rely on unsafe code not doing this.

“What code is UB” and “What safe code can rely on unsafe code to (not) do” don’t always have the same answer, though of course safe code can at least rely on unsafe code not triggering UB.

2reactions

RalfJungcommented, Jan 25, 2018

@scottmcm

Ok, so checking for aliasing is not enough to know that two &muts can co-exist. Shame.

Notice that this would be the case even without considering ZSTs. For example, there may never be two &mut MutexGuard for the same mutex, even if the guards themselves are disjoint in terms of the memory they occupy.

Top Results From Across the Web

What does &mut aliasing mean for ZSTs? - help

A ZST can't hold state, and its address is basically meaningless, with everything in a Vec being at the same address, for example....

Aliasing and Mutability

When a variable is passed as an argument to a function, that variable is aliased with the function's parameter. That's what makes it...

Untitled

We're going to dig into exception-safety, pointer aliasing, memory models, compiler and hardware implementation details, and even some type-theory. Much text ...

Stacked Borrows: An Aliasing Model for Rust (the paper)

The paper talks about memory and memory locations, especially in the section about interior mutability. What about zero-sized types? Can a ...

Rust Language Cheat Sheet

*r, Dereference a reference r to access what it points to. *r = s;, If r is a mutable reference, move or copy...