Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe code can't assume invariants of (Partial){Eq,Ord} #43

Open
bjorn3 opened this issue Jun 26, 2020 · 1 comment
Open

Unsafe code can't assume invariants of (Partial){Eq,Ord} #43

bjorn3 opened this issue Jun 26, 2020 · 1 comment

Comments

@bjorn3
Copy link

bjorn3 commented Jun 26, 2020

In the second use, it may lead to classical security issues linked to memory safety violations. That is again a factor in the practice of limiting the use of unsafe blocks.

They are not unsafe traits, so unsafe code is not allowed to assume anything about their implementation. At worst violating the documented invariants is allowed to cause a panic.
@HeroicKatora
Copy link

In particular, the standard library may not and does not use its assumed properties for such unsound optimizations as alluded to. That is in contrast to for example C++. In this spirit, I suggest adjusting the wording slightly to make it clear that these assumptions hold only when one looks for safety guarantees but are not required for soundness guarantees.

Rust assumes a lot of invariants

Rust expects a lot of invariants, for the purpose of safety guarantees,

Maybe it should also be considered to add a paragraph discouraging safety critical code from having type parameters with these bounds, to avoid confusions both in for the caller and the implementor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HeroicKatora @bjorn3