Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relationship to the Transmute pre-rfc #4

Open
asajeffrey opened this issue Nov 22, 2019 · 6 comments
Open

Relationship to the Transmute pre-rfc #4

asajeffrey opened this issue Nov 22, 2019 · 6 comments

Comments

@asajeffrey
Copy link

I read this and thought of you... https://internals.rust-lang.org/t/pre-rfc-safe-transmute/11347
@lovesegfault
Copy link
Collaborator

lovesegfault commented Nov 22, 2019
edited
Loading

Thanks Alan! @Ekleog will definitely have some thoughts on that, as well as @nagisa

@lovesegfault
Copy link
Collaborator

lovesegfault commented Nov 22, 2019
edited
Loading

Thoughts as I read:

  • I find the idea of a trait that cannot be impl'd to be weird; maybe they mean you can only unsafe impl it?
  • ToFromBytes is a horrible name, I think overall they mean that the type is isomorphic to a byte slice.
  • Maybe having the compiler verify type isomorphisms is where this thing is going?
  • All Transmutable types are isomorphic to one another (via bytes) (?)
  • Maybe they should just be two traits, FromBytes and ToBytes

@Ekleog
Copy link
Collaborator

Ekleog commented Nov 22, 2019

We're not really using transmute anywhere that I can remember, nor expose a safe way of doing so in our API. So I'm not really sure I can think of a place where we could use such a mechanism here?

The point of the interprocess traits as currently defined here is to guarantee things assuming the references are to the same types on both sides of the process boundary, and that processes are cooperative; meaning that no transmute should be happening, no padding should be exposed, etc.

@asajeffrey
Copy link
Author

There must be somewhere a transmute is happening, even if it's hidden in read_volatile.

@asajeffrey
Copy link
Author

And yes, all transmutable types of the same size are isomorphic.

@Ekleog
Copy link
Collaborator

Ekleog commented Nov 23, 2019

Well, in inteprocess-traits, we do assume that processes are cooperative, and that the unsafe requirements are satisfied on both sides.

With the unsafe requirements being satisfied, it is impossible to retrieve references to the same memory region as two distinct types. In other words, checking the absence of transmute is pushed to the user as a requirement to verify.

Also, because that is the API of ProcSync, we allow multiple & references to exist to the same memory region from different processes at the same time -- assuming the type is ProcSync. So we don't really need to do read_volatile either. We just do regular memory reads, and they're guaranteed to be of the same type as what was written by the unsafe requirements.

Is that more clear?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@asajeffrey @Ekleog @lovesegfault