Skip to content

Fixed soundness issues and removed nested member access.#11

Merged
Gilnaa merged 2 commits intomasterfrom
bugfix/soundness
Jul 4, 2019
Merged

Fixed soundness issues and removed nested member access.#11
Gilnaa merged 2 commits intomasterfrom
bugfix/soundness

Conversation

@Gilnaa
Copy link
Copy Markdown
Owner

@Gilnaa Gilnaa commented Jul 2, 2019
edited
Loading

Fixes #9
@RalfJung, please review.

This removes the ability to access nested members in favour of soundness.
This won't be merged before 1.37 lands.

RalfJung
RalfJung reviewed Jul 2, 2019
View reviewed changes
Comment thread src/offset_of.rs Outdated
($parent:ty, $field:tt) => (unsafe {
// Create an instance of the container and calculate the offset to its
// field. Although we are creating references to uninitialized data this
// is fine since we are not dereferencing them.
Copy link
Copy Markdown
Collaborator

@RalfJung RalfJung Jul 2, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is not accurate. It's not fine. It's just the best we can do, currently.

The comment should IMO clearly say "yes, this is UB" and then explain why it is UB and why it does this anyway. (The UB is in the let &$container ... line.)

RalfJung
RalfJung reviewed Jul 2, 2019
View reviewed changes
Comment thread src/offset_of.rs
// Future error: borrow of packed field requires unsafe function or block (error E0133)
($parent:ty, $field:tt) => ({
let non_null = $crate::ptr::NonNull::<$parent>::dangling();
let base_ptr = unsafe { non_null.as_ref() };
Copy link
Copy Markdown
Collaborator

@RalfJung RalfJung Jul 2, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be a comment here saying "yes this is UB", explaining why it is UB, and why it does this anyway.

It is UB because the reference is dangling, i.e., it does not point to actually allocated memory.

@Gilnaa Gilnaa force-pushed the bugfix/soundness branch from 4c7e6e7 to 9a7d466 Compare July 4, 2019 16:33
@Gilnaa Gilnaa merged commit fa2cce2 into master Jul 4, 2019
@Centril
Copy link
Copy Markdown

Centril commented Jul 5, 2019

@Gilnaa Should a note to the README also be added similar to the note in the implementation?

@Gilnaa
Copy link
Copy Markdown
Owner Author

Gilnaa commented Jul 5, 2019 via email

RalfJung
RalfJung reviewed Jul 7, 2019
View reviewed changes
Comment thread src/offset_of.rs

member - base
});
let field_ptr = unsafe { &base_ptr.$field };
Copy link
Copy Markdown
Collaborator

@RalfJung RalfJung Jul 7, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should also use the deref-coercion-avoidance trick that you used above.

RalfJung
RalfJung reviewed Jul 7, 2019
View reviewed changes
Comment thread src/offset_of.rs
($parent:tt, $field:tt) => (unsafe {
// Create an instance of the container and calculate the offset to its field.
// Here we're using an uninitialized instance of $parent.
// Since we're not using its field, there's no UB caused by reading uninitialized memoty.
Copy link
Copy Markdown
Collaborator

@RalfJung RalfJung Jul 7, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"memoty" should be "memory"

@de-vri-es de-vri-es mentioned this pull request Aug 28, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RalfJung RalfJung RalfJung left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

offset_of is unsound

3 participants

@Gilnaa @Centril @RalfJung