zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. Pulcin+H4[view] [source] 2022-10-02 14:54:33
>>rvz+(OP)
Not all that familiar with the specifics of Rust, but I assume it’s “safety” is somewhat similar to Swift’s “safety,” so type safety and memory safety, which does not mean no crashes, just that you will e.g. crash on an array OOB error rather than start writing or reading to random bits of memory.
◧◩
2. oconno+PD[view] [source] 2022-10-02 18:05:17
>>Pulcin+H4
You've got the right idea. The Rustonomicon gives a list of approximately everything that Rust considers unsound/UB (https://doc.rust-lang.org/nomicon/what-unsafe-does.html). The most common examples are:

- use after free

- breaking the aliasing rules

- causing a "data race" (e.g. writing to the same value from multiple threads without a lock)

- producing an invalid value (like a bool that's not 0 or 1)

There's some other technical stuff like "calling a foreign function with the wrong ABI", but those four above capture most of what safe Rust wants to guarantee that you never do. I contrast, the same page provides an interesting list of things that Rust doesn't consider UB and that you can do in safe code, for example:

- deadlocks and other race conditions that aren't data races

- leak memory

- overflow an integer

- abort the whole process

[go to top]