`simd_runtime_generate!` creates implicit unsafe fn, allowing unsafe ops in seemingly safe code

arduano / simdeez

easy simd

MIT License

332 stars 25 forks source link

`simd_runtime_generate!` creates implicit unsafe fn, allowing unsafe ops in seemingly safe code #34

Open jonas-schievink opened 4 years ago

jonas-schievink commented 4 years ago

This program has undefined behavior but does not use unsafe:

extern crate simdeez;

use simdeez::avx2::*;
use simdeez::scalar::*;
use simdeez::sse2::*;
use simdeez::sse41::*;

simd_runtime_generate! {
    fn unsafe_deref(p: *const u8) -> u8 {
        *p
    }
}

fn main() {
    unsafe_deref_runtime_select(6 as *const u8);
}

jackmott commented 4 years ago

Good point, the macros should probably create unsafe functions, since all the intrinsics are unsafe. Do you agree with that as the solution?

jonas-schievink commented 4 years ago

Most methods it creates are already unsafe, just not the runtime_select one. Making that unsafe as well would avoid this issue, so that seems fine.

I think there's a deeper issue with the fn unsafe_deref being sort of magically made into an unsafe fn though. I see this is needed to use pretty much any part of this library since so much is unsafe due to the use of the SIMD intrinsics, so I'm not sure how to solve that.

verpeteren commented 1 year ago

@jonas-schievink : can you check this PR/branch and check if that does what you requested+