ryan-summers
commented
1 week ago Not only that, but the pointer provenance of the sitcm pointer only permits us to technically write 4 bytes (because the static mut __sitcm: u32.
Open jordens opened 2 weeks ago
ryan-summers
commented
1 week ago Not only that, but the pointer provenance of the sitcm pointer only permits us to technically write 4 bytes (because the static mut __sitcm: u32.
ryan-summers
commented
1 week ago Ref https://github.com/rust-embedded/wg/issues/771, it might be the case that pointer provenance is not actually an issue
jordens
commented
1 week ago Way back I had argued that this is like an FFI interface where one crates slices from addresses and lengths in a similar way without virtual machine knowing much about them.
I.e. specifically the src slice must be fine to create like this. How else would one do it?
And if the src slice is fine (initialized, doesn't break aliasing rules), so is the dst slice.
https://github.com/quartiq/stabilizer/blob/3ef00cbd92b9ee57b19026ba7abb3791e88be339/src/hardware/setup.rs#L183
That destination slice is uninitialized, thus insta-UB. Needs to be
MaybeUninit.