search

rust-lang / unsafe-code-guidelines

Forum for discussion about what unsafe code can and can't do
https://rust-lang.github.io/unsafe-code-guidelines
Apache License 2.0
655 stars 57 forks source link

Do the current nightly `std::ptr` docs violate provenance monotonicity? #530

Open joshlf opened 2 weeks ago

joshlf commented 2 weeks ago

Per the nightly std::ptr docs:

[Under strict provenance, it is sound to] forge an allocation of size zero at any sufficiently aligned non-null address. i.e. the usual “ZSTs are fake, do what you want” rules apply but this only applies for actual forgery (integers cast to pointers). If you borrow some struct’s field that happens to be zero-sized, the resulting pointer will have provenance tied to that allocation, and it will still get invalidated if the allocation gets deallocated. In the future we may introduce an API to make such a forged allocation explicit.

Along the same lines as https://github.com/rust-lang/unsafe-code-guidelines/issues/529, IIUC this violates provenance monotonicity.

RalfJung commented 2 weeks ago

Yeah, this is indeed outdated. Will be fixed together with the big strict provenance docs update.