[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wgQy+FRKjO_BvZgZN56w6-+jDO8p-Mt=X=zM70CG=CVBQ@mail.gmail.com>
Date: Wed, 27 Mar 2024 12:07:26 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: comex <comexk@...il.com>, "Dr. David Alan Gilbert" <dave@...blig.org>,
Philipp Stanner <pstanner@...hat.com>, Boqun Feng <boqun.feng@...il.com>,
rust-for-linux <rust-for-linux@...r.kernel.org>, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org, llvm@...ts.linux.dev,
Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>,
Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>,
Alice Ryhl <aliceryhl@...gle.com>, Alan Stern <stern@...land.harvard.edu>,
Andrea Parri <parri.andrea@...il.com>, Will Deacon <will@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, Nicholas Piggin <npiggin@...il.com>,
David Howells <dhowells@...hat.com>, Jade Alglave <j.alglave@....ac.uk>,
Luc Maranget <luc.maranget@...ia.fr>, "Paul E. McKenney" <paulmck@...nel.org>,
Akira Yokosawa <akiyks@...il.com>, Daniel Lustig <dlustig@...dia.com>,
Joel Fernandes <joel@...lfernandes.org>, Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>, kent.overstreet@...il.com,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Marco Elver <elver@...gle.com>,
Mark Rutland <mark.rutland@....com>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Catalin Marinas <catalin.marinas@....com>,
linux-arm-kernel@...ts.infradead.org, linux-fsdevel@...r.kernel.org
Subject: Re: [WIP 0/3] Memory model and atomic API in Rust
On Wed, 27 Mar 2024 at 11:51, Kent Overstreet <kent.overstreet@...ux.dev> wrote:
>
> On Wed, Mar 27, 2024 at 09:16:09AM -0700, comex wrote:
> > Meanwhile, Rust intentionally lacks strict aliasing.
>
> I wasn't aware of this. Given that unrestricted pointers are a real
> impediment to compiler optimization, I thought that with Rust we were
> finally starting to nail down a concrete enough memory model to tackle
> this safely. But I guess not?
Strict aliasing is a *horrible* mistake.
It's not even *remotely* "tackle this safely". It's the exact
opposite. It's completely broken.
Anybody who thinks strict aliasing is a good idea either
(a) doesn't understand what it means
(b) has been brainwashed by incompetent compiler people.
it's a horrendous crock that was introduced by people who thought it
was too complicated to write out "restrict" keywords, and that thought
that "let's break old working programs and make it harder to write new
programs" was a good idea.
Nobody should ever do it. The fact that Rust doesn't do the C strict
aliasing is a good thing. Really.
I suspect you have been fooled by the name. Because "strict aliasing"
sounds like a good thing. It sounds like "I know these strictly can't
alias". But despite that name, it's the complete opposite of that, and
means "I will ignore actual real aliasing even if it exists, because I
will make aliasing decisions on entirely made-up grounds".
Just say no to strict aliasing. Thankfully, there's an actual compiler
flag for that: -fno-strict-aliasing. It should absolutely have been
the default.
Linus
Powered by blists - more mailing lists