lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Apr 2024 19:13:45 +0200
From: Philipp Stanner <pstanner@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>, Kent Overstreet
	 <kent.overstreet@...ux.dev>
Cc: comex <comexk@...il.com>, "Dr. David Alan Gilbert" <dave@...blig.org>, 
 Boqun Feng <boqun.feng@...il.com>, rust-for-linux
 <rust-for-linux@...r.kernel.org>,  linux-kernel@...r.kernel.org,
 linux-arch@...r.kernel.org, llvm@...ts.linux.dev,  Miguel Ojeda
 <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida
 Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>,
 Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin
 <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, Alice
 Ryhl <aliceryhl@...gle.com>, Alan Stern <stern@...land.harvard.edu>, Andrea
 Parri <parri.andrea@...il.com>, Will Deacon <will@...nel.org>, Peter
 Zijlstra <peterz@...radead.org>, Nicholas Piggin <npiggin@...il.com>, David
 Howells <dhowells@...hat.com>, Jade Alglave <j.alglave@....ac.uk>, Luc
 Maranget <luc.maranget@...ia.fr>, "Paul E. McKenney" <paulmck@...nel.org>,
 Akira Yokosawa <akiyks@...il.com>, Daniel Lustig <dlustig@...dia.com>, Joel
 Fernandes <joel@...lfernandes.org>, Nathan Chancellor <nathan@...nel.org>,
 Nick Desaulniers <ndesaulniers@...gle.com>, kent.overstreet@...il.com, 
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Marco Elver
 <elver@...gle.com>, Mark Rutland <mark.rutland@....com>,  Thomas Gleixner
 <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov
 <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
 "H. Peter Anvin" <hpa@...or.com>,  Catalin Marinas
 <catalin.marinas@....com>, linux-arm-kernel@...ts.infradead.org,
 linux-fsdevel@...r.kernel.org
Subject: Re: [WIP 0/3] Memory model and atomic API in Rust

On Wed, 2024-03-27 at 12:07 -0700, Linus Torvalds wrote:
> On Wed, 27 Mar 2024 at 11:51, Kent Overstreet
> <kent.overstreet@...ux.dev> wrote:
> > 
> > On Wed, Mar 27, 2024 at 09:16:09AM -0700, comex wrote:
> > > Meanwhile, Rust intentionally lacks strict aliasing.
> > 
> > I wasn't aware of this. Given that unrestricted pointers are a real
> > impediment to compiler optimization, I thought that with Rust we
> > were
> > finally starting to nail down a concrete enough memory model to
> > tackle
> > this safely. But I guess not?
> 
> Strict aliasing is a *horrible* mistake.
> 
> It's not even *remotely* "tackle this safely". It's the exact
> opposite. It's completely broken.
> 
> Anybody who thinks strict aliasing is a good idea either
> 
>  (a) doesn't understand what it means
> 
>  (b) has been brainwashed by incompetent compiler people.
> 
> it's a horrendous crock that was introduced by people who thought it
> was too complicated to write out "restrict" keywords, and that
> thought
> that "let's break old working programs and make it harder to write
> new
> programs" was a good idea.
> 
> Nobody should ever do it. The fact that Rust doesn't do the C strict
> aliasing is a good thing. Really.

Btw, for the interested, that's a nice article on strict aliasing:
https://blog.regehr.org/archives/1307

Dennis Ritchie, the Man Himself, back in the 1980s pushed back quite
strongly on (different?) aliasing experiments:
https://www.yodaiken.com/2021/03/19/dennis-ritchie-on-alias-analysis-in-the-c-programming-language-1988/


No idea why they can't just leave C alone... It's not without reason
that new languages like Zig and Hare want to freeze the language
(standard) once they are released.

P.

> 
> I suspect you have been fooled by the name. Because "strict aliasing"
> sounds like a good thing. It sounds like "I know these strictly can't
> alias". But despite that name, it's the complete opposite of that,
> and
> means "I will ignore actual real aliasing even if it exists, because
> I
> will make aliasing decisions on entirely made-up grounds".
> 
> Just say no to strict aliasing. Thankfully, there's an actual
> compiler
> flag for that: -fno-strict-aliasing. It should absolutely have been
> the default.
> 
>                  Linus
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ