| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Apr 2024 19:13:45 +0200 From: Philipp Stanner <pstanner@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org>, Kent Overstreet <kent.overstreet@...ux.dev> Cc: comex <comexk@...il.com>, "Dr. David Alan Gilbert" <dave@...blig.org>, Boqun Feng <boqun.feng@...il.com>, rust-for-linux <rust-for-linux@...r.kernel.org>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, llvm@...ts.linux.dev, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Wedson Almeida Filho <wedsonaf@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...sung.com>, Alice Ryhl <aliceryhl@...gle.com>, Alan Stern <stern@...land.harvard.edu>, Andrea Parri <parri.andrea@...il.com>, Will Deacon <will@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Nicholas Piggin <npiggin@...il.com>, David Howells <dhowells@...hat.com>, Jade Alglave <j.alglave@....ac.uk>, Luc Maranget <luc.maranget@...ia.fr>, "Paul E. McKenney" <paulmck@...nel.org>, Akira Yokosawa <akiyks@...il.com>, Daniel Lustig <dlustig@...dia.com>, Joel Fernandes <joel@...lfernandes.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, kent.overstreet@...il.com, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Marco Elver <elver@...gle.com>, Mark Rutland <mark.rutland@....com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Catalin Marinas <catalin.marinas@....com>, linux-arm-kernel@...ts.infradead.org, linux-fsdevel@...r.kernel.org Subject: Re: [WIP 0/3] Memory model and atomic API in Rust On Wed, 2024-03-27 at 12:07 -0700, Linus Torvalds wrote: > On Wed, 27 Mar 2024 at 11:51, Kent Overstreet > <kent.overstreet@...ux.dev> wrote: > > > > On Wed, Mar 27, 2024 at 09:16:09AM -0700, comex wrote: > > > Meanwhile, Rust intentionally lacks strict aliasing. > > > > I wasn't aware of this. Given that unrestricted pointers are a real > > impediment to compiler optimization, I thought that with Rust we > > were > > finally starting to nail down a concrete enough memory model to > > tackle > > this safely. But I guess not? > > Strict aliasing is a *horrible* mistake. > > It's not even *remotely* "tackle this safely". It's the exact > opposite. It's completely broken. > > Anybody who thinks strict aliasing is a good idea either > > (a) doesn't understand what it means > > (b) has been brainwashed by incompetent compiler people. > > it's a horrendous crock that was introduced by people who thought it > was too complicated to write out "restrict" keywords, and that > thought > that "let's break old working programs and make it harder to write > new > programs" was a good idea. > > Nobody should ever do it. The fact that Rust doesn't do the C strict > aliasing is a good thing. Really. Btw, for the interested, that's a nice article on strict aliasing: https://blog.regehr.org/archives/1307 Dennis Ritchie, the Man Himself, back in the 1980s pushed back quite strongly on (different?) aliasing experiments: https://www.yodaiken.com/2021/03/19/dennis-ritchie-on-alias-analysis-in-the-c-programming-language-1988/ No idea why they can't just leave C alone... It's not without reason that new languages like Zig and Hare want to freeze the language (standard) once they are released. P. > > I suspect you have been fooled by the name. Because "strict aliasing" > sounds like a good thing. It sounds like "I know these strictly can't > alias". But despite that name, it's the complete opposite of that, > and > means "I will ignore actual real aliasing even if it exists, because > I > will make aliasing decisions on entirely made-up grounds". > > Just say no to strict aliasing. Thankfully, there's an actual > compiler > flag for that: -fno-strict-aliasing. It should absolutely have been > the default. > > Linus >
Powered by blists - more mailing lists