lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <D11A34F5-EA92-4B80-8498-F9764E47EA97@zytor.com>
Date: Tue, 25 Feb 2025 12:37:55 -0800
From: "H. Peter Anvin" <hpa@...or.com>
To: Kent Overstreet <kent.overstreet@...ux.dev>
CC: Alice Ryhl <aliceryhl@...gle.com>, Ventura Jack <venturajack85@...il.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Gary Guo <gary@...yguo.net>, airlied@...il.com, boqun.feng@...il.com,
        david.laight.linux@...il.com, ej@...i.de, gregkh@...uxfoundation.org,
        hch@...radead.org, ksummit@...ts.linux.dev,
        linux-kernel@...r.kernel.org, miguel.ojeda.sandonis@...il.com,
        rust-for-linux@...r.kernel.org
Subject: Re: C aggregate passing (Rust kernel policy)

On February 25, 2025 12:21:06 PM PST, Kent Overstreet <kent.overstreet@...ux.dev> wrote:
>On Tue, Feb 25, 2025 at 10:16:17AM -0800, H. Peter Anvin wrote:
>> On February 25, 2025 9:36:07 AM PST, Alice Ryhl <aliceryhl@...gle.com> wrote:
>> >On Tue, Feb 25, 2025 at 6:21 PM Ventura Jack <venturajack85@...il.com> wrote:
>> >> On the topic of difficulty, even if there was a full specification,
>> >> it might still be difficult to work with aliasing in unsafe Rust.
>> >> For C "restrict", I assume that "restrict" is fully specified, and
>> >> C developers still typically avoid "restrict". And for unsafe
>> >> Rust, the Rust community helpfully encourages people to
>> >> avoid unsafe Rust when possible due to its difficulty.
>> >
>> >This I will not object to :)
>> >
>> >Alice
>> >
>> >
>> 
>> I do have to say one thing about the standards process: it forces a
>> real specification to be written, as in a proper interface contract,
>> including the corner cases (which of course may be "undefined", but
>> the idea is that even what is out of scope is clear.)
>
>Did it, though?
>
>The C standard didn't really define undefined behaviour in a
>particularly useful way, and the compiler folks have always used it as a
>shield to hide behind - "look! the standard says we can!", even though
>that standard hasn't meaninfully changed it decades. It ossified things.
>
>Whereas the Rust process seems to me to be more defined by actual
>conversations with users and a focus on practicality and steady
>improvement towards meaningful goals - i.e. concrete specifications.
>There's been a lot of work towards those.
>
>You don't need a standards body to have specifications.

Whether a spec is "useful" is different from "ill defined."

I know where they came from – wanting to compete with Fortran 77 for HPC, being a very vocal community in the compiler area. F77 had very few ways to have aliasing at all, so it happened to make a lot of things like autovectorization relatively easy. Since vectorization inherently relies on hoisting loads above stores this really matters in that context. 

Was C the right place to do it? That's a whole different question.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ