Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do ZST Boxes violate provenance monotonicity? #529

Closed
joshlf opened this issue Aug 29, 2024 · 4 comments · Fixed by rust-lang/rust#129748
Closed

Do ZST Boxes violate provenance monotonicity? #529

joshlf opened this issue Aug 29, 2024 · 4 comments · Fixed by rust-lang/rust#129748

Comments

@joshlf
Copy link

joshlf commented Aug 29, 2024

(Writing on my phone; apologies for the lack of formatting.)

Per the Box module-level docs:

For zero-sized values, the Box pointer still has to be valid for reads and writes and sufficiently aligned. In particular, casting any aligned non-zero integer literal to a raw pointer produces a valid pointer, but a pointer pointing into previously allocated memory that since got freed is not valid. The recommended way to build a Box to a ZST if Box::new cannot be used is to use ptr::NonNull::dangling.

I'm trying to interpret "pointer pointing into previously allocated memory." IIUC, an integer whose address is the same as previously-allocated memory should be fine, so what really distinguishes these two cases is whether or not the pointer in question has provenance for the previously-freed allocation.

However, this implies that Box violates provenance monotonicity: an operation with a provenance-free pointer (one cast from a bare integer) is sound, while the same operation with a provenance-carrying integer is not.

Am I understanding this correctly?
@joshlf joshlf mentioned this issue Aug 29, 2024
Merged
@RalfJung
Copy link
Member

RalfJung commented Aug 29, 2024
edited
Loading

Good catch! That's an outdated copy of the pointer validity docs that hasn't been updated for rust-lang/rust#117945.

@RalfJung RalfJung mentioned this issue Aug 29, 2024
Merged
rust-timer added a commit to rust-lang-ci/rust that referenced this issue Sep 3, 2024
@rust-timer
Unrolled build for rust-lang#129748
6bcdd3d 
Rollup merge of rust-lang#129748 - RalfJung:box-validity, r=workingjubilee

Box validity: update for new zero-sized rules

Fixes rust-lang/unsafe-code-guidelines#529

Cc `@joshlf` `@rust-lang/opsem`
@joshlf joshlf mentioned this issue Sep 7, 2024
Open
@RalfJung
Copy link
Member

RalfJung commented Sep 8, 2024
edited
Loading

Funny... the PR with the "fixes" annotation got merged a week ago, but now @saethlin pushing this somewhere led to the issue actually getting closed...

@saethlin
Copy link
Member

saethlin commented Sep 8, 2024

Yeah... that was me updating my fork. There's some kind of GitHub bug here.

@RalfJung
Copy link
Member

RalfJung commented Sep 9, 2024

I think it might be a permission thing. bors doesn't have permissions to close issues in this repo, but you do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Box validity: update for new zero-sized rules RalfJung/rust
3 participants
@RalfJung @joshlf @saethlin