Skip to content

Ch. 20: Address soundness issues and introduce Miri #4062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chriskrycho merged 6 commits into from
Nov 6, 2024
Merged

Ch. 20: Address soundness issues and introduce Miri #4062

chriskrycho merged 6 commits into from
Nov 6, 2024

Conversation

@chriskrycho
Copy link
Contributor

@chriskrycho chriskrycho commented Oct 9, 2024
edited
Loading

This makes three major changes to the unsafe section:

  • It uses the newly-stabilized1 &raw borrow operator to more safely get raw pointers, with &raw const and &raw mut respectively. These provide a safe way of getting raw pointers. These are part of the Rust effort to handle provenance correctly and thereby make unsafe safer and easier to work with—and while we’re not going to get into those details, this is definitely a better way to work than the cast as *const i32 and as *mut i32.

  • It updates the static mut COUNTER example to use an unsafe fn instead of a safe function around an unsafe block, since it is necessary for the caller to guarantee that the function is not called from multiple threads. To make the existing safe function actually safe, it would need to introduce some kind of locking mechanism, I think. Leaving it as an unsafe function gives us a nice opportunity to include // SAFETY: … comments, though, and thus to teach a bit more about idiomatic authoring and usage of unsafe code.

  • It introduces Miri at the end of the section! I used Miri to investigate some of the issues folks had flagged up, and credit to the Miri team: it is very easy to use. The main thing I think we should think about here is whether we need more prose or explanation around installing nightly Rust.

Footnotes

  1. as of Rust 1.82.0, which landed on 2024/10/16

This was linked to issues Oct 9, 2024
Listing 19-03 is potentially UB under Stacked Borrows #3014
Closed
19.1 has an unsound example and does not explain it #3013
Closed
Do not use as to convert reference to pointer #3305
Closed
@chriskrycho chriskrycho mentioned this pull request Oct 9, 2024
Closed
@chriskrycho chriskrycho marked this pull request as draft October 9, 2024 20:10
@chriskrycho chriskrycho force-pushed the unsafe-fixes branch 3 times, most recently from 19f8321 to 99d74db Compare October 16, 2024 17:15
@chriskrycho chriskrycho mentioned this pull request Oct 31, 2024
Merged
@chriskrycho
Use new &raw feature for sound raw pointer usage.
2b1ddf4 
Note: this requires Rust 1.82.0, and will be easiest to merge after that
version is stabilized in two weeks. Since it is blocked on that anyway,
I am also basing it on top of the listing changes.
@chriskrycho
Ch. 20: Fix safety handling in the static mut example
48d0b76 
- Add `SAFETY` documentation on the unsafe function and comments on the
  unsafe invocation in the code samples.
- Discuss the soundness issues in more depth and explain the idiomatic
  use of those `SAFETY` comments.
@chriskrycho
Introduce basic usage of Miri in the unsafe chapter
3fdb520
@chriskrycho
Ch. 20: correct text about how we got raw pointers
e934f31 
We no longer get the raw pointers from references, although we *could*,
because we can now use the raw pointer operator rather than an `as` cast
and thus can get them directly from a variable in scope.
@chriskrycho chriskrycho marked this pull request as ready for review November 6, 2024 19:37
@chriskrycho chriskrycho merged commit 777a5ba into main Nov 6, 2024
@chriskrycho chriskrycho deleted the unsafe-fixes branch November 7, 2024 20:46
@rustbot rustbot mentioned this pull request Nov 18, 2024
Merged
This was referenced Dec 16, 2024
Closed
Merged
@chriskrycho chriskrycho mentioned this pull request Jan 14, 2025
Merged
abemassry added a commit to abemassry/book that referenced this pull request Jun 12, 2025
@abemassry
Fix 20.1 Miri unsafe code section
ec60067 
Fixes rust-lang#4338 Wrong concept in subsection "Using Miri to check unsafe code"
of section "20.1. Unsafe Rust"

This is a followup to PR rust-lang#4062

This PR adds a working example of using Miri where the code will compile
and run without warnings or errors, but with undefined behavior while it
runs. After running it through Miri though it correctly identifies the
data race.

Feedback welcome on matching the text to the books style. Or if anyone
wants to collaborate on other examples of Miri output.
@abemassry abemassry mentioned this pull request Jun 12, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@chriskrycho