Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soundness conflicts #379

Open
RalfJung opened this issue Nov 24, 2022 · 17 comments
Open

Soundness conflicts #379

RalfJung opened this issue Nov 24, 2022 · 17 comments
Labels
C-list Category: A list/collection of some sort. Please help maintain it!

Comments

@RalfJung
Copy link
Member

RalfJung commented Nov 24, 2022
edited
Loading

Sometimes it happens that two unsafe-using libraries are sound in isolation, but unsound when combined. Each time that happens, Rust has to decide which side to consider sound. Ultimately this boils down to precisely specifying the safety invariants of all our types -- but doing that requires something like RustBelt, so it is hard to have that discussion in full generality. (Also that would involve T-types at least as much as WG-UCG / T-opsem.)

But meanwhile, it would be good to collect the cases of these conflicts here that we find out there in the wild.

The most famous case of this is of course leakpocalypse: Rc vs pre-Rust-1.0-scoped-threads, which famously got decided in favor of Rc (and mem::forget). Another case is that without union and ManuallyDrop, josephine would be sound. Again the resolution for the ecosystem is clearly in favor of unions and ManuallyDrop.

The point of this thread is not to discuss any of these conflicts and figure out which side we want to bless. It is solely to collect the known cases in a central location.

  • take_mut / replace_with vs partial-borrow: see here for details and discussion.
  • mk_static vs Stack Tokens: see reddit for details.
  • Pin is seriously under-specified and probably has quite a few of these conflicts, here is one.
  • "Partial move out of Drop type" vs a pattern that assumes that exactly that does not happen (coming up in this RFC).
  • TLS vs stackful coroutines.
@RalfJung
Copy link
Member Author

I am pretty sure I saw another case of this recently, but forgot where...

@oskgo

This comment was marked as resolved.

Sign in to view
@RustyYato

This comment was marked as resolved.

Sign in to view
@oskgo

This comment was marked as resolved.

Sign in to view
@RustyYato

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@Jules-Bertholet

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@steffahn

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@matklad

This comment was marked as resolved.

Sign in to view
@RalfJung

This comment was marked as resolved.

Sign in to view
@Jules-Bertholet

This comment was marked as off-topic.

Sign in to view
@adamreichold

This comment was marked as off-topic.

Sign in to view
@adamreichold

This comment was marked as resolved.

Sign in to view
@RalfJung RalfJung mentioned this issue Dec 14, 2023
Open
@RalfJung
Copy link
Member Author

RalfJung commented Dec 14, 2023
edited
Loading

This thread is not meant to discuss concrete soundness conflicts, only to collect them. Discussing them all in the same thread would be a big mess.^^

I've opened an issue for the TLS discussion: #484.
Please re-post there; sadly github doesn't allow moving comments. I'm going to lock this issue as otherwise it seems people will inevitably start discussing here, no matter how much one has bold text in the issue description saying not to do that. (No hard feelings, that comment box Github offers is very tempting.) If you have something to add to the list, please mention it on Zulip.

@rust-lang rust-lang locked and limited conversation to collaborators Dec 14, 2023
@saethlin saethlin added the C-list Category: A list/collection of some sort. Please help maintain it! label Dec 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
C-list Category: A list/collection of some sort. Please help maintain it!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@RalfJung @matklad @steffahn @saethlin @adamreichold @RustyYato @Jules-Bertholet @oskgo