Re: C aggregate passing (Rust kernel policy)

From: Ventura Jack
Date: Thu Feb 27 2025 - 09:59:49 EST

Next message: Christophe Leroy: "Re: [next-20250226]Build Failure"
Previous message: Frediano Ziglio: "[PATCH v2] xen: Add support for XenServer 6.1 platform device"
In reply to: Gary Guo: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Ventura Jack: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 26, 2025 at 1:33 PM Gary Guo <gary@xxxxxxxxxxx> wrote:
>
>
> If you translate some random C code to all-unsafe Rust I think there's
> a good chance that it's (pedantically) undefined C code but well
> defined Rust code!

I do not believe that this holds all that often. If you look at the bug
reports for one C to Rust transpiler,

https://github.com/immunant/c2rust/issues

some of them have basic C code. A major issue is that C, especially
when "strict aliasing" is turned off through a compiler option,
often in code have aliasing, while unsafe Rust does not protect
against all aliasing and have stricter requirements in some
ways. So it can often be the case that the original C code has
no UB, but the transpiled unsafe Rust version has UB.

The blog posts.

https://lucumr.pocoo.org/2022/1/30/unsafe-rust/
https://chadaustin.me/2024/10/intrusive-linked-list-in-rust/

also touch on this.

Best, VJ.

Next message: Christophe Leroy: "Re: [next-20250226]Build Failure"
Previous message: Frediano Ziglio: "[PATCH v2] xen: Add support for XenServer 6.1 platform device"
In reply to: Gary Guo: "Re: C aggregate passing (Rust kernel policy)"
Next in thread: Ventura Jack: "Re: C aggregate passing (Rust kernel policy)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]