Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make native functions unsafe #2628

Closed
brson opened this issue Jun 15, 2012 · 4 comments
Closed

Make native functions unsafe #2628

brson opened this issue Jun 15, 2012 · 4 comments
Labels
A-typesystem Area: The type system

Comments

@brson
Copy link
Contributor

brson commented Jun 15, 2012

Very frequently I find myself marveling at the amount of unsafe code I can write without an unsafe block. Using native functions is the fastest way to segfault your rust but it usually doesn't require any special authorization. Unsafe native functions 2012.
@pcwalton
Copy link
Contributor

Agreed, these should be unsafe or explicitly marked safe with the same amount of ceremony required to enter an unsafe block.

@catamorphism
Copy link
Contributor

Agreed as well. Safe should mean "safe".

@pcwalton
Copy link
Contributor

I feel very strongly about this after working on Servo for a while. Most of our exploitable crashes are in safe code. If we don't do this I feel that Rust will, in a practical sense, have no more safety guarantees than C++.

How can a security auditor hope to audit Rust code if every single call could do wildly unsafe things?

@thestinger
Copy link
Contributor

This is now implemented.

RalfJung pushed a commit to RalfJung/rust that referenced this issue Nov 6, 2022
@bors
Auto merge of rust-lang#2638 - DrMeepster:windows-condvars, r=RalfJung
f60a2ae 
Implement condvars for Windows

Adds 3 shims for Windows: `SleepConditionVariableSRW`, `WakeConditionVariable`, `WakeAllConditionVariable` to add support for condvars (which fixes rust-lang#2628).

Salvaged from what was removed from rust-lang#2231
RalfJung pushed a commit to RalfJung/rust that referenced this issue Nov 15, 2022
@bors
Auto merge of rust-lang#2638 - DrMeepster:windows-condvars, r=RalfJung
4828edf 
Implement condvars for Windows

Adds 3 shims for Windows: `SleepConditionVariableSRW`, `WakeConditionVariable`, `WakeAllConditionVariable` to add support for condvars (which fixes rust-lang#2628).

Salvaged from what was removed from rust-lang#2231
Aaron1011 pushed a commit to Aaron1011/rust that referenced this issue Jan 6, 2023
@bors
Auto merge of rust-lang#2638 - DrMeepster:windows-condvars, r=RalfJung
bf0f47b 
Implement condvars for Windows

Adds 3 shims for Windows: `SleepConditionVariableSRW`, `WakeConditionVariable`, `WakeAllConditionVariable` to add support for condvars (which fixes rust-lang#2628).

Salvaged from what was removed from rust-lang#2231
@bjorn3 bjorn3 mentioned this issue Jun 1, 2023
Closed
celinval added a commit to celinval/rust-dev that referenced this issue Jun 4, 2024
@celinval
Delay writing metadata file (no UX impact) (rust-lang#2628)
f024d23 
Kani compiler will now only store KaniMetadata after compiling all harnesses. Before, we were storing before codegen in the first iteration of the compiler.

This will still allow us to generate metadata without actually performing codegen, if we ever implement a `kani list` subcommand. The metadata won't be stored though if Kani fails to codegen. However, we don't do anything extra with that file if the compilation fails.

This change is required for rust-lang#2493 and contracts work. This will allow us to store information collected during code generation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-typesystem Area: The type system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brson @pcwalton @catamorphism @thestinger