Hacker News new | ask | show | jobs
by Ericson2314 1597 days ago
> In the spirit of being charitable

You are being nice, but even if there is a documentation error, we can prove that if safe rust isn't completely broken, and `& x.field` is allowed in safe Rust, then fields must be aligned. It is just preposterous Rust would be more broken than C in this regard.

> but the syntax is clunkier, you have to use function calls instead of concise operators like * and ->.

Yes I agree, the syntax does suck. I see the macros use an unstable &raw, that would be more concise.

I think would be really good is if x->y in Rust matched &x->y in C. That is nicely orthogonal to dereferencing, and always safe.
1 comments
CheezeIt 1596 days ago
There could be some loophole. If the program globally never makes a reference to a field, must it be aligned? If the field is referenced, could it be that when making a reference, the field gets copied or moved out and a reference is implemented as a pointer to that copy?
link
Ericson2314 1595 days ago
> If the program globally never makes a reference to a field, must it be aligned?

That would be whole-progam analysis which isn't done.

> If the field is referenced, could it be that when making a reference, the field gets copied or moved out and a reference is implemented as a pointer to that copy?

This breaks down with mutation, especially atomics, which are allowed as struct fields.

link
CheezeIt 1594 days ago
> That would be whole-progam analysis which isn't done.

That doesn’t matter.

> This breaks down with mutation, especially atomics, which are allowed as struct fields.

Not true at all. First, the compiler could refrain from doing this sort of code generation on fields with atomics (or any kind of mutable cell). Second, the object could be misaligned in some local contexts sometimes but references passed to functions could be always properly aligned. So a RefCell or atomic could still be copied or moved out and mutated, then moved back in, when the object is known not to have any references.

In general, this is close to reasonable code generation — a local struct could have some of its parts in registers. Its parts might be in noncontiguous stack locations. A language spec needs to specify that a field can be referenced or accessed via its pointer. It might also distinguish this from an alignment guarantee.

link
Ericson2314 1594 days ago
If the compiler is so omnicient, then you should just be able to take the pointer to the field in the unsafe struct too!

Surely such a genius compiler can see "oh, they took a field reference, better make sure that field is aligned" whether the reference is a safe one or not!

link
DSMan195276 1593 days ago
> That would be whole-progam analysis which isn't done.

Yet.

link