|
|
|
|
|
|
by LegionMammal978
397 days ago
|
|
|
> Currently sound Rust code does not depend on the value of uninitialized memory whatsoever. Adding `freeze` means that it can. Arguably, the existence of "asm!() freeze" has already broken this idea. Of course, you nominally don't get any guarantees about the stability of data that asm!() code reads from uninitialized bytes, yet you can do it nonetheless. And it's not like it's practical to say "asm!() code is always unsound if it uses uninitialized bytes like they're numbers!", since lots of it does useful stuff like communicating with the kernel with structs that get serialized, and it can also open up interfaces like mmap() which translate possibly-uninitialized virtual-memory bytes into definite kernel bytes. Not to mention /proc/self/mem and similar kernel-provided debugging utilities that can peek into memory as serialized data. |
|
|