Skip to content

The compiler should error when trying to transmute pointer values with incompatible alignment #95479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hkBst opened this issue Mar 30, 2022 · 2 comments
Open

The compiler should error when trying to transmute pointer values with incompatible alignment #95479

hkBst opened this issue Mar 30, 2022 · 2 comments
Labels
A-type-system Area: Type system C-enhancement Category: An issue proposing an enhancement or a PR with one. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-types Relevant to the types team, which will review and decide on the PR/issue.

Comments

@hkBst
Copy link
Member

hkBst commented Mar 30, 2022

I tried this code:

struct Foo {
    a: i32,
    b: i32,
}

fn main() {
    unsafe {
        let mut array: [u8; 1024] = [1; 1024];
        let foo = std::mem::transmute::<&mut u8, &mut Foo>(&mut array[0]);
        foo.a += 1;
    }
}

I expected to see this happen: the compiler complains about the alignment of the array not being good enough for the struct Foo

Instead, this happened: the compiler did not complain

Meta

rustc --version --verbose:

1.59.0 from the playground

This issue was noticed by the creator of Zig in this blog post: https://andrewkelley.me/post/unsafe-zig-safer-than-unsafe-rust.html.
@hkBst hkBst added the C-bug Category: This is a bug. label Mar 30, 2022
@leonardo-m
Copy link

Yes, here the Zig type system has static guarantee stronger than Rust ones because it (optionally?) keeps track of alignments.

@nagisa
Copy link
Member

nagisa commented Mar 30, 2022
edited
Loading

Worth noting that this is largely just Invalid Code for Reasons, among Some Others, but presuming it didn't really invoke a nicely blooming bouquet of UB, the only way to tell a transmute is possibly producing an underaligned reference would be by tracking alignment of an allocation as part of its Provenance.

In particular one could imagine code like this being considered valid enough:

transmute::<&mut u8, &mut T>(transmute::<&mut T, &mut u8>(v))

an “equivalent” of which in Zig appears to compile down to runtime tests by default. Not necessarily a bad strategy, but also not something transmute can do, given its contract.

@Enselic Enselic added A-type-system Area: Type system T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. C-enhancement Category: An issue proposing an enhancement or a PR with one. and removed C-bug Category: This is a bug. needs-triage-legacy labels Jun 19, 2024
@fmease fmease added A-type-system Area: Type system T-types Relevant to the types team, which will review and decide on the PR/issue. and removed A-type-system Area: Type system labels Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-type-system Area: Type system C-enhancement Category: An issue proposing an enhancement or a PR with one. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-types Relevant to the types team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Enselic @nagisa @ChrisDenton @fmease @leonardo-m @hkBst