bencher icon indicating copy to clipboard operation
bencher copied to clipboard

Published 20 hours ago verified publisher icon bluss

Mark black_box function as unsafe

Open kitcatier opened this issue 2 years ago • 1 comments

Hello, I found a soundness issue in this crate. https://github.com/bluss/bencher/blob/8afeeb1ccf7d9f58764a343a0099e140703ad287/lib.rs#L590-L596 https://doc.rust-lang.org/std/ptr/fn.read_volatile.html The unsafe function called needs to ensure that the parameter must be :

  • src must be valid for reads.

  • src must be properly aligned.

  • src must point to a properly initialized value of type T.

and the developer who calls the black_box function may not notice this safety requirement. Marking them unsafe also means that callers must make sure they know what they're doing.

kitcatier avatar Mar 17 '23 02:03 kitcatier

please explain how black_box has different requirements than on a hypothetical function black_box2:

pub fn black_box2<T>(dummy: T) -> T {
}

I believe a user has to follow the same rules for calling black_box as black_box2, thus there is nothing that needs to be changed. Otherwise, please point out the details

bluss avatar Mar 18 '23 15:03 bluss