|
10 | 10 | **Note**: a full aliasing model for Rust, defining when aliasing is allowed |
11 | 11 | and when not, has not yet been defined. The purpose of this definition is to |
12 | 12 | define when aliasing *happens*, not when it is *allowed*. The most developed |
13 | | -potential aliasing model so far is known as "Stacked Borrows", and can be found |
14 | | -[here](https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md). |
| 13 | +potential aliasing model so far is [Stacked Borrows][stacked-borrows]. |
15 | 14 |
|
16 | 15 | Consider the following example: |
17 | 16 |
|
@@ -56,6 +55,24 @@ somewhat differently from this definition. However, that's considered a low |
56 | 55 | level detail of a particular Rust implementation. When programming Rust, the |
57 | 56 | Abstract Rust Machine is intended to operate according to the definition here. |
58 | 57 |
|
| 58 | +#### (Pointer) Provenance |
| 59 | + |
| 60 | +The *provenance* of a pointer can be used to distinguish pointers that point to the same memory location. |
| 61 | +For example, doing pointer arithmetic "remembers" the original allocation to which the pointer pointed, so it is impossible to cross allocation boundaries using pointer arithmetic: |
| 62 | + |
| 63 | +```rust |
| 64 | +let raw1 = Box::into_raw(Box::new(13u8)); |
| 65 | +let raw2 = Box::into_raw(Box::new(42u8)); |
| 66 | +let raw2_wrong = raw1.wrapping_add(raw2.wrapping_sub(raw1 as usize) as usize); |
| 67 | +// Now raw2 and raw2_wrong have same *address*... |
| 68 | +assert_eq!(raw2 as usize, raw2_wrong as usize); |
| 69 | +// ...but it would be UB to use raw2_wrong, as it was obtained by |
| 70 | +// cross-allocation arithmetic. raw2_wrong has the wrong *provenance*. |
| 71 | +``` |
| 72 | + |
| 73 | +Another example of pointer provenance is the "tag" from [Stacked Borrows][stacked-borrows]. |
| 74 | +For some more information, see [this blog post](https://www.ralfj.de/blog/2018/07/24/pointers-and-bytes.html) and [this document proposing a more precise definition of provenance for C](http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2364.pdf). |
| 75 | + |
59 | 76 | #### Interior mutability |
60 | 77 |
|
61 | 78 | *Interior Mutation* means mutating memory where there also exists a live shared reference pointing to the same memory; or mutating memory through a pointer derived from a shared reference. |
@@ -140,7 +157,8 @@ requirement of 2. |
140 | 157 |
|
141 | 158 | ### TODO |
142 | 159 |
|
143 | | -* *tag* |
144 | 160 | * *rvalue* |
145 | 161 | * *lvalue* |
146 | 162 | * *representation* |
| 163 | + |
| 164 | +[stacked-borrows]: https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md |
0 commit comments