Skip to content

Commit 65033ce

Browse files
MesablooMesabloo
committed
justify the need of unsafe blocks
1 parent 83f2c61 commit 65033ce

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

part2-nstar.tex

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -464,6 +464,22 @@ \subsection{Type-checking and scoping problems}\label{subsec:nstar-common-bs-tcs
464464
465465
\section{Unsafe operations}\label{sec:nstar-common-unsafe}
466466
467+
Unsafe operations are operations (sequence of zero or more instructions) whose safety cannot be determined from the current context, or whose evaluation cannot be determined as not UB-provoking (that is, the evaluation may put the application in an unknown state).
468+
Those kind of operations are essential to low-level programming, but we want to put an emphasis on them by separating them from the rest of the normal and safe operations using \texttt{unsafe} blocks.
469+
467470
\subsection{Dereferencing literal addresses}\label{subsec:nstar-common-unsafe-derefliteraladdr}
468471
469472
\subsection{Pointer offsetting}\label{subsec:nstar-common-unsafe-ptroffset}
473+
474+
Stack pointers, because of their type, can be safely offset to point to a valid piece of data.
475+
However, ``normal'' pointers (for example \texttt{*u64}) cannot be safely offset.
476+
While a stack pointers describes the entire structure of the stack (or at least of piece of it), a regular pointer only describes the piece of data it points to.
477+
478+
This is a common idiom in C to use pointers to represent arrays in a contiguous memory (so an array of 6 integers would basically be a $6 * sizeof(int)$ bytes wide chunk of memory, where each index points to a different integer).
479+
\texttt{Vec<T>} in Rust, \texttt{std::vector} in C++ and many other vector types are also implemented in terms of a pointer to a chunk of memory, but with an added container size, allowing to safely access elements of the vector without going out of bounds.
480+
But in Rust, we still need to have some \texttt{unsafe} blocks in your code, in order to use the container.
481+
482+
There is the same problem in N*.
483+
Because there is no built-in array type, we have to rely on pointers to be able to achieve such thing, therefore needing a way to offset a pointer to access the various elements in the array.
484+
It would also be really hard to manipulate plain array types (because, for example, of the size to store with the type).
485+
As offsetting a pointer can lead to an invalid address dereferencing (or at least dereferencing an address which doesn't belong to the application memory, i.e. allocated by another process), it is considered an unsafe operation and therefore needs to be wrapped in an \texttt{unsafe} block.

0 commit comments

Comments
 (0)