-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Imported document about undefined behavior and safe api in LLD #127
base: main
Are you sure you want to change the base?
Imported document about undefined behavior and safe api in LLD #127
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @pellico -- I gave this an initial read today, found a few suggestions. I'd like to read through it again and review.
I'd suggest posting a link to this PR into the Zulip to see if we can have further review by others as well 🙂
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Pete LeVasseur <[email protected]>
…43/pellico/safety-critical-rust-consortium into rust_safety_low_level_driver
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting read. I left some comments, mostly grammar related.
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Show resolved
Hide resolved
- C API are by default unsafe. Are not referring to external C | ||
program? If the previous definition holds, they should be considered | ||
safe. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thought here would be that because as you defined for the unsafe block,
the contract necessary to call the operations inside the block has been checked by the programmer and is guaranteed to be respected
Any calls made via C API should be considered default unsafe until a programmer checks to ensure the contract of the API is fulfilled and Rust's safety guarantees will be met.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry but I don't fully understand this comment.
I am trying to explain that there is a contradiction between the statement:
Rust`s safety guarantees only cover what the program itself can do, and
not what entities outside the program can do to it.
and the fact that FFI (external word) are considered unsafe by the compiler.
Moreover the definition of unsafe block is copied from here
Are you proposing a change in the text ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was not proposing a change in the text. I just didn't understand that you were setting up a contradiction there.
I understand what you are saying now, after reading your reply. Perhaps you could consider making that section more explicit, or you could just leave it as is.
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
...ng-guidelines/initiatives/safe-use-of-unsafe-guidelines/rust-embedded-lld-safe-definition.md
Outdated
Show resolved
Hide resolved
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
…guidelines/rust-embedded-lld-safe-definition.md Co-authored-by: Douglas Deslauriers <[email protected]>
No description provided.