Groups | Search | Server Info | Login | Register

Groups > comp.os.vms > #378165

Re: Unsafe code blocks

From cross@spitfire.i.gajendra.net (Dan Cross)
Newsgroups comp.os.vms
Subject Re: Unsafe code blocks
Date 2025-11-16 02:16 +0000
Organization PANIX Public Access Internet and UNIX, NYC
Message-ID <10fbc6h$4hb$1@reader2.panix.com> (permalink)
References <10f4oi1$25lkk$2@dont-email.me>

Show all headers | View raw

In article <10f4oi1$25lkk$2@dont-email.me>,
Simon Clubley  <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote:
>On 2025-11-12, Arne Vajhøj <arne@vajhoej.dk> wrote:
>>
>> using System;
>>
>> namespace AAX
>> {
>>      public class Program
>>      {
>>          public static void Main(string[] args)
>>          {
>>              int[] a = new int[4];
>>              unsafe
>>              {
>>                  fixed (int* hack = &a[0])
>>                  {
>>                      for(int i = 0; i < 5; i++)
>>                      {
>>                          hack[i] = i;
>>                          Console.WriteLine(i);
>>                      }
>>                  }
>>              }
>>          }
>>      }
>> }
>>
>> 0
>> 1
>> 2
>> 3
>> 4
>>
>> unsafe { } clearly reveal that something fishy is going on.
>
>The unsafe keyword is a hack implemented in languages that have not been
>designed correctly.

Wait, Simon, tell me how you really feel.

>The Ada approach, of disabling checks on a specific
>reference to a variable instead of disabling checks within a whole block
>of code, is far superior.

It's unclear to me how this is materially different.

In Rust, blocks return the value of the last expression they
contain, so an `unsafe` block may refer to a single expression.
However, I disagree with the above in the sense that the ability
to introduce scope when doing something `unsafe` can be
incredibly useful.  But what if the expression is really a
statement?

For example:

```rust
	unsafe {
	    use core::intrinsics::volatile_copy_memory;
	    let src = entry.virt_page_addr() as *const arch::Page;
	    volatile_copy_memory(page, src, 1);
	}
```

There's no need to leak the existence of `src` or that one is
using the volatile memcpy intrinsic here.  I suppose could could
also write this as,

```rust
	{
	    use core::intrinsics::volatile_copy_memory;
	    let src = entry.virt_page_addr() as *const arch::Page;
	    unsafe {
		volatile_copy_memory(page, src, 1);
	    }
	}
```

etc.


>For example, this is how you do an unsafe conversion in Ada:
>
>https://adaic.org/resources/add_content/docs/95style/html/sec_5/5-9-1.html

This example seems equivalent to an `unsafe fn` in Rust.  An
unsafe conversion of this nature might use `std::mem::transmute`
in that world.

>Also note the availability of the 'Valid attribute to make sure that what
>is in the variable after the unsafe conversion is actually a valid value.

Sum types make this trivial:

    impl SomeType {
        fn try_from(i: i32) -> Option<Self> {
            // if valid, return `Some(whatever`),
            // else return `None`.
        }
    }

>Likewise, 'Unchecked_Access is a way that Ada allows you to do unsafe things
>with pointers:
>
>https://www.adaic.org/resources/add_content/docs/95style/html/sec_5/5-9-3.html

This seems like too coarse of a tool that's overloaded for too
many things.  When will Ada grow up and become an actually safe
language?  :-D

	- Dan C.

Back to comp.os.vms | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Unsafe code blocks Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2025-11-13 14:04 +0000
  Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-13 15:44 -0500
  Re: Unsafe code blocks Marc Van Dyck <marc.gr.vandyck@invalid.skynet.be> - 2025-11-14 12:14 +0100
    Re: Unsafe code blocks John Reagan <johnrreagan@earthlink.net> - 2025-11-14 11:47 -0500
      Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-14 14:02 -0500
        Re: Unsafe code blocks Marc Van Dyck <marc.gr.vandyck@invalid.skynet.be> - 2025-11-17 09:25 +0100
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-17 14:58 -0500
            Re: Unsafe code blocks Chris Townley <news@cct-net.co.uk> - 2025-11-17 20:11 +0000
              Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-17 15:47 -0500
            Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-18 13:10 +0000
      Re: Unsafe code blocks Lawrence D’Oliveiro <ldo@nz.invalid> - 2025-11-14 19:32 +0000
    Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-14 13:55 -0500
      Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-14 20:00 -0500
        Re: Unsafe code blocks Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2025-11-17 18:56 +0000
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-17 14:22 -0500
  Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-16 02:16 +0000
    Re: Unsafe code blocks Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2025-11-17 19:22 +0000
      Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-17 14:55 -0500
        Re: Unsafe code blocks Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> - 2025-11-17 20:33 +0000
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-17 15:55 -0500
      Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-18 12:54 +0000
    Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-18 14:04 -0500
      Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-18 14:07 -0500
        Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-19 16:12 +0000
          Re: Unsafe code blocks Michael S <already5chosen@yahoo.com> - 2025-11-19 19:29 +0200
            Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-19 19:00 +0000
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-19 12:41 -0500
            Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-19 18:19 +0000
              Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-19 14:21 -0500
                Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-19 19:49 +0000
      Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-19 16:02 +0000
        Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-19 20:26 -0500
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-19 20:31 -0500
          Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-19 21:32 -0500
          Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-20 11:54 +0000
            Re: Unsafe code blocks Arne Vajhøj <arne@vajhoej.dk> - 2025-11-20 19:18 -0500
              Re: Unsafe code blocks cross@spitfire.i.gajendra.net (Dan Cross) - 2025-11-21 03:03 +0000

csiph-web