use Rc and Weak Presumably y'all are talking about doubly linked lists, singly linked lists are possible to do efficiently in safe code
-
-
Replying to @ManishEarth @andy_kelley and
There's also the possibility of using non-pointer references to represent the graph, such as indices into an array or some other pool data structure that holds the nodes
4 replies 0 retweets 8 likes -
Replying to @jckarter @ManishEarth and
This is the right answer in practice, if LinkedList<T> doesn’t work for you.
1 reply 0 retweets 2 likes -
I mean, for 99.9% of "practice" the right answer is "don't use a linked list", but for the remaining 0.1% ...
3 replies 0 retweets 3 likes -
Replying to @stephentyrone @pcwalton and
(More generally, for 99.9% of "data structures that you believe require unsafe" the right answer is "use indices instead of pointers, if you must.")
1 reply 0 retweets 4 likes -
Replying to @stephentyrone @pcwalton and
This is kinda true, but on the flip side it reinvents UAF.
1 reply 0 retweets 4 likes -
Replying to @RichFelker @stephentyrone and
The whole point (IMO; other aspects like bounds checking are relatively easier to solve) of advanced memory-safety in Rust is eliminating UAF - making it so there's no such thing as references to freed objects that can alias new unrelated objects.
1 reply 0 retweets 1 like -
Replying to @RichFelker @stephentyrone and
If you just use indices, now your indices are outside of that regime and can index a slot that's been freed and reused for something new. You just recreated C on top of Rust. Yay.
3 replies 0 retweets 2 likes -
Replying to @RichFelker @pcwalton and
You can invalidate indices by e.g. incrementing a generation field, since all accesses get mediated through the containing object anyway. This has some performance cost, but mostly eliminates this class of bugs.
2 replies 0 retweets 4 likes -
Replying to @stephentyrone @RichFelker and
This is obviously not perfect, since it requires some work on the part of the programmer to accomplish safely, but with only appropriate library abstractions I think you can make it the path of least resistance.
1 reply 0 retweets 2 likes
I just realized that this is just ARM MTE implemented in software. Though with the added benefit of having a generation field larger than, y’know, 4 bits.
-
-
Replying to @pcwalton @stephentyrone and
arm64_32, except sizeof(void*) is still 8 bytes, so you have 32 bits of generation field
1 reply 0 retweets 1 like -
Or if it doesn't affect performance too measurably, 64 bits of generation field so there's no question of rollover.
0 replies 0 retweets 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.