Comments (4)
It's unclear if [Volatile<u8>]
would ever addresses the concerns but if so that's highly file format specific and not generally applicable.
There are various techniques for doing this correctly, like checksums at either the record or file level, doing a volatile comparison after reading or writing, using record-width block ciphers, worrying about syncs, and simply treating the data as unstable throughout the code. Almost all involve reading and writing whole records which makes anything u8
incorrect, except as a basic building block.
from memmap-rs.
I agree that reading and writing entire records would still require further mechanisms to ensure integrity, but using [Volatile<u8>]
means that the data changing while you have a reference to it does not cause undefined behaviour, allowing the data to be accessed safely. Any transformation from a subslice of the [Volatile<u8>]
into a different type where the data having changed partway through reading the subslice could cause UB would require the client to write or invoke further unsafe code, in which case either the client or that unsafe code would be responsible for ensuring that the data was valid.
Furthermore, they couldn't do something like turning it from a [u8]
into a string slice via a safe method, and then having the data change while the string slice referred to it, because the data would have to be copied out of the Volatile
wrapper when it was read into a [u8]
, at which point changes to the mapped data would have no effect on the string slice created
from memmap-rs.
There is a consensus against volatile with remaining options being &[AtomicU8]
with relaxed ordering, or maybe *mut u8
, &[UnsafeCell<u8>]
, &[Cell<u8>]
, or an opaque type with buffer copy methods. Quotes:
"That said, I cannot think of any reason to actually use volatile here, or even think of any case where adding volatile removes UB. Adding volatile helps control the exact accesses that hit the memory subsystem, but I do not think it is ever needed from a UB perspective. So, to the best of my knowledge, &[AtomicU8]
(and making every single access Relaxed) is okay. It is also rather horrible to use, I assume."
"relaxed atomic load/stores are the same as regular load/stores at an assembly level .. [and more optimizable] compared to volatile load/stores"
Relaxed &[AtomicU8]
gives us fence
which prevents the compiler or CPU from optimizing away simple protections like double accesses. In fact checksums, or MAC tags, work without atomics, and provide stronger assurances, but many applications do not require such strong assurances.
from memmap-rs.
I'm looking at code for a userspace device driver that mmap
s in a device file and writes to it. The reason volatile
is needed is because the compiler can't see that the writes are actually being read somewhere. That's the whole reason volatile
exists: to allow optimised programs to use memory-mapped I/O. My first encounter with Volatile
was writing to the x86 frame buffer. It's not thread safety that's needed (probably), but simply to ability to prevent writes from being erased.
from memmap-rs.
Related Issues (20)
- Incorrectly uses usize instead of u64 for file offsets HOT 2
- Support madvise. HOT 4
- what happens if we exceed isize::MAX on 32-bit platforms? HOT 10
- Docs should say why file-backed maps are unsafe HOT 4
- Mmap fails for empty files on Windows HOT 21
- Use with DirectIO HOT 2
- Possible overflow while mapping large files on 32 bit systems HOT 1
- Add an `map_copy_read_only` API HOT 4
- Should anonymous mappings be MAP_SHARED by default?
- Allow anonymous RWX mappings HOT 1
- Implement StableDeref?
- Expose page_size pub function as part of crate api
- Support `Mmap` on platforms without real mmap support HOT 4
- Is this crate still maintained? HOT 15
- Error when mapping large files on Windows HOT 2
- Code 87 when attempting to write files HOT 1
- Handling IO-Errors during operation (which happen with network shares and connection drops) HOT 3
- ❌ mmap.binary_search EXC_BAD_ACCESS HOT 2
- Safety comments are missing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from memmap-rs.