-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UB in SPI and Serial code #304
Comments
I'd be careful with references and volatile (I came here from the issue you, presumably accidentally, linked). As brought up in rust-lang/unsafe-code-guidelines#265, the compiler can invent reads to them at any time, for any or no reason. The raw_ref_macros may solve that issue though. |
All registers are wrappers around |
@thalesfragoso for more information about that, see the linked thread in the comment above yours. The tl;dr is more or less: that for MMIO, it is unsound since the compiler is allowed to add spurious reads (as long as they don't cause data races) for |
I don't get it, the spurious read from MMIO is indeed a problem (although I don't think is UB) that exists everywhere in the ecosystem, not just in the code linked in this issue. However, I think the issue in discussion here isn't that, but the writing to a memory location derived from an immutable reference, no ? |
yes, which is what I said in the latter part of my comment |
Oh, ok. My comment was addressing this issue btw, not the MMIO one. Edit: Hmm, |
Oh, sorry, I misunderstood then. Going from rust-lang/rust-clippy#4774 |
With the exception of |
Ah, I gotcha now, it wasn't immediately obvious there was |
@repnop pointed out to me that https://github.com/stm32-rs/stm32f1xx-hal/blob/master/src/spi.rs#L261 and the
write_volatile
call inserial.rs
is UB because constructing (or possibly writing) from a pointer created from a non-mut reference is UB.A fix might be to just change it to
But spi.dr does not implement
DerefMut
so this fix does not compile. I don't have time to look into it deeper than that today but we should be aware of this potential UB.Edit: Removed a reference to an unrelated issue
Edit2: Removed the svd2rust part as well
The text was updated successfully, but these errors were encountered: