On Wed Mar 26, 2025 at 8:06 PM CET, Tamir Duberstein wrote:
On Wed, Mar 26, 2025 at 1:36 PM Benno Lossin benno.lossin@proton.me wrote:
On Wed Mar 26, 2025 at 5:57 PM CET, Tamir Duberstein wrote:
In the current code you're looking at, yes. But in the code I have locally I'm transmuting `[u8]` to `BStr`. See my earlier reply where I said "Hmm, looking at this again we can just transmute ref-to-ref and avoid pointers entirely. We're already doing that in `CStr::from_bytes_with_nul_unchecked`".
`CStr::from_bytes_with_nul_unchecked` does the transmute with references. That is a usage that the docs of `transmute` explicitly recommend to change to an `as` cast [1].
RIght. That guidance was written in 2016 (https://github.com/rust-lang/rust/pull/34609) and doesn't present any rationale for `as` casts being preferred to transmute. I posted a comment in the most relevant issue I could find: https://github.com/rust-lang/rust/issues/34249#issuecomment-2755316610.
Not sure if that's the correct issue, maybe we should post one on the UCG (unsafe code guidelines). But before that we probably should ask on zulip...
No idea about provenance still.
Well that's not surprising, nobody was thinking about provenance in 2016. But I really don't think we should blindly follow the advice in this case. It doesn't make an iota of sense to me - does it make sense to you?
For ptr-to-int transmutes, I know that they will probably remove provenance, hence I am a bit cautious about using them for ptr-to-ptr or ref-to-ref.
I tried to find some existing issues about the topic and found that there exists a clippy lint `transmute_ptr_to_ptr`. There is an issue asking for a better justification [1] and it seems like nobody provided one there. Maybe we should ask the opsem team what happens to provenance when transmuting?
Yeah, we should do this - but again: not relevant in this discussion.
I think it's pretty relevant.
It's not relevant because we're no longer talking about transmuting pointer to pointer. The two options are:
- transmute reference to reference.
- coerce reference to pointer, `as` cast pointer to pointer (triggers
`ptr_as_ptr`), reborrow pointer to reference.
If anyone can help me understand why (2) is better than (1), I'd certainly appreciate it.
I am very confident that (2) is correct. With (1) I'm not sure (see above), so that's why I mentioned it.
--- Cheers, Benno