Is creating a null refrence safe if it's not used?

IQBigBang · February 24, 2021, 10:53am

I just want to ask a quick question:
When I cast a pointer to reference, does that give the compiler any guarantees even if I don't ever use the reference?
I'm not asking whether it's undefined behavior - I'm sure it is, but I'd also assume that when the reference is never used, it may practically not cause any problems, but I'm not sure as the Rust compiler and the LLVM backend have ways to break code through things like alias analysis if you rely on non-standard behavior. Can anyone who knows the compiler answer me?

jhpratt · February 24, 2021, 11:15am

Whether something practically causes problems doesn't make something safe. You are correct in that it is undefined behavior, and therefore unsafe.

2e71828 · February 24, 2021, 11:16am

The compiler sometimes saves space by using invalid bit patterns, like a null reference, to represent the discriminant in an enum. In particular, you might see Some(ub_nullref) act like None when you don't expect it to.

alice · February 24, 2021, 11:32am

Yes it does. It gives all references the LLVM annotation "dereferencable", which means that the compiler can assume that it is not null. For example, it might conclude that any code path that involves such as cast is unreachable code and just optimize it out.

Yandros · February 24, 2021, 12:14pm

let p: *const () = 0 as _;
let p: &'_ () = unsafe { &*p };
assert!(Some(p).is_some());

yields assertion failed: Some(p).is_some()

A scariest one:

#![feature(never_type)]

fn main ()
{
    let p: *const ! = 0 as _;
    let b: bool;
    if false {
        b = true;
    } else {
        let _p: &'_ ! = unsafe { &*p };
    }
    dbg!(b);
}

Compiles just fine (and crashes when run) – granted, it's not that much about having a NULL reference, but rather, about having any reference at all.

A nice mental model for these things¹, is that the moment you create a Rust reference, you have just asserted to the compiler / language that the pointer is valid to be read-dereferenced (dereferenceable attribute), so that the compiler is allowed to insert spurious dereferences of the reference even if you don't have them in your code.

¹ even though it may be a tad too strict in some cases (but better safe than sorry!), since the status quo right now seems to point to validity of the referee being not a validity but a safety invariant of the reference (e.g., with the never type example above, using a transmute converts the runtime crash into a compile error). But even if that "relaxation" were to happen, being non-NULL and well-aligned is still a validity invariant.

system · June 1, 2021, 10:38am

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Rust reference is never null? help	18	9625	January 12, 2023
How does Rust define null pointers? help	13	1002	March 28, 2024
Memory dynamics with reference vs raw pointers help	6	433	August 1, 2020
About static variables help	6	402	September 2, 2020
How unsafe is my reference type? help	26	2103	January 12, 2023

Is creating a null refrence safe if it's not used?

Related Topics