Mmap and transmute / Is there a safe way?


#1

Recently while working on something in C++ I realized that I haven’t the slightest idea how I’d manage to do the same thing in safe Rust.

Basically given a big binary blob on disk, I’m memory mapping the file and have a simple api for getting pointers to const structs so that applications can use the data. It’s entirely read-only, there is no copying data, and it’s pretty fast.

My understanding is that this falls into the boogeyman zone of unsafe Rust and Transmute. But how could a non-copy operation like this take place using only safe Rust? Mem mapping immutable data is a pretty awesome thing in my eyes, but maybe my eyes just haven’t bled enough to notice the terror?


#2

There’s basically no way to use mmap safely on a file that’s writable by untrusted users. Someone could truncate the file, and your next access could SIGBUS; someone could modify the file, which is UB if you’re accessing it through a reference of any kind (both & and &mut amount to a promise to the compiler that the data won’t change, and things like bounds check rematerialization can happen).

If you own the file or are otherwise willing to promise that other processes won’t touch the file while you’re reading it, go ahead and use an unsafe block and reborrowing to get the references. (don’t use transmute, it’s overkill).


#3

“unsafe block and reborrowing” <-- this is the concept I was missing :slight_smile:

Thanks @sorear .