View gist:4eae41c5222925519ac365102506a083
<UnscaledFontFontconfig> 0x7f81769b25e0 1 AddRef 1 [thread 0x7f8190f854c0]
#01: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x1b1e7c7]
#02: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x1ae7e5a]
#03: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x1af4d7d]
#04: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x1af5ae5]
#05: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x2c51af8]
#06: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x16872d0]
#07: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x1299e13]
#08: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x12a1900]
#09: ???[/home/gankro/gecko/objdebug/dist/bin/libxul.so +0x12a2a2b]
View working_on_homestuck.md

I was contacted a few weeks ago by someone interested in my time working on Homestuck. I dumped a huge pile of thoughts and feels, and they wrote an article.

The article understandably is fairly edited, but I spent a bunch of time on my replies, and they're pretty personal, so I felt like archiving my response here. So here's the raw content of the email I sent:


So some disclaimers here: I don't have the best memory, and a lot of the relevant history here is content on the MSPA forums, which as far as I can tell have been completely annihilated from the internet. (a genuine tragedy) Consider everything I say to be suffixed with an "(I think?)" :)

View gist:0e87ffc422b1ca9ea3ebc3f93a7de8ee
/// `*mut T` but non-zero and covariant.
///
/// This is often the correct thing to use when building data structures using
/// raw pointers, but is ultimately more dangerous to use because of its additional
/// properties. If you're not sure if you should use `Shared<T>`, just use `*mut T`!
///
/// Unlike `*mut T`, the pointer must always be non-null, even if the pointer
/// is never dereferenced. This is so that enums may use this forbidden value
/// as a discriminant -- `Option<Shared<T>>` has the same size as `Shared<T>`.
/// However the pointer may still dangle if it isn't dereferenced.
View deserialize_webrenderish.s
__ZN7my_test21deserialize_webrender17hecde0d914cb271c7E:
pushq %rbp
movq %rsp, %rbp
pushq %r15
pushq %r14
pushq %r13
pushq %r12
pushq %rbx
subq $264, %rsp
movq %rdx, -264(%rbp)
View _main.rs
#![allow(dead_code)]
#[macro_use]
extern crate serde_derive;
extern crate serde;
extern crate bincode;
use serde::{Deserialize};
use std::{ptr, io, slice};
View deserialize_from.s
__ZN7my_test16deserialize_from17hb61a0712b5bb1dfcE:
pushq %rbp
movq %rsp, %rbp
pushq %r14
pushq %rbx
subq $224, %rsp
movq %rdx, %rbx
movq %rbx, -144(%rbp)
pxor %xmm0, %xmm0
movdqa %xmm0, -192(%rbp)
View deserialize.s
__ZN7my_test11deserialize17hd8cae30d7665ff4eE:
Lfunc_begin17:
.loc 16 60 0
.cfi_startproc
pushq %rbp
Lcfi72:
.cfi_def_cfa_offset 16
Lcfi73:
.cfi_offset %rbp, -16
movq %rsp, %rbp
View deserialize.s
__ZN7my_test11deserialize17hb93d291037dcd9ddE:
Lfunc_begin4:
.cfi_startproc
.cfi_personality 155, _rust_eh_personality
.cfi_lsda 16, Lexception4
pushq %rbp
Lcfi97:
.cfi_def_cfa_offset 16
Lcfi98:
.cfi_offset %rbp, -16
View deserialize.s
__ZN7my_test11deserialize17hb93d291037dcd9ddE:
.cfi_startproc
pushq %rbp
Lcfi95:
.cfi_def_cfa_offset 16
Lcfi96:
.cfi_offset %rbp, -16
movq %rsp, %rbp
Lcfi97:
.cfi_def_cfa_register %rbp
View casts.md

Help Us Benchmark Saturating Float Casts!

TL;DR: please profile/benchmark your code with and without -Zsaturating-float-casts so we can make an informed decision! We are hoping to enable this flag by default in future versions to plug a long-standing soundness hole!

Background

Since long before Rust 1.0, float->int casts have had a soundness hole: if the input value is larger or smaller than the target type can hold (or NaN), the result is Undefined Behaviour. This is because we just lower these casts to LLVM intrinsics, and that's what those intrinsics say.

For instance, -1.0 as u8, 300.0 as i8, NaN as u32, and f32::INFINITY as u128 are all currently UB in Rust.