Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Describe efficiently creating a Vec of zeroes #48

Closed
wants to merge 2 commits into from

Conversation

Shnatsel
Copy link
Contributor

No description provided.

@nnethercote
Copy link
Owner

I wonder if this needs to be said. How else would you intialize a Vec of zeroes?

@Shnatsel
Copy link
Contributor Author

Shnatsel commented Dec 14, 2022

I've seen a developer use .resize(length, 0), realize it's too slow, change it to mem::uninitialized, and end up with a security vulnerability. I wrote an entire blog post about this.

@Shnatsel
Copy link
Contributor Author

The standard library documentation did add a notice about it after my blog post - open the Vec docs and Ctrl+F "This may be more efficient than performing allocation and initialization in separate steps, especially when initializing a vector of zeros:"

@bobrik
Copy link

bobrik commented Dec 14, 2022

The fix for the bug you reported:

It replaces unsafe code. Using std::mem::uninitialized (deprecated) and new std::mem::MaybeUninit are also unsafe.

nnethercote added a commit that referenced this pull request Dec 16, 2022
@nnethercote
Copy link
Owner

This is a good suggestion. I'm picky about the text of the perf book so I ended up rewriting the paragraph from scratch, in 3e165fb, so there is no need to merge this PR. Thank you for the contribution!

BTW, from your blog post:

There is a tool that can detect reads from uninitialized memory, called Memory Sanitizer, but it currently doesn’t work with Rust standard library. So unless you completely avoid using Rust standard library, there is no tool that let you detect reads from uninitialized memory in Rust.

Valgrind's Memcheck tool detects unsafe uses of uninitialized memory. Also, miri might be able to as well, though I'm not sure about that.

@Shnatsel
Copy link
Contributor Author

Yes, Miri does detect use of uninit memory as well. At the time of writing the blog post it didn't exist. Also, neither Valgrind nor Miri can be combined with fuzzing.

There are even more tools for detecting use of uninit, which are listed in the README: https://github.com/Shnatsel/libdiffuzz#see-also

Fortunately Memory Sanitizer now works well with Rust, and can be combined with fuzzing, so that's what I use these days. It makes libdiffuzz pretty much obsolete.

@Shnatsel
Copy link
Contributor Author

Since the wording is being changed anyway, should I create issues instead of pull requests in the future?

@nnethercote
Copy link
Owner

Probably makes sense, yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants