[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Suppressing SIGBUS signals

Suppressing SIGBUS signals

Posted Jun 30, 2021 15:52 UTC (Wed) by miquels (guest, #59247)
In reply to: Suppressing SIGBUS signals by roc
Parent article: Suppressing SIGBUS signals

A process that panic()s or crashes on invalid memory accesses is inherently safe, isn't it?

The problem with Rust and mmap is that it just doesn't work if you write from one thread or process and read from another - that's instant UB (Undefined Behaviour) and that is _really_ unsafe.

I think the only safe way to read from or write to mmap'ed memory in Rust is to use atomics - mmap it as AtomicU<whatever> and only read/write using the load/store operations on the atomic values.

to post comments

Suppressing SIGBUS signals

Posted Jun 30, 2021 17:59 UTC (Wed) by Wol (subscriber, #4433) [Link] (2 responses)

> A process that panic()s or crashes on invalid memory accesses is inherently safe, isn't it?

And if you're in the aircraft where that software is controlling the plane's fly-by-wire system ... ?

Cheers,
Wol

Suppressing SIGBUS signals

Posted Jun 30, 2021 18:03 UTC (Wed) by mathstuf (subscriber, #69389) [Link] (1 responses)

I've said this elsewhere, but "safe" is a lot like security: it depends on your environment (threat model in security). I don't care much about cosmic rays flipping bits (in the "I should consider this case" sense) and count that as outside of the safety model of my code. NASA can't work with such reckless abandon and have *far* higher concerns about such things. But languages don't save you there: redundancy does.

Aircraft have similarly high standards and I imagine the solution there is along the lines of rip out (or somehow poison) the `panic` function and let the linker tell you that you have a case that isn't *explicitly* handled.

Suppressing SIGBUS signals

Posted Jul 7, 2021 6:48 UTC (Wed) by ssmith32 (subscriber, #72404) [Link]

Yes, I imagine redundancy would be a better solution. Better to have the fly-by-wire fail over to a backup, then try to limp along in some weird state.

Of course, time and again, cost-cutting works against that, and you have cars that share data buses between control systems & the entertainment system :(


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds