I have a question about safety, but it is not about the theoretical specification of UB, which I understand to mean "anything can happen because the behavior is undefined". Rather I'm asking about the actual behavior in the case of access to POD, as defined by bytemuck's Pod trait. I have been hesitant to ask this question because I'm not interested in the usual "UB is UB" answer. I know this is not a question that is normally entertained, and if you feel "UB is UB" is the answer, then please just skip this post.

My motivation is that I have the following requirements for my database cache, which is a large array of bytes divided into fixed size blocks.

1. Each block has an id and is owned by a single Table or Index. Block ownership can be transferred, with proper synchronization.
2. The runtime cost for accessing a block is limited to a simple bounds check on the block id, which is just an index into the array.
3. Data races when accessing the blocks should be avoided, but are tolerated in the case of access bugs, because the runtime cost of guaranteeing they will not occur is more than a simple bounds check.
4. Using raw pointers and the large amount of necessary associated unsafe code is not acceptable. Therefore, regular references to blocks are used.
5. As a result of the above requirements, the "mutable xor shared" constraint cannot be guaranteed for references to the cache blocks, across threads or within a single thread.

My understanding of this scenario is that it could cause both data races (which I can tolerate) when accessing a single block in multiple threads, as well as possible miscompilation when violating the "shared xor mutable" rule by accessing a single block via multiple conflicting references within a single thread.

My specific question is whether the miscompilation risk is real. I assume it is, but I'd like to double check with those who more than I do. If so, this rules out Rust for me, which ok -- I'm already resigned to using another language without the "mutable xor shared" restriction. But I'd like to double check my understanding just in case I might possibly be able to use Rust.

Thanks in advance.

1 post - 1 participant

Read full topic