Crate bulletproof [−] [src]
Bulletproof memory access.
You don't know whether a memory location is valid? Don't worry, Here comes the bulletproof memory access!
Examples
use bulletproof::Bulletproof; use std::ptr; let mut x = 42usize; let y = 42u8; unsafe { let bulletproof = Bulletproof::new(); assert_eq!(bulletproof.load_usize(&x), Ok(42)); assert_eq!(bulletproof.load_usize(ptr::null()), Err(())); assert_eq!(bulletproof.store_usize(&mut x, 37), Ok(())); assert_eq!(bulletproof.store_usize(ptr::null_mut(), 37), Err(())); assert_eq!(bulletproof.load_usize(&x), Ok(37)); assert_eq!(ptr::read(&x), 37); assert_eq!(bulletproof.load(&y), Ok(42)); assert_eq!(bulletproof.load::<[usize; 32]>(ptr::null()), Err(())); }
How?
Internally, Bulletproof::new()
installs a signal handler for segmentation fault (SIGSEGV
),
which recovers from the fault using siglongjmp()
.
Safe?
Even if a location is deallocated, it may still be accessible because it is not returned to the OS yet.
Since Bulletproof::new()
registers a SIGSEGV
signal handler, it may disrupt the existing or
future signal handlers. Most notably, Rust installs a SIGSEGV
signal
handler
for protecting stack from overflow at initialization. By creating a Bulletproof
, stack is no
longer protected.
Why?
You PROBABLY should not use this library: instead of relying on bulletproof access, remove your
segmentation faults! However, if you want to build low-level systems such as virtual machine or
garbage collectors, bulletproof load can be a versatile tool for an additional bit of
efficiency. For example, see the ThreadCrashProtection
class
in Java HotSpot virtual machine.
Structs
Bulletproof |
Bulletproof loader. |