Safe SIMD in Rust, Even on the Inside – By Sergey "Shnatsel" Davidoff
The article discusses techniques for using SIMD (Single Instruction, Multiple Data) operations safely in Rust, including on the internal side of libraries. It covers how to leverage the portable_simd feature and safe abstractions to avoid unsafe code while still achieving performance gains from vectorization.
Background
- Sergey "Shnatsel" Davidoff is a prominent Rust security researcher (formerly ISRG/Rust Foundation) focused on memory safety.
- SIMD (Single Instruction, Multiple Data) lets CPUs process multiple values in one instruction, crucial for performance in parsing, crypto, etc. In Rust, SIMD has traditionally required `unsafe` code.
- Rust's `std::simd` module introduced "safe" SIMD wrappers, but the article shows that even these can enable undefined behavior when used across FFI boundaries or inside a crate's private internals.
- The piece dissects a real bug in the `simd-json` crate where safe SIMD code accidentally violated memory safety, and proposes design patterns for truly safe SIMD within a project.
- This matters because Rust's core promise is "fearless concurrency" and memory safety without a GC; gaps in that guarantee erode trust in the ecosystem's foundations.