Consider using pointers for handle types rather than isize
#3093
Comments
|
Thanks for the reminder. I've been meaning to just make the switch here. |
|
The only real challenge is that the Win32 metadata assumes many of these have integer values for invalid values:
Then
We'll need a solution to this before proceeding. |
|
On the other hand, there are already some handles that use a pointer and use integer invalid values. 🤪
So updating code gen to manually cast for such pointer handles would seem like a suitable solution:
|
|
That looks good to me. It would be slightly nicer to specialize the |
|
I don't agree with this change at all, just noting that here for the record. This issue opens with an invalid assertion that "some types of handle that are actually pointers". That's an irrelevant implementation detail. |
|
Honestly, I just want to stop having to argue about this one way or the other. |
|
I just don't see this as any less "correct" than the canonical definitions in the Windows headers that, for the most part, use Whether this is more correct is debatable and subjective and since the Rust Standard Library has already taken a position on this, I don't see any benefit in windows-rs taking a different approach. |
|
Another problematic example is |
|
Remaining faithful to the original definitions would make handles |
Can metadata add some disambiguation? Even if the metadata types remain the same, perhaps an attribute could be added for C pointer types? |
|
I have expressed my opinion in various threads and posts, but I am willing to move past that and align to the consensus here. Would it be easier if we made this change to the upstream metadata? We should also, at the end of this, inform the folks working on Rust pointer provenance. (Not going to @ tag them until later.) |
That does sound a lot easier than hacking a workaround... |
|
What's the proposed change for metadata? We seem to already emit most handle types as |
|
|
|
Ah right. I remember now we're using an older C# without native integer types. OK, so the change would be to emit all handle types as |
|
From a pointer provenance perspective, in Rust a raw pointer can hold strictly more values than a ptr-sized integer, so it is the "safer" choice in that sense. FWIW, for validity checking I'd use |
|
pointer's aren't thread safe ( |
|
This is actually more correct in terms of safety. Handles are more like Rust pointers in the sense that while you can take their address/value and pass it to another thread, what you do with it will likely not be safe without some other form of synchronization/coordination. You can always wrap them inside another struct that implements |
|
@kennykerr can you please give an example of such work around? I was using the handle of a window in my proxy object and used PostMessageW to safely send a message. Now after upgrading to 0.58 my object is not 'send' any more. |
|
Please open an issue for any additional questions. It's hard to keep track of conversations on closed issues. |
Suggestion
This would be more consistent with the Rust standard library which can't change its
HANDLEtype for stability reasons. There are also some types of handle that are actually pointers, rather than pointer-sized integers. For exampleHMODULEis the base address of a loaded module, although this isn't guaranteed by the docs (I suspect, however, that this could never be changed in practice).This has been talked about extensively elsewhere but I'm creating an issue here for consideration. Note that making this change would likely cause a fair amount of churn, at least in the short term.
The text was updated successfully, but these errors were encountered: