-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I/O safety. #87329
I/O safety. #87329
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
fbe1b82
to
712182c
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I don't know how feasible this would be, but I wonder if we could eliminate (To clarify, though, that kind of cleanup belongs in a follow-up, not in the initial introduction of this.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good @sunfishcode, just some small comments.
/// so it can be used in FFI in places where a handle is passed as a consumed | ||
/// argument or returned as an owned value, and is never null. | ||
/// | ||
/// Note that it *may* have the value `INVALID_HANDLE_VALUE`. See [here] for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as about with regard to INVALID_HANDLE_VALUE
.
In case it's relevant here, Windows essentially has two types of I/O
In both cases, zero is not a valid handle. It's also guaranteed that a kernel handle will not have the lowest two bits set. A pseudo handle has no such restriction and indeed may intentionally make use of the lowest two bits to distinguish themselves from "real" handles. Therefore (I'm also pretty sure a kernel handle will always be less than I'm uncertain if this information is helpful to anyone but I just wanted to document some of what I know. |
Thanks @ChrisDenton! Do you by chance know of an authoritative reference stating that zero is not a valid handle? The code here assumes that, and for various reasons it seems like a safe assumption, but if there's official documentation about this, I'd like to cite it. |
Unfortunately I do not. It shakes out that way, as you note, for various practical reasons but I don't know that it's explicitly documented anywhere. |
@sunfishcode From GetStdHandle:
So here a NULL I/O handle means "no handle". You can redirect stdin etc to any I/O handle (where "I/O handle" means "can be passed to I admit this falls short of explicit documentation but it's the closest I can find. You could also cite functions such as In short there's no explicit documentation that covers all types of handles but, as the blog you linked to notes, the very fact that it was a "toss up" whether to use NULL to signal an error is a good indication that it's not a valid handle, And unlike (more broadly, it would likely break a lot of things if NULL were ever to become valid but this is supposition on my part). |
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
I/O safety is now [in Rust Nightly]; add a mode to io-lifetimes to use std's types and traits. See the blurb in README.md for more details. [in Rust Nightly]: rust-lang/rust#87329
Implement `AsFd`, `From<OwnedFd>`, and `Into<OwnedFd>` for `UnixListener`. This is a follow-up to rust-lang#87329.
…-io-safety, r=joshtriplett Implement `AsFd` etc. for `UnixListener`. Implement `AsFd`, `From<OwnedFd>`, and `Into<OwnedFd>` for `UnixListener`. This is a follow-up to rust-lang#87329. r? `@joshtriplett`
Fix WinUWP std compilation errors due to I/O safety I/O safety for Windows has landed in rust-lang#87329. However, it does not cover UWP specific parts and prevents all UWP targets from building. See YtFlow/Maple#18. This PR fixes these compile errors when building std for UWP targets.
Fix WinUWP std compilation errors due to I/O safety I/O safety for Windows has landed in rust-lang#87329. However, it does not cover UWP specific parts and prevents all UWP targets from building. See YtFlow/Maple#18. This PR fixes these compile errors when building std for UWP targets.
In case this is useful, we discovered that this change adds ambiguity for code that was relying on
Where |
Thanks for reporting this! I've now filed #89955 to track this. |
Copy the relevant trait implementations from the Unix default.
Minimally comply with with rust-lang#87329 to avoid breaking tests on L4Re.
I don't know if there's another way to handle this, but the |
…r=workingjubilee kmc-solid: I/O safety Adds the I/O safety API (rust-lang#87329) for socket file descriptors in [`*-kmc-solid_*`](https://doc.rust-lang.org/nightly/rustc/platform-support/kmc-solid.html) Tier 3 targets. All new public items are gated by the `solid_ext` library feature. This PR adds the following public types and traits: std::os::solid::io::AsFd std::os::solid::io::BorrowedFd std::os::solid::io::OwnedFd std::os::solid::prelude::AsFd (re-export) std::os::solid::prelude::BorrowedFd (re-export) std::os::solid::prelude::OwnedFd (re-export) And trait implementations: From<std::net::TcpListener> for std::os::solid::io::OwnedFd From<std::net::TcpStream> for std::os::solid::io::OwnedFd From<std::net::UdpSocket> for std::os::solid::io::OwnedFd From<std::os::solid::io::OwnedFd> for std::net::TcpListener From<std::os::solid::io::OwnedFd> for std::net::TcpStream From<std::os::solid::io::OwnedFd> for std::net::UdpSocket std::fmt::Debug for std::os::solid::io::BorrowedFd<'_> std::fmt::Debug for std::os::solid::io::OwnedFd std::io::IsTerminal for std::os::solid::io::BorrowedFd<'_> std::io::IsTerminal for std::os::solid::io::OwnedFd std::os::fd::AsRawFd for std::os::solid::io::BorrowedFd<'_> std::os::fd::AsRawFd for std::os::solid::io::OwnedFd std::os::fd::FromRawFd for std::os::solid::io::OwnedFd std::os::fd::IntoRawFd for std::os::solid::io::OwnedFd std::os::solid::io::AsFd for &impl std::os::solid::io::AsFd std::os::solid::io::AsFd for &mut impl std::os::solid::io::AsFd std::os::solid::io::AsFd for Arc<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for Box<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for Rc<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for std::net::TcpListener std::os::solid::io::AsFd for std::net::TcpStream std::os::solid::io::AsFd for std::net::UdpSocket std::os::solid::io::AsFd for std::os::solid::io::BorrowedFd<'_> std::os::solid::io::AsFd for std::os::solid::io::OwnedFd Taking advantage of the above change, this PR also refactors the internal details of `std::sys::solid::net` to match the design of other targets, e.g., by redefining `Socket` as a newtype of `OwnedFd`.
…r=workingjubilee kmc-solid: I/O safety Adds the I/O safety API (rust-lang#87329) for socket file descriptors in [`*-kmc-solid_*`](https://doc.rust-lang.org/nightly/rustc/platform-support/kmc-solid.html) Tier 3 targets. All new public items are gated by the `solid_ext` library feature. This PR adds the following public types and traits: std::os::solid::io::AsFd std::os::solid::io::BorrowedFd std::os::solid::io::OwnedFd std::os::solid::prelude::AsFd (re-export) std::os::solid::prelude::BorrowedFd (re-export) std::os::solid::prelude::OwnedFd (re-export) And trait implementations: From<std::net::TcpListener> for std::os::solid::io::OwnedFd From<std::net::TcpStream> for std::os::solid::io::OwnedFd From<std::net::UdpSocket> for std::os::solid::io::OwnedFd From<std::os::solid::io::OwnedFd> for std::net::TcpListener From<std::os::solid::io::OwnedFd> for std::net::TcpStream From<std::os::solid::io::OwnedFd> for std::net::UdpSocket std::fmt::Debug for std::os::solid::io::BorrowedFd<'_> std::fmt::Debug for std::os::solid::io::OwnedFd std::io::IsTerminal for std::os::solid::io::BorrowedFd<'_> std::io::IsTerminal for std::os::solid::io::OwnedFd std::os::fd::AsRawFd for std::os::solid::io::BorrowedFd<'_> std::os::fd::AsRawFd for std::os::solid::io::OwnedFd std::os::fd::FromRawFd for std::os::solid::io::OwnedFd std::os::fd::IntoRawFd for std::os::solid::io::OwnedFd std::os::solid::io::AsFd for &impl std::os::solid::io::AsFd std::os::solid::io::AsFd for &mut impl std::os::solid::io::AsFd std::os::solid::io::AsFd for Arc<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for Box<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for Rc<impl std::os::solid::io::AsFd> std::os::solid::io::AsFd for std::net::TcpListener std::os::solid::io::AsFd for std::net::TcpStream std::os::solid::io::AsFd for std::net::UdpSocket std::os::solid::io::AsFd for std::os::solid::io::BorrowedFd<'_> std::os::solid::io::AsFd for std::os::solid::io::OwnedFd Taking advantage of the above change, this PR also refactors the internal details of `std::sys::solid::net` to match the design of other targets, e.g., by redefining `Socket` as a newtype of `OwnedFd`.
Introduce
OwnedFd
andBorrowedFd
, and theAsFd
trait, andimplementations of
AsFd
,From<OwnedFd>
andFrom<T> for OwnedFd
for relevant types, along with Windows counterparts for handles and
sockets.
Tracking issue: #87074
RFC: https://github.com/rust-lang/rfcs/blob/master/text/3128-io-safety.md
Highlights:
RawHandle
struct the Windows impl, which had the same name as theRawHandle
type alias, and its functionality is now folded intoHandle
.Managing five levels of wrapping (File wraps sys::fs::File wraps sys::fs::FileDesc wraps OwnedFd wraps RawFd, etc.) made for a fair amount of churn and verbose as/into/from sequences in some places. I've managed to simplify some of them, but I'm open to ideas here.
r? @joshtriplett