-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update ReadDir::next
in std::sys::pal::unix::fs
to use &raw const (*p).field
instead of p.byte_offset().cast()
#134678
base: master
Are you sure you want to change the base?
Conversation
…ptr).field` instead of `ptr.offset(...).cast()`. Also, the macro is only called three times, and all with the same local variable entry_ptr, so just use the local variable directly, and rename the macro to entry_field_ptr.
d_ino: *offset_ptr!(entry_ptr, d_ino) as u64, | ||
d_ino: *entry_field_ptr!(d_ino) as u64, | ||
#[cfg(not(any( | ||
target_os = "solaris", | ||
target_os = "illumos", | ||
target_os = "aix", | ||
target_os = "nto", | ||
)))] | ||
d_type: *offset_ptr!(entry_ptr, d_type) as u8, | ||
d_type: *entry_field_ptr!(d_type) as u8, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any idea why the as
casts are here? Looking at libc
the ino types are just typedefs so it seems they wouldn't be needed. https://github.com/rust-lang/libc/blob/1867bf30eb9d22d3f8e86c2a8c25cf92fe5580da/src/unix/linux_like/linux/mod.rs#L1474-L1480, https://github.com/rust-lang/libc/blob/1867bf30eb9d22d3f8e86c2a8c25cf92fe5580da/src/unix/linux_like/linux/mod.rs#L11, https://github.com/rust-lang/libc/blob/1867bf30eb9d22d3f8e86c2a8c25cf92fe5580da/src/unix/mod.rs#L9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know why the as
casts are there, no. dirent64
is imported as aliases from various different platforms, so maybe the as
casts were added just to make sure it worked (or at least compiled) on any weird platforms where the fields were different type?
Removing the as
casts doesn't make any platforms I've tried with ./x.py check library/std
complain though1, so maybe they could be removed?
Footnotes
-
x86_64-unknown-linux-gnu
,aarch64-unknown-linux-gnu
,aarch64-unknown-freebsd
,arm-linux-androideabi
,armv7-linux-androideabi
,i686-linux-android
↩
library/std/src/sys/pal/unix/fs.rs
Outdated
// To make sure the field actually exists and is visible, | ||
// and we aren't silently doing any Deref coercion. | ||
const _: usize = mem::offset_of!(dirent64, $field); | ||
&raw const (*entry_ptr).$field |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The deref concern makes sense to me (and is scary in general), but what happens if the first clause happens i.e. the field doesn't exist or isn't visible? Afaik, &raw
doesn't allow bypassing field visibility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that is true, yes, any error about a field being missing or too private should cause an error on both the offset_of!
and the &raw
equally. I could remove the the field actually exists and is visible, and
part of the comment if that would be clearer.
Edit: I've updated the comment to only talk about Deref coercion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still not sure what the potential error is here - is the concern that dirent64
may add a Deref
implementation to something that also has a field named d_ino
/d_type
/ d_name
? That seems unlikely enough that I don't see the need for checking offset_of
. At least, I don't think this is any more of a concern for dirent64
than for any other use of &raw
.
@RalfJung any thoughts about this kind of pattern?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting, I hadn't considered the semver implications on this... moving a field behind a Deref
impl is indeed a breaking change for some unsafe code users.
But I also never saw this pattern explicitly defending against that, not sure if it's worth it.
Since rust-lang/reference#1387 and #117572,
&raw mut (*p).field
/addr_of!((*p).field)
is defined to have the same inbounds preconditions asptr::offset
/ptr::byte_offset
. I.e.&raw const (*p).field
does not require thatp: *const T
point to a fullsize_of::<T>()
bytes of memory, only thatp.byte_add(offset_of!(T, field))
is defined.The old comment "[...] we don't even get to use
&raw const (*entry_ptr).d_name
because that operation requires the full extent of *entry_ptr to be in bounds of the same allocation, which is not necessarily the case here [...]" is now outdated, and the code can be simplified to use&raw const (*entry_ptr).field
.There should be no behavior differences from this PR.
The
: *const dirent64
on line 716 and theconst _: usize = mem::offset_of!(dirent64, $field);
and comment on lines 749-751 are just sanity checks and should not affect semantics.Since the
offset_ptr!
macro is only called three times, and all with the same local variable entry_ptr, I just used the local variable directly in the macro instead of taking it as an input, and renamed the macro toentry_field_ptr!
.The whole macro could also be removed and replaced with just using
&raw const (*entry_ptr).field
in the three places, but the comments on the macro seemed worthwhile to keep.