-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve safety & usability of |size_t| and |ssize_t|. #28096
Conversation
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @nikomatsakis (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. The way Github handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
739cbe0
to
479da68
Compare
I think your rationale for defining I wonder if this is pulling too much C-standard lawyering into Rust, a place where it does not really belong. Rust already establishes some fundamentals which mean that not every theoretical C platform can be supported. I believe these are examples:
|
I think the reason size_t isn't currently defined this way is damage from the time when isize was named "int". Essentially, the same reason that isize/usize currently trigger the improper_ctypes lint. (I think there was some discussion of this on my improper_ctypes rewrite PR.) We can do whatever we want internally, but the libc crate on crates.io might have compatibility concerns. |
The improper_ctypes rewrite you are referring to is #26583, I think. |
The improper_ctypes lint contains this code:
it seems like this would need to be changed so that it warns only when |
Yes, it should be fine to just remove that chunk. |
It is safer to alias |size_t|/|ssize_t| as |usize|/|size_t| on platforms where they are the same size, in order to reduce unneccessary and hazardous casting. In theory, there are platforms where |usize| and |isize| are not the same as |size_t| and |ssize_t|, and in that case we **should** have this warning, but we don't currently support any such platforms, so we don't bother adding any logic to deal with that situation yet.
d01d209
to
bf4e61e
Compare
bf4e61e
to
22aeffb
Compare
Hm I share @eefriedman's concerns about the liblibc crate on crates.io as well, this looks like it's got good potential to be a sizable breaking change. Overall I'm a bit on the fence about this change. In the rare case that I think the breakage point of |
22aeffb
to
e460ad5
Compare
What do you mean "can't be right?" If/when such a platform is supported, libc will need to be adapted. Such an adaptation would probably involve the introduction of helper function to do the possibly-truncating casting in a safe and convenient way. But, that was the case already. This change just makes it more obvious. And, I have a feeling that such a platform may never be added.
I think that this is unlikely to break a lot of stuff, because I imagine very little code is written assuming that |
e460ad5
to
1821153
Compare
@briansmith oh hm yeah that's a good point, we just wouldn't define Out of curiosity, did you encounter any breakage when building the compiler itself? Lots of casts look like they were removed but I doubt they were necessary to remove. Some good test cases may also be building both Cargo and Servo with a modified libc (e.g. using a Cargo path override), it'd certainly give me quite a bit of confidence in pushing this forward :) |
I didn't try to find every such cast. I concentrated on the files that had now-unnecessary casts from |usize| to |size_t|.
1821153
to
f164567
Compare
☔ The latest upstream changes (presumably #28138) made this pull request unmergeable. Please resolve the merge conflicts. |
Tagging with |
Ok, the libs team talked about this RFC in triage today, and we are in general in favor of this approach. In that sense, we'd "like to merge" this RFC, but we're also considering the breakage in terms of external crates and such. The good news is that I'm working on a revamp of the liblibc crate to live outside this repository (but get imported in). This is going to be a breaking change to the liblibc library no matter what, which is already going to be signaled through semver, so that would be a great opportunity to include changes like this. Overall that should assuage my worries about breakage as it's communicated through semver and we can announce it broadly. Along these lines, here's what I think we should do about this PR currently:
@briansmith would you be ok cutting this PR back to just modify the FFI lint? It's something we'd probably consider backporting to beta as well, and I can be sure to include the change to |
I agree it makes sense to change the FFI lint early. I will split that out into a separate commit. However, I don't think that this is actually a breaking change in practice. For all supported platforms, AFAICT, In particular, when I built the rust compiler (the rust repo), there were ZERO failures building the compiler and libraries. The only failures right now (IIRC) are due to the fact that I don't know how to modify the tests for the lint, because I don't know how to format the comments that indicate the expected error text. Like I said, though, I will split out the changes to the lint so that it can land before the change for actually changing the definitions of ssize_t/size_t. In fact, it would be nice if the changes to the lint can be uplifted to beta as otherwise code that needs to work on stable would have to wait two releases before removing the casts. |
Yeah I'm not sure that the breakage will be all that large, but I could imagine that some crates may be passing a |
ping @briansmith, are you still ok paring this back to just the lint changes? |
I'm gonna close this in favor of #28779 and rust-lang/rfcs#1291, thanks for the PR regardless though @briansmith! |
Why did you close this when the main point of the PR was not addressed? This should be reopened. |
The main point of the PR is addressed in the linked RFC: https://github.com/rust-lang/rfcs/pull/1291/files#diff-0c0c1a31105548fdfea87a54035357e7R131 |
My mistake. Sorry! On Tue, Oct 6, 2015 at 9:41 PM, Steven Fackler [email protected]
|
I mostly just want to get feedback on this change before I do any of the additional work that should be done: