add option to use DST structs for flex arrays #2772
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
jsgf
force-pushed
the
flexarray-dst
branch
2 times, most recently
from
1f9175c
to
a56d13d
Compare
|
This doesn't handle the case of a C struct pointing to a DST object (ie thin vs fat pointers). |
jsgf
force-pushed
the
flexarray-dst
branch
5 times, most recently
from
187c2e3
to
31b4fc8
Compare
|
I've updated the API to:
I've been using this API for one of my own projects, and so far it feels pretty comfortable. I also changed the generation of PhantomData fields for type parameters to put them at the start of the structure. This was necessary as putting them at the end interfered with the FAM field which must be last. The side-effect of this is a lot of test fixtures changed in a trivial way. |
jsgf
force-pushed
the
flexarray-dst
branch
6 times, most recently
from
9cc3831
to
a19d291
Compare
4 tasks
emilio
reviewed
Mar 19, 2024
bindgen/codegen/mod.rs
Outdated
| @@ -1734,6 +1747,7 @@ impl<'a> FieldCodegen<'a> for BitfieldUnit { | |||
| accessor_kind, | |||
| parent, | |||
| parent_item, | |||
| idx == bfields.len() - 1, | |||
There was a problem hiding this comment.
Hmm, shouldn't this be: last_field && idx == ..? Otherwise, what guarantees that there isn't a non-bitfield field after the bitfields?
bindgen/ir/comp.rs
Outdated
| }; | ||
|
|
||
| // XXX correct with padding on end? | ||
| match fields.last() { |
There was a problem hiding this comment.
Can simplify by using fields.last()? right?
There was a problem hiding this comment.
I'm not sure what you mean.
There was a problem hiding this comment.
Sorry, I meant that something like this:
diff --git a/bindgen/ir/comp.rs b/bindgen/ir/comp.rs
index 31c058ea..f6c9e629 100644
--- a/bindgen/ir/comp.rs
+++ b/bindgen/ir/comp.rs
@@ -834,9 +834,9 @@ impl CompFields {
CompFields::Error => return None, // panic?
};
- match fields.last() {
- None | Some(Field::Bitfields(..)) => None,
- Some(Field::DataMember(FieldData { ty, .. })) => ctx
+ match fields.last()? {
+ Field::Bitfields(..) => None,
+ Field::DataMember(FieldData { ty, .. }) => ctx
.resolve_type(*ty)
.is_incomplete_array(ctx)
.map(|item| item.expect_type_id(ctx)),Should compile and work the same.
There was a problem hiding this comment.
Ah I parsed that ? as a question rather than an operator.
bindgen/codegen/mod.rs
Outdated
| fn clone(&self) -> Self { *self } | ||
| } | ||
| }); | ||
| } | ||
|
|
||
| if needs_flexarray_impl { | ||
| let prefix = ctx.trait_prefix(); |
There was a problem hiding this comment.
Can we move this out to its own function or such? I feel like that'd make it easier to reason about.
There was a problem hiding this comment.
Yeah, happy to do that. But the rest of the function is so enormous - do you think it should all be factored down?
| @@ -9,10 +9,10 @@ pub type DoesNotUse_Typedefed<U> = U; | |||
| #[repr(C)] | |||
| #[derive(Debug, Copy, Clone)] | |||
| pub struct DoesNotUse_IndirectUsage<T, U> { | |||
| pub member: DoesNotUse_Aliased<T>, | |||
| pub another: DoesNotUse_Typedefed<U>, | |||
| pub _phantom_0: ::std::marker::PhantomData<::std::cell::UnsafeCell<T>>, | |||
| pub _phantom_1: ::std::marker::PhantomData<::std::cell::UnsafeCell<U>>, | |||
There was a problem hiding this comment.
Can you send the "move phantom fields to the beginning" as a separate PR? That's fine on its own, and would make this PR a lot easier to review (GitHub's UI for this is not my favourite).
Thanks!
|
OK updated with comments (and still on top of #2783) |
|
☔ The latest upstream changes (presumably 3b5ce9c) made this pull request unmergeable. Please resolve the merge conflicts. |
emilio
reviewed
Mar 20, 2024
There was a problem hiding this comment.
@pvdrz do you recall if we have a way of annotating a feature flag as experimental? This is mostly usable only with nightly rust...
But anyways this looks good to me in principle. Need to do a deeper review of the implementation but didn't look bad on my previous skim :)
bindgen/ir/comp.rs
Outdated
| }; | ||
|
|
||
| // XXX correct with padding on end? | ||
| match fields.last() { |
There was a problem hiding this comment.
Sorry, I meant that something like this:
diff --git a/bindgen/ir/comp.rs b/bindgen/ir/comp.rs
index 31c058ea..f6c9e629 100644
--- a/bindgen/ir/comp.rs
+++ b/bindgen/ir/comp.rs
@@ -834,9 +834,9 @@ impl CompFields {
CompFields::Error => return None, // panic?
};
- match fields.last() {
- None | Some(Field::Bitfields(..)) => None,
- Some(Field::DataMember(FieldData { ty, .. })) => ctx
+ match fields.last()? {
+ Field::Bitfields(..) => None,
+ Field::DataMember(FieldData { ty, .. }) => ctx
.resolve_type(*ty)
.is_incomplete_array(ctx)
.map(|item| item.expect_type_id(ctx)),Should compile and work the same.
|
yeah we literally have the |
|
Does |
|
Fixed:
|
emilio
approved these changes
Apr 1, 2024
|
☔ The latest upstream changes (presumably fb39a30) made this pull request unmergeable. Please resolve the merge conflicts. |
|
Please rebase and ping, happy to merge. Hopefully it's just a matter of regenerating test expectations. Sorry, this didn't get into the merge queue because it got configured right after I pressed the "Merge when ready" button :/ |
|
Do you want me to squash the commits? |
This option uses Rust DST types to model C structures with flexible
array members.
For example, if you declare:
```c
struct record {
int len;
float values[];
}
```
this means it's a C structure with a well-defined prefix, but a tail of
`values` which depends on how much memory we've allocated for it.
We can model this in Rust with:
```rust
struct record {
len: c_int,
values: [f32],
}
```
which means more or less the same thing - there's a type which has a
known prefix, but its suffix is not directly known.
There are some tests which have two incomplete array fields; only the very last one is valid as a flexible array member (in C) or can be a DST field in Rust.
Put the pointer converting methods on the sized prefix types ([T; 0]) since they're the default type and what you're likely to be starting with. Emphasize the ones which work on references since they have safe lifetimes, but also have raw pointer variants, esp for handling uninitialized cases. The flex types have methods which return the sized type along with the length.
Previously it was generating inner `unsafe` blocks for all unsafe functions in conformance with Rust 2024, but now only do it when `--wrap-unsafe-ops` is enabled for consistency with other generated code. Also rename `flex_mut_ref` -> `flex_ref_mut` to make it consistent with `flex_ptr_mut` and general Rust convention.
The conversions between fixed and dynamically sized forms are essentially type-level transforms which should have trivial implementations in terms of generated code, so there's no reason not to make them inline.
Nah, all good, thanks! |
facebook-github-bot
pushed a commit
to facebook/sapling
that referenced
this pull request
Apr 2, 2024
Summary: [PR 2772](rust-lang/rust-bindgen#2772) adds the --flexarray-dst option to handle C Flexible Array Members as Rust dynamically sized types. Still pending review, but discussion has been positive. Full details: Add `--flexarray-dst` option to allow use of a dynamically sized struct to model a C flexible array member. For example, given the C struct: ``` struct msg { unsigned int tag; unsigned int len; char payload[]; }; ``` generate the corresponding Rust type: ```rust #[repr(C)] #[derive(Debug)] pub struct msg<FAM: ?Sized = [::std::os::raw::c_char; 0]> { pub tag: ::std::os::raw::c_uint, pub len: ::std::os::raw::c_uint, pub payload: FAM, } ``` This single definition is used for both Sized (with a zero-length array as the FAM type) and DST (with a slice). This also generates the helper methods to convert a raw pointer into a Rust view of the C type, with a given length. ```rust // Sized implementations impl msg<[::std::os::raw::c_char; 0]> { // Construct a DST reference from a Sized object. // SAFETY: there must be at least `len` initialized elements in the underlying storage pub unsafe fn flex_ref( &self, len: usize, ) -> &msg<[::std::os::raw::c_char]> { unsafe { Self::flex_ptr(self, len) } } // Same, but mutable pub unsafe fn flex_mut_ref( &mut self, len: usize, ) -> &mut msg<[::std::os::raw::c_char]> { unsafe { Self::flex_ptr_mut(self, len).assume_init() } } // Raw pointer variants pub unsafe fn flex_ptr<'unbounded>( ptr: *const Self, len: usize, ) -> &'unbounded msg<[::std::os::raw::c_char]> { unsafe { &*::std::ptr::from_raw_parts(ptr as *const (), len) } } pub unsafe fn flex_ptr_mut<'unbounded>( ptr: *mut Self, len: usize, ) -> ::std::mem::MaybeUninit<&'unbounded mut msg<[::std::os::raw::c_char]>> { unsafe { let mut uninit = ::std::mem::MaybeUninit::< &mut msg<[::std::os::raw::c_char]>, >::uninit(); (uninit.as_mut_ptr() as *mut *mut msg<[::std::os::raw::c_char]>) .write(::std::ptr::from_raw_parts_mut(ptr as *mut (), len)); uninit } } } // DST implementations impl msg<[::std::os::raw::c_char]> { // Memory size & alignment for allocation pub fn layout(len: usize) -> ::std::alloc::Layout { unsafe { let p: *const Self = ::std::ptr::from_raw_parts(::std::ptr::null(), len); ::std::alloc::Layout::for_value_raw(p) } } // return the Sized variant along with the length pub fn fixed(&self) -> (&msg<[::std::os::raw::c_char; 0]>, usize) { unsafe { let (ptr, len) = (self as *const Self).to_raw_parts(); (&*(ptr as *const msg<[::std::os::raw::c_char; 0]>), len) } } pub fn fixed_mut( &mut self, ) -> (&mut msg<[::std::os::raw::c_char; 0]>, usize) { unsafe { let (ptr, len) = (self as *mut Self).to_raw_parts(); (&mut *(ptr as *mut msg<[::std::os::raw::c_char; 0]>), len) } } } ``` Upside: - The flexible array member is directly expressed in a fairly conventional Rust type, with no need to interact with the bindgen-specific `__IncompleteArrayField` type - In particular, normal `size_of` will work, taking into account the dynamically sized extension Problems/TODO: - depends on unstable `ptr_metadata` and `layout_for_ptr` features - `from_ptr(_mut)` return references with unbounded lifetimes - it would be up to the caller to constrain them to the underlying storage's lifetime - I experimented with a variant which also takes a "lifetime witness" parameter `_lt: &'a LT` which can be used to bound the returned lifetime, but I'll need to try it in practice to see if it works. This is a prototype for #2771 Reviewed By: dtolnay Differential Revision: D54605921 fbshipit-source-id: 929ec448b758975ce736c21fde6b805e3d297bb7
facebook-github-bot
pushed a commit
to facebookexperimental/rust-shed
that referenced
this pull request
Apr 2, 2024
Summary: [PR 2772](rust-lang/rust-bindgen#2772) adds the --flexarray-dst option to handle C Flexible Array Members as Rust dynamically sized types. Still pending review, but discussion has been positive. Full details: Add `--flexarray-dst` option to allow use of a dynamically sized struct to model a C flexible array member. For example, given the C struct: ``` struct msg { unsigned int tag; unsigned int len; char payload[]; }; ``` generate the corresponding Rust type: ```rust #[repr(C)] #[derive(Debug)] pub struct msg<FAM: ?Sized = [::std::os::raw::c_char; 0]> { pub tag: ::std::os::raw::c_uint, pub len: ::std::os::raw::c_uint, pub payload: FAM, } ``` This single definition is used for both Sized (with a zero-length array as the FAM type) and DST (with a slice). This also generates the helper methods to convert a raw pointer into a Rust view of the C type, with a given length. ```rust // Sized implementations impl msg<[::std::os::raw::c_char; 0]> { // Construct a DST reference from a Sized object. // SAFETY: there must be at least `len` initialized elements in the underlying storage pub unsafe fn flex_ref( &self, len: usize, ) -> &msg<[::std::os::raw::c_char]> { unsafe { Self::flex_ptr(self, len) } } // Same, but mutable pub unsafe fn flex_mut_ref( &mut self, len: usize, ) -> &mut msg<[::std::os::raw::c_char]> { unsafe { Self::flex_ptr_mut(self, len).assume_init() } } // Raw pointer variants pub unsafe fn flex_ptr<'unbounded>( ptr: *const Self, len: usize, ) -> &'unbounded msg<[::std::os::raw::c_char]> { unsafe { &*::std::ptr::from_raw_parts(ptr as *const (), len) } } pub unsafe fn flex_ptr_mut<'unbounded>( ptr: *mut Self, len: usize, ) -> ::std::mem::MaybeUninit<&'unbounded mut msg<[::std::os::raw::c_char]>> { unsafe { let mut uninit = ::std::mem::MaybeUninit::< &mut msg<[::std::os::raw::c_char]>, >::uninit(); (uninit.as_mut_ptr() as *mut *mut msg<[::std::os::raw::c_char]>) .write(::std::ptr::from_raw_parts_mut(ptr as *mut (), len)); uninit } } } // DST implementations impl msg<[::std::os::raw::c_char]> { // Memory size & alignment for allocation pub fn layout(len: usize) -> ::std::alloc::Layout { unsafe { let p: *const Self = ::std::ptr::from_raw_parts(::std::ptr::null(), len); ::std::alloc::Layout::for_value_raw(p) } } // return the Sized variant along with the length pub fn fixed(&self) -> (&msg<[::std::os::raw::c_char; 0]>, usize) { unsafe { let (ptr, len) = (self as *const Self).to_raw_parts(); (&*(ptr as *const msg<[::std::os::raw::c_char; 0]>), len) } } pub fn fixed_mut( &mut self, ) -> (&mut msg<[::std::os::raw::c_char; 0]>, usize) { unsafe { let (ptr, len) = (self as *mut Self).to_raw_parts(); (&mut *(ptr as *mut msg<[::std::os::raw::c_char; 0]>), len) } } } ``` Upside: - The flexible array member is directly expressed in a fairly conventional Rust type, with no need to interact with the bindgen-specific `__IncompleteArrayField` type - In particular, normal `size_of` will work, taking into account the dynamically sized extension Problems/TODO: - depends on unstable `ptr_metadata` and `layout_for_ptr` features - `from_ptr(_mut)` return references with unbounded lifetimes - it would be up to the caller to constrain them to the underlying storage's lifetime - I experimented with a variant which also takes a "lifetime witness" parameter `_lt: &'a LT` which can be used to bound the returned lifetime, but I'll need to try it in practice to see if it works. This is a prototype for #2771 Reviewed By: dtolnay Differential Revision: D54605921 fbshipit-source-id: 929ec448b758975ce736c21fde6b805e3d297bb7
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add
--flexarray-dstoption to allow use of a dynamically sized struct to model a C flexible array member. For example, given the C struct:generate the corresponding Rust type:
This single definition is used for both Sized (with a zero-length array as the FAM type) and DST (with a slice).
This also generates the helper methods to convert a raw pointer into a Rust view of the C type, with a given length.
Upside:
__IncompleteArrayFieldtypesize_ofwill work, taking into account the dynamically sized extensionProblems/TODO:
ptr_metadataandlayout_for_ptrfeaturesfrom_ptr(_mut)return references with unbounded lifetimes - it would be up to the caller to constrain them to the underlying storage's lifetime_lt: &'a LTwhich can be used to bound the returned lifetime, but I'll need to try it in practice to see if it works.This is a prototype for #2771