-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port from libc to rustix #401
Comments
I considered it (personally, I like
So we probably will not be migrating to |
For your last point, For the rest, I agree. We’ll have to wait. |
Ah, good to know! |
@notgull is it the intent of We could maybe switch just the |
I think it makes sense to use |
Yes, I think this would work.
This sounds like a pain to manage, especially when |
We are unlikely to use |
I looked more into rustix:
|
Any particular reason for this?
There is already a common function for initializing a written-to buffer. So hopefully we can just add the "unpoison" call there.
IIRC The main reason is because Debian Stable is considered the "low water mark" for what we reasonably need to support. I'm not sure what the lowest version this crate needs to support it. It should also be mentioned that the MSRV is bumped to v1.64 if the "std" feature on Rustix is disabled. |
This commit adds a backend based on the rustix crate. The main advantage of rustix, in addition to greater safety, is that it uses raw syscalls instead of going through libc. I've tried to modify the existing libc code as little as possible, in order to make this change as auditable as possible. I haven't touched the pthreads code yet, as that's a little tricky. This exists for discussion purposes. cc rust-random#401 Signed-off-by: John Nunley <dev@notgull.net>
@notgull thanks for demoing how an rustix implementation might work (#470). From what I understand, this would still use Looking at that implementation, I think a lot of the complexity comes from the rustix dependency being optional. If we were going to use rustix, it wouldn't be an optional dependancy; it would entirely replace our use of However, I don't think its very likely we would use the rustix backend (at least for now). Given that we would still need to depend on |
I've modified #470 to completely remove |
See also |
We really should stop forcing users to depend on a pthreads mutex implementation. @notgull did add a vendored implementation from libstd of a futex-based Mutex in their PR, rewritten to use Rustix, which is awsome. OTOH, IDK that getrandom wants to maintain a fork/vendoring of that Mutex. I think there is tension between getrandom, which wants to be as narrowly-scoped as possible (basically one syscall or equivalent) across every OS, and Rustix, which wants to have a very broad scope (the entire kernel<->userspace API, basically), across a small range of targets. I think the intersection of those interests that isn't currently being met is in supporting --linux-none and similar targets without a libc. We already have a PR in #461 that addresses that for x86_64-*-linux-none, which is the only such target we know about. That PR is easy to "scale" across target architectures, even ones that rustix doesn't support, because we basically just need to gather all the architecture -> syscall number mappings from the |
That implementation is mostly taken from
This tension exists in
There's a lot of subtlety in the details when it comes to syscalls, especially across multiple architectures. For instance, there's different conventions on As mentioned here, it is tricky to get system calls right, especially across architectures. While @rust-random might have the resources to maintain this, other crates will not. It would be a bad precedent to set, especially since
|
I wouldn't say it's "a lot". The x86 case is the main stumbling block. And if we are fine with the subpar performance of Also, this is why I strongly argue that raw syscall functions should be exposed by I think a good way forward may be to unconditionally use raw syscalls on Linux for the |
As I've demonstrated,
My main issue here, as I've stated above, is that this sets an awful precedent. @rust-random may be able to properly maintain syscall bindings, but other, smaller crates won't be able to. |
That being said, pragmatically I would prefer to have a "raw syscall" backend for |
rustix is a crate which provides I/O-safe wrappers around raw system calls on Linux and libc on other Unixes. By using it we can use raw syscalls instead of libc calls, which has a number of performance, safety and code size advantages.
I am wiling to write a PR for this; however there are a couple of items of discussions we have to go over first.
The text was updated successfully, but these errors were encountered: