-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generator: Mark QNX c_void
types as opaque to get raw pointers
#950
base: master
Are you sure you want to change the base?
Conversation
Long ago in #339 I added "opaque" types to ensure that pointers to it stay as pointers in FFI rather than get converted to `&mut` borrows which don't carry the load of an arbitrary pointer value to "something unknown" (= opaque). When the QNX types were added in #429 and #760 some time later, they weren't added to this list and turned into borrows making them impossible to be handled safely in user code.
They can't be handled safely regardless, I think, but at least we can have useful setters. |
@Ralith wrong wording, I think I meant UB. There are likely more safety constraints on |
I think it's actually okay to synthesize references to ZSTs? But the lifetime isn't doing any good here. |
Makes sense. What is your verdict on |
That's a tricky case, since unlike a windowing handle it seems like it theoretically could address a value on the stack and readily benefit from lifetime checking. So long as we're defining it ourselves/as c_void, that's difficult but not strictly impossible for a user to take advantage of--typically going through pointer casts will erase lifetime information, but you can put it back if you really want. Do we know where they come from, and in what form? |
It's just a POD but with a pointer to a "security descriptor". Looks like the caller is expected to create it as follows: Either way it's allowed to be |
API-wise, I wonder if what we're doing here is a semver break since the target type remains the same, and the original |
Fixes #949
Long ago in #339 I added "opaque" types to ensure that pointers to it stay as pointers in FFI rather than get converted to
&mut
borrows which don't carry the load of an arbitrary pointer value to "something unknown" (= opaque). When the QNX types were added in #429 and #760 some time later, they weren't added to this list and turned into borrows making them impossible to be handled safely in user code.Note that only
SECURITY_ATTRIBUTES
remains as a borrow of ac_void
, which should probably be changed in some way too. If not in the least because the raw pointer is allowed to beNULL
.