From: Michal Rostecki <vadorovsky@gmail.com>
To: "Björn Roy Baron" <bjorn3_gh@protonmail.com>
Cc: Miguel Ojeda <ojeda@kernel.org>,
Alex Gaynor <alex.gaynor@gmail.com>,
Wedson Almeida Filho <wedsonaf@gmail.com>,
Boqun Feng <boqun.feng@gmail.com>, Gary Guo <gary@garyguo.net>,
Benno Lossin <benno.lossin@proton.me>,
Andreas Hindborg <a.hindborg@samsung.com>,
Alice Ryhl <aliceryhl@google.com>,
Brendan Higgins <brendan.higgins@linux.dev>,
David Gow <davidgow@google.com>, Rae Moar <rmoar@google.com>,
FUJITA Tomonori <fujita.tomonori@gmail.com>,
Trevor Gross <tmgross@umich.edu>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
Martin Rodriguez Reboredo <yakoyoku@gmail.com>,
Finn Behrens <me@kloenk.dev>,
Manmohan Shukla <manmshuk@gmail.com>,
Valentin Obst <kernel@valentinobst.de>,
Laine Taffin Altman <alexanderaltman@me.com>,
Danilo Krummrich <dakr@redhat.com>,
Yutaro Ohno <yutaro.ono.418@gmail.com>,
Tiago Lam <tiagolam@gmail.com>,
Charalampos Mitrodimas <charmitro@posteo.net>,
Ben Gooding <ben.gooding.dev@gmail.com>,
Roland Xu <mu001999@outlook.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org, kunit-dev@googlegroups.com,
netdev@vger.kernel.org, llvm@lists.linux.dev
Subject: Re: [PATCH] rust: str: Use `core::CStr`, remove the custom `CStr` implementation
Date: Mon, 15 Jul 2024 17:46:16 +0200 [thread overview]
Message-ID: <df092baf-03a5-4b4a-ab8b-ee7a5677c172@gmail.com> (raw)
In-Reply-To: <S-L4QE4MFYzY1ba0fdkJYuAVIkZHxxYB6Jk9XPFuo3ZdbvNxtfN_mCFc5oNPfTu2X17vvyPUStAviAUAzeKlCGxwRM-VbC4aPUGBGtDQCcU=@protonmail.com>
On 14.07.24 19:01, Björn Roy Baron wrote:
> On Sunday, July 14th, 2024 at 18:02, Michal Rostecki <vadorovsky@gmail.com> wrote:
>
>> `CStr` became a part of `core` library in Rust 1.75, therefore there is
>> no need to keep the custom implementation.
>>
>> `core::CStr` behaves generally the same as the removed implementation,
>> with the following differences:
>>
>> - It does not implement `Display` (but implements `Debug`).
>> - It does not provide `from_bytes_with_nul_unchecked_mut` method.
>> - It was used only in `DerefMut` implementation for `CString`. This
>> change replaces it with a manual cast to `&mut CStr`.
>> - Otherwise, having such a method is not really desirable. `CStr` is
>> a reference type
>> or `str` are usually not supposed to be modified.
>> - It has `as_ptr()` method instead of `as_char_ptr()`, which also returns
>> `*const c_char`.
>>
>> Rust also introduces C literals (`c""`), so the `c_str` macro is removed
>> here as well.
>>
>> Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
>> ---
>> rust/kernel/error.rs | 7 +-
>> rust/kernel/init.rs | 8 +-
>> rust/kernel/kunit.rs | 16 +-
>> rust/kernel/net/phy.rs | 2 +-
>> rust/kernel/prelude.rs | 4 +-
>> rust/kernel/str.rs | 490 +-----------------------------------
>> rust/kernel/sync.rs | 13 +-
>> rust/kernel/sync/condvar.rs | 5 +-
>> rust/kernel/sync/lock.rs | 6 +-
>> rust/kernel/workqueue.rs | 10 +-
>> scripts/rustdoc_test_gen.rs | 4 +-
>> 11 files changed, 57 insertions(+), 508 deletions(-)
>>
>
> [snip]
>
>> diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs
>> index 68605b633e73..af0017e56c0e 100644
>> --- a/rust/kernel/init.rs
>> +++ b/rust/kernel/init.rs
>> @@ -46,7 +46,7 @@
>> //! }
>> //!
>> //! let foo = pin_init!(Foo {
>> -//! a <- new_mutex!(42, "Foo::a"),
>> +//! a <- new_mutex!(42, c"Foo::a"),
>
> That we need a CStr here seems a bit of an internal implementation detail. Maybe
> keep accepting a regular string literal and converting it to a CStr internally?
> If others think what you have here is fine, I don't it mind all that much though.
>
The names passed to `new_mutex`, `new_condvar`, `new_spinlock` etc. are
immediately passed in the FFI calls (`__mutex_init`,
`__init_waitqueue_head`, `__spin_lock_init`) [0][1][2]. In fact, I don't
see any internal usage, where using Rust &str would be beneficial. Am I
missing something?
Converting a &str to &CStr inside `Mutex::new` or `CondVar::new` would
require allocating a new buffer, larger by 1, to include the nul byte.
Doing that for every new mutex or condvar seems a bit wasteful to me.
[0]
https://github.com/Rust-for-Linux/linux/blob/b1263411112305acf2af728728591465becb45b0/rust/kernel/sync/lock/mutex.rs#L104
[1]
https://github.com/Rust-for-Linux/linux/blob/b1263411112305acf2af728728591465becb45b0/rust/kernel/sync/condvar.rs#L111
[2]
https://github.com/Rust-for-Linux/linux/blob/b1263411112305acf2af728728591465becb45b0/rust/kernel/sync/lock/spinlock.rs#L103
>> //! b: 24,
>> //! });
>> //! ```
>
> [snip]
>
>> @@ -840,9 +375,10 @@ fn deref(&self) -> &Self::Target {
>>
>> impl DerefMut for CString {
>> fn deref_mut(&mut self) -> &mut Self::Target {
>> - // SAFETY: A `CString` is always NUL-terminated and contains no other
>> - // NUL bytes.
>> - unsafe { CStr::from_bytes_with_nul_unchecked_mut(self.buf.as_mut_slice()) }
>> + debug_assert!(!self.buf.is_empty() && self.buf[self.buf.len() - 1] == 0);
>> + // SAFETY: Casting to CStr is safe because its internal representation
>> + // is a [u8] too.
>> + unsafe { &mut *(self.buf.as_mut_slice() as *mut [u8] as *mut CStr) }
>
> The documentation of CStr [1] is very clear that the layout of CStr is not guaranteed.
>
>> Note that this structure does not have a guaranteed layout (the repr(transparent)
>> notwithstanding) and is not recommended to be placed in the signatures of FFI
>> functions. Instead, safe wrappers of FFI functions may leverage the unsafe
>> CStr::from_ptr constructor to provide a safe interface to other consumers.
>
> Is there any place where this DerefMut impl is actually used? If not it should probably
> be removed. The liballoc version of CString doesn't have this impl either. (Can we use
> the liballoc version of CString too just like this patch does for CStr?)
>
> [snip]
>
> Link: https://doc.rust-lang.org/stable/std/ffi/struct.CStr.html [1]
Good call. The `DerefMut` was not used anywhere, removing it works.
next prev parent reply other threads:[~2024-07-15 15:46 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-14 16:02 [PATCH] rust: str: Use `core::CStr`, remove the custom `CStr` implementation Michal Rostecki
2024-07-14 17:01 ` Björn Roy Baron
2024-07-15 15:46 ` Michal Rostecki [this message]
2024-07-15 15:56 ` Björn Roy Baron
2024-07-15 16:15 ` Michal Rostecki
2024-07-14 17:30 ` Miguel Ojeda
2024-07-15 16:12 ` Michal Rostecki
2024-07-16 7:44 ` Miguel Ojeda
2024-07-17 15:22 ` Michal Rostecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df092baf-03a5-4b4a-ab8b-ee7a5677c172@gmail.com \
--to=vadorovsky@gmail.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=alexanderaltman@me.com \
--cc=aliceryhl@google.com \
--cc=ben.gooding.dev@gmail.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brendan.higgins@linux.dev \
--cc=charmitro@posteo.net \
--cc=dakr@redhat.com \
--cc=davidgow@google.com \
--cc=fujita.tomonori@gmail.com \
--cc=gary@garyguo.net \
--cc=justinstitt@google.com \
--cc=kernel@valentinobst.de \
--cc=kunit-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=manmshuk@gmail.com \
--cc=me@kloenk.dev \
--cc=morbo@google.com \
--cc=mu001999@outlook.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rmoar@google.com \
--cc=rust-for-linux@vger.kernel.org \
--cc=tiagolam@gmail.com \
--cc=tmgross@umich.edu \
--cc=wedsonaf@gmail.com \
--cc=yakoyoku@gmail.com \
--cc=yutaro.ono.418@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).