Re: [PATCH v10 1/2] rust: types: add `ForeignOwnable::PointedTo`
From: Andreas Hindborg
Date: Mon Nov 25 2024 - 10:34:15 EST
"Alice Ryhl" <aliceryhl@xxxxxxxxxx> writes:
> On Wed, Nov 20, 2024 at 12:48 PM Tamir Duberstein <tamird@xxxxxxxxx> wrote:
>>
>> Allow implementors to specify the foreign pointer type; this exposes
>> information about the pointed-to type such as its alignment.
>>
>> This requires the trait to be `unsafe` since it is now possible for
>> implementors to break soundness by returning a misaligned pointer.
>>
>> Encoding the pointer type in the trait (and avoiding pointer casts)
>> allows the compiler to check that implementors return the correct
>> pointer type. This is preferable to directly encoding the alignment in
>> the trait using a constant as the compiler would be unable to check it.
>>
>> Signed-off-by: Tamir Duberstein <tamird@xxxxxxxxx>
>
> I'm not super convinced by this way forward. It introduces more casts
> to/from c_void in code using it, and forces us to expose internal
> types such as ArcInner. Does anyone else have thoughts on this?
Erasing the type later rather than sooner seems like the right thing to
do, giving the compiler more options to check things over.
It was not really any significant work to add/remove casts where needed for
`rnull`. Granted, even the downstream driver is quite small, you are
going to spend a bit more time in binder.
Best regards,
Andreas Hindborg