Implement safe io #871
Implement safe io #871
Conversation
A6GibKm
force-pushed
the
safe-io
branch
2 times, most recently
from
1200fdd
to
281adac
Compare
|
Added commit descriptions where there were api questions. |
A6GibKm
force-pushed
the
safe-io
branch
4 times, most recently
from
2b2aeee
to
b8c5eb6
Compare
|
|
A6GibKm
force-pushed
the
safe-io
branch
2 times, most recently
from
16e67be
to
86cfed9
Compare
|
Rebased. There were quite many conflicts so a review would be appreciated. |
|
Is this ready for another review and potentially merging? |
Yes and maybe |
gio/src/subprocess_launcher.rs
Outdated
| @@ -1,7 +1,7 @@ | |||
| // Take a look at the license at the top of the repository in the LICENSE file. | |||
|
|
|||
| #[cfg(any(unix, all(docsrs, unix)))] | |||
| use std::os::unix::io::IntoRawFd; | |||
| use std::os::unix::io::{IntoRawFd, OwnedFd}; | |||
There was a problem hiding this comment.
Below: "unused import: ffi" on Windows so maybe just move that part into a #[cfg(unix)] while we're at it
gio/src/unix_fd_list.rs
Outdated
| type IntoIter = FdIterator; | ||
|
|
||
| fn into_iter(mut self) -> Self::IntoIter { | ||
| // Can I .take() the ptr and set it to null here? |
There was a problem hiding this comment.
No, but but you should set the len in the FdArray to 0 so you don't drop the fds twice
| } | ||
|
|
||
| impl FdArray { | ||
| pub fn as_slice(&self) -> &[BorrowedFd<'_>] { |
There was a problem hiding this comment.
As you didn't implement Deref<Target = [OwnedFd]>, it would be nice if you implemented a non-destructive iter() too. Personally, I would just implement Deref :)
| let current = self.ptr.as_ptr(); | ||
| if self.len > 1 { | ||
| let next = unsafe { self.ptr.as_ptr().add(1) }; | ||
| self.ptr = ptr::NonNull::new(next).unwrap(); |
There was a problem hiding this comment.
This doesn't work. You'll have to keep track of the original pointer so it can be freed on Drop (of the FdIterator)
| } | ||
| if self.len > 1 { | ||
| let next = unsafe { self.ptr.as_ptr().add(1) }; | ||
| self.ptr = ptr::NonNull::new(next).unwrap(); |
There was a problem hiding this comment.
This doesn't work, you'll also have to free the original pointer
| len: usize, | ||
| } | ||
|
|
||
| impl Iterator for FdIterator { |
There was a problem hiding this comment.
It would be nice to also implement size_hint() and DoubleEndedIterator and ExactSizeIterator and FusedIterator here
| stderr_fd: V, | ||
| stdin_fd: Option<impl AsFd>, | ||
| stdout_fd: Option<impl AsFd>, | ||
| stderr_fd: Option<impl AsFd>, |
There was a problem hiding this comment.
Option<impl ...> is usually a bad idea. Just try calling this function with a None :)
I think here and in the other APIs using an Option<impl ...> currently you'll have to add a builder pattern instead
| @@ -238,7 +241,7 @@ pub fn compute_checksum_for_string( | |||
|
|
|||
| #[cfg(unix)] | |||
| #[doc(alias = "g_unix_open_pipe")] | |||
| pub fn unix_open_pipe(flags: i32) -> Result<(RawFd, RawFd), Error> { | |||
| pub unsafe fn unix_open_pipe(flags: i32) -> Result<(RawFd, RawFd), Error> { | |||
There was a problem hiding this comment.
Is that compatible with the flags argument that allows setting O_CLOEXEC/FD_CLOEXEC?
| @@ -132,7 +135,7 @@ pub fn spawn_async_with_fds<P: AsRef<std::path::Path>, T: AsRawFd, U: AsRawFd, V | |||
| #[cfg(not(windows))] | |||
| #[cfg_attr(docsrs, doc(cfg(not(windows))))] | |||
| #[doc(alias = "g_spawn_async_with_pipes")] | |||
| pub fn spawn_async_with_pipes< | |||
| pub unsafe fn spawn_async_with_pipes< | |||
There was a problem hiding this comment.
Why not make this use the new traits?
| @@ -872,14 +872,14 @@ where | |||
| /// The default main loop almost always is the main loop of the main thread. | |||
| /// Thus, the closure is called on the main thread. | |||
| #[doc(alias = "g_unix_fd_add_full")] | |||
| pub fn unix_fd_add<F>(fd: RawFd, condition: IOCondition, func: F) -> SourceId | |||
There was a problem hiding this comment.
I think these functions all need to be unsafe actually. impl AsFd is correct but it's up to the caller to ensure that the fd is valid long enough
For the from_owned_fd it might make sense to implement From or replace the unsafe from_fd/take_fd methods.
Needs reviewing
Stuff thats missing