-
Notifications
You must be signed in to change notification settings - Fork 702
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bitfields raw pointer accessors #2674
Comments
@pvdrz gentle nudge, do you have any thoughts on the proposal here? I think RFL may have a use case |
Additional context since I keep forgetting: https://lore.kernel.org/rust-for-linux/[email protected]/ and its parent Basically we have a C struct that has interior mutability on some fields, so usually it is in an |
When you say "since the C side might modify the value at any time.", I'm unclear if you mean other threads will modify the data concurrently? Otherwise, if this is all within a single thread, then there's not really a problem as far as I can tell. |
In the use case, we have an `UnsafeCell< pointer to a struct with:
The issue is that it is in general incorrect to take I'm not 100% sure I understand this all myself and the locking story is complicated, so I may be misrepresenting some of it. |
Well, unsafecell doesn't protect you from any concurrency problems. If there's supposed to be a lock, then the lock must be held to correctly read or write the |
I don't think the parent issue showcases the problem well, it's more like: #[repr(C)]
struct foo {
// this is a bitfield
field: u8,
mtx: mutex_t,
// mutex protected
protected: u8
}
// this is how you reference the type normally
struct FooWrapper(UnsafeCell<foo>); Then you must construct a
This is as far as it goes, and I think the incorrectness is purely semantic meaning this is something miri would flag if it could (I believe), but there is no actual UB. |
I guess there could be a theoretical race condition if context A then tries to lock That seems like a stretch but maybe not impossible? Probably need @y86-dev to clarify things |
I think I follow now. The quick fix might be to distribute the UnsafeCell over the individual fields of |
Your example from above is much better than mine, since it actually has a mutex. But the protected field should also be a bitfield, so // bingden generates
struct Foo {
protected: u8, // bitfield
mtx: mutex,
} The problem lies with the implementation of
Since |
I definitely don't think it's currently possible, someone would have to add that ability to bindgen. |
I would prefer the solution outlined in this issue, since relying on raw pointers also avoids the aliasing problems we would have when having a |
You do lose the ability to use method syntax, which makes the API kinda weird, but otherwise it's also fine, yes. |
Sounds good to add this fwiw. |
When creating bindings for a struct with bitfields the accessor functions that are created take an immutable receiver (
&self
). This is a problem if the underlying type is used by both Rust and C, since Rust is not allowed to create&self
references, since the C side might modify the value at any time.One solution could be to create raw accessor functions that allow access via
*const Self
.Input C Header
Bindgen Invocation
Expected Results
Additional functions that should be generated:
This also requires changes to the generated
__BingenBitfieldUnit
.The text was updated successfully, but these errors were encountered: