call out explicitly that general read needs to be called with an initialized buffer #62102
Conversation
|
r? @KodrAus (rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
As a casual Rust developer, it is not clear to me who a "user" of a trait is in this context. How about "responsibility of the code calling this function?" |
| /// so it is perfectly possible that the implementation might inspect that data. | ||
| /// As a caller, it is your responsibility to make sure that `buf` is initialized | ||
| /// before calling `read`. Calling `read` with an uninitialized `buf` (of the kind one | ||
| /// obtains via [`MaybeUninit<T>`]) is not safe, and can lead to undefined behavior. |
There was a problem hiding this comment.
I would replace this entire paragraph with the following:
However, the trait is safe to implement, so it is possible that the code that's supposed to write to the buffer might also read from it. It is your responsibility to make sure that `buf` is initialized before calling `read`. Calling `read` with an uninitialized `buf` (of the kind one obtains via [`MaybeUninit<T>`]) is not safe, and can lead to undefined behavior.
There was a problem hiding this comment.
This all depends on how the Read implementation's initializer method behaves.
There was a problem hiding this comment.
As general advice this sounds good to me, since the initializer API is unstable I don’t know how useful it would be for an end-user for us to mention it here just yet.
As far as I understand passing an uninitialized buffer to a ‘well-behaved’ Read (which is a property inherited from any Reads it may wrap) shouldn’t invoke UB, which isn’t enforced through the type, but may be achieved in codebases that write all their own Read implementations.
There was a problem hiding this comment.
@KodrAus This depends on the outcome of rust-lang/unsafe-code-guidelines#77. For now, you should assume that &mut place asserts that:
does &T have to point to allocated memory (with at least size_of::() bytes being allocated)? If yes, does the memory have to contain data that satisfies the validity invariant of T?
are both true.
There was a problem hiding this comment.
Good point about user vs. caller, and I also took some of your other wording changes.
This all depends on how the Read implementation's initializer method behaves.
I'm aware, but should the docs of a stable method really refer to an unstable one here?
There was a problem hiding this comment.
Maybe this would be clearer with an example of a problematic implementation. "It is allowed for someone to have an impl that looks like ... If that impl mean that your code is UB for example by passing an uninitialized buf (of the kind one obtains via [MaybeUninit<T>]) then your code is incorrect."
There was a problem hiding this comment.
@Eh2406 sure, would you like to try to write something like that and submit it as a PR?
There was a problem hiding this comment.
I would like to, I can add it to my list, but I doubt I will get to it. :-( I am already backlogged with Cargo and Dayjob work. So much to do, so little time.
There was a problem hiding this comment.
I know that feeling all too well. ;)
|
r=me rollup if you like, possibly with s/users/consumers re. @Shnatsel's concern. |
|
@bors r=Centril rollup |
|
📌 Commit 390f717 has been approved by |
bors
added
S-waiting-on-bors
call out explicitly that general read needs to be called with an initialized buffer
call out explicitly that general read needs to be called with an initialized buffer
Rollup of 8 pull requests Successful merges: - #60340 (Rename .cap() methods to .capacity()) - #61767 (Update new_debug_unreachable) - #62043 (Remove `FnBox`) - #62076 (Updated RELEASES.md for 1.36.0) - #62102 (call out explicitly that general read needs to be called with an initialized buffer) - #62104 (Inform the query system about properties of queries at compile time) - #62106 (Add more tests for async/await) - #62124 (refactor lexer to use idiomatic borrowing) Failed merges: r? @ghost
call out explicitly that general read needs to be called with an initialized buffer
call out explicitly that general read needs to be called with an initialized buffer
call out explicitly that general read needs to be called with an initialized buffer
call out explicitly that general read needs to be called with an initialized buffer
call out explicitly that general read needs to be called with an initialized buffer
Rollup of 16 pull requests Successful merges: - #61878 (improve pinning projection docs) - #62043 (Remove `FnBox`) - #62067 (Add suggestion for missing `.await` keyword) - #62076 (Updated RELEASES.md for 1.36.0) - #62102 (call out explicitly that general read needs to be called with an initialized buffer) - #62106 (Add more tests for async/await) - #62124 (refactor lexer to use idiomatic borrowing) - #62131 (libsyntax: Fix some Clippy warnings) - #62152 (Don't ICE on item in `.await` expression) - #62154 (Remove old fixme) - #62155 (Add regression test for MIR drop generation in async loops) - #62156 (Update books) - #62160 (Remove outdated question_mark_macro_sep lint) - #62164 (save-analysis: use buffered writes) - #62171 (rustc: Retry SIGILL linker invocations) - #62176 (Update RLS) Failed merges: r? @ghost
No description provided.