Make WasmPtr::get_utf8_string return String
#1979
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The old functionality is readded as an `unsafe` method, `WasmPtr::get_utf8_str`. It's important to note that `WasmPtr::get_utf8_string` isn't _entirely_ sound and technically should be marked `unsafe` as well, but this change is a massive improvement over what we had before. For future reference, the reason `WasmPtr::get_utf8_string` still has some soundness issues is that we can't guarantee exclusive access to the memory while parsing in the string, we temporarily hold a `&[u8]` and hope it doesn't get mutated. It's possible to implement this method in a more correct way by copying each byte as we read it into a `Vec` and converting that into a String.
syrusakbary
approved these changes
Jan 4, 2021
syrusakbary
reviewed
Jan 4, 2021
| /// | ||
| /// Additionally, if `memory` is dynamic, the caller must also ensure that `memory` | ||
| /// is not grown while the reference is held. | ||
| pub unsafe fn get_utf8_str<'a>(self, memory: &'a Memory, str_len: u32) -> Option<&'a str> { |
There was a problem hiding this comment.
Can we mark this function as deprecated? @MarkMcCaskey
There was a problem hiding this comment.
We could, but I don't know if we want to! It's dangerous to use, but it is more efficient as it doesn't do any memory allocations, so it's nice to have, it just needs to be used very carefully.
|
bors r+ |
bors bot
added a commit
that referenced
this pull request
Jan 4, 2021
1979: Make `WasmPtr::get_utf8_string` return `String` r=MarkMcCaskey a=MarkMcCaskey The old functionality is readded as an `unsafe` method, `WasmPtr::get_utf8_str`. ~It's important to note that `WasmPtr::get_utf8_string` isn't _entirely_ sound and technically should be marked `unsafe` as well, but this change is a massive improvement over what we had before.~ ~For future reference, the reason `WasmPtr::get_utf8_string` still has some soundness issues is that we can't guarantee exclusive access to the memory while parsing in the string, we temporarily hold a `&[u8]` and hope it doesn't get mutated.~ ~It's possible to implement this method in a more correct way by copying each byte as we read it into a `Vec` and converting that into a String.~ EDIT: fixed in b592ed8; `WasmPtr::get_utf8_string` is sound and uses no `unsafe` internally now. # Review - [x] Add a short description of the the change to the CHANGELOG.md file Co-authored-by: Mark McCaskey <[email protected]>
|
bors r+ |
|
Already running a review |
|
bors r- |
|
Canceled. |
|
bors r+ |
bors bot
added a commit
that referenced
this pull request
Jan 4, 2021
1979: Make `WasmPtr::get_utf8_string` return `String` r=MarkMcCaskey a=MarkMcCaskey The old functionality is readded as an `unsafe` method, `WasmPtr::get_utf8_str`. ~It's important to note that `WasmPtr::get_utf8_string` isn't _entirely_ sound and technically should be marked `unsafe` as well, but this change is a massive improvement over what we had before.~ ~For future reference, the reason `WasmPtr::get_utf8_string` still has some soundness issues is that we can't guarantee exclusive access to the memory while parsing in the string, we temporarily hold a `&[u8]` and hope it doesn't get mutated.~ ~It's possible to implement this method in a more correct way by copying each byte as we read it into a `Vec` and converting that into a String.~ EDIT: fixed in b592ed8; `WasmPtr::get_utf8_string` is sound and uses no `unsafe` internally now. # Review - [x] Add a short description of the the change to the CHANGELOG.md file Co-authored-by: Mark McCaskey <[email protected]>
|
bors r- |
|
Canceled. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The old functionality is readded as an
unsafemethod,WasmPtr::get_utf8_str.It's important to note thatWasmPtr::get_utf8_stringisn't entirely sound and technically should be markedunsafeas well, but this change is a massive improvement over what we had before.For future reference, the reasonWasmPtr::get_utf8_stringstill has some soundness issues is that we can't guarantee exclusive access to the memory while parsing in the string, we temporarily hold a&[u8]and hope it doesn't get mutated.It's possible to implement this method in a more correct way by copying each byte as we read it into aVecand converting that into a String.EDIT:
fixed in b592ed8;
WasmPtr::get_utf8_stringis sound and uses nounsafeinternally now.Review