Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not enough unsafe #4

Open
wizzwizz4 opened this issue Feb 21, 2020 · 1 comment
Open

Not enough unsafe #4

wizzwizz4 opened this issue Feb 21, 2020 · 1 comment

Comments

@wizzwizz4
Copy link

Several APIs inside solder should be marked unsafe, but aren't. From the Nomicon:

The unsafe keyword has two uses: to declare the existence of contracts the compiler can't check, and to declare that a programmer has checked that these contracts have been upheld.

This is important because it makes it a lot harder to reason about Solder than it should be – and, in fact, the code is currently making false promises. It is impossible to use safe code to invoke undefined behaviour, but it is possible to use many parts of Solder to invoke undefined behaviour; ergo, those parts of Solder should not be marked as safe.

Some examples of what should be unsafe (non-exhaustive):

  • Anything where you need to pass a c_str! as an argument.
  • Boolean values represented as libc::c_char – not all possible values for these are safe.

The above two can be fixed either by just marking the relevant functions as unsafe, or by using std::ffi::CStr (hence implementing c_str! using std::ffi::CStr::from_bytes_with_nul) and a safe wrapper around them. Other issues can be fixed in a similar way.
@killertux
Copy link
Owner

I totally agree. There are more cases that need to be fixed. I will take a look at it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wizzwizz4 @killertux