Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust types in FFI lint #12608

Closed
alexcrichton opened this issue Feb 27, 2014 · 6 comments
Closed

Rust types in FFI lint #12608

alexcrichton opened this issue Feb 27, 2014 · 6 comments
Labels
A-FFI Area: Foreign function interface (FFI) A-lint Area: Lints (warnings about flaws in source code) such as unused_mut. P-medium Medium priority

Comments

@alexcrichton
Copy link
Member

Right now we have a lint mode which warns about the usage of rust types in extern blocks. This makes sure that by default you don't pass rust types into C functions. What we don't have is a lint going the other way which makes sure that C can't get Rust types from Rust. I believe that we need to expand the FFI lint to crawl extern functions as well as extern blocks.

The exact types which should be allowed is a little questionable. Some things that would be nice to have a defined ABI/FFI for would, but may currently not be working:

  • Option<&T> and Option<~T>. See Nullable-pointer Options aren't FFI-compatible with the base pointer types. #11303, but this is currently broken. Do we want to commit to this ABI and say that it's valid to use to interface with C?
  • ~T and &T, are these valid FFI types? The rust type system guarantees they are never null, but there's no guarantee that C handed you something that's not null.
  • &str - should this be valid to pass in/out? This would require something along the lines of rust.h

To be conservative, we could only allow primitives (minus int and uint) plus *T, but this is quite limiting and makes FFI a little more difficult.

Nominating.
@alexcrichton alexcrichton mentioned this issue Feb 27, 2014
Closed
@huonw huonw added the A-lint label Mar 13, 2014
@pnkfelix
Copy link
Member

We do not need this for 1.0. But it will be useful. Assigning P-high for now.

@pnkfelix pnkfelix modified the milestone: 1.0 Mar 13, 2014
@japaric
Copy link
Member

japaric commented Nov 2, 2014

@alexcrichton We now have the improper_ctypes lint, can this be closed?

@alexcrichton
Copy link
Member Author

In theory improper_ctypes is the lint that this would go under, but it doesn't handle cases like &str just yet (as far as I know), so this can be used to track expanding the improper_ctypes lint to more use cases.

@mzabaluev
Copy link
Contributor

To pass &str in and out of C you either need to use some adapter functionality like rust-lang/rfcs#494, or define the underlying structure in a C header and use that on the C side in the function/callback signatures.

@TimNN
Copy link
Contributor

TimNN commented Dec 20, 2015

I think most of this has been addressed by #26583:

  • Option<&T> is allowed (if T is a proper ctype)
  • &T is allowed (if T is a proper ctype)
  • slices and str are not allowed

There is already a separate issue for checking extern fn's: #19834

So I think this issue can be closed, if any of the three points above should be changed I would propose opening separate issues for them.

@alexcrichton
Copy link
Member Author

Sounds good to me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-FFI Area: Foreign function interface (FFI) A-lint Area: Lints (warnings about flaws in source code) such as unused_mut. P-medium Medium priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@alexcrichton @pnkfelix @TimNN @mzabaluev @huonw @japaric