-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add natvis for Result, NonNull, CString, CStr, and Cow #82557
Conversation
(rust-highfive has picked a reviewer for you, use r? to override) |
r? @varkor or @petrochenkov perhaps who've reviewed similar PRs before |
555e5a8
to
bed2af5
Compare
bed2af5
to
920e2d8
Compare
<DisplayString>{(char*) inner}</DisplayString> | ||
<Expand> | ||
<ArrayItems> | ||
<Size>strlen((char *) inner) + 1</Size> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this could cause an exception if inner
was NULL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe inner
cannot be null as it's guaranteed to contain at least a null byte:
pub struct CStr {
inner: [c_char],
}
impl CStr {
pub fn from_bytes_with_nul(bytes: &[u8]) -> Result<&CStr, FromBytesWithNulError> {
let nul_pos = memchr::memchr(0, bytes);
if let Some(nul_pos) = nul_pos {
if nul_pos + 1 != bytes.len() {
return Err(FromBytesWithNulError::interior_nul(nul_pos));
}
Ok(unsafe { CStr::from_bytes_with_nul_unchecked(bytes) })
} else {
Err(FromBytesWithNulError::not_nul_terminated())
}
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The documentation for CStr::from_ptr
is less reassuring:
* There is no guarantee to the validity of ptr.
* The returned lifetime is not guaranteed to be the actual lifetime of ptr.
* There is no guarantee that the memory pointed to by ptr contains a valid nul terminator byte at the end of the string.
* It is not guaranteed that the memory pointed by ptr won't change before the CStr has been destroyed.
Note: This operation is intended to be a 0-cost cast but it is currently implemented with an up-front calculation of the length of the string. This is not guaranteed to always be the case.
So indeed, it looks safe now, but may not always be safe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That’s the unsafe documentation of from_ptr
. The ptr must meet those criteria in order for the call to from_ptr
to be safe. So, users of CStr can assume that the internal pointer does meet those criteria. If it doesn’t, it’s a big somewhere else (a caller of from_ptr
messed up).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Debuggers are used to help track down bugs like this, not introduce exceptions where there might not have been one before, even if the debugger is helping expose a latent bug.
At any rate, I don't have a strong preference here - I just wanted to raise the issue. While it's nice to see the length of the CStr
automatically, it also doesn't feel critical if there are downsides.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's fair though I think the debugger showing an error saying it can't show some detail would be a hint to the user that something is very wrong. If the debugger can't show CStr characters, then the user knows there has been an error in unsafe. I actually don't see this as a downside personally.
@bors r+ |
📌 Commit 920e2d8 has been approved by |
Add natvis for Result, NonNull, CString, CStr, and Cow This adds natvis support (used for Windows debugging) to the following types: `Result`, `NonNull`, `CString`, `CStr`, and `Cow`.
Add natvis for Result, NonNull, CString, CStr, and Cow This adds natvis support (used for Windows debugging) to the following types: `Result`, `NonNull`, `CString`, `CStr`, and `Cow`.
Add natvis for Result, NonNull, CString, CStr, and Cow This adds natvis support (used for Windows debugging) to the following types: `Result`, `NonNull`, `CString`, `CStr`, and `Cow`.
Add natvis for Result, NonNull, CString, CStr, and Cow This adds natvis support (used for Windows debugging) to the following types: `Result`, `NonNull`, `CString`, `CStr`, and `Cow`.
Rollup of 10 pull requests Successful merges: - rust-lang#82047 (bypass auto_da_alloc for metadata files) - rust-lang#82415 (expand: Refactor module loading) - rust-lang#82557 (Add natvis for Result, NonNull, CString, CStr, and Cow) - rust-lang#82613 (Remove Item::kind, use tagged enum. Rename variants to match) - rust-lang#82642 (Fix jemalloc usage on OSX) - rust-lang#82682 (Implement built-in attribute macro `#[cfg_eval]` + some refactoring) - rust-lang#82684 (Disable destination propagation on all mir-opt-levels) - rust-lang#82755 (Refactor confirm_builtin_call, remove partial if) - rust-lang#82857 (Edit ructc_ast_lowering docs) - rust-lang#82862 (Generalize Write impl for Vec<u8> to Vec<u8, A>) Failed merges: r? `@ghost` `@rustbot` modify labels: rollup
This adds natvis support (used for Windows debugging) to the following types:
Result
,NonNull
,CString
,CStr
, andCow
.