-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add functions for writing zeroed bytes to &mut impl Zeroable
and &mut [impl Zeroable]
#193
Conversation
I decided supporting non-copy types was actually useful because sometimes code doesn't bother with a But a lot of them won't need dropping (so this should still be fast) and it isn't really that hard to handle the ones that do. |
Also while this does clobber the provenance of any pointer it overwrites with zero bytes, that is true for writing (This is probably not news tho, I had just not realized it. Presumably this is part of why it's fine for raw pointers to have a |
src/lib.rs
Outdated
unsafe { | ||
core::ptr::drop_in_place(target); | ||
core::ptr::write_bytes( | ||
target as *mut T as *mut u8, | ||
0u8, | ||
core::mem::size_of::<T>(), | ||
) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will lead to a double-drop if drop_in_place
panics. You should probably call write_byte
in a drop guard instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is true. Alternately, do we want to require Copy after all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any reason to limit to Copy
types if there is a zero-cost and correct way to support all types
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, just checking i hadn't forgotten anything i guess
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm, lets just make these require Copy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, sure, we can do it in the drop guard.
Co-authored-by: Alphyr <[email protected]>
Two reasons this functionality is worth having:
Some cases in FFI want a struct required input to be cleared with
memset
, because they expect to add fields to the end of a struct and usesizeof(TheStruct)
to indicate which fields exist on the type.That is: a new field could be added to the end of a struct without changing the size if the bytes of that field were previously tail padding -- in this case if all bytes were not zeroed in this manner, the uninit bytes in the field may be interpreted as having meaning.
*blah = T::zeroed()
will end up having a few redundant copies ofT
on the stack in debug builds which could cause various problems.I didn't add these as methods on
Zeroable
intentionally, but don't care much about it. If you'd prefer them there or something else I'm fine with it.I'm pretty sure I didn't miss anything in terms of correctness here, although I had initially forgotten that
Zeroable
didn't implyCopy
, so a bit of scrutiny wouldn't be out of place to ensure I'm not adding a problematic API.