Fix SIGILL on nightly rustc #101
Conversation
x11-dl/src/link.rs
Outdated
| @@ -55,12 +55,11 @@ macro_rules! x11_link { | |||
| unsafe { | |||
| let libdir = $crate::link::config::libdir::$pkg_name; | |||
| let lib = try!($crate::link::DynamicLibrary::open_multi(libdir, &[$($lib_name),*])); | |||
| let mut this: ::std::mem::ManuallyDrop<$struct_name> | |||
| = ::std::mem::uninitialized(); | |||
| let mut this = ::std::mem::MaybeUninit::<$struct_name>::uninit(); | |||
| let this_ptr = &mut this as *mut _ as *mut $struct_name; | |||
There was a problem hiding this comment.
Now that we're using MaybeUninit, it might be better to use this.as_mut_ptr() here
|
You beat me to it! I made essentially the same change which fixed the particular issue I was hitting in #99, with the difference being that I used I'm not sure if |
|
Yeah, that was a good catch! I adopted that suggestion. (The code you mention only takes reference of |
|
Looks good to me, and fixes the SIGILL I was encountering earlier. |
No, this is of type |
This is very subtle, and I first thought it does, but indeed the type of Maybe we should pick different terms, not sure... But either way, raw pointer casts should always be avoided, so |
|
Note that As an interim solution, it might help to (a) use A struct consisting only of |
If this is a problem, I recommend adopting my maybe-uninit crate: It falls back to Edit: maybe-uninit needs at least Rust 1.20.0, but as you seem to require 1.24.1 at least this doesn't seem to be a problem :). |
|
Here you go. Maintainers: remove the latest commit if you don't like the extra dependency. |
|
However, the |
|
@RalfJung yes, you are right if fn pointers always have to be valid then In other words: you look at it in a non-constructive way and say "on older rustcs this crate is just as bad as not using it!" while I look at it in a constructive way and say "on newer rustcs this crate is doing the right thing while it doesn't regress older rustcs support". In another thread you said that it took you two years to figure out this is a problem and two more years to provide a fix for it. And now the ecosystem should switch within six weeks? IMO the order of magnitude is wrong here. That being said, I agree that |
|
I would say I look at it in a foundational/theoretical way and you look at it in a pragmatic way. ;) I think it is unfair to call my approach "non-constructive". Note that using
I (constructively) proposed a way to fix the problem here without having to depend on Rust 1.36. I am not sure what your problem with the proposal I made is -- or if your problem is not with the proposal, then I do not know what you are even criticizing here. Sure, without |
|
I don't have a problem with the |
|
As for unconstructive vs theoretical, I just think that dismissing the entire |
|
I didn't mean to dismiss it -- sorry if my comment came across as such. I was just pointing out that using the |
|
@daggerbot @erlepereira want to review this? |
|
hey thanks for the ping and the comments/discussion everyone. Just a short note, will be looking into this over this weekend. |
|
@erlepereira weekend's here! |
|
The mem::zeroed + Option does look the ideal fix here. On the MaybeUninit front, a bit reluctant to introduce it just yet (min version needed) and reluctant to introduce a new dependency, it would be effectively forcing it on everyone else who use this. Though of course, if we did at this point it would likely be an interim measure anyway. @daggerbot any preferences here? -- you know a lot more of the history around this code here I cannot see any errors from switching to mem::zeroed on my end, still working on a proper solution using Option (some test code breaks...). Continuing to look deeper for a workable solution on that front. I do realize there is a ticking timeline and this crate has not been updated in a while. Hope to have a fix soon, else this patch + dependency might have to be the way forward for now. |
|
@erlepereira That sounds like our best bet. Unfortunately,
Maybe it would be better to have a global I'm curious how |
|
I think with |
|
@daggerbot @erlepereira is the current solution any good? The new code is only a "hack" on versions of Rust where there are no problems and on any further versions it uses the recommended |
| ::std::ptr::write(&mut (*this_ptr).lib, lib); | ||
| try!(Self::init(this_ptr)); | ||
| Ok(::std::mem::ManuallyDrop::into_inner(this)) | ||
| Ok(this.assume_init()) |
There was a problem hiding this comment.
So, it is guaranteed then that Self::init will put non-NULL values into all these function pointers?
IMO that should be called out explicitly in a comment.
|
As stated earlier, this code-base needs some attention. Yeah, for the interim I guess this works fine. For the longer term, need to update this code, bringing up the supported version while incorporating the various ideas raised here and in other issues. Will bring all these ideas together in another thread / issues, and find a workable way forward for this/other issues that maybe related. Leaving this issue open until I merge the patch, release an updated crate with this patch. wiki reference, placeholder |
implement zeroed and uninitialized with MaybeUninit This is the second attempt of doing such a change (first PR: rust-lang#62150). The last change [got reverted](rust-lang#63343) because it [caused](rust-lang#62825) some [issues](rust-lang#52898 (comment)) in [code that incorrectly used these functions](AltF02/x11-rs#99). Since then, the [problematic code has been fixed](AltF02/x11-rs#101), and rustc [gained a lint](rust-lang#63346) that is able to detect many misuses of these functions statically and a [dynamic check that panics](rust-lang#66059) instead of causing UB for some incorrect uses. Fixes rust-lang#62825
implement zeroed and uninitialized with MaybeUninit This is the second attempt of doing such a change (first PR: rust-lang#62150). The last change [got reverted](rust-lang#63343) because it [caused](rust-lang#62825) some [issues](rust-lang#52898 (comment)) in [code that incorrectly used these functions](AltF02/x11-rs#99). Since then, the [problematic code has been fixed](AltF02/x11-rs#101), and rustc [gained a lint](rust-lang#63346) that is able to detect many misuses of these functions statically and a [dynamic check that panics](rust-lang#66059) instead of causing UB for some incorrect uses. Fixes rust-lang#62825
implement zeroed and uninitialized with MaybeUninit This is the second attempt of doing such a change (first PR: rust-lang#62150). The last change [got reverted](rust-lang#63343) because it [caused](rust-lang#62825) some [issues](rust-lang#52898 (comment)) in [code that incorrectly used these functions](AltF02/x11-rs#99). Since then, the [problematic code has been fixed](AltF02/x11-rs#101), and rustc [gained a lint](rust-lang#63346) that is able to detect many misuses of these functions statically and a [dynamic check that panics](rust-lang#66059) instead of causing UB for some incorrect uses. Fixes rust-lang#62825
x11-dl was using std::mem::uninitialized incorrectly and when rustlang added MaybeUninit and intrinsic panics on UB caused by improper use of uninitialized (see rust-lang/rust/pull/69922) it caused issues with X11 initialization. x11-dl pr AltF02/x11-rs/pull/101 updated x11-dl to use MaybeUninit correctly
x11-dl was using std::mem::uninitialized incorrectly and when rustlang added MaybeUninit and intrinsic panics on UB caused by improper use of uninitialized (see rust-lang/rust/pull/69922) it caused issues with X11 initialization. x11-dl pr AltF02/x11-rs/pull/101 updated x11-dl to use MaybeUninit correctly
Fix #99, I only fixed the very issue interrupting my workflow, and I'll leave other unsoundness as-is.