Stream: t-lang/wg-unsafe-code-guidelines

Topic: repr pointers and references


gnzlbg (Dec 13 2018 at 17:42, on Zulip):

@Alan Jeffrey to me the current notation for Slice<T> and the trait objects aren't very human readable

gnzlbg (Dec 13 2018 at 17:42, on Zulip):

When I see Slice<'a, T> { ptr: &'a T, len: usize } I wonder: "Does the pointer need to be valid?", "Does T matter?", "Does 'a matter?", "Does any of this changes from &[T] to *[T]?"etc.

gnzlbg (Dec 13 2018 at 17:43, on Zulip):

But none of these questions are relevant for "representation".

nikomatsakis (Dec 13 2018 at 17:43, on Zulip):

I admit to being distracted by the use of "safe types" as well

gnzlbg (Dec 13 2018 at 17:44, on Zulip):

Something like:

#[repr(C)]
struct Slice {
    ptr: *const (),
    len: usize,
}

#[repr(C)]
struct DynObject {
    data: *const (),
    vtable: *const (),
}

does not raise these questions for me.

Alan Jeffrey (Dec 13 2018 at 17:53, on Zulip):

I tried writing it using *T, but I found that difficult to read, due to having to specify *mut or *const.

Alan Jeffrey (Dec 13 2018 at 17:53, on Zulip):

I ended up using u8 rather than () just to avoid ZSTs too.

nikomatsakis (Dec 13 2018 at 17:55, on Zulip):

it seems like a minor point we can revisit -- maybe it's ok just to say "pair of a pointer and length", roughly like so

nikomatsakis (Dec 13 2018 at 17:56, on Zulip):

I feel like once we have some idea what the "invariants" are we'll be in a better position to revisit this

Alan Jeffrey (Dec 13 2018 at 17:56, on Zulip):

I agree with you that the lifetimes are confusing though.

gnzlbg (Dec 13 2018 at 17:56, on Zulip):

is the alignment of pointers the same as usize ?

gnzlbg (Dec 13 2018 at 17:57, on Zulip):

if so, maybe we can just usize instead of pointers - I agree that the mutability of the pointer is irrelevant too, and that the () ZST type can be confusing as well =/

Alan Jeffrey (Dec 13 2018 at 18:00, on Zulip):

@gnzlbg I think it is, but then that's also confusing, as "morally" ptr is a pointer, not an integer. Sigh.

Alan Jeffrey (Dec 13 2018 at 18:00, on Zulip):

How about we use *T and put in some words to the "terminology" that we elide mut and const where they don't matter?

gnzlbg (Dec 13 2018 at 18:01, on Zulip):

I don't really mind strongly enough about this, we can probably amend this later anyways, or when wording the final RFC. Do what you think its best

Alan Jeffrey (Dec 13 2018 at 18:01, on Zulip):

Will do!

Alan Jeffrey (Dec 13 2018 at 18:05, on Zulip):

Done.

Last update: Dec 12 2019 at 01:50UTC