Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upOverhaul the API #42
Conversation
This comment has been minimized.
This comment has been minimized.
|
The build is failing on Windows because of unnecessary |
This comment has been minimized.
This comment has been minimized.
|
What happens if I create a |
This comment has been minimized.
This comment has been minimized.
No, An alternative approach would be to split |
This comment has been minimized.
This comment has been minimized.
|
Ah, no, that's fine. I didn't see it in the diff because it wasn't getting rendered. |
danburkert
requested changes
May 11, 2017
|
Hey @bugaevc, thanks for putting in the time to do this. I left some detailed nits, but I want to reiterate on a couple of higher level points:
CC #33, @sfackler, @BurntSushi, I'd appreciate you alls thoughts if you have any |
| /// then chain call methods to configure additional options, finally, call [`map()`](#method.map) | ||
| /// or [`map_mut()`](#method.map_mut). | ||
| #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)] | ||
| pub struct AnonymousMappingOptions { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
I think AnonymousMmapOptions is a better name for this, so it lines up with the type it's building.
|
|
||
| /// Actually map this anonymous mapping into the address space. | ||
| /// | ||
| /// This methos returns an immutable mapping, see [`map_mut()`](#method.map_mut) |
This comment has been minimized.
This comment has been minimized.
| /// | ||
| /// This method returns `Err` when the underlying system call fails, which can happen for | ||
| /// a variety of reasons, such as when you don't have the necessary permissions for the file. | ||
| pub fn map(&self) -> Result<Mmap> { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
Does this constructor actually make sense? What's the usecase for creating a read-only anonymous memory map?
This comment has been minimized.
This comment has been minimized.
bugaevc
May 11, 2017
Author
Contributor
Yeah, I thought about this too, but decided to leave it here for consistency. I should however document that this is not what you want most of the time.
This comment has been minimized.
This comment has been minimized.
danburkert
May 12, 2017
Owner
I think we should go ahead and remove it unless there's a compelling reason to keep it at this point. We can always add it back later if a case can be made.
| /// [`Protection::ReadCopy`](enum.Protection.html#variant.ReadCopy) | ||
| /// is always safe. | ||
| #[cfg(unix)] | ||
| pub unsafe fn file(file: &File) -> FileMappingOptions { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
I would strongly prefer if this API were the same across all platforms, even if that means marking it unsafe on Windows.
This comment has been minimized.
This comment has been minimized.
| /// In particular, it is **undefined behavior** in Rust for the memory to be | ||
| /// modified by some other code while there's a reference to it. | ||
| /// | ||
| /// Note, however, that using this with |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
This has never really been clear to me. The Linux mmap manpage says:
It is unspecified whether changes made to the file after the mmap() call are visible in the mapped region.
That doesn't seem like it will play well with Rust's safety semantics.
This comment has been minimized.
This comment has been minimized.
bugaevc
May 11, 2017
Author
Contributor
Ah, right. I'll change the message to say it's unsafe even with cow.
| /// | ||
| /// This method *also* returns `Err` with `ErrorKind` set to `InvalidInput` if the specified | ||
| /// protection does not allow the mapping to be mutable. | ||
| pub fn set_protection(&mut self, protection: Protection) -> Result<()> { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
So this is just for switching from ReadWrite to ReadCopy and vice versa? That seems kinda strange - we should probably document what that even means. I'm surprised the OS allows it.
| len: self.len, | ||
| } | ||
| /// This method will **not** return `Err` if the passed `protection` is mutable. | ||
| pub fn make_read_only(mut self, protection: Protection) -> Result<Mmap> { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
Perhaps this could be make_read_only, and make_read_execute? Are there any other valid outcomes from this?
| #![allow(unused_unsafe)] | ||
|
|
||
| mod memmap { | ||
| pub use super::super::*; |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
Is it not possible to do a use super::*; here without the extra mod? I've never seen anything like this.
This comment has been minimized.
This comment has been minimized.
bugaevc
May 11, 2017
Author
Contributor
It is, I just wanted the tests code to say memmap::file instead of just file, etc. As I said above, use super as memmap doesn't work, this is either a bug or me misunderstanding how the module system works.
| @@ -78,13 +77,7 @@ impl MmapInner { | |||
| } | |||
| } | |||
|
|
|||
| /// Check if a file needs to be writable for copy-on-write mode. | |||
| #[inline] | |||
| pub fn needs_write_for_copy() -> bool { | |||
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
bugaevc
May 11, 2017
Author
Contributor
No, actually, this method isn't used anymore, because we require for the file to be opened in advance.
This comment has been minimized.
This comment has been minimized.
| ErrorKind::InvalidInput, | ||
| "Invalid protection for a mutable mapping", | ||
| )), | ||
| Protection::ReadWrite | Protection::ReadCopy => Ok( |
This comment has been minimized.
This comment has been minimized.
danburkert
May 11, 2017
Owner
Does ReadCopy even make sense for an Anonymous mapping? I'm having a hard time reasoning through some of these semantics.
This comment has been minimized.
This comment has been minimized.
bugaevc
May 11, 2017
Author
Contributor
No, not really; again, it's here for consistency. Do you think we should work out what combinations are actually useful and only allow those?
This comment has been minimized.
This comment has been minimized.
danburkert
May 12, 2017
Owner
Yah, I think eventually we should, but we can punt for now and do it in a follow-up commit.
This comment has been minimized.
This comment has been minimized.
|
We could get rid of protection in public API entirely, instead exposing a bunch of methods: |
bugaevc
force-pushed the
bugaevc:overhaul-api
branch
2 times, most recently
from
1a768dc
to
6384afc
May 11, 2017
This comment has been minimized.
This comment has been minimized.
|
Rebased to separate Please let me know what you think about my suggestion above. |
danburkert
requested changes
May 12, 2017
|
Looks good, just a few comments. Could you switch the |
| /// | ||
| /// This method returns `Err` when the underlying system call fails, which can happen for | ||
| /// a variety of reasons, such as when you don't have the necessary permissions for the file. | ||
| pub fn map(&self) -> Result<Mmap> { |
This comment has been minimized.
This comment has been minimized.
danburkert
May 12, 2017
Owner
I think we should go ahead and remove it unless there's a compelling reason to keep it at this point. We can always add it back later if a case can be made.
| ErrorKind::InvalidInput, | ||
| "Invalid protection for a mutable mapping", | ||
| )), | ||
| Protection::ReadWrite | Protection::ReadCopy => Ok( |
This comment has been minimized.
This comment has been minimized.
danburkert
May 12, 2017
Owner
Yah, I think eventually we should, but we can punt for now and do it in a follow-up commit.
| @@ -78,13 +77,7 @@ impl MmapInner { | |||
| } | |||
| } | |||
|
|
|||
| /// Check if a file needs to be writable for copy-on-write mode. | |||
| #[inline] | |||
| pub fn needs_write_for_copy() -> bool { | |||
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
I merged the view removal commit, so you may need to rebase over that. |
bugaevc
added some commits
May 10, 2017
bugaevc
force-pushed the
bugaevc:overhaul-api
branch
from
6384afc
to
3ffc31b
May 12, 2017
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
|
Awesome, thanks. As for Rust 1.8, there is no hard and fast requirement except that that's the status quo, so if it's not too onerous to maintain I'd prefer to. This crate is likely to be a widely used dependency, and if it forces a certain rustic version, then it's forced on everyone who uses it as well. Basically the same reason that libc maintains long backwards compat windows. Will take a look and likely merge tonight or over the weekend. Thanks again for the help! |
danburkert
approved these changes
May 12, 2017
This comment has been minimized.
This comment has been minimized.
|
Great! So, if you think this:
is worth a |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Any news? |
danburkert
merged commit da7000b
into
danburkert:master
May 22, 2017
This comment has been minimized.
This comment has been minimized.
|
Thanks! |
bugaevc commentedMay 10, 2017
Overhaul the API as requested in #33. In particular,
MmapViewandMmapViewSynctypesMmapandMmapMutfor readable and readable/writable mappings respectively. They implementDeref<Target = [u8]>/DerefMutas appropriate.Mmaphas noflushmethods.set_protection(), providemake_mut()andmake_read_only()to safely convert betweenMmapandMmapMut.open,open_path,anonymous_with_options, ... methods. Instead, provide twoOpenOptions-style builders, one for file-backed and one for anonymous mappings.std::fs::File.memmap::file()isunsafe. This seems to be the best approach, although it is always safe to use it withReadCopy.Protectionunless specified explicitly.use super as memmapdoesn't seem to work, rustc says thatsuperis not found because it's the root module, WTF? Yet,use super::*works. Check out the workaround I came up with.