-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C++ ergonomic usage suggestion #8
Comments
Thanks so much for putting this together! This is super helpful. I will take care of incorporating your suggestions over the next couple days. One question for you on Now suppose that someone had: #[cxx::bridge]
mod ffi {
struct Thing {
b: Box<X>,
}
extern "C" {
type X;
fn f(thing: &mut Thing);
}
} void f(Thing &thing) {
box<X> moveconstruct(std::move(thing.b));
} This is UB because we move from the box but the whole Thing and Box are still owned by Rust, so the Box's Drop impl will be run by Rust and see the 0. I want code like this to be considered wrong C++ code. Do we get to just say "don't do that", meaning don't move from a box that isn't immediately going to be destroyed? As I understand it, move is usually expected to leave the old object in some valid but unspecified state that is safe to destroy. How does that mesh here? It's safe to destroy in C++ but not Rust. Are we forced to do something more expensive in move, or cut move altogether? |
Is the issue that the C++ |
Happy to help! The API could be improved further, but this was just me spending a bit of time on the interface :)
If this is the thing you're trying to avoid, there are options available. For instance as long as don't ever actually move the value onto the C++ side with the intention that it will be destroyed there, some kind of an "adopting" pointer might be useful (though my proposed type P0468 is not slated until C++23, it is easily implementable and might be useful here. However, it relies on reference counting and would be better served for helping to implement a C++ equivalent to Also keep in mind that clang now has a
The nice thing about the wording is that while the standard requires that types be in an unspecified state, we the users can actually specify the exact state it is in. (Thus if we document what we do, people can't technically be surprised because it means they didn't read the documentation 😅)
Not so much. Having an |
I've incorporated or filed issues to track all of these suggestions. Thanks again! This has made the library much better. The remaining work is tracked in #58 (swaps) and #102 (in_place constructions). One issue that's come up where I may need expert C++ guidance is #104, deciding which constructors to make |
As mentioned in #5, there is need for better namespace usage. Additionally, I understand the need for ABI compatibility, and quickly hacked up an improved API suggestion on the C++ side. This will of course required additional work on the rust side of things, but wanted to get feedback first.
Below, is a C++17 (though backportable to C++11 with minimal effort) API mockup for an improved API. Among the changes are
inline namespace
namedv1
str
actually private. If its needed in generated code, I recommend using thefriend
keyword.from_raw
andinto_raw
could be turned into construction and explicit casting to a more opaque class (this class could be made into afriend
of box, or vice versa. This reduces the need for unnecessary encapsulation, and also allows the type system to take care of some unsafety for us). For now I've just used a unique_ptr, which will cause a compiler error if an opaque type would be destructed.iosfwd
instead ofiostream
. I recommend looking at what happens per translation unit when includingiostream
. It's not pretty, butiosfwd
allows us to forward declare theostream
insertion operators without incurring this overhead.explicit
. This saves more headaches in the long run, I assure you.explicit operator bool
, so it can be used inif()
statements, and is more in line withunique_ptr
, which is the closest thing on the C++ side.std::addressof
and::new
. Adopting this API would allow Windows support? #6 to be completed.I also know quite a bit about build systems and the C++ language (and API design) in general, so feel free to ask any questions :)
The text was updated successfully, but these errors were encountered: