Safer poll timeout

[JonathanWoollett-Light]

Implements a wrapper around i32 for the timeout argument in poll::poll.

This prevents the error case:

EINVAL (ppoll()) The timeout value expressed in *ip is invalid
(negative).

Most of the code additions are simple conversions to/from integer primitives.

An alternative approach to implement the same safety with less code would require something like https://internals.rust-lang.org/t/non-negative-integer-types/17796 and would offer less usability like converting to/from std::time::Durations.

[asomers]

CI is failing because you're trying to use rust 1.58.0, but the 1.58 container installs 1.58.1. Change the VERSION to 1.58.1

[JonathanWoollett-Light]

CI is failing because you're trying to use rust 1.58.0, but the 1.58 container installs 1.58.1. Change the VERSION to 1.58.1

Thank you for letting me know.

Why is this the case?

[asomers]

CI is failing because you're trying to use rust 1.58.0, but the 1.58 container installs 1.58.1. Change the VERSION to 1.58.1

Thank you for letting me know.

Why is this the case?

That's just the convention for the rust-lang containers. They always include the newest patch release.

[asomers]

Is this supposed to be C's INFTIM, and if so shouldn't it be -1?

[JonathanWoollett-Light]

I think I was originally using a unsigned integer type here for some reason e.g. 1 << 31 == -1. But it makes more sense to use -1 now, will change this.

[asomers]

You should update the docs for the timeout variable.

[JonathanWoollett-Light]

Updated docs

[asomers]

You can delete this part, and all of the other MSRV stuff, since we'll merge #1862 first.

[JonathanWoollett-Light]

Dropped this commit

[asomers]

I think TryFromI128Error and TryFromI64Error are exactly the same. Could you use a single error type?

[JonathanWoollett-Light]

Made some changes to the conversions to remove this error type.

[asomers]

Suggested change

	// SAFETY: `x.0` is always positive.
	// SAFETY: `x.0` is always nonnegative.

[JonathanWoollett-Light]

Fixed.

[asomers]

Just to program defensively, I recommend:

Suggested change

	*self == Self::NONE
	*self <= Self::NONE

[JonathanWoollett-Light]

You've right, fixed it.

[asomers]

I think it would be more usable, and more backwards compatible, to write the signature like this:

Suggested change

	pub fn poll(fds: &mut [PollFd], timeout: PollTimeout) -> Result<libc::c_int> {
	pub fn poll<T: Into<PollTimeout>>(fds: &mut [PollFd], timeout: T) -> Result<libc::c_int> {

[JonathanWoollett-Light]

Makes sense, made the change.

[JonathanWoollett-Light]

BTW, CI is failing due the an unused import:

// test_poll.rs

error: unused import: `close`
 --> test/test_poll.rs:4:14
  |
4 |     unistd::{close, pipe, write},
  |              ^^^^^
  |
  = note: `-D unused-imports` implied by `-D warnings`

error: could not compile `nix` due to previous error

Fixed

[asomers]

I think naming this method as_millis would be more idiomatic. For example, it would mirror Duration::as_millis. And since it will never return a negative value, should it return u32 instead of i32?

[JonathanWoollett-Light]

I've split this into 2 functions:

    /// Returns the timeout in milliseconds if there is some, otherwise returns `None`.
    pub fn as_millis(&self) -> Option<i32> {
        self.is_some().then_some(self.0)
    }
    /// Returns the timeout as a `Duration` if there is some, otherwise returns `None`.
    pub fn timeout(&self) -> Option<Duration> {
        self.as_millis().map(|x|Duration::from_millis(u64::try_from(x).unwrap()))
    }

[JonathanWoollett-Light]

I think using i32 or u32 each have their own drawbacks here, ideally we could use u31 with something like https://crates.io/crates/ux but this crate is not actively maintained. I tried my hand at making a better version as an experiment with https://crates.io/crates/ux2 but I am busy so am not able to maintain this alone.

[SteveLauC]

I agree that u31 suits best here, but before switching to the ux or ux2 crate, u32 is the better choice compared to i32

[SteveLauC]

What about this one?

[JonathanWoollett-Light]

I am okay to use u32.

[JonathanWoollett-Light]

Updated to u32.

[asomers]

Actually, accepting negative values for timeout seems to be a Linuxism. POSIX only requires that -1 be interpreted as "forever", and FreeBSD will return EINVAL for other negative values. Please make it impossible to contruct a PollTimeout with a negative value other than -1.

[SteveLauC]

BTW, we have changed our changelog mode, please see CONTRIBUTING.md on how to add changelog entries

[SteveLauC]

Left some comments, I think this PR is ready for merge after addressing these comments

[SteveLauC]

The CI failure is not related to this PR

[asomers]

I can't reproduce the failure. Could github somehow be using a cached Cargo.lock file?

[SteveLauC]

I can't reproduce the failure. Could github somehow be using a cached Cargo.lock file?

Try this? I can reproduce it even with an empty hello-world crate

[asomers]

Ahh, so it's a toolchain bug. I thought it was a libc bug. I'll open a bug upstream. In the meantime, we'll either have to disable this target, or pin our rustc version.

[SteveLauC]

Ahh, so it's a toolchain bug. I thought it was a libc bug. I'll open a bug upstream. In the meantime, we'll either have to disable this target, or pin our rustc version.

I will pin the nightly toolchain to the version just before that