Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New lint: type which is not FFI-safe #111

Open
ratijas opened this issue Sep 7, 2020 · 0 comments
Open

New lint: type which is not FFI-safe #111

ratijas opened this issue Sep 7, 2020 · 0 comments
Assignees
@ratijas
Labels
A-rust Area: Rust glue C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority

Comments

@ratijas
Copy link
Collaborator

ratijas commented Sep 7, 2020

Recent versions of Rust (1.46.0 per the moment of writing) started showing the warning when compiling the project: warning: extern fn uses type std::cell::RefCell<dyn QObject>, which is not FFI-safe. It concerns exactly two functions: RustObject_metaObject and RustObject_destruct.

Full text of warnings:

warning: `extern` fn uses type `std::cell::RefCell<dyn QObject>`, which is not FFI-safe
   --> qmetaobject/src/lib.rs:569:51
    |
569 | pub unsafe extern "C" fn RustObject_metaObject(p: *mut RefCell<dyn QObject>) -> *const QMetaObject {
    |                                                   ^^^^^^^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: `#[warn(improper_ctypes_definitions)]` on by default
    = help: consider adding a `#[repr(C)]` or `#[repr(transparent)]` attribute to this struct
    = note: this struct has unspecified layout

warning: `extern` fn uses type `std::cell::RefCell<dyn QObject>`, which is not FFI-safe
   --> qmetaobject/src/lib.rs:575:49
    |
575 | pub unsafe extern "C" fn RustObject_destruct(p: *mut RefCell<dyn QObject>) {
    |                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = help: consider adding a `#[repr(C)]` or `#[repr(transparent)]` attribute to this struct
    = note: this struct has unspecified layout

What do we have here is *mut RefCell<dyn QObject>. "RefCell" part is unsized (?Sized) which means 1) it holds any QObject data, 2) it can be stored and accessed only by some kind of "fat-pointer" reference — in this case it's *mut which takes 2 words (16 bytes on x86_64), clearly a trait object with vtable info attached.

Let's see why the warning showed up in the first place. As far as compiler concerned, *mut RefCell<dyn QObject> essentially is:

  • a fat pointer (not stable API & ABI, but in practice quite reliable for the time being)...
  • to a RefCell (no #[repr], two fields)...
  • of a dyn QObject (unsized trait object, type unknown at compile time, unknown ABI).

Seems like a reasonable warning from rustc after all, as most regular Rust programmers should not mess with trait objects representation.

In my opinion, it would be reasonable to silence the warning in these specific functions. Also, it is possible that the issue would get resolved by the fix to #110.
@ratijas ratijas self-assigned this Sep 7, 2020
@ratijas ratijas added A-rust Area: Rust glue C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority labels Jun 30, 2021
@ratijas ratijas changed the title new lint: type which is not FFI-safe New lint: type which is not FFI-safe Jun 30, 2021
@hasezoey hasezoey mentioned this issue Feb 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ratijas ratijas

Labels
A-rust Area: Rust glue C-bug Category: This is a bug. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ratijas