Convert Windows to use check_shim_sig instead of check_shim_sig_lenient #4779
Conversation
|
Thank you for contributing to Miri! A reviewer will take a look at your PR, typically within a week or two. |
| "*const _" => $this.machine.layouts.const_raw_ptr.ty, | ||
| "*mut _" => $this.machine.layouts.mut_raw_ptr.ty, | ||
| ty if let Some(libc_ty) = ty.strip_prefix("libc::") => $this.libc_ty_layout(libc_ty).ty, | ||
| ty if let Some(win_ty) = ty.strip_prefix("winapi::") => |
There was a problem hiding this comment.
This is shorthand for a longer path used by the windows_ty_layout function, I thought this made usage a lot nicer and more readable.
There was a problem hiding this comment.
Sounds good! Please document this in the doc comment for shim_sig!.
| getrandom_01::getrandom(&mut data).unwrap(); | ||
|
|
||
| // TODO: getrandom 0.2 uses the wrong return type for BCrypteGenRandom | ||
| #[cfg(not(target_os = "windows"))] |
There was a problem hiding this comment.
0.2 uses u32 for the return type, not i32. We now check this and report UB. Is this worth reporting upstream for a backport?
There was a problem hiding this comment.
There was a getrandom 0.2 release this year... so yeah you might as well report it upstream, but no reason to block this PR on that.
| } else { | ||
| CanonAbi::C | ||
| }; | ||
| // TODO: Use this in shim-sig instead of 'system'? Or is that good enough for ExternAbi? |
There was a problem hiding this comment.
Drawing attention to this - no tests are failing, but I need to double check whether this works, or if I need to make the shim_sig macro support dynamic ABIs.
There was a problem hiding this comment.
"system" was added exactly to support the Windows API, so extern "system" really ought to work. Please just remove this comment.
| let [token, buf, size] = | ||
| this.check_shim_sig_lenient(abi, sys_conv, link_name, args)?; | ||
| let [token, buf, size] = this.check_shim_sig( | ||
| shim_sig!(extern "system" fn(winapi::HANDLE, *mut _, *mut _) -> winapi::BOOL), |
There was a problem hiding this comment.
General note - I preferred using fundamental types in most places, but I left a couple fundamental windows API types as their winapi::* variants, for clarity or because they have somewhat odd Rust representations.
BOOL: Actually an i32, which is unexpected to most not familiar with it.HANDLE: This has switched betweenisizeand*mut _in the past, and many Windows shims actually treat it as its own special thing.HLOCALandHMODULE: Aliases forHANDLE, but with the implication they represent only certain types of handle.FARPROC: ActuallyOption<extern "C" fn()>. Much easier to load the resolved layout of that, instead of trying to addOptionandfnspecial-cased toshim_sig_arg.
I can swap some of these to their literal representations if preferred, it may be a bit more performant, but it also may be worth adding caching to the *_ty_layout functions.
There was a problem hiding this comment.
I'd add that a HLOCAL is a pointer to memory allocated by LocalAlloc and HMODULE is a pointer to a module's base address. Neither of these are handles in the same sense as HANDLE is despite being defined as a type alias (which is why they can't be passed to normal handle functions).
There was a problem hiding this comment.
Sounds good! I will note though that this cuts both ways -- if someone reads just the Miri code, it's quite confusing to see winapi::BOOL and then later i32 for the same argument. Not sure if there's much we can do about that.
| let [_First, _Handler] = | ||
| this.check_shim_sig_lenient(abi, sys_conv, link_name, args)?; | ||
| let [first, handler] = this.check_shim_sig( | ||
| shim_sig!(extern "system" fn(u32, *mut _) -> *mut _), |
There was a problem hiding this comment.
I standardized all the names. I can undo this if desired, it just seemed like a good drive-by since most stuff uses Rust-style names, not the Windows API names.
There was a problem hiding this comment.
Fine for me; so far we just didn't have anyone care enough to try and standardize this code.
FWIW, we also have a mix of styles for the functions that implement these shims, if they are implemented in separate functions.
CraftSpider
force-pushed
the
windows-shim-sig
branch
from
4824149 to
9cebf4e
Compare
|
This PR was rebased onto a different master commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
There was a problem hiding this comment.
Thanks! Nice to see the macro work at scale. :)
I will just trust that those signatures are correct based on the test passing; I have no intuition for Windows APIs so I'd have to check every one of them manually...
The only actually requested change here is a comment nit.
| "*const _" => $this.machine.layouts.const_raw_ptr.ty, | ||
| "*mut _" => $this.machine.layouts.mut_raw_ptr.ty, | ||
| ty if let Some(libc_ty) = ty.strip_prefix("libc::") => $this.libc_ty_layout(libc_ty).ty, | ||
| ty if let Some(win_ty) = ty.strip_prefix("winapi::") => |
There was a problem hiding this comment.
Sounds good! Please document this in the doc comment for shim_sig!.
| getrandom_01::getrandom(&mut data).unwrap(); | ||
|
|
||
| // TODO: getrandom 0.2 uses the wrong return type for BCrypteGenRandom | ||
| #[cfg(not(target_os = "windows"))] |
There was a problem hiding this comment.
There was a getrandom 0.2 release this year... so yeah you might as well report it upstream, but no reason to block this PR on that.
| #[cfg(not(target_os = "solaris"))] | ||
| getrandom_01::getrandom(&mut data).unwrap(); | ||
|
|
||
| // TODO: getrandom 0.2 uses the wrong return type for BCrypteGenRandom |
There was a problem hiding this comment.
| // TODO: getrandom 0.2 uses the wrong return type for BCrypteGenRandom | |
| // On Windows, getrandom 0.2 uses the wrong return type for BCrypteGenRandom. |
| } else { | ||
| CanonAbi::C | ||
| }; | ||
| // TODO: Use this in shim-sig instead of 'system'? Or is that good enough for ExternAbi? |
There was a problem hiding this comment.
"system" was added exactly to support the Windows API, so extern "system" really ought to work. Please just remove this comment.
| let [token, buf, size] = | ||
| this.check_shim_sig_lenient(abi, sys_conv, link_name, args)?; | ||
| let [token, buf, size] = this.check_shim_sig( | ||
| shim_sig!(extern "system" fn(winapi::HANDLE, *mut _, *mut _) -> winapi::BOOL), |
There was a problem hiding this comment.
Sounds good! I will note though that this cuts both ways -- if someone reads just the Miri code, it's quite confusing to see winapi::BOOL and then later i32 for the same argument. Not sure if there's much we can do about that.
| // See `fn emulate_foreign_item_inner` in `shims/foreign_items.rs` for the general pattern. | ||
|
|
||
| // Windows API stubs. | ||
| // HANDLE = isize |
There was a problem hiding this comment.
| // HANDLE = isize | |
| // HANDLE = *mut c_void (formerly: isize) |
| let [file, distance_to_move, new_file_pointer, move_method] = | ||
| this.check_shim_sig_lenient(abi, sys_conv, link_name, args)?; | ||
| let [file, distance_to_move, new_file_pointer, move_method] = this.check_shim_sig( | ||
| // i64 is actually a LARGE_INTEGER union of {u32, i32} and {i64} |
There was a problem hiding this comment.
And that becomes just i64 on the ABI level? Those types are not ABI-compatible under Rust rules... but I guess they are compatible on Windows targets so "it's fine".^^
| let [_First, _Handler] = | ||
| this.check_shim_sig_lenient(abi, sys_conv, link_name, args)?; | ||
| let [first, handler] = this.check_shim_sig( | ||
| shim_sig!(extern "system" fn(u32, *mut _) -> *mut _), |
There was a problem hiding this comment.
Fine for me; so far we just didn't have anyone care enough to try and standardize this code.
FWIW, we also have a mix of styles for the functions that implement these shims, if they are implemented in separate functions.
rustbot
added
S-waiting-on-author
|
Reminder, once the PR becomes ready for a review, use |
4 participants
No description provided.