-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow #[cppgc] &mut T
in sync ops
#791
Conversation
#[repr(C)] | ||
struct InnerMember { | ||
inner: [usize; 2], | ||
ptr: *mut (), | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: add v8::cppgc::InnerMember::as_mut
in rusty_v8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not clear as to the safety of this. For example, this is currently valid but very unsafe:
#[op2(async)]
async fn op_use_cppgc_object_mut_async(#[cppgc] _wrap: &mut Wrap, #[cppgc] _wrap2: &mut Wrap) {}
When called with the same object for first and second argument.
pub fn try_unwrap_cppgc_object<'sc, T: GcResource + 'static>( | ||
val: v8::Local<'sc, v8::Value>, | ||
) -> Option<&'sc T> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not safe anymore. Please now mark as unsafe. The caller has to guarantee that there are not more than one user currently called try_unwrap_cppgc_object
on this object.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add an unsafe variant that returns &mut
} | ||
(Position::Arg, Type::Reference(of)) => match &*of.elem { | ||
Type::Path(of) => Ok(Arg::CppGcResource(stringify_token(&of.path))), | ||
_ => Err(ArgError::InvalidCppGcType(stringify_token(ty))), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_ => Err(ArgError::InvalidCppGcType(stringify_token(*of.elem))),
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should also not be allowed on #[op2(reentrant)]
(that would be unsafe).
I think we should revert this for now - it's not clear to me how to make this safe yet, and what restrictions we need. We should talk about this more.
Also, for such fundamental issues we need more than one review. These are incredibly delicate components of our stack, and they need to be very well audited, especially when involving unsafe code.
This reverts commit 3cc4464.
Allow
#[cppgc] _: &mut T
and#[cppgc] _: Option<&mut T>
Closes #787
Trying to use it with async op gives a compiler error: