Closed Bug 1613176 Opened 4 years ago Closed 4 years ago

Add a lint to avoid passing types with destructors through the FFI boundaries.

Categories

(Developer Infrastructure :: Source Code Analysis, task)

Product:
Developer Infrastructure
Component:
Source Code Analysis
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(firefox75 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla75
Tracking Flags:
Tracking Status
firefox75 --- fixed

People

(Reporter: emilio, Assigned: emilio)

References

Details

Attachments

(3 files)

Bug 1613176 - Prove to the incoming clang plugin that our templates are indeed trivially copiable. r=boris,#style
47 bytes, text/x-phabricator-request
Details | Review
Bug 1613176 - Introduce NonTrivialTypeInFfiChecker. r=andi
47 bytes, text/x-phabricator-request
Details | Review
Bug 1613176 - Enable -Wreturn-type-c-linkage. r=#build
47 bytes, text/x-phabricator-request
Details | Review
No description provided.

Passing these types behind a pointer or reference type should be OK, but passing them by-value may act poorly, due to differences in destructor semantics between C++ and Rust around function boundaries. The behaviour of this lint would want to be similar to the non_param annotation, but probably only impacting methods with an extern "C" linkage.

It's unclear whether we can make this completely implicit, based on linkage and trivial destructors, or whether we'd need to annotate cross-language methods or cross-language types due to false-positives.

yeah, I'll try to give a shot to something like this, implicit first and then we'll see.

Flags: needinfo?(emilio)
Assignee: nobody → emilio
Flags: needinfo?(emilio)
Summary: Consider adding a lint to avoid passing types with destructors through the FFI boundaries. → Add a lint to avoid passing types with destructors through the FFI boundaries.
Flags: needinfo?(emilio)

Otherwise it'd error, which is not great. We could add a custom attribute in
there if needed or something, or fix cbindgen to generate these for us as
described in the issue linked from the comments.

Do this in ServoStyleConstsInlines as that's where we have the guarantee that
the templates have been defined, and that the file is included every time
ServoStyleConsts is included.

This ensures that we don't pass non-trivially-copiable types through the FFI
boundary.

Depends on D61625

JSAPI functions are not extern "C" anymore. This warning has a couple false
positives due to template specialization (see first patch of this bug), but we
were already working around them, because apparently some mingw builds use it.

Once I fix cbindgen to generate the specializations as needed we can remove
those workarounds, but this is green in the meantime and doesn't hurt.

Depends on D61626

Flags: needinfo?(emilio)
Keywords: leave-open
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/879a5784bc60
Enable -Wreturn-type-c-linkage. r=froydnj
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5f9ed835ff4b
Prove to the incoming clang plugin that our templates are indeed trivially copiable. r=boris
Attachment #9124362 - Attachment description: Bug 1613176 - Introduce NonTrivialTypeInFfiChecker. r=nika,andi → Bug 1613176 - Introduce NonTrivialTypeInFfiChecker. r=andi
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/80d4c3f20004
Introduce NonTrivialTypeInFfiChecker. r=andi
Keywords: leave-open

https://hg.mozilla.org/mozilla-central/rev/80d4c3f20004

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox75: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
Product: Firefox Build System → Developer Infrastructure
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: