PyCapsule: allow zero-sized types#5889
Conversation
Tpt
force-pushed
the
tpt/allow-zero-sized-capsule
branch
from
1fc4d3a to
c5a29a9
Compare
|
I think I'm in favour of this, seems like no technical reason we should restrict users in this way 👍 |
`Box::into_raw` never returns a null pointer so it seems safe
Tpt
force-pushed
the
tpt/allow-zero-sized-capsule
branch
from
c5a29a9 to
70c66a0
Compare
|
Do we need to consider that the ZST story in C is at least somewhat convoluted? Or do we want to support this as a way of Rust to Rust communication over the C ABI? |
Good question. My "hot" take would be that if the user plans to dereference the pointer from C then they already need to care about the ABI of the pointed data, and care about ZST is part of it. So, preventing ZST is only a very small part of making this safe. |
|
I think I agree with that statement. Probably the real requirement is that the data in every capsule should probably be ... or thinking about it more, does that actually imply that |
Yes!
Yes! I don't see an other way with current Rust (it would be nice to have a
Yes on the UB issue. Not sure about making the PyCapsule constructor unsafe because there is already the "unsafe" operation of dereferencing the pointer from the capsule and it's this operation that actually triggers the UB if the type does not have a stable layout. |
|
Ah yes, you're of course right - just like creating a pointer is safe, we can create a capsule as long as it's not dereferenced. So I think we just need to ensure the layout stability is appropriately documented, probably both on constructors and the pointer retrieval ops. |
davidhewitt
left a comment
davidhewitt
left a comment
There was a problem hiding this comment.
In which case let's just merge this and make sure the documentation pass on #5881 is appropriately covered.
4 participants
Box::into_rawnever returns a null pointer so it seems safeAlternative to #5882, see this MR for context