Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pointer._offset is private, but Array.cpointer takes an offset argument. #2782

Closed
jemc opened this issue Jun 12, 2018 · 5 comments · Fixed by #3177
Closed

Pointer._offset is private, but Array.cpointer takes an offset argument. #2782

jemc opened this issue Jun 12, 2018 · 5 comments · Fixed by #3177
Assignees
@jemc

Comments

@jemc
Copy link
Member

jemc commented Jun 12, 2018

This is a contradiction in safety boundaries I noticed while working on a fix for how File handles writev calls that don't complete.

Pointer._offset, which allows you to get a relative pointer based on the current one, is private - it cannot be used outside of the builtin library.

In contrast, Array.cpointer accepts an offset argument that allows you to do the same thing, without any bounds checking, provided that your original pointer is coming from an Array.

If one is safe to expose, then the other should be as well. And vice versa.
@jemc
Copy link
Member Author

jemc commented Jun 12, 2018
edited
Loading

I think this is a principle of least surprise bug.

I propose we make Pointer._offset public. The Array.cpointer with offset call is already used for writev processing in both TCPConnection and File, so we can't easily remove it. And for whatever it's worth, having a public method for Pointer._offset would also be helpful in my current work around fixing error handling for File's writev invocation.

I think you're not really breaking memory safety as long as you can't actually access the memory without FFI.

@sylvanc
Copy link
Contributor

sylvanc commented Jun 20, 2018

Pointer._offset returns this->Pointer[A]:

  fun _offset(n: USize): this->Pointer[A] =>
    """
    Return a pointer to the n-th element.
    """
    compile_intrinsic

That's significantly more permissive than Array.cpointer, which returns Pointer[A] tag.

Having a Pointer[A] ref could allow the use of Array.from_pointer, etc. I think that's problematic?

@jemc
Copy link
Member Author

jemc commented Jun 22, 2018
edited
Loading

Correct, yeah. I noticed that while working on this locally, but forgot to update the ticket with the new information.

In my local branch that "fixes" this ticket, it keeps the current private _offset function, but adds a new public offset function that returns a Pointer[A] tag.

How does that sound to you?

@jemc
Copy link
Member Author

jemc commented Aug 8, 2018

The issue ticket has the "needs discussion during sync" label because it's pending further discussion with @sylvanc.

@jemc
Copy link
Member Author

jemc commented Sep 26, 2018

Discussed this on today's sync call - @sylvanc is fine with this as long as we keep the private _offset: Pointer ref and add the public offset: Pointer tag.

@jemc jemc self-assigned this Nov 6, 2018
dipinhora added a commit to dipinhora/ponyc that referenced this issue Dec 1, 2018
@dipinhora
Cleanup TCPConnection GC-safety mechanism for writev buffers
462cc9a 
Prior to this commit, the TCPConnection `pending_writev` buffer had to
have a secondary buffer called `_pending` to ensure that the data
wouldn't get GC'd too early by the runtime.

This commit removes that hack and replaces it with a slightly different
hack based on the strategy used in `File` in PR ponylang#2775. The hacky part
is that now we have two buffers for `writev` data. One for windows
(`_pending_windows`) and one for non-windows (`_pending_posix`) to
account for the difference in order of the struct between windows
and posix. This, however, seems less bad than the previous hack of
having the secondary buffer to ensure GC safety.

resolves ponylang#2782
resolves ponylang#2779
dipinhora added a commit to dipinhora/ponyc that referenced this issue Jun 8, 2019
@dipinhora
Cleanup TCPConnection GC-safety mechanism for writev buffers
d5084d9 
Prior to this commit, the TCPConnection `pending_writev` buffer had to
have a secondary buffer called `_pending` to ensure that the data
wouldn't get GC'd too early by the runtime.

This commit removes that hack and replaces it with a slightly different
hack based on the strategy used in `File` in PR ponylang#2775. The hacky part
is that now we have two buffers for `writev` data. One for windows
(`_pending_windows`) and one for non-windows (`_pending_posix`) to
account for the difference in order of the struct between windows
and posix. This, however, seems less bad than the previous hack of
having the secondary buffer to ensure GC safety.

resolves ponylang#2782
resolves ponylang#2779
This was referenced Jun 8, 2019
Closed
Merged
dipinhora added a commit to dipinhora/ponyc that referenced this issue Jun 9, 2019
@dipinhora
Cleanup TCPConnection GC-safety mechanism for writev buffers
32d6b51 
Prior to this commit, the TCPConnection `pending_writev` buffer had to
have a secondary buffer called `_pending` to ensure that the data
wouldn't get GC'd too early by the runtime.

This commit removes that hack and replaces it with a slightly different
hack based on the strategy used in `File` in PR ponylang#2775. The hacky part
is that now we have two buffers for `writev` data. One for windows
(`_pending_windows`) and one for non-windows (`_pending_posix`) to
account for the difference in order of the struct between windows
and posix. This, however, seems less bad than the previous hack of
having the secondary buffer to ensure GC safety.

resolves ponylang#2782
resolves ponylang#2779
SeanTAllen pushed a commit that referenced this issue Jun 9, 2019
@dipinhora @SeanTAllen
Cleanup TCPConnection GC-safety mechanism for writev buffers
c48aa3c 
Prior to this commit, the TCPConnection `pending_writev` buffer had to
have a secondary buffer called `_pending` to ensure that the data
wouldn't get GC'd too early by the runtime.

This commit removes that hack and replaces it with a slightly different
hack based on the strategy used in `File` in PR #2775. The hacky part
is that now we have two buffers for `writev` data. One for windows
(`_pending_windows`) and one for non-windows (`_pending_posix`) to
account for the difference in order of the struct between windows
and posix. This, however, seems less bad than the previous hack of
having the secondary buffer to ensure GC safety.

resolves #2782
resolves #2779
patches11 pushed a commit to patches11/ponyc that referenced this issue Jun 29, 2019
@dipinhora @patches11
Cleanup TCPConnection GC-safety mechanism for writev buffers
b1cd645 
Prior to this commit, the TCPConnection `pending_writev` buffer had to
have a secondary buffer called `_pending` to ensure that the data
wouldn't get GC'd too early by the runtime.

This commit removes that hack and replaces it with a slightly different
hack based on the strategy used in `File` in PR ponylang#2775. The hacky part
is that now we have two buffers for `writev` data. One for windows
(`_pending_windows`) and one for non-windows (`_pending_posix`) to
account for the difference in order of the struct between windows
and posix. This, however, seems less bad than the previous hack of
having the secondary buffer to ensure GC safety.

resolves ponylang#2782
resolves ponylang#2779
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jemc jemc

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@SeanTAllen @sylvanc @jemc