kjuulh/rhai
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Remove unsound casting functions

Browse Source 
The casting functions in `unsafe.rs` were unsound (i.e., they allowed
safe code to cause undefined behavior). While they did appear to be used
in a way that wouldn't cause UB the fact that there exists unsound
functions is unsettling.

This commit removes those functions and replaces it with a macro that
performs the same reification - the difference is that the macro call
will also include the checks which are required to prevent UB. A macro
was chosen instead of a function for two reasons:

1. A macro can keep the same code generation whereas a function would
   require going through an `Option` which has negative impacts on code
   generation (niche values cause poor DCE).
2. There exist other `unsafe` code blocks in the crate and an attempt to
   make Rhai 100% safe is completely out-of-scope for this merge
   request, so we may as well use `unsafe` in the macro.

Regarding (2) above, I may come back at a later date with a 100% safe
`reify` function but only once the other `unsafe` blocks are removed.
For posterity, said function would look something like:

```rust
fn reify<A: Any, C>(value: A) -> Option<C> {
    let mut v = Some(value);
    let v: &mut dyn Any = &mut v;
    v.downcast_mut::<Option<C>>().map(Option::take)
}
```
This commit is contained in:
Nathan Kent
2022-02-05 16:29:05 -08:00
parent 6a740a9fa1
commit 86d86a85e4
7 changed files with 94 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/reify.rs Normal file
View File

@@ -0,0 +1,26 @@
/// Runs `$code` if `$old` is of type `$t`.
#[macro_export]
macro_rules! reify {
($old:ident, |$new:ident : $t:ty| $code:expr, || $fallback:expr) => {{
#[allow(unused_imports)]
use ::std::{any::{Any, TypeId}, mem::{ManuallyDrop, transmute_copy}};
if TypeId::of::<$t>() == $old.type_id() {
// SAFETY: This is safe because we check to make sure the two types are
// actually the same type.
let $new: $t = unsafe { transmute_copy(&ManuallyDrop::new($old)) };
$code
} else {
$fallback
}
}};
($old:expr, |$new:ident : $t:ty| $code:expr, || $fallback:expr) => {{
let old = $old;
reify!(old, |$new : $t| $code, || $fallback)
}};
($old:ident, |$new:ident : $t:ty| $code:expr) => {
reify!($old, |$new : $t| $code, || ())
};
($old:expr, |$new:ident : $t:ty| $code:expr) => {
reify!($old, |$new : $t| $code, || ())
};
}