Chiebot-Mirror
/
protobuf
mirror of https://github.com/protocolbuffers/protobuf.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Change `upb` crate source to not use std or alloc

Browse Source 
PiperOrigin-RevId: 671865731
pull/18152/head
Protobuf Team Bot 5 months ago committed by Copybara-Service
parent e3f37a2eb0
commit b35d4bad3c
13 changed files with 94 additions and 101 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      rust/upb.rs
  2. 121
      rust/upb/arena.rs
  3. 6
      rust/upb/array.rs
  4. 2
      rust/upb/extension_registry.rs
  5. 2
      rust/upb/map.rs
  6. 4
      rust/upb/message.rs
  7. 8
      rust/upb/message_value.rs
  8. 2
      rust/upb/mini_table.rs
  9. 2
      rust/upb/opaque_pointee.rs
  10. 14
      rust/upb/owned_arena_box.rs
  11. 6
      rust/upb/string_view.rs
  12. 2
      rust/upb/text.rs
  13. 6
      rust/upb/wire.rs

20
rust/upb.rs
Unescape View File

@ -13,7 +13,6 @@ use crate::{
Proxied, ProxiedInMapValue, ProxiedInRepeated, Repeated, RepeatedMut, RepeatedView, View,
};
use core::fmt::Debug;
use std::alloc::Layout;
use std::mem::{size_of, ManuallyDrop, MaybeUninit};
use std::ptr::{self, NonNull};
use std::slice;
@ -133,21 +132,6 @@ impl<'msg> MutatorMessageRef<'msg> {
}
}
fn copy_bytes_in_arena<'msg>(arena: &'msg Arena, val: &'msg [u8]) -> &'msg [u8] {
// SAFETY: the alignment of `[u8]` is less than `UPB_MALLOC_ALIGN`.
let new_alloc = unsafe { arena.alloc(Layout::for_value(val)) };
debug_assert_eq!(new_alloc.len(), val.len());
let start: *mut u8 = new_alloc.as_mut_ptr().cast();
// SAFETY:
// - `new_alloc` is writeable for `val.len()` bytes.
// - After the copy, `new_alloc` is initialized for `val.len()` bytes.
unsafe {
val.as_ptr().copy_to_nonoverlapping(start, val.len());
&*(new_alloc as *mut _ as *mut [u8])
}
}
/// Kernel-specific owned `string` and `bytes` field type.
#[doc(hidden)]
pub struct InnerProtoString(OwnedArenaBox<[u8]>);
@ -167,7 +151,7 @@ impl InnerProtoString {
impl From<&[u8]> for InnerProtoString {
fn from(val: &[u8]) -> InnerProtoString {
let arena = Arena::new();
let in_arena_copy = arena.copy_slice_in(val);
let in_arena_copy = arena.copy_slice_in(val).unwrap();
// SAFETY:
// - `in_arena_copy` is valid slice that will live for `arena`'s lifetime and
// this is the only reference in the program to it.
@ -354,7 +338,7 @@ macro_rules! impl_repeated_bytes {
len
);
for (src_ptr, dest_ptr) in src_ptrs.iter().zip(dest_ptrs) {
*dest_ptr = copy_bytes_in_arena(&arena, src_ptr.as_ref()).into();
*dest_ptr = arena.copy_slice_in(src_ptr.as_ref()).unwrap().into();
}
}
}

121
rust/upb/arena.rs
Unescape View File

@ -6,12 +6,11 @@
// https://developers.google.com/open-source/licenses/bsd
use super::opaque_pointee::opaque_pointee;
use std::alloc::{self, Layout};
use std::cell::UnsafeCell;
use std::marker::PhantomData;
use std::mem::{align_of, MaybeUninit};
use std::ptr::{self, NonNull};
use std::slice;
use core::cell::UnsafeCell;
use core::marker::PhantomData;
use core::mem::{align_of, align_of_val, size_of_val, MaybeUninit};
use core::ptr::{self, NonNull};
use core::slice;
opaque_pointee!(upb_Arena);
pub type RawArena = NonNull<upb_Arena>;
@ -79,75 +78,85 @@ impl Arena {
self.raw
}
/// Allocates some memory on the arena.
/// Allocates some memory on the arena. Returns None if the allocation
/// failed.
///
/// # Safety
///
/// - `layout`'s alignment must be less than `UPB_MALLOC_ALIGN`.
/// - `align` must be less than `UPB_MALLOC_ALIGN`.
#[allow(clippy::mut_from_ref)]
#[inline]
pub unsafe fn alloc(&self, layout: Layout) -> &mut [MaybeUninit<u8>] {
debug_assert!(layout.align() <= UPB_MALLOC_ALIGN);
pub unsafe fn alloc(&self, size: usize, align: usize) -> Option<&mut [MaybeUninit<u8>]> {
debug_assert!(align <= UPB_MALLOC_ALIGN);
// SAFETY: `self.raw` is a valid UPB arena
let ptr = unsafe { upb_Arena_Malloc(self.raw, layout.size()) };
let ptr = unsafe { upb_Arena_Malloc(self.raw, size) };
if ptr.is_null() {
alloc::handle_alloc_error(layout);
None
} else {
// SAFETY:
// - `upb_Arena_Malloc` promises that if the return pointer is non-null, it is
// dereferencable for `size` bytes and has an alignment of `UPB_MALLOC_ALIGN`
// until the arena is destroyed.
// - `[MaybeUninit<u8>]` has no alignment requirement, and `ptr` is aligned to a
// `UPB_MALLOC_ALIGN` boundary.
Some(unsafe { slice::from_raw_parts_mut(ptr.cast(), size) })
}
// SAFETY:
// - `upb_Arena_Malloc` promises that if the return pointer is non-null, it is
// dereferencable for `size` bytes and has an alignment of `UPB_MALLOC_ALIGN`
// until the arena is destroyed.
// - `[MaybeUninit<u8>]` has no alignment requirement, and `ptr` is aligned to a
// `UPB_MALLOC_ALIGN` boundary.
unsafe { slice::from_raw_parts_mut(ptr.cast(), layout.size()) }
}
/// Same as alloc() but panics if `layout.align() > UPB_MALLOC_ALIGN`.
/// Same as alloc() but panics if `align > UPB_MALLOC_ALIGN`.
#[allow(clippy::mut_from_ref)]
#[inline]
pub fn checked_alloc(&self, layout: Layout) -> &mut [MaybeUninit<u8>] {
assert!(layout.align() <= UPB_MALLOC_ALIGN);
// SAFETY: layout.align() <= UPB_MALLOC_ALIGN asserted.
unsafe { self.alloc(layout) }
pub fn checked_alloc(&self, size: usize, align: usize) -> Option<&mut [MaybeUninit<u8>]> {
assert!(align <= UPB_MALLOC_ALIGN);
// SAFETY: align <= UPB_MALLOC_ALIGN asserted.
unsafe { self.alloc(size, align) }
}
/// Copies the T into this arena and returns a pointer to the T data inside
/// the arena.
pub fn copy_in<'a, T: Copy>(&'a self, data: &T) -> &'a T {
let layout = Layout::for_value(data);
let alloc = self.checked_alloc(layout);
// SAFETY:
// - alloc is valid for `layout.len()` bytes and is the uninit bytes are written
// to not read from until written.
// - T is copy so copying the bytes of the value is sound.
unsafe {
let alloc = alloc.as_mut_ptr().cast::<MaybeUninit<T>>();
// let data = (data as *const T).cast::<MaybeUninit<T>>();
(*alloc).write(*data)
}
/// the arena. Returns None if the allocation failed.
pub fn copy_in<'a, T: Copy>(&'a self, data: &T) -> Option<&'a T> {
let size = size_of_val(data);
let align = align_of_val(data);
self.checked_alloc(size, align).map(|alloc| {
// SAFETY:
// - alloc is valid for `size` bytes and is the uninit bytes are written to not
// read from until written.
// - T is copy so copying the bytes of the value is sound.
unsafe {
let alloc = alloc.as_mut_ptr().cast::<MaybeUninit<T>>();
&*(*alloc).write(*data)
}
})
}
pub fn copy_str_in<'a>(&'a self, s: &str) -> &'a str {
let copied_bytes = self.copy_slice_in(s.as_bytes());
// SAFETY: `copied_bytes` has same contents as `s` and so must meet &str
// criteria.
unsafe { std::str::from_utf8_unchecked(copied_bytes) }
/// Copies the str into this arena and returns a pointer to the T data
/// inside the arena. Returns None if the allocation failed.
pub fn copy_str_in<'a>(&'a self, s: &str) -> Option<&'a str> {
self.copy_slice_in(s.as_bytes()).map(|copied_bytes| {
// SAFETY: `copied_bytes` has same contents as `s` and so must meet &str
// criteria.
unsafe { core::str::from_utf8_unchecked(copied_bytes) }
})
}
pub fn copy_slice_in<'a, T: Copy>(&'a self, data: &[T]) -> &'a [T] {
let layout = Layout::for_value(data);
let alloc: *mut T = self.checked_alloc(layout).as_mut_ptr().cast();
// SAFETY:
// - uninit_alloc is valid for `layout.len()` bytes and is the uninit bytes are
// written to not read from until written.
// - T is copy so copying the bytes of the values is sound.
unsafe {
ptr::copy_nonoverlapping(data.as_ptr(), alloc, data.len());
slice::from_raw_parts_mut(alloc, data.len())
}
/// Copies the slice into this arena and returns a pointer to the T data
/// inside the arena. Returns None if the allocation failed.
pub fn copy_slice_in<'a, T: Copy>(&'a self, data: &[T]) -> Option<&'a [T]> {
let size = size_of_val(data);
let align = align_of_val(data);
self.checked_alloc(size, align).map(|alloc| {
let alloc: *mut T = alloc.as_mut_ptr().cast();
// SAFETY:
// - uninit_alloc is valid for `layout.len()` bytes and is the uninit bytes are
// written to not read from until written.
// - T is copy so copying the bytes of the values is sound.
unsafe {
ptr::copy_nonoverlapping(data.as_ptr(), alloc, data.len());
slice::from_raw_parts(alloc, data.len())
}
})
}
/// Fuse two arenas so they share the same lifetime.

6
rust/upb/array.rs
Unescape View File

@ -7,7 +7,7 @@
use super::opaque_pointee::opaque_pointee;
use super::{upb_MessageValue, upb_MutableMessageValue, CType, RawArena};
use std::ptr::NonNull;
use core::ptr::NonNull;
opaque_pointee!(upb_Array);
pub type RawArray = NonNull<upb_Array>;
@ -20,8 +20,8 @@ extern "C" {
pub fn upb_Array_Append(arr: RawArray, val: upb_MessageValue, arena: RawArena) -> bool;
pub fn upb_Array_Resize(arr: RawArray, size: usize, arena: RawArena) -> bool;
pub fn upb_Array_Reserve(arr: RawArray, size: usize, arena: RawArena) -> bool;
pub fn upb_Array_MutableDataPtr(arr: RawArray) -> *mut std::ffi::c_void;
pub fn upb_Array_DataPtr(arr: RawArray) -> *const std::ffi::c_void;
pub fn upb_Array_MutableDataPtr(arr: RawArray) -> *mut core::ffi::c_void;
pub fn upb_Array_DataPtr(arr: RawArray) -> *const core::ffi::c_void;
pub fn upb_Array_GetMutable(arr: RawArray, i: usize) -> upb_MutableMessageValue;
}

2
rust/upb/extension_registry.rs
Unescape View File

@ -6,7 +6,7 @@
// https://developers.google.com/open-source/licenses/bsd
use super::opaque_pointee::opaque_pointee;
use std::ptr::NonNull;
use core::ptr::NonNull;
opaque_pointee!(upb_ExtensionRegistry);
pub type RawExtensionRegistry = NonNull<upb_ExtensionRegistry>;

2
rust/upb/map.rs
Unescape View File

@ -7,7 +7,7 @@
use super::opaque_pointee::opaque_pointee;
use super::{upb_MessageValue, CType, RawArena};
use std::ptr::NonNull;
use core::ptr::NonNull;
opaque_pointee!(upb_Map);
pub type RawMap = NonNull<upb_Map>;

4
rust/upb/message.rs
Unescape View File

@ -10,7 +10,7 @@ use super::{
upb_ExtensionRegistry, upb_MiniTable, upb_MiniTableField, RawArena, RawArray, RawMap,
StringView,
};
use std::ptr::NonNull;
use core::ptr::NonNull;
opaque_pointee!(upb_Message);
pub type RawMessage = NonNull<upb_Message>;
@ -215,7 +215,7 @@ extern "C" {
pub fn upb_Message_SetBaseField(
m: RawMessage,
f: *const upb_MiniTableField,
val: *const std::ffi::c_void,
val: *const core::ffi::c_void,
);
/// # Safety

8
rust/upb/message_value.rs
Unescape View File

@ -12,8 +12,8 @@ use super::{RawArray, RawMap, RawMessage, StringView};
#[derive(Clone, Copy)]
pub union upb_MessageValue {
pub bool_val: bool,
pub float_val: std::ffi::c_float,
pub double_val: std::ffi::c_double,
pub float_val: core::ffi::c_float,
pub double_val: core::ffi::c_double,
pub uint32_val: u32,
pub int32_val: i32,
pub uint64_val: u64,
@ -24,14 +24,14 @@ pub union upb_MessageValue {
pub msg_val: Option<RawMessage>,
pub str_val: StringView,
tagged_msg_val: *const std::ffi::c_void,
tagged_msg_val: *const core::ffi::c_void,
}
impl upb_MessageValue {
pub fn zeroed() -> Self {
// SAFETY: zero bytes is a valid representation for at least one value in the
// union (actually valid for all of them).
unsafe { std::mem::zeroed() }
unsafe { core::mem::zeroed() }
}
}

2
rust/upb/mini_table.rs
Unescape View File

@ -6,7 +6,7 @@
// https://developers.google.com/open-source/licenses/bsd
use super::opaque_pointee::opaque_pointee;
use std::ptr::NonNull;
use core::ptr::NonNull;
opaque_pointee!(upb_MiniTable);
pub type RawMiniTable = NonNull<upb_MiniTable>;

2
rust/upb/opaque_pointee.rs
Unescape View File

@ -15,7 +15,7 @@ macro_rules! opaque_pointee {
#[repr(C)]
pub struct $name {
_data: [u8; 0],
_marker: std::marker::PhantomData<(*mut u8, std::marker::PhantomPinned)>,
_marker: core::marker::PhantomData<(*mut u8, core::marker::PhantomPinned)>,
}
};
}

14
rust/upb/owned_arena_box.rs
Unescape View File

@ -6,9 +6,9 @@
// https://developers.google.com/open-source/licenses/bsd
use super::Arena;
use std::fmt::{self, Debug};
use std::ops::{Deref, DerefMut};
use std::ptr::NonNull;
use core::fmt::{self, Debug};
use core::ops::{Deref, DerefMut};
use core::ptr::NonNull;
/// An 'owned' T, similar to a Box<T> where the T is data
/// held in a upb Arena. By holding the data pointer and a corresponding arena
@ -18,7 +18,7 @@ use std::ptr::NonNull;
/// inside `arena`. This avoids typical concerns of self-referential data
/// structures because `arena` modifications (other than drop) will never
/// invalidate `data`, and `data` and `arena` are both behind indirections which
/// avoids any concern with std::mem::swap.
/// avoids any concern with core::mem::swap.
pub struct OwnedArenaBox<T: ?Sized + 'static> {
data: NonNull<T>,
arena: Arena,
@ -87,7 +87,7 @@ impl<T: Debug + 'static> Debug for OwnedArenaBox<T> {
#[cfg(test)]
mod tests {
use super::*;
use std::str;
use core::str;
#[test]
fn test_byte_slice_pointer_roundtrip() {
@ -101,7 +101,7 @@ mod tests {
fn test_alloc_str_roundtrip() {
let arena = Arena::new();
let s: &str = "Hello";
let arena_alloc_str: NonNull<str> = arena.copy_str_in(s).into();
let arena_alloc_str: NonNull<str> = arena.copy_str_in(s).unwrap().into();
let owned_data = unsafe { OwnedArenaBox::new(arena_alloc_str, arena) };
assert_eq!(&*owned_data, s);
}
@ -109,7 +109,7 @@ mod tests {
#[test]
fn test_sized_type_roundtrip() {
let arena = Arena::new();
let arena_alloc_u32: NonNull<u32> = arena.copy_in(&7u32).into();
let arena_alloc_u32: NonNull<u32> = arena.copy_in(&7u32).unwrap().into();
let mut owned_data = unsafe { OwnedArenaBox::new(arena_alloc_u32, arena) };
assert_eq!(*owned_data, 7);
*owned_data = 8;

6
rust/upb/string_view.rs
Unescape View File

@ -7,11 +7,11 @@
/// ABI compatible struct with upb_StringView.
///
/// Note that this has semantics similar to `std::string_view` in C++ and
/// Note that this has semantics similar to `core::string_view` in C++ and
/// `&[u8]` in Rust, but is not ABI-compatible with either.
///
/// If `len` is 0, then `ptr` is allowed to be either null or dangling. C++
/// considers a dangling 0-len `std::string_view` to be invalid, and Rust
/// considers a dangling 0-len `core::string_view` to be invalid, and Rust
/// considers a `&[u8]` with a null data pointer to be invalid.
#[repr(C)]
#[derive(Copy, Clone)]
@ -38,7 +38,7 @@ impl StringView {
// SAFETY:
// - `ptr` is non-null
// - `ptr` is valid for `len` bytes as promised by the caller.
unsafe { std::slice::from_raw_parts(self.ptr, self.len) }
unsafe { core::slice::from_raw_parts(self.ptr, self.len) }
}
}
}

2
rust/upb/text.rs
Unescape View File

@ -50,7 +50,7 @@ pub unsafe fn debug_string(msg: RawMessage, mt: *const upb_MiniTable) -> String
// `mt`
// - `buf` is nullptr and `buf_len` is 0
let len =
unsafe { upb_DebugString(msg, mt, Options::NoSortMaps as i32, std::ptr::null_mut(), 0) };
unsafe { upb_DebugString(msg, mt, Options::NoSortMaps as i32, core::ptr::null_mut(), 0) };
assert!(len < isize::MAX as usize);
// +1 for the trailing NULL
let mut buf = vec![0u8; len + 1];

6
rust/upb/wire.rs
Unescape View File

@ -50,7 +50,7 @@ pub unsafe fn encode(
mini_table: *const upb_MiniTable,
) -> Result<Vec<u8>, EncodeStatus> {
let arena = Arena::new();
let mut buf: *mut u8 = std::ptr::null_mut();
let mut buf: *mut u8 = core::ptr::null_mut();
let mut len = 0usize;
// SAFETY:
@ -61,7 +61,7 @@ pub unsafe fn encode(
if status == EncodeStatus::Ok {
assert!(!buf.is_null()); // EncodeStatus Ok should never return NULL data, even for len=0.
// SAFETY: upb guarantees that `buf` is valid to read for `len`.
Ok(unsafe { &*std::ptr::slice_from_raw_parts(buf, len) }.to_vec())
Ok(unsafe { &*core::ptr::slice_from_raw_parts(buf, len) }.to_vec())
} else {
Err(status)
}
@ -88,7 +88,7 @@ pub unsafe fn decode(
// - `buf` is legally readable for at least `buf_size` bytes.
// - `extreg` is null.
let status =
unsafe { upb_Decode(buf, len, msg, mini_table, std::ptr::null(), options, arena.raw()) };
unsafe { upb_Decode(buf, len, msg, mini_table, core::ptr::null(), options, arena.raw()) };
match status {
DecodeStatus::Ok => Ok(()),
_ => Err(status),

Write Preview
Loading…
Cancel
Save