Convert uses of the Dangerous APIs to use MemoryMarshal.GetReference #15532
Conversation
| @@ -267,7 +269,7 @@ public static int ToInt32(ReadOnlySpan<byte> value) | |||
| { | |||
| if (value.Length < sizeof(int)) | |||
| ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument.value); | |||
| return Unsafe.ReadUnaligned<int>(ref value.DangerousGetPinnableReference()); | |||
| return Unsafe.ReadUnaligned<int>(ref MemoryMarshal.GetReference(value)); | |||
There was a problem hiding this comment.
Does this compile? I would expect that you will get readonly vs. non-readonly mismatch.
There was a problem hiding this comment.
No it won't compile. I need to add the following Unsafe API:
ref T AsRef<T>(in T source)Doing that now.
|
I am wondering whether it is a good idea for Marshal.GetReference to return All this is unsafe stuff. There are no readonly unsafe pointers in C# . @VSadov I assume that you are not planning to ever add unsafe readonly pointers to C# (e.g. I think the ref-pointer unsafe operations should have parity with the unmanaged-pointer unsafe operation. Since there are no readonly unsafe unmanaged-pointers, we should not have readonly unsafe ref-pointers either. |
OK. As an aside, I am getting the following EE error. It can't find AsRef. I am assuming the issue is with the metasig. How do I specify DEFINE_METHOD(UNSAFE, REF_READONLY_AS_REF, AsRef, GM_RefT_RetT) |
You cannot do it today. There would be a pile of plumbing required to create readonly flavors of all the unsafe stuff to make this work ok. I would love to not do it. Also, readonly allows compiler to create clones as needed that can break the unsafe ref-pointer arithmetic in unexpected ways if you write anything more complex. |
|
no, no plans for readonly unmanaged pointers :) Marshal.GetReference is supposed to be “unsafe/dangerous” API, like other “Marshal/Unsafe” stuff. |
|
CC: @jaredpar - in case there are any comments on respecting readonly at the level of “Marshal” APIs |
Does this mean we should close this issue: https://github.com/dotnet/corefx/issues/23881? |
|
@ahsonkhan I have preferences for “safe” methods that live on ReadOnlySpan - they should not expose the data to writes since that is for normal “if it compiles, I am using it correctly” situations. What lives in Marshal/Unsafe is known to be specialized/interop stuff that is risky to use so I am less concerned. |
|
@dotnet-bot test this please |
That makes sense. I was thinking that given that the issue is about DangerousGetPinnableReference, which is being replaced with MemoryMarshal.GetReference, there won't be a method on ReadOnlySpan that would need to be marked ref readonly. However, I misread the issue, since we likely still need something like DangerousGetPinnableReference for supporting pinning in the language. |
This reverts commit 4dbe38c.
Note the extra space. The clang-format errors came from #15528 |
|
I have included the fix for the format error into #15550 |
…otnet#15532) * Convert uses of the Dangerous APIs to use MemoryMarshal.GetReference * Adding Unsafe.AsRef(in...) and using that for ReadOnlySpan GetReference * Fix typo - add missing bracket. * Change AsRef(ref...) to AsRef(in...) * Remove unnecessary whitespace * Remove Unsafe.AsRef(in...) and its uses. * Revert "Remove unnecessary whitespace" This reverts commit 4dbe38c. * Revert "Revert "Remove unnecessary whitespace"" This reverts commit 44d7948. * Remove extra space to fix formatting.
Part of:
https://github.com/dotnet/corefx/issues/25412
https://github.com/dotnet/corefx/issues/25615
Depends on: #15548
Related to: #15417
Similar changes will be made to the other repositories, specifically corefx - see dotnet/corefx#25936.
Following the staging plan from here: https://github.com/dotnet/corefx/issues/23881#issuecomment-343767740
Doing it this way will avoid the need for complex staging or things being on the floor for extensive periods of time.
cc @jkotas, @stephentoub, @KrzysztofCwalina, @davidfowl, @pakrym