-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add features needed to support ring #450
Comments
In ring, usually (ideally always) we already have a wrapper type like |
Would it be practical to factor out the safe transmutation aspect of zerocopy from the rest of it? My understanding is that zerocopy is trying to do many things at once: (a) implementing safe transmutation by modeling what transmutations are safe within the type system, (b) zero-copy parsing of unaligned multi-byte data structures, (c) endian conversion and convenience methods on top of that. The recent endianness work was at least partly motivated by ring but what ring really needs is really (a). We don't do (b) at all and it looks like we'll have to do (c) ourselves eventually as zerocopy (reasonably) won't make the free-from-compiler-introduced-side-channel guarantees that we're aiming for. In some sense (c) is actually kind of a hazard that we'd need to guard against in ring. (For webpki (X.509 certificate processing) we don't need any of this as X.509 uses ASN.1 which doesn't use fixed-length data structures that could be modeled by (b). For TLS (a) isn't needed but potentially (b) is useful at the record layer, which does use fixed-length structures very much like TCP/IP.) |
Yeah I think this is a fairly accurate taxonomy of what zerocopy provides. The way it breaks down in my head is similar:
The former two buckets definitely belong in zerocopy, but the latter (which includes the For your purposes, perhaps you could fork the The #[derive(FromZeroes, FromBytes, AsBytes, Unaligned)]
#[repr(transparent)]
pub struct U32<O>([u8; 4], PhantomData<O>); That's obviously something you could just do in ring (either be fully forking |
With recent refactorings to ring (one currently in progress) we should reevaluate what, if anything, needs to be added to zerocopy after we found that the endian stuff in ring could mostly be deleted. I think we may need to do more experiments in ring to see how we can statically guarantee panic-free-ness and safety with the help of zerocopy. |
Can you say a bit more about which code paths you're referring to here? We've been exploring panic freedom, so I'd be curious to learn about new use cases. EDIT: I just saw briansmith/ring#1736; I assume you're (at least partly) referring to that? |
This issue tracks work which will need to land before ring can take a dependency on zerocopy. See this comment for context.
I put up a prototype: briansmith/ring#1693
core::ops
traits #434BitXorAssign
trait, currently implemented heretransmute_ref!
macro #183transmute_ref!
is needed to support reference transmutations between array types such as&[U32<BigEndian>; 4] -> &[u8; 16]
, which are currently supported in ring with theArrayEncoding::as_byte_array
methodbyteorder
crate, makebyteorder
type methodsconst
#438Previously, we tracked #254, but this comment implies we don't need it.
cc @briansmith
The text was updated successfully, but these errors were encountered: