Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document and shrink some unsafe blocks in tokio-util #4655

Merged
merged 1 commit into from
May 5, 2022
Merged

Document and shrink some unsafe blocks in tokio-util #4655

merged 1 commit into from
May 5, 2022

Conversation

erickt
Copy link
Contributor

@erickt erickt commented May 5, 2022

Motivation

We are auditing a tokio update in https://fuchsia-review.googlesource.com/c/fuchsia/+/611683, and we thought it would save other auditors time if we documented and shrunk down some unsafe {} blocks.

Solution

This documents why it is safe to convert bytes::UninitSlice to &mut [MaybeUninit<u8>], and shrinks one of the unsafe blocks to make these functions easier to audit.

This also removes an out of date comment around converting a &mut [MaybeUninit<u8>] to a &mut [u8], which predated the conversion over to ReadBuf, and is no longer applicable to the code.

Darksonn
Darksonn reviewed May 5, 2022
View reviewed changes
tokio-util/src/udp/frame.rs
@@ -81,17 +81,24 @@ where
}

// We're out of data. Try and fetch more data to decode
let addr = unsafe {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shrinking this unsafe block seems good to me.

@Darksonn Darksonn added the A-tokio-util Area: The tokio-util crate label May 5, 2022
Noah-Kennedy
Noah-Kennedy approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@Noah-Kennedy Noah-Kennedy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

@Darksonn
Copy link
Contributor

Darksonn commented May 5, 2022

@Noah-Kennedy Note that this shouldn't be merged until we have more clarity on tokio-rs/bytes#548. Perhaps the comments related to that PR should just be removed.

hawkw
hawkw approved these changes May 5, 2022
View reviewed changes
Copy link
Member

@hawkw hawkw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks good to me! 👍

tokio-util/src/lib.rs
// FIXME(https://github.com/tokio-rs/bytes/pull/548): Consider switching to the safe
// `chunk_mut().into::<&mut [MaybeUninit<u8>]>()` if this PR lands.
//
// Safety: `chunk_mut()` returns a `&mut UninitSlice`, and `UninitSlice` is a
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is kind of a minor side note, but i've noticed that Tokio contains a number of "safety" comments, but the capitalization of the word "safety" is not very consistent. i think we may want to make this more consistent so that it's easier to grep for all such "safety" comments in the repo.

out of interest, i did a quick search to see which capitalization was the most common:

:# eliza at noctis in tokio on  master [$] via ⚙️ v1.60.0 in ❄️ nix-shell [impure]
:; for needle in "safety:" "SAFETY:" "Safety:"; do echo -n "$needle " ; rg "$needle" | wc -l ; done
safety: 51
SAFETY: 42
Safety: 126

and it looks like "Safety:" is the clear winner, so this seems consistent with the rest of the code.

we should really consider changing the other "safety" comments to be consistent with this...

@erickt
Copy link
Contributor Author

erickt commented May 5, 2022

Thanks all! I've removed references to tokio-rs/bytes#548.

@Darksonn Darksonn enabled auto-merge (squash) May 5, 2022 19:16
@erickt
Document and shrink some unsafe blocks
28a1649 
This documents why it is safe to convert `bytes::UninitSlice` to `&mut
[MaybeUninit<u8>]`, and shrinks one of the unsafe blocks to make these
functions easier to audit.
Darksonn
Darksonn approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@Darksonn Darksonn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

auto-merge was automatically disabled May 5, 2022 19:17

Head branch was pushed to by a user without write access

@Darksonn Darksonn enabled auto-merge (squash) May 5, 2022 19:17
@Darksonn Darksonn merged commit c5ff797 into tokio-rs:master May 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Noah-Kennedy Noah-Kennedy Noah-Kennedy approved these changes

@hawkw hawkw hawkw approved these changes

@Darksonn Darksonn Darksonn approved these changes

Assignees
No one assigned
Labels
A-tokio-util Area: The tokio-util crate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@erickt @Darksonn @hawkw @Noah-Kennedy