search

Michael-F-Bryan / adventures.michaelfbryan.com

A simple blog for documenting my thoughts and adventures
http://adventures.michaelfbryan.com/
15 stars 3 forks source link

[FFI-Safe Polymorphism article] unwind safety #36

Open Mart-Bogdan opened 3 years ago

Mart-Bogdan commented 3 years ago

Hello, really nice article, but there is one important point!

According to Nomicon https://doc.rust-lang.org/nomicon/ffi.html#ffi-and-panics

A panic! across an FFI boundary is undefined behavior.

I don't say that article should dig so deep, but please add Note/warning that in real use all functions that are called from FFI should use catch_unwind and report errors to native code in other way.

Taking into account that it could be used with any user-provided impls of Write, that is fairly possible to encounter panics.

P.S. Rust's catch unwind is fairly cheap and creates small overhead in case no panic actually happen,

Michael-F-Bryan commented 3 years ago

Taking into account that it could be used with any user-provided impls of Write, that is fairly possible to encounter panics.

Hehe, I was kinda lazy and didn't make the functions inside the ffi module exception safe. Thanks for keeping me honest!

Michael-F-Bryan commented 3 years ago

Looking at the resolution in Michael-F-Bryan/thin-trait-objects#2, @Mart-Bogdan what do you think the best way to address exception safety (and my solution, poisoning) would be?

Should I update the original article, or maybe make a follow-up, or maybe even quietly sweep it under the rug and pretend it never happened? The code and concepts required are non-trivial and more relevant to designing a sound foreign function interface than the concept of Thin Trait Objects, so I'd like to do it justice if I can.