Additional Detail from JIRA
| | |
|------------------|-----------------|
|Votes | 1 |
|Component/s | Standard Library |
|Labels | New Feature, LanguageFeatureRequest |
|Assignee | @glessard |
|Priority | Medium |
md5: 21b1f3b49a4fdfac61bbe80110d519eb
Issue Description:
Specifically:
extension Unsafe[Mutable]RawPointer {
public func withMemoryRebound<T, Result>(to type: T.Type, capacity count: Int,
_ body: (UnsafePointer<T>) throws -> Result
) rethrows -> Result
{...}
}
extension Unsafe[Mutable]RawBufferPointer {
public func withMemoryRebound<T, Result>(
to type: T.Type, _ body: (${Self}<T>) throws -> Result
) rethrows -> Result
{...}
}
This API will allow code to temporarily view raw memory as a memory holding the specified type. Within the closure scope, it will be legal to access memory via a typed pointer of the rebound type.
This is both a standard library addition and SIL-level compiler feature.
Note that we still don't want higher-level APIs (e.g. Foundation Data) that already erased the pointer type to vend a typed pointer to the user in any way, unless we can guarantee that they have exclusive access to the memory. In other words, providing the user with a non-unique typed pointer into raw memory of unknown provenance is inherently unsafe and shouldn't be hidden behind a commonly used convenience API that implies safety.
Suggested design:
In SIL, add a return type to the bind_memory memory instruction. The returned $Builtin.Word would be a token representing the previously bound memory state. The token is not actually a type and can't be used for anything other than rebinding the memory. Add a new rebind_memory instruction that takes this token instead of a type parameter.
If the prior bound memory type is available via static analysis, then the rebind_memory instruction can be substituted with a normal bind_memory.
Note: Although deprecated, the Foundation Data APIs withUnsafeBytes and withUnsafeMutableBytes should be fixed to use
Additional Detail from JIRA
| | | |------------------|-----------------| |Votes | 1 | |Component/s | Standard Library | |Labels | New Feature, LanguageFeatureRequest | |Assignee | @glessard | |Priority | Medium | md5: 21b1f3b49a4fdfac61bbe80110d519ebIssue Description:
Specifically:
This API will allow code to temporarily view raw memory as a memory holding the specified type. Within the closure scope, it will be legal to access memory via a typed pointer of the rebound type.
This is both a standard library addition and SIL-level compiler feature.
Note that we still don't want higher-level APIs (e.g. Foundation Data) that already erased the pointer type to vend a typed pointer to the user in any way, unless we can guarantee that they have exclusive access to the memory. In other words, providing the user with a non-unique typed pointer into raw memory of unknown provenance is inherently unsafe and shouldn't be hidden behind a commonly used convenience API that implies safety.
Suggested design:
In SIL, add a return type to the bind_memory memory instruction. The returned $Builtin.Word would be a token representing the previously bound memory state. The token is not actually a type and can't be used for anything other than rebinding the memory. Add a new rebind_memory instruction that takes this token instead of a type parameter.
If the prior bound memory type is available via static analysis, then the rebind_memory instruction can be substituted with a normal bind_memory.
Note: Although deprecated, the Foundation Data APIs
withUnsafeBytes
andwithUnsafeMutableBytes
should be fixed to useinstead of
.