diff options
| author | Mazdak Farrokhzad <twingoow@gmail.com> | 2019-11-30 16:56:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-30 16:56:47 +0100 |
| commit | 123406cac7168fa2e169b404b852d1d265f34c99 (patch) | |
| tree | 75fad4fe46779d6222deca4884499ba8cd7cb4ee /src/liballoc | |
| parent | 3af14f994d7d5f0cef7d1f15bcfe6cab40685244 (diff) | |
| parent | d34090a10a6517f3e3ea8528936175953ce8bc3d (diff) | |
| download | rust-123406cac7168fa2e169b404b852d1d265f34c99.tar.gz rust-123406cac7168fa2e169b404b852d1d265f34c99.zip | |
Rollup merge of #66705 - pitdicker:atomic_mut_ptr, r=KodrAus
Atomic as_mut_ptr
I encountered the following pattern a few times: In Rust we use some atomic type like `AtomicI32`, and an FFI interface exposes this as `*mut i32` (or some similar `libc` type).
It was not obvious to me if a just transmuting a pointer to the atomic was acceptable, or if this should use a cast that goes through an `UnsafeCell`. See https://github.com/rust-lang/rust/issues/66136#issuecomment-557802477
Transmuting the pointer directly:
```rust
let atomic = AtomicI32::new(1);
let ptr = &atomic as *const AtomicI32 as *mut i32;
unsafe {
ffi(ptr);
}
```
A dance with `UnsafeCell`:
```rust
let atomic = AtomicI32::new(1);
unsafe {
let ptr = (&*(&atomic as *const AtomicI32 as *const UnsafeCell<i32>)).get();
ffi(ptr);
}
```
Maybe in the end both ways could be valid. But why not expose a direct method to get a pointer from the standard library?
An `as_mut_ptr` method on atomics can be safe, because only the use of the resulting pointer is where things can get unsafe. I documented its use for FFI, and "Doing non-atomic reads and writes on the resulting integer can be a data race."
The standard library could make use this method in a few places in the WASM module.
cc @RalfJung as you answered my original question.
Diffstat (limited to 'src/liballoc')
0 files changed, 0 insertions, 0 deletions