| Age | Commit message (Collapse) | Author | Lines |
|---|
|
Add vectored read and write support
This functionality has lived for a while in the tokio ecosystem, where
it can improve performance by minimizing copies.
r? @alexcrichton
|
|
|
|
Refactor Windows stdio and remove stdin double buffering
I was looking for something nice and small to work on, tried to tackle a few FIXME's in Windows stdio, and things grew from there.
This part of the standard library contains some tricky code, and has changed over the years to handle more corner cases. It could use some refactoring and extra comments.
Changes/fixes:
- Made `StderrRaw` `pub(crate)`, to remove the `Write` implementations on `sys::Stderr` (used unsynchronised for panic output).
- Remove the unused `Read` implementation on `sys::windows::stdin`
- The `windows::stdio::Output` enum made sense when we cached the handles, but we can use simple functions like `is_console` now that we get the handle on every read/write
- `write` can now calculate the number of written bytes as UTF-8 when we can't write all `u16`s.
- If `write` could only write one half of a surrogate pair, attempt another write for the other because user code can't reslice in any way that would allow us to write it otherwise.
- Removed the double buffering on stdin. Documentation on the unexposed `StdinRaw` says: 'This handle is not synchronized or buffered in any fashion'; which is now true.
- `sys::windows::Stdin` now always only partially fills its buffer, so we can guarantee any arbitrary UTF-16 can be re-encoded without losing any data.
- `sys::windows::STDIN_BUF_SIZE` is slightly larger to compensate. There should be no real change in the number of syscalls the buffered `Stdin` does. This buffer is a little larger, while the extra buffer on Stdin is gone.
- `sys::windows::Stdin` now attempts to handle unpaired surrogates at its buffer boundary.
- `sys::windows::Stdin` no langer allocates for its buffer, but the UTF-16 decoding still does.
### Testing
I did some manual testing of reading and writing to console. The console does support UTF-16 in some sense, but doesn't supporting displaying characters outside the BMP.
- compile stage 1 stdlib with a tiny value for `MAX_BUFFER_SIZE` to make it easier to catch corner cases
- run a simple test program that reads on stdin, and echo's to stdout
- write some lines with plenty of ASCII and emoji in a text editor
- copy and paste in console to stdin
- return with `\r\n\` or CTRL-Z
- copy and paste in text editor
- check it round-trips
-----
Fixes https://github.com/rust-lang/rust/issues/23344. All but one of the suggestions in that issue are now implemented. the missing one is:
> * When reading data, we require the entire set of input to be valid UTF-16. We should instead attempt to read as much of the input as possible as valid UTF-16, only returning an error for the actual invalid elements. For example if we read 10 elements, 5 of which are valid UTF-16, the 6th is bad, and then the remaining are all valid UTF-16, we should probably return the first 5 on a call to `read`, then return an error, then return the remaining on the next call to `read`.
Stdin in Console mode is dealing with text directly input by a user. In my opinion getting an unpaired surrogate is quite unlikely in that case, and a valid reason to error on the entire line of input (which is probably short). Dealing with it is incompatible with an unbuffered stdin, which seems the more interesting guarantee to me.
|
|
|
|
|
|
|
|
Returning &'a mut [u8] was unsound, and we may as well just have them
directly deref to their slices to make it easier to work with them.
|
|
This functionality has lived for a while in the tokio ecosystem, where
it can improve performance by minimizing copies.
|
|
SGX target: simplify usercall internals
This moves logic from assembly to Rust and removes the special case for exit/panic handling, merging it with regular usercall handling.
Also, this fixes a bug in the exit usercall introduced in a75ae00. The bug would make regular exits look like panics with high probability. It would also with some probability leak information through uncleared registers.
cc @VardhanThigle
r? @alexcrichton
|
|
|
|
MaybeUninit: some docs, rename into_inner -> into_initialized, return &mut from set
|
|
|
|
This moves logic from assembly to Rust and removes the special
case for exit/panic handling, merging it with regular usercall
handling.
Also, this fixes a bug in the exit usercall introduced in a75ae00.
The bug would make regular exits look like panics with high
probability. It would also with some probability leak information
through uncleared registers.
|
|
SGX target: handle empty user buffers correctly
Also, expose correct items in `os::fortanix_sgx::usercalls::alloc`
* [read_alloc documentation](https://edp.fortanix.com/docs/api/fortanix_sgx_abi/struct.Usercalls.html#method.read_alloc)
* [Clarified ByteBuffer documentation](https://github.com/fortanix/rust-sgx/pull/94/files#diff-ca843ad9e25cacd63a80579c0f7efa56)
r? @joshtriplett
|
|
|
|
|
|
Fixes https://github.com/fortanix/rust-sgx/issues/88
|
|
|
|
|
|
Add os::fortanix_sgx::ffi module
This uses the same byte slice accessors that Unix has. The [ABI specifies](https://docs.rs/fortanix-sgx-abi/0.3.2/fortanix_sgx_abi/struct.ByteBuffer.html) byte slices.
|
|
|
|
|
|
|
|
|
|
Fix undefined behavior
From the [`MaybeUninit::get_mut` docs](https://doc.rust-lang.org/std/mem/union.MaybeUninit.html):
> It is up to the caller to guarantee that the the MaybeUninit really is in an initialized state, otherwise this will immediately cause undefined behavior.
r? @joshtriplett
|
|
|
|
image-base could be used by crates like backtrace to providing to make
symbol resolution easier.
|
|
|
|
|
|
Add `io` and `arch` modules to `std::os::fortanix_sgx`
This PR adds two more (unstable) modules to `std::os::fortanix_sgx` for the `x86_64-fortanix-unknown-sgx` target.
### io
`io` allows conversion between raw file descriptors and Rust types, similar to `std::os::unix::io`.
### arch
`arch` exposes the `ENCLU[EREPORT]` and `ENCLU[EGETKEY]` instructions. The current functions are very likely not going to be the final form of these functions (see also https://github.com/fortanix/rust-sgx/issues/15), but this should be sufficient to enable experimentation in libraries. I tried using the actual types (from the [`sgx-isa` crate](https://crates.io/crates/sgx-isa)) instead of byte arrays, but that would make `std` dependent on the `bitflags` crate which I didn't want to do at this time.
|
|
|
|
|
|
Add `std::os::fortanix_sgx` module
This PR adds the `std::os::sgx` module to expose platform-specific APIs behind the `sgx_platform` feature gate.
Depends on https://github.com/rust-lang/rust/pull/56972 to be able to meaningfully build `std::os` documentation for non-standard targets.
Tracking issue: https://github.com/rust-lang/rust/issues/56975
|
|
r=alexcrichton
Adding unwinding support for x86_64_fortanix_unknown_sgx target.
Unwinding support is provided by our port of LLVM's libunwind which is available from https://github.com/fortanix/libunwind/tree/release_50.
libunwind requires support for rwlock and printing to stderr, which is only provided by `std` for this target. This poses two problems: 1) how to expose the `std` functionality to C and 2) dependency inversion.
### Exposing `std`
For exposing the functionality we chose to expose the following symbols:
* __rust_rwlock_rdlock
* __rust_rwlock_wrlock
* __rust_rwlock_unlock
* __rust_print_err
* __rust_abort
Also, the following are needed from `alloc`:
* __rust_alloc
* __rust_dealloc
#### Rust RWLock in C
In `libunwind`, RWLock is initialized as a templated static variable:
```c
pthread_rwlock_t DwarfFDECache<A>::_lock = PTHREAD_RWLOCK_INITIALIZER;
```
I don't know of a good way to use the Rust sys::rwlock::RWLock type and initializer there. We could have a static global variable in Rust, but that doesn't work with the templating. The variable needs to be initialized statically, since this target doesn't support the .init section. Currently, I just used a byte array and standard C array initialization. The mapping between this C type and the Rust type needs to be manually maintained. There is a compile-time check and a unit test to make sure the Rust versions of these C definitions match the actual Rust type. If any reviewer knows of a better solution, please do tell.
### Dependency inversion issue
`std` depends on `panic_unwind` which depends on `libunwind`, and `libunwind` depends on `std`. This is not normally supported by Rust's linking system. Therefore we use raw C exports from `std` *and* `libunwind.a` is linked last in the target `post_link_objects` instead of being built as part of the Rust `libunwind`. Currently, all C exports are defined in `src/libstd/sys/sgx/rwlock.rs` to overcome LTO issues. Only the `__rust_rwlock_*` definitions *need* to live there for privacy reasons. Once again, if any reviewer knows of a better solution, please do tell.
r? @alexcrichton
|
|
Always run rustc in a thread
cc @ishitatsuyuki @eddyb
r? @pnkfelix
[Previously](https://github.com/rust-lang/rust/pull/48575) we moved to only producing threads when absolutely necessary. Even before we opted to only create threads in some cases, which [is unsound](https://github.com/rust-lang/rust/pull/48575#issuecomment-380635967) due to the way we use thread local storage.
|
|
|
|
|
|
This reverts commit 134661917bf4b086b027a2c58219d50ba57a1453.
|
|
|
|
Remove some unnecessary feature gates
fixes #56585
cc @jethrogb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
