Skip to content

Commit 8b273b6

Browse files
sunfishcodesunfishcode
committed
Add a new experimental API as a possible alternative.
1 parent 87db7d1 commit 8b273b6

File tree

1 file changed

+29
-8
lines changed

1 file changed

+29
-8
lines changed

text/0000-io-safety.md

Lines changed: 29 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -347,14 +347,6 @@ I/O safety approach will require changes to Rust code in crates such as
347347
[`RawFd`], though the changes can be made gradually across the ecosystem rather
348348
than all at once.
349349

350-
## New types for `RawFd`/`RawHandle`/`RawSocket`
351-
352-
Some comments on [rust-lang/rust#76969] suggest introducing new wrappers
353-
around the raw handles. Completely closing the safety loophole would also
354-
require designing new traits, since `AsRaw*` doesn't have a way to limit the
355-
lifetime of its return value. This RFC doesn't rule this out, but it would be a
356-
bigger change.
357-
358350
## I/O safety but not `IoSafe`
359351

360352
The I/O safety concept doesn't depend on `IoSafe` being in `std`. Crates could
@@ -374,6 +366,35 @@ it returns raw types, arguably it would be better to make it work more like
374366
connected to reference lifetimes. If the concept of borrowing is desired, new
375367
types could be introduced, with better ergonomics, in a separate proposal.
376368

369+
## New types and traits
370+
371+
New types and traits could provide a much cleaner API, along the lines of:
372+
373+
```rust
374+
pub struct BorrowedFd<'owned> { ... }
375+
pub struct OwnedFd { ... }
376+
pub struct OptionFd { ... }
377+
378+
pub trait AsBorrowedFd { ... }
379+
pub trait IntoOwnedFd { ... }
380+
pub trait FromOwnedFd { ... }
381+
```
382+
383+
An initial prototype of this here:
384+
385+
<https://github.com/sunfishcode/io-experiment>
386+
387+
The details are mostly obvious, though one notable aspect of this design is
388+
the use of `repr(transparent)` to define types that can participate in FFI
389+
directly, leading to FFI usage patterns that don't interact with raw types
390+
at all. An example of this is here:
391+
392+
<https://github.com/sunfishcode/io-experiment/blob/main/examples/hello.rs>
393+
394+
This provides a cleaner API than `*Raw*` + `IoSafe`. The main obvious downside
395+
is that a lot of code will likely need to continue to support `*Raw*` for a
396+
long time, so this would increase the amount of code they have to maintain.
397+
377398
# Prior art
378399
[prior-art]: #prior-art
379400

0 commit comments

Comments
 (0)