Skip to content

New lint: type which is not FFI-safe #111

New issue
New issue
Open
Open
New lint: type which is not FFI-safe#111
Assignees
ratijas
Labels
A-rustArea: Rust glueC-bugCategory: This is a bug.I-unsoundIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessP-mediumMedium priority
@ratijas

Description

@ratijas
ratijas
opened on Sep 7, 2020

Recent versions of Rust (1.46.0 per the moment of writing) started showing the warning when compiling the project: warning: extern fn uses type std::cell::RefCell<dyn QObject>, which is not FFI-safe. It concerns exactly two functions: RustObject_metaObject and RustObject_destruct.

Full text of warnings:

warning: `extern` fn uses type `std::cell::RefCell<dyn QObject>`, which is not FFI-safe
   --> qmetaobject/src/lib.rs:569:51
    |
569 | pub unsafe extern "C" fn RustObject_metaObject(p: *mut RefCell<dyn QObject>) -> *const QMetaObject {
    |                                                   ^^^^^^^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = note: `#[warn(improper_ctypes_definitions)]` on by default
    = help: consider adding a `#[repr(C)]` or `#[repr(transparent)]` attribute to this struct
    = note: this struct has unspecified layout

warning: `extern` fn uses type `std::cell::RefCell<dyn QObject>`, which is not FFI-safe
   --> qmetaobject/src/lib.rs:575:49
    |
575 | pub unsafe extern "C" fn RustObject_destruct(p: *mut RefCell<dyn QObject>) {
    |                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^ not FFI-safe
    |
    = help: consider adding a `#[repr(C)]` or `#[repr(transparent)]` attribute to this struct
    = note: this struct has unspecified layout

What do we have here is *mut RefCell<dyn QObject>. "RefCell" part is unsized (?Sized) which means 1) it holds any QObject data, 2) it can be stored and accessed only by some kind of "fat-pointer" reference — in this case it's *mut which takes 2 words (16 bytes on x86_64), clearly a trait object with vtable info attached.

Let's see why the warning showed up in the first place. As far as compiler concerned, *mut RefCell<dyn QObject> essentially is:

  • a fat pointer (not stable API & ABI, but in practice quite reliable for the time being)...
  • to a RefCell (no #[repr], two fields)...
  • of a dyn QObject (unsized trait object, type unknown at compile time, unknown ABI).

Seems like a reasonable warning from rustc after all, as most regular Rust programmers should not mess with trait objects representation.

In my opinion, it would be reasonable to silence the warning in these specific functions. Also, it is possible that the issue would get resolved by the fix to #110.

Metadata

Metadata

Assignees

Labels

A-rustArea: Rust glueC-bugCategory: This is a bug.I-unsoundIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessP-mediumMedium priority

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions