Tracking issue for RFC 2137: Support defining C-compatible variadic functions in Rust #44930
Comments
aturon
added
B-RFC-approved
|
I'd like to work on this, I already have some prototype |
|
Awesome @plietar! It'd probably be good to bring this up in the "middle-end" compiler working group channel, which would also be a good place to get any help you might need. |
|
@plietar How goes the implementation? I remember you showing a mostly complete prototype on IRC. |
|
@plietar any news to share? This is a blocker for teams working on C to Rust transpilers, so this addition would be very welcome. (I'm part of one such team). |
|
Hey, |
|
@plietar Any update on this? Do you have a WIP branch I can check out to try / fiddle with this? |
|
Looks like I'm a little late to the party 😄 ... sorry about that A few questions:
@plietar if you don't have the time to work on this any more or if there is any way I could help out, I'd be more than happy to do so. I haven't worked on rustc much, but I'd be happy to help however I can with the implementation of this. |
|
Seems likely that @plietar doesn't have much time, though they can speak for themselves. I've not really looked closely at what would be needed to implement this, but if you need any help, please ping me, or reach out on gitter/IRC. |
|
I've been working on this for the past two week and have
I'm struggling a bit with understanding how to write something in Also how would you like me to break this up into PRs? My current plan was to submit a PR once I got |
libcore: Add VaList and variadic arg handling intrinsics ## Summary - Add intrinsics for `va_start`, `va_end`, `va_copy`, and `va_arg`. - Add `core::va_list::VaList` to `libcore`. Part 1 of (at least) 3 for #44930 Comments and critiques are very much welcomed 😄
libcore: Add VaList and variadic arg handling intrinsics ## Summary - Add intrinsics for `va_start`, `va_end`, `va_copy`, and `va_arg`. - Add `core::va_list::VaList` to `libcore`. Part 1 of (at least) 3 for #44930 Comments and critiques are very much welcomed 😄
|
Now that the When any issues with the implementation of |
|
@dlrobertson That's super. Are you implementing the |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
On another note, there was some recent discussion of varargs on Zulip which should be helpful on writing a spec for the ABI compatibility requirements of this feature. |
Turns out the complaint about a missing "env" module has nothing to do with what the word "env" probably leads you to expect. The next step towards understanding was to turn the wasm into text. There, one can see that the "env" stuff is apparently just a placeholder name this bindgen tooling is generating for when a symbol isn't found provided. Okay. So one "env" ref is getting generated for each of the printf symbols. Which are the things I declined to provide because they need variadics. Which I avoided that's behind a feature flag in rust, so needs nightly (see rust-lang/rust#44930). Okay. Well, aside from the fact the discoverability of this sucks, and the default module name that this bindgen tooling picks for this is actively misleading, and that the suckfulness of this discoverablity really fucking matters because ANY missing symbols would lead a wide variety of people and projects to this exact common sticking point... Options? Not sure. Here, I'm trying to provide the symbols, but incorrectly, and that... actually, it seems to work? And as you'll notice, these stubs were panicking unconditionally if called _anyway_, so they're evidentally not consequential to functioning of our code corpus. So if that is actually working, not hiding-more-trouble-under-a-rug that just hasn't popped out to jumpscare me again yet... okay, then we did a double barrel roll and dodged the need for rust nightly yet again, just barely. Cool. If true. Moving on. So now the browser console is dropping me this: "Uncaught InternalError: too much recursion". And points at a line of wasm that is doing... `call $func65`. Okay. I guess now I would like sourcemaps. I do not currently have sourcemaps. *sigh*
|
A note re: "argument forwarding". It has been brought up but I do not believe that "argument forwarding" is something we should engage with. It is a GCC extension that seems to me like it will depend too much on the internals of the compiler, or be extremely target-dependent. Making it specially efficient is likely to be barred by FFI boundaries, anyways, because it essentially amounts to a request to inline the callee variable argument fn into the caller variable argument fn, so that "unpacking" the arguments only happens once. So honestly, if you need If it does prove implementable, then it can be done later as a further development. |
|
@workingjubilee Complete agreement. Supporting that C compiler extension does not seem at all in scope for base varargs support. |
…r=workingjubilee limit impls of `VaArgSafe` to just types that are actually safe tracking issue: rust-lang#44930 Retrieving 8- or 16-bit integer arguments from a `VaList` is not safe, because such types are subject to upcasting. See rust-lang#61275 (comment) for more detail. This PR also makes the instances of `VaArgSafe` visible in the documentation, and uses a private sealed trait to make sure users cannot create additional impls of `VaArgSafe`, which would almost certainly cause UB. r? `@workingjubilee`
Rollup merge of rust-lang#141341 - folkertdev:limit-VaArgSafe-impls, r=workingjubilee limit impls of `VaArgSafe` to just types that are actually safe tracking issue: rust-lang#44930 Retrieving 8- or 16-bit integer arguments from a `VaList` is not safe, because such types are subject to upcasting. See rust-lang#61275 (comment) for more detail. This PR also makes the instances of `VaArgSafe` visible in the documentation, and uses a private sealed trait to make sure users cannot create additional impls of `VaArgSafe`, which would almost certainly cause UB. r? `@workingjubilee`
|
We need https://gist.github.com/folkertdev/47c79e2f5b03f1138db9d53be5e51ed1 Some highlights
This all relies on a different desugaring of fn foo(placeholder: i32, mut args: ...) {
// stuff
}
// --->
fn foo(placeholder: i32) {
let tag = core::mem::MaybeUninit::<VaListImpl>::uninit();
unsafe { core::instrinsics::va_start(tag.as_mut_ptr()) }
let mut args = VaList(tag.assume_init_mut())
// stuff
}It seems possible to make that work internally. I think this new API is nicer, because it leaks fewer implementation details. But before we start implementation work, does anyone see issues with this direction? pinging specifically the c2rust folks @thedataking @ahomescu, you've probably worked with the existing |
joshtriplett
added
the
I-lang-nominated
|
@rustbot labels -I-lang-nominated Let's fork discussion of that proposal out to: We'll take the nomination there. |
rustbot
removed
the
I-lang-nominated
…ubilee use `cfg_select!` to select the right `VaListImpl` definition tracking issue: rust-lang#44930 Just a bit of cleanup really. We could use `PhantomInvariantLifetime<'f>` (rust-lang#135806) to make it more precise what that `PhantomData<&'f mut &'f c_void>` marker is doing. I'm not sure how ready that feature is though, `@jhpratt` are these types good to use internally? --- Some research into the lifetimes of `VaList` and `VaListImpl`: It's easy to see why the lifetime of these types should not be extended, a `VaList` or `VaListImpl` escaping its function is a bad idea. I don't currently see why coercing the lifetime to a shorter lifetime is problematic though, but probably I just don't understand variance well enough to see it. The history does not provide much explanation: - immunant@0814087 original implementation - immunant@b9ea653 adds `VaListImpl<'f>`, but it is only covariant in `'f` - rust-lang#62639 makes `VaListImpl<'f>` invariant over `'f` (because `VaList<'a, 'f>` is already invariant over `'f`, but I think that is just an implementation detail?) Beyond that I don't see how the lifetime situation can be simplified significantly, e.g. this function really needs `'copy` to be unconstrained. ```rust /// Copies the `va_list` at the current location. pub unsafe fn with_copy<F, R>(&self, f: F) -> R where F: for<'copy> FnOnce(VaList<'copy, 'f>) -> R, { let mut ap = self.clone(); let ret = f(ap.as_va_list()); // SAFETY: the caller must uphold the safety contract for `va_end`. unsafe { va_end(&mut ap); } ret } ``` `@rustbot` label +F-c_variadic r? `@workingjubilee`
Rollup merge of #141361 - folkertdev:varargs-cfg, r=workingjubilee use `cfg_select!` to select the right `VaListImpl` definition tracking issue: #44930 Just a bit of cleanup really. We could use `PhantomInvariantLifetime<'f>` (#135806) to make it more precise what that `PhantomData<&'f mut &'f c_void>` marker is doing. I'm not sure how ready that feature is though, `@jhpratt` are these types good to use internally? --- Some research into the lifetimes of `VaList` and `VaListImpl`: It's easy to see why the lifetime of these types should not be extended, a `VaList` or `VaListImpl` escaping its function is a bad idea. I don't currently see why coercing the lifetime to a shorter lifetime is problematic though, but probably I just don't understand variance well enough to see it. The history does not provide much explanation: - immunant@0814087 original implementation - immunant@b9ea653 adds `VaListImpl<'f>`, but it is only covariant in `'f` - #62639 makes `VaListImpl<'f>` invariant over `'f` (because `VaList<'a, 'f>` is already invariant over `'f`, but I think that is just an implementation detail?) Beyond that I don't see how the lifetime situation can be simplified significantly, e.g. this function really needs `'copy` to be unconstrained. ```rust /// Copies the `va_list` at the current location. pub unsafe fn with_copy<F, R>(&self, f: F) -> R where F: for<'copy> FnOnce(VaList<'copy, 'f>) -> R, { let mut ap = self.clone(); let ret = f(ap.as_va_list()); // SAFETY: the caller must uphold the safety contract for `va_end`. unsafe { va_end(&mut ap); } ret } ``` `@rustbot` label +F-c_variadic r? `@workingjubilee`
…workingjubilee make teach_help message for cast-before-pass-to-variadic more precise r? `@workingjubilee` based on your comment [here](rust-lang#44930 (comment))
Rollup merge of #141443 - RalfJung:c-variadic-teach-help, r=workingjubilee make teach_help message for cast-before-pass-to-variadic more precise r? `@workingjubilee` based on your comment [here](#44930 (comment))
…r=workingjubilee limit impls of `VaArgSafe` to just types that are actually safe tracking issue: rust-lang#44930 Retrieving 8- or 16-bit integer arguments from a `VaList` is not safe, because such types are subject to upcasting. See rust-lang#61275 (comment) for more detail. This PR also makes the instances of `VaArgSafe` visible in the documentation, and uses a private sealed trait to make sure users cannot create additional impls of `VaArgSafe`, which would almost certainly cause UB. r? `@workingjubilee`
…ubilee use `cfg_select!` to select the right `VaListImpl` definition tracking issue: rust-lang#44930 Just a bit of cleanup really. We could use `PhantomInvariantLifetime<'f>` (rust-lang#135806) to make it more precise what that `PhantomData<&'f mut &'f c_void>` marker is doing. I'm not sure how ready that feature is though, `@jhpratt` are these types good to use internally? --- Some research into the lifetimes of `VaList` and `VaListImpl`: It's easy to see why the lifetime of these types should not be extended, a `VaList` or `VaListImpl` escaping its function is a bad idea. I don't currently see why coercing the lifetime to a shorter lifetime is problematic though, but probably I just don't understand variance well enough to see it. The history does not provide much explanation: - immunant@0814087 original implementation - immunant@b9ea653 adds `VaListImpl<'f>`, but it is only covariant in `'f` - rust-lang#62639 makes `VaListImpl<'f>` invariant over `'f` (because `VaList<'a, 'f>` is already invariant over `'f`, but I think that is just an implementation detail?) Beyond that I don't see how the lifetime situation can be simplified significantly, e.g. this function really needs `'copy` to be unconstrained. ```rust /// Copies the `va_list` at the current location. pub unsafe fn with_copy<F, R>(&self, f: F) -> R where F: for<'copy> FnOnce(VaList<'copy, 'f>) -> R, { let mut ap = self.clone(); let ret = f(ap.as_va_list()); // SAFETY: the caller must uphold the safety contract for `va_end`. unsafe { va_end(&mut ap); } ret } ``` `@rustbot` label +F-c_variadic r? `@workingjubilee`
…r=workingjubilee use custom types to clarify arguments to `emit_ptr_va_arg` tracking issue: rust-lang#44930 split out of rust-lang#141622 r? `@workingjubilee` `@rustbot` label: +F-c_variadic
…r=workingjubilee use custom types to clarify arguments to `emit_ptr_va_arg` tracking issue: rust-lang#44930 split out of rust-lang#141622 r? ``@workingjubilee`` ``@rustbot`` label: +F-c_variadic
implement `va_arg` for x86_64 systemv tracking issue: #44930 Turns out LLVM's `va_arg` is also unreliable for this target. llvm/llvm-project#141361 So, like clang, we implement our own. I used - the spec at https://gitlab.com/x86-psABIs/x86-64-ABI - the clang implementation at https://github.com/llvm/llvm-project/blob/9a440f84773c56d3803f330774acb2b4f471d5b4/clang/lib/CodeGen/Targets/X86.cpp#L3041 We can take a bunch of shortcuts because the return type of `va_list` must implement `VaArgSafe`. I also extended some of the tests, because up to 11 floats can be stored in the `reg_safe_area` for this calling convention. r? `@workingjubilee` `@rustbot` label +F-c_variadic try-job: x86_64-apple-1
and others
Uh oh!
There was an error while loading. Please reload this page.
This is a tracking issue for the RFC "Support defining C-compatible variadic functions in Rust" (rust-lang/rfcs#2137).
Steps:
Unresolved questions:
can provide an appropriate lifetime that prevents a
VaListfrom outliving itscorresponding variadic function."
...syntax.const fn....desugaring (VaListImpl<'_>) #125431VaList<'_>does not carry its ABI in its type #141618The text was updated successfully, but these errors were encountered: