FFI C code should use uint32_t not size_t for u32 Rust parameters.
#1791
Comments
thomcc
added
help wanted
Implementation: Rust
Implementation: C
and removed
Implementation: Rust
labels
thomcc
changed the title
usize not u32 for size_t parameters.uint32_t not size_t for u32 Rust parameters.
|
This seems a simple enough task. I've noticed a few other functions where a length is being passed as a This is also my first contribution should this be a |
|
Hi @Hraesvel thank you for picking this 🙏
It should be a
Yes. Looking forward to merging you first contribution 🎉 |
|
Also when you send the PR ... could you accept our CLA Read the CLA at To accept the CLA please send a different PR to our contributors repo indicating that you accept the CLA by adding your Git/Github details in a row at the end of the CONTRIBUTORS.csv file: Thank you!! |
fix build-trust#1791 FFI C code should use uint32_t not size_t for u32 Rust parameters
fix #1791 FFI C code should use uint32_t not size_t for u32 Rust parameters
While going over the crates in my onboarding session, I noticed that our FFI layer uses
size_tfrom C andu32from Rust. One example of several:https://github.com/ockam-network/ockam/blob/ffadf0633adcae4d0a061fa322fb17dd15afe6e6/implementations/rust/ockam/ockam_ffi/src/vault.rs#L60
https://github.com/ockam-network/ockam/blob/ffadf0633adcae4d0a061fa322fb17dd15afe6e6/implementations/rust/ockam/ockam_ffi/include/vault.h#L72
This is both not guaranteed to work, and can cause major issues in general on 64 bit platforms with ABIs that will pack consecutive integers into the same register when they fit (e.g. x86_64, for example) — we're largely saved by the fact that we don't have any functions that use two consecutive size_t arguments (instead, they're typically surrounded by pointers, which prevents packing the two INTEGER-class parameters into the same register on x86_64, and likely the same on other ABIs).
The right type to use here isusizefrom the Rust, which should be a simple change.EDIT: Actually given that in theory there are platforms where this isn't guaranteed to be the case (see rust-lang/rust#88340 and https://rust-lang.zulipchat.com/#narrow/stream/136281-t-lang.2Fwg-unsafe-code-guidelines/topic/.60usize.60.20vs.20.60size_t.60), I think this should be changed so that
Cusesuint32_tin the code, rather than adjusting the Rust. Sorry for the confusion.The text was updated successfully, but these errors were encountered: