kjuulh/rhai
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Remove unsound casting functions

Browse Source 
The casting functions in `unsafe.rs` were unsound (i.e., they allowed
safe code to cause undefined behavior). While they did appear to be used
in a way that wouldn't cause UB the fact that there exists unsound
functions is unsettling.

This commit removes those functions and replaces it with a macro that
performs the same reification - the difference is that the macro call
will also include the checks which are required to prevent UB. A macro
was chosen instead of a function for two reasons:

1. A macro can keep the same code generation whereas a function would
   require going through an `Option` which has negative impacts on code
   generation (niche values cause poor DCE).
2. There exist other `unsafe` code blocks in the crate and an attempt to
   make Rhai 100% safe is completely out-of-scope for this merge
   request, so we may as well use `unsafe` in the macro.

Regarding (2) above, I may come back at a later date with a 100% safe
`reify` function but only once the other `unsafe` blocks are removed.
For posterity, said function would look something like:

```rust
fn reify<A: Any, C>(value: A) -> Option<C> {
    let mut v = Some(value);
    let v: &mut dyn Any = &mut v;
    v.downcast_mut::<Option<C>>().map(Option::take)
}
```
This commit is contained in:
Nathan Kent
2022-02-05 16:29:05 -08:00
parent 6a740a9fa1
commit 86d86a85e4
7 changed files with 94 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/api/custom_syntax.rs
View File

@@ -3,16 +3,15 @@
use crate::ast::Expr;
use crate::func::native::SendSync;
use crate::parser::ParseResult;
use crate::r#unsafe::unsafe_try_cast;
use crate::tokenizer::{is_valid_identifier, Token};
use crate::types::dynamic::Variant;
use crate::{
Engine, EvalContext, Identifier, ImmutableString, LexError, Position, RhaiResult, Shared,
StaticVec, INT,
StaticVec, reify,
};
#[cfg(feature = "no_std")]
use std::prelude::v1::*;
use std::{any::TypeId, ops::Deref};
use std::ops::Deref;
/// Collection of special markers for custom syntax definition.
pub mod markers {
@@ -94,46 +93,23 @@ impl Expression<'_> {
#[must_use]
pub fn get_literal_value<T: Variant>(&self) -> Option<T> {
// Coded this way in order to maximally leverage potentials for dead-code removal.
match self.0 {
Expr::IntegerConstant(x, _) => reify!(x, |x: T| Some(x), || None),
if TypeId::of::<T>() == TypeId::of::<INT>() {
return match self.0 {
Expr::IntegerConstant(x, _) => unsafe_try_cast(*x),
_ => None,
};
#[cfg(not(feature = "no_float"))]
Expr::FloatConstant(x, _) => reify!(x, |x: T| Some(x), || None),
Expr::CharConstant(x, _) => reify!(x, |x: T| Some(x), || None),
Expr::StringConstant(x, _) => reify!(x.clone(), |x: T| Some(x), || None),
Expr::Variable(_, _, x) => {
let x = Into::<ImmutableString>::into(&x.2);
reify!(x, |x: T| Some(x), || None)
}
Expr::BoolConstant(x, _) => reify!(x, |x: T| Some(x), || None),
Expr::Unit(_) => reify!((), |x: T| Some(x), || None),
_ => None,
}
#[cfg(not(feature = "no_float"))]
if TypeId::of::<T>() == TypeId::of::<crate::FLOAT>() {
return match self.0 {
Expr::FloatConstant(x, _) => unsafe_try_cast(*x),
_ => None,
};
}
if TypeId::of::<T>() == TypeId::of::<char>() {
return match self.0 {
Expr::CharConstant(x, _) => unsafe_try_cast(*x),
_ => None,
};
}
if TypeId::of::<T>() == TypeId::of::<ImmutableString>() {
return match self.0 {
Expr::StringConstant(x, _) => unsafe_try_cast(x.clone()),
Expr::Variable(_, _, x) => unsafe_try_cast(Into::<ImmutableString>::into(&x.2)),
_ => None,
};
}
if TypeId::of::<T>() == TypeId::of::<bool>() {
return match self.0 {
Expr::BoolConstant(x, _) => unsafe_try_cast(*x),
_ => None,
};
}
if TypeId::of::<T>() == TypeId::of::<()>() {
return match self.0 {
Expr::Unit(_) => unsafe_try_cast(()),
_ => None,
};
}
None
}
}