Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Foundation ownership fixes #40

Merged
merged 17 commits into from
Nov 2, 2021
Merged

Foundation ownership fixes #40

merged 17 commits into from
Nov 2, 2021

Conversation

madsmtm
Copy link
Owner

@madsmtm madsmtm commented Oct 5, 2021
edited
Loading

Intended to fix most of the soundness issues discussed in #29.

I also renamed a lot of methods to better match Rust naming.

@madsmtm madsmtm added bug Something isn't working enhancement New feature or request labels Oct 5, 2021
@madsmtm
Add associated Ownership type to INSObject
5aaae76 
Immutable types like NSString implement `copy` by simply retaining the pointer; hence, having an `Owned` NSString (which allows access to `&mut NSString`) is never valid, since it would be possible to create an aliased mutable reference.

So instead we now have an `Ownership` type on INSObject that indicates whether the type is mutable.

Fixes SSheldon/rust-objc-foundation#10 (see that issue for alternative ways to fix this).
@madsmtm
Use simpler syntax for where bounds
99988b4
@madsmtm
Remove default ownership on NSArray and NSDictionary, and rename Own
a03e2de 
INSArray::Own -> INSArray::ItemOwnership
INSDictionary::Own -> INSDictionary::ValueOwnership

Also remove `NSSharedArray` and `NSMutableSharedArray`
@madsmtm
Reevaluate NSArray ownership
e4844a4
@madsmtm
Rename NSArray and NSDictionary methods to better match std naming
cb3cc16 
Also add a few bound checks since throwing exceptions from Objective-C is still UB
@madsmtm
Make INSString::as_str take the current AutoreleasePool as parameter
518a05c 
See the code comments and my explanation here: SSheldon/rust-objc#103 (comment)

This also has the nice "side-effect" of fixing the memory leaks that as_str was otherwise exhibiting when using non-ascii strings, see SSheldon/rust-objc-foundation#15.
@madsmtm madsmtm mentioned this pull request Oct 30, 2021
Closed
2 tasks
@madsmtm
Remove Any bound on INSObject
935def6 
The `Any` bound is equivalent to 'static, and that is too restrictive; we want to allow creating custom classes which reference something from the outer environment
@madsmtm
Make foundation INS_ traits unsafe to implement
f312d73 
Anything else would be unsound, since the user must verify that the object actually implements the protocols / inherits the classes!
@madsmtm
Move minor foundation struct and traits to their own files
5cc31bd
@madsmtm
Improve NSRange
7826ca8
@madsmtm
Improve NSComparisonResult
063d612
@madsmtm madsmtm changed the title Ownership fixes (WIP) Foundation ownership fixes Oct 31, 2021
@madsmtm
Add extra test and small cleanup
2baf0a4
@madsmtm
Fix soundness issue in NSValue
c38fb60 
NSValue implements `INSObject`, and therefore has a blank `new` method, but the extractor method did not account for this discrepancy.
@madsmtm
Fix NSValue::new on GNUStep
9b8ce34
@madsmtm madsmtm force-pushed the ownership-fixes branch 2 times, most recently from fdcecc4 to 2fb4fb8 Compare November 1, 2021 21:05
@madsmtm
Remove INSObject::new
dc0cb3a 
Some classes (NSValue is the current example of this, but it's probably not the only case) don't want to handle cases where the users didn't supply a value, and implement `init` with throwing an exception or returning `nil`.

We could panic in those cases (though we can't currently catch GNUStep exceptions), but instead we should just simply not provide a way to construct these invalid instances.
@madsmtm madsmtm merged commit 854711e into master Nov 2, 2021
@madsmtm madsmtm deleted the ownership-fixes branch November 2, 2021 13:07
madsmtm added a commit that referenced this pull request Nov 2, 2021
@madsmtm
Fix build breaking since #40
da7313f
madsmtm added a commit that referenced this pull request Nov 2, 2021
@madsmtm
Fix build breaking since #40
700b222
@madsmtm madsmtm mentioned this pull request Nov 3, 2021
Closed
@madsmtm madsmtm added the I-unsound A soundness hole label Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request I-unsound A soundness hole
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@madsmtm