Re: [PATCH] rust: types: add FOREIGN_ALIGN to ForeignOwnable
From: Benno Lossin
Date: Tue Jun 10 2025 - 05:58:43 EST
On Tue Jun 10, 2025 at 11:27 AM CEST, Andreas Hindborg wrote:
> Hi Benno,
>
> "Benno Lossin" <lossin@xxxxxxxxxx> writes:
>
>> The title should probably also mention that it removes `PointedTo`.
Just making sure that you saw this.
>> On Thu Jun 5, 2025 at 9:55 PM CEST, Andreas Hindborg wrote:
>>> pub unsafe trait ForeignOwnable: Sized {
>>> - /// Type used when the value is foreign-owned. In practical terms only defines the alignment of
>>> - /// the pointer.
>>> - type PointedTo;
>>> + /// The alignment of pointers returned by `into_foreign`.
>>> + const FOREIGN_ALIGN: usize;
>>>
>>> /// Type used to immutably borrow a value that is currently foreign-owned.
>>> type Borrowed<'a>;
>>> @@ -39,18 +35,17 @@ pub unsafe trait ForeignOwnable: Sized {
>>>
>>> /// Converts a Rust-owned object to a foreign-owned one.
>>> ///
>>> - /// # Guarantees
>>
>> Why remove this section? I think we should streamline it, (make it use
>> bullet points, shorten the sentences etc). We can keep the paragraph you
>> wrote below as normal docs.
>
> Not sure exactly what you are going for here. How is this:
>
>
> Converts a Rust-owned object to a foreign-owned one.
>
> The foreign representation is a pointer to void.
>
> # Guarantees
>
> - Minimum alignment of returned pointer is [`Self::FOREIGN_ALIGN`].
>
> There are no other guarantees for this pointer. For example, it might be invalid, dangling
> or pointing to uninitialized memory. Using it in any way except for [`from_foreign`],
> [`try_from_foreign`], [`borrow`], or [`borrow_mut`] can result in undefined behavior.
Maybe even move this paragraph above the `Guarantees` section and change
the beginning of it to "Aside from the guarantees listed below, there
are no other..."?
Otherwise looks good!
---
Cheers,
Benno