summaryrefslogtreecommitdiffstats
path: root/safe_libc/src
diff options
context:
space:
mode:
Diffstat (limited to 'safe_libc/src')
-rw-r--r--safe_libc/src/boxed.rs146
-rw-r--r--safe_libc/src/lib.rs18
-rw-r--r--safe_libc/src/stdio.rs47
-rw-r--r--safe_libc/src/string.rs151
-rw-r--r--safe_libc/src/util.rs18
5 files changed, 380 insertions, 0 deletions
diff --git a/safe_libc/src/boxed.rs b/safe_libc/src/boxed.rs
new file mode 100644
index 0000000..72c961c
--- /dev/null
+++ b/safe_libc/src/boxed.rs
@@ -0,0 +1,146 @@
+use crate::util;
+
+use core::{mem, ptr};
+use core::ops::{Deref, DerefMut};
+
+fn alloc<T>(len: usize) -> *mut T {
+ if util::zst::<T>(len) {
+ return ptr::null_mut();
+ }
+ let size = len.checked_mul(mem::size_of::<T>()).expect("allocation overflow");
+ let align = mem::align_of::<T>();
+ util::must_succeed(
+ unsafe {
+ libc::memalign(align as libc::size_t, size as libc::size_t) as *mut T
+ }
+ )
+}
+
+#[inline]
+fn dangling<T>() -> *mut T {
+ mem::align_of::<T>() as *mut T
+}
+
+#[inline]
+fn slice_len<T>(p: *const [T]) -> usize {
+ unsafe { mem::transmute::<*const [T], [usize; 2]>(p)[1] }
+}
+
+pub struct CBox<T: ?Sized>(*mut T);
+
+impl<T: ?Sized> CBox<T> {
+ #[inline]
+ pub unsafe fn from_raw_unchecked(p: *mut T) -> CBox<T> {
+ CBox(p)
+ }
+
+ #[inline]
+ pub fn into_raw(self) -> *mut T {
+ let p = self.0;
+ mem::forget(self);
+ p
+ }
+
+ #[inline]
+ pub fn as_ptr(&self) -> *const T {
+ self.0
+ }
+
+ #[inline]
+ pub fn as_mut_ptr(&mut self) -> *mut T {
+ self.0
+ }
+}
+
+impl<T> CBox<T> {
+ #[inline]
+ pub fn new(value: T) -> CBox<T> {
+ let p = alloc(1);
+ unsafe {
+ ptr::write(p, value);
+ CBox::from_raw_unchecked(p)
+ }
+ }
+
+ #[inline]
+ pub unsafe fn from_raw(p: *mut T) -> CBox<T> {
+ util::check_ptr(p, 1);
+ CBox(p)
+ }
+
+ #[inline]
+ pub unsafe fn slice_from_raw_parts_unchecked(p: *mut T, len: usize) -> CBox<[T]> {
+ CBox(ptr::slice_from_raw_parts_mut(p, len))
+ }
+
+ #[inline]
+ pub unsafe fn slice_from_raw_parts(p: *mut T, len: usize) -> CBox<[T]> {
+ util::check_ptr(p, len);
+ CBox::slice_from_raw_parts_unchecked(p, len)
+ }
+
+ #[inline]
+ fn safe_ptr(&self) -> *mut T {
+ if util::zst::<T>(1) {
+ return dangling();
+ }
+
+ debug_assert!(!self.0.is_null(), "NULL ptr");
+ self.0
+ }
+}
+
+impl<T> CBox<[T]> {
+ #[inline]
+ fn safe_ptr(&self) -> *mut [T] {
+ if self.0.is_null() {
+ let len = slice_len(self.0);
+ debug_assert!(util::zst::<T>(len), "NULL ptr");
+ return ptr::slice_from_raw_parts_mut(dangling(), len);
+ }
+
+ self.0
+ }
+}
+
+impl<T: ?Sized> Drop for CBox<T> {
+ #[inline]
+ fn drop(&mut self) {
+ unsafe {
+ ptr::drop_in_place(self.0);
+ libc::free(self.0 as *mut libc::c_void);
+ }
+ }
+}
+
+impl<T> Deref for CBox<T> {
+ type Target = T;
+
+ #[inline]
+ fn deref(&self) -> &T {
+ unsafe { &*self.safe_ptr() }
+ }
+}
+
+impl<T> DerefMut for CBox<T> {
+ #[inline]
+ fn deref_mut(&mut self) -> &mut T {
+ unsafe { &mut *self.safe_ptr() }
+ }
+}
+
+impl<T> Deref for CBox<[T]> {
+ type Target = [T];
+
+ #[inline]
+ fn deref(&self) -> &[T] {
+ unsafe { &*self.safe_ptr() }
+ }
+}
+
+impl<T> DerefMut for CBox<[T]> {
+ #[inline]
+ fn deref_mut(&mut self) -> &mut [T] {
+ unsafe { &mut *self.safe_ptr() }
+ }
+}
diff --git a/safe_libc/src/lib.rs b/safe_libc/src/lib.rs
new file mode 100644
index 0000000..0ab0e89
--- /dev/null
+++ b/safe_libc/src/lib.rs
@@ -0,0 +1,18 @@
+#![no_std]
+
+pub use libc::*;
+
+mod util;
+
+pub mod boxed;
+pub mod stdio;
+pub mod string;
+
+
+extern "C" {
+ pub fn strndup(cs: *const libc::c_char, n: libc::size_t) -> *mut libc::c_char;
+
+ // pub static stdin: *mut libc::FILE;
+ pub static stdout: *mut libc::FILE;
+ pub static stderr: *mut libc::FILE;
+}
diff --git a/safe_libc/src/stdio.rs b/safe_libc/src/stdio.rs
new file mode 100644
index 0000000..5f33f74
--- /dev/null
+++ b/safe_libc/src/stdio.rs
@@ -0,0 +1,47 @@
+use crate as libc;
+use crate::string;
+
+use core::fmt;
+
+pub struct OStream {
+ file: *mut libc::FILE
+}
+
+#[inline]
+pub unsafe fn stdout() -> OStream {
+ OStream { file: libc::stdout }
+}
+
+#[inline]
+pub unsafe fn stderr() -> OStream {
+ OStream { file: libc::stderr }
+}
+
+impl OStream {
+ #[inline]
+ pub fn write(&mut self, b: &[u8]) {
+ unsafe {
+ libc::fwrite(
+ b.as_ptr() as *const libc::c_void,
+ 1,
+ b.len(),
+ self.file,
+ );
+ }
+ }
+
+ #[inline]
+ pub fn puts(&mut self, s: &string::CStr) {
+ unsafe {
+ libc::fputs(s.as_ptr(), self.file);
+ }
+ }
+}
+
+impl fmt::Write for OStream {
+ #[inline]
+ fn write_str(&mut self, s: &str) -> fmt::Result {
+ self.write(s.as_bytes());
+ Ok(())
+ }
+}
diff --git a/safe_libc/src/string.rs b/safe_libc/src/string.rs
new file mode 100644
index 0000000..c85f788
--- /dev/null
+++ b/safe_libc/src/string.rs
@@ -0,0 +1,151 @@
+use crate as libc;
+use crate::util;
+use crate::boxed::CBox;
+
+use core::slice;
+use core::ops::{Deref, DerefMut};
+
+//pub struct FromBytesWithNulError {}
+
+pub struct CStr { inner: libc::c_char }
+
+impl CStr {
+ #[inline]
+ pub unsafe fn from_ptr_unchecked<'a>(p: *const libc::c_char) -> &'a CStr {
+ &*(p as *const CStr)
+ }
+
+ #[inline]
+ pub unsafe fn from_ptr<'a>(p: *const libc::c_char) -> &'a CStr {
+ util::check_ptr(p, 1);
+ CStr::from_ptr_unchecked(p)
+ }
+
+ #[inline]
+ pub unsafe fn from_mut_ptr_unchecked<'a>(p: *mut libc::c_char) -> &'a mut CStr {
+ &mut *(p as *mut CStr)
+ }
+
+ #[inline]
+ pub unsafe fn from_mut_ptr<'a>(p: *mut libc::c_char) -> &'a mut CStr {
+ util::check_ptr(p, 1);
+ CStr::from_mut_ptr_unchecked(p)
+ }
+
+ #[inline]
+ pub unsafe fn from_bytes_with_nul_unchecked(bytes: &[u8]) -> &CStr {
+ CStr::from_ptr_unchecked(bytes.as_ptr() as *const libc::c_char)
+ }
+
+ // TODO
+ //pub fn from_bytes_with_nul(bytes: &[u8]) -> Result<&CStr, FromBytesWithNulError> {
+ //}
+
+ #[inline]
+ pub fn len(&self) -> usize {
+ unsafe { libc::strlen(self.as_ptr()) as usize }
+ }
+
+ #[inline]
+ pub const fn as_ptr(&self) -> *const libc::c_char {
+ &self.inner
+ }
+
+ #[inline]
+ pub fn as_mut_ptr(&mut self) -> *mut libc::c_char {
+ &mut self.inner
+ }
+
+ #[inline]
+ pub fn as_bytes(&self) -> &[u8] {
+ unsafe { slice::from_raw_parts(
+ self.as_ptr() as *const u8,
+ self.len(),
+ ) }
+ }
+
+ #[inline]
+ pub fn as_mut_bytes(&mut self) -> &mut [u8] {
+ unsafe { slice::from_raw_parts_mut(
+ self.as_mut_ptr() as *mut u8,
+ self.len(),
+ ) }
+ }
+
+ #[inline]
+ pub fn to_owned(self: &CStr) -> CString {
+ CString::from(self)
+ }
+}
+
+#[macro_export]
+macro_rules! cstr {
+ ($s:expr) => (
+ unsafe { $crate::string::CStr::from_bytes_with_nul_unchecked(concat!($s, "\0").as_bytes()) }
+ )
+}
+
+pub struct CString { inner: CBox<libc::c_char> }
+
+impl CString {
+ #[inline]
+ pub unsafe fn from_raw_unchecked(p: *mut libc::c_char) -> CString {
+ CString { inner: CBox::from_raw_unchecked(p) }
+ }
+
+ #[inline]
+ pub unsafe fn from_raw(p: *mut libc::c_char) -> CString {
+ util::check_ptr(p, 1);
+ CString::from_raw_unchecked(p)
+ }
+
+ #[inline]
+ pub fn into_raw(self) -> *mut libc::c_char {
+ self.inner.into_raw()
+ }
+}
+
+impl Deref for CString {
+ type Target = CStr;
+
+ #[inline]
+ fn deref(&self) -> &CStr {
+ unsafe { CStr::from_ptr(&*self.inner) }
+ }
+}
+
+impl DerefMut for CString {
+ #[inline]
+ fn deref_mut(&mut self) -> &mut CStr {
+ unsafe { CStr::from_mut_ptr(&mut *self.inner) }
+ }
+}
+
+impl From<&[u8]> for CString {
+ fn from(s: &[u8]) -> CString {
+ unsafe {
+ CString::from_raw_unchecked(
+ util::must_succeed(libc::strndup(
+ s.as_ptr() as *const libc::c_char,
+ s.len() as libc::size_t,
+ ))
+ )
+ }
+ }
+}
+
+impl From<&str> for CString {
+ #[inline]
+ fn from(s: &str) -> CString {
+ CString::from(s.as_bytes())
+ }
+}
+
+impl From<&CStr> for CString {
+ #[inline]
+ fn from(s: &CStr) -> CString {
+ unsafe {
+ CString::from_raw_unchecked(util::must_succeed(libc::strdup(s.as_ptr())))
+ }
+ }
+}
diff --git a/safe_libc/src/util.rs b/safe_libc/src/util.rs
new file mode 100644
index 0000000..b8a4ed5
--- /dev/null
+++ b/safe_libc/src/util.rs
@@ -0,0 +1,18 @@
+use core::mem;
+
+#[inline]
+pub fn zst<T>(len: usize) -> bool {
+ mem::size_of::<T>() == 0 || len == 0
+}
+
+#[inline]
+pub fn check_ptr<T>(p: *const T, len: usize) {
+ debug_assert!((p as usize) % mem::align_of::<T>() == 0, "unaligned ptr");
+ assert!(zst::<T>(len) || !p.is_null(), "NULL ptr");
+}
+
+#[inline]
+pub fn must_succeed<T>(p: *mut T) -> *mut T {
+ assert!(!p.is_null(), "allocation failure");
+ p
+}