On 11/29/23 16:13, Matthew Wilcox wrote: > On Wed, Nov 29, 2023 at 12:51:07PM +0000, Alice Ryhl wrote: >> This introduces a struct for the EBADF error type, rather than just >> using the Error type directly. This has two advantages: >> * `File::from_fd` returns a `Result<ARef<File>, BadFdError>`, which the >> compiler will represent as a single pointer, with null being an error. >> This is possible because the compiler understands that `BadFdError` >> has only one possible value, and it also understands that the >> `ARef<File>` smart pointer is guaranteed non-null. >> * Additionally, we promise to users of the method that the method can >> only fail with EBADF, which means that they can rely on this promise >> without having to inspect its implementation. >> That said, there are also two disadvantages: >> * Defining additional error types involves boilerplate. >> * The question mark operator will only utilize the `From` trait once, >> which prevents you from using the question mark operator on >> `BadFdError` in methods that return some third error type that the >> kernel `Error` is convertible into. (However, it works fine in methods >> that return `Error`.) > > I haven't looked at how Rust-for-Linux handles errors yet, but it's > disappointing to see that it doesn't do something like the PTR_ERR / > ERR_PTR / IS_ERR C thing under the hood. In this case we are actually doing that: `ARef<T>` is a non-null pointer to a `T` and since `BadFdError` is a unit struct (i.e. there exists only a single value it can take) `Result<ARef<T>, BadFdError>` has the same size as a pointer. This is because the Rust compiler represents the `Err` variant as null. We also do have support for `ERR_PTR`, but that requires `unsafe`, since we do not know which kind of pointer the C side returned (was it an `ARef<T>`, `&mut T`, `&T` etc.?) and can therefore only support `*mut T`. -- Cheers, Benno
