On 19.08.24 21:38, Sami Tolvanen wrote: > Hi Benno, > > On Sat, Aug 17, 2024 at 01:19:55PM +0000, Benno Lossin wrote: >> >> For this use-case (the one in the patch), I don't really know if we want >> to copy the approach from C. Do we even support exporting kABI from >> Rust? If yes, then we I would recommend we tag it in the source code >> instead of using a union. Here the example from the patch adapted: >> >> #[repr(C)] // needed for layout stability >> pub struct Struct1 { >> a: u64, >> #[kabi_reserved(u64)] // this marker is new >> _reserved: u64, >> } >> >> And then to use the reserved field, you would do this: >> >> #[repr(C)] >> pub struct Struct1 { >> a: u64, >> #[kabi_reserved(u64)] >> b: Struct2, >> } >> >> #[repr(C)] >> pub struct Struct2 { >> b: i32, >> v: i32, >> } >> >> The attribute would check that the size of the two types match and >> gendwarfksyms would use the type given in "()" instead of the actual >> type. > > This definitely looks cleaner than unions in Rust, but how would this > scheme be visible in DWARF? You might also need to expand the annotation > to allow replacing one reserved field with multiple smaller ones without > using structs. Hmm that's a good question, I have no idea how DWARF works. The way you do it in this patch is just by the name of the field, right? If Rust's DWARF output contains exact types names (I just checked this, I *think* that this is the case, but I have never used/seen DWARF before), we might be able to just create a `KAbiReserved<T, R>` type that you search for instead of the attribute. The usage would then be like this: #[repr(C)] pub struct Struct1 { a: u64, _reserved: KAbiReserved<(), u64>, } And then when adding a new field, you would do this: #[repr(C)] pub struct Struct1 { a: u64, b: KAbiReserved<Struct2, u64>, } /* Struct2 as above */ The way `KAbiReserved` is implemented is via a `union` (maybe a bit ironic, considering what I said in my other replies, but in this case, we would provide a safe abstraction over this `union`, thus avoiding exposing users of this type to `unsafe`): #[repr(C)] pub union KAbiReserved<T, R> { value: T, _reserved: R, } impl<T, R> Drop for KAbiReserved<T, R> { fn drop(&mut self) { let val = &mut **self; unsafe { ptr::drop_in_place(val) }; } } impl<T, R> Deref for KAbiReserved<T, R> { type Target = T; fn deref(&self) -> &Self::Target { unsafe { &self.value } } } impl<T, R> DerefMut for KAbiReserved<T, R> { fn deref_mut(&mut self) -> &mut Self::Target { unsafe { &mut self.value } } } impl<T, R> KAbiReserved<T, R> { pub fn new(value: T) -> Self { // we want to ensure that people don't accidentally use a bigger type. build_assert!(size_of::<R>() >= size_of::<T>()); Self { value } } pub fn into_value(self) -> T { unsafe { self.value } } } This needs some more work, but is a lot cleaner than having the users use raw unions + unsafe (essentially they would re-implement the code above). If you want me to turn the above into a patch let me know (also if you or someone else wants to give it a try, then please go ahead! If you need help, just send me a mail or a message on zulip). --- Cheers, Benno