This change uses slices on top of C allocated array memory in order
to have a simple (no pointer arithmetic) and safe (boundary-checked)
access to its elements.
Signed-off-by: Sven Anderson <sven@redhat.com>
Uintptr are guaranteed to be at least of the size of a pointer. However, in
theory it could be larger. Since the code of PtrGuard assumes both have the
same size and to be on the safe side, this change adds a compile-time check,
that the sizes of uintptr and pointers are the same.
Signed-off-by: Sven Anderson <sven@anderson.de>
This adds a test that assures that the special //go:uintptrescapes comment
before the storeUntilRelease() function works as intended, that is the
garbage collector doesn't touch the object referenced by the uintptr until
the function returns after Release() is called. The test will fail if the
//go:uintptrescapes comment is disabled (removed) or stops working in future
versions of go.
Signed-off-by: Sven Anderson <sven@redhat.com>
The main motivation for PtrGuard was read and write buffers as they
are used in iovec. This change uses SyncBuffer for the iovec
implementation, so that the no-copy PtrGuard implementation can be
enabled with the with_ptrguard build tag.
Signed-off-by: Sven Anderson <sven@redhat.com>
In order to be able to swich on and off PtrGuard usage, SyncBuffer
implements a typical usage pattern of PtrGuard, that is a data buffer
referenced from inside a C allocated struct, in two ways: 1) using a
PtrGuard to dierctly store a pointer to the Go buffer in C memory, or
2) allocating a C buffer of same size and syncing data back with
C.memcpy(). The implementation can be chosen with the with_ptrguard
build tag.
Signed-off-by: Sven Anderson <sven@redhat.com>
This change adds a new pointer alias CPtr, that should always only
contains pointers to C allocated memory and should always used for
such pointers in order to keep them separate from Go pointers more
easily. This is helpful, since only CPtr are allowed to be stored in
C allocated memory, and Go pointers can only be passed to C functions
if they don't point to memory not containing Go pointers again, that
is all pointers in such memory must be CPtr.
The change also adds aliases for C.malloc and C.free that return and
accept the CPtr type as a little safety measure.
Additionally there are some useful constants defined.
Signed-off-by: Sven Anderson <sven@redhat.com>
Although it seems to be stable with the current Go versions,
unsafe.Pointers that are created by applying arithmetic on nil
pointers are explicitly not allowed[1], and could potentially lead to
panics by the garbage collector. To be on the safe side, this change
goes back to minimal inline wrappers for the callback registrations,
which should be zero-cost. For the callbacks themselves fortunately
no wrappers are required, because CGo happily converts void* to
uintptr arguments. The potentially problematic VoidPtr helper is
removed again.
[1] https://golang.org/pkg/unsafe/#Pointer
Signed-off-by: Sven Anderson <sven@redhat.com>
This type is useful for passing disparate buffers to be read or
written in a single call. Functions using this type exist in cephfs
and rbd. Currently this is needed for cephfs calls.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Add SplitBuffer and SplitSparseBuffer functions for extracting a list
of strings from a single buffer, typically returned in C code, from
a single Go buffer. The SplitBuffer variant will return empty strings
if multiple nulls are found in sequence, assuming that the C code
packs data between on single null byte (expect the final byte).
The SplitSparseBuffer variant assumes that the C code may not
tightly pack the data with single null bytes and thus will not
return any empty strings (unless the input buffer is empty
or only contains nulls).
Most of the code in the go-ceph codebase is doing the latter but
probably should have been doing the former. Thus both approaches
are provided.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
The *_command functions in librados and libcephfs document the use
of specific free functions for data allocated. These functions are
currently just wrappers around C's free() function. However, to be
more strictly compliant this change adds a free-function callback
to the CommandOutput type and the specific free functions are now
used outside the unit tests.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Now we have sufficient boilerplate in our code for interacting with
various types and ceph calls with similar needs we establish a new
internal package, "cutil" (C utilities).
Note that many of the return types are wrapped. This is due to the
limits placed on us by cgo. Despite the irritating limitations Go
places on "exporting" C types it still ought to help in the long run for
patterns that are very common or patterns that are subtle and we want to
write specific tests for.
Signed-off-by: John Mulligan <jmulligan@redhat.com>