-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
entry: Mark all extern "C"
function-pointer calls unsafe
#756
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you want to also mark the individual methods as unsafe for consistency?
We were not going to do that because the safety contract could be upheld on the Vulkan side, right? The only problem was that we can no longer validate this when the function pointer itself originates from an unknown source (e.g. not Otherwise I would have gone for marking the functions as |
Both approaches are equally valid from a correctness standpoint. I understood from that conversation that you strongly favored the approach of marking the wrapper functions as unsafe for consistency? |
@Ralith yes they are, but since you put so much emphasis on (extern) C functions being not necessarily/inherently I haven't checked any of the safety contracts for these C functions, so we might as well mark them |
This was a point of fact, but is not necessarily the deciding factor. Apologies for the confusion!
I find this appealing from a consistency standpoint. Even though we can easily deem these safe, it might be confusing to do so when we in general don't. |
Ah, that makes sense then! Sure, I'll mark the C function wrappers |
adb8650
to
97270be
Compare
We don't mark any of the extern calls to Vulkan function-pointers safe except for a few `Entry` functions. Their safety contract was easy to validate, but now that we exposed a constructor function to let the user provide function pointers in the form of `Entry::from_parts_1_1()` it is no longer safe to assume that we are calling the function that adheres to the contract specified in the Vulkan reference. Because we don't rigorously do this validation and safe-marking anywhere else either, mark these function calls as `unsafe`. Related discussion chain: #748 (comment)
97270be
to
ee5e651
Compare
Entry::from_parts_1_1()
as unsafe
extern "C"
function-pointer calls unsafe
We don't mark any of the extern calls to Vulkan function-pointers safe except for a few
Entry
functions. Their safety contract was easy to validate, but now that we exposed a constructor function to let the user provide function pointers in the form ofEntry::from_parts_1_1()
it is no longer safe to assume that we are calling the function that adheres to the contract specified in the Vulkan reference.Because we don't rigorously do this validation and safe-marking anywhere else either, mark these function calls as
unsafe
.Related discussion chain: #748 (comment)