FfiStr

ffi_support

Struct FfiStr 

Source 
pub struct FfiStr<'a> { /* private fields */ }
Expand description

FfiStr<'a> is a safe (#[repr(transparent)]) wrapper around a nul-terminated *const c_char (e.g. a C string). Conceptually, it is similar to std::ffi::CStr, except that it may be used in the signatures of extern “C” functions.

Functions accepting strings should use this instead of accepting a C string directly. This allows us to write those functions using safe code without allowing safe Rust to cause memory unsafety.

A single function for constructing these from Rust (FfiStr::from_raw) has been provided. Most of the time, this should not be necessary, and users should accept FfiStr in the parameter list directly.

§Caveats

An effort has been made to make this struct hard to misuse, however it is still possible, if the 'static lifetime is manually specified in the struct. E.g.

// NEVER DO THIS
#[no_mangle]
extern "C" fn never_do_this(s: FfiStr<'static>) {
    // save `s` somewhere, and access it after this
    // function returns.
}

Instead, one of the following patterns should be used:

#[no_mangle]
extern "C" fn valid_use_1(s: FfiStr<'_>) {
    // Use of `s` after this function returns is impossible
}
// Alternative:
#[no_mangle]
extern "C" fn valid_use_2(s: FfiStr) {
    // Use of `s` after this function returns is impossible
}

Implementations§

Source§

impl<'a> FfiStr<'a>

Source

pub unsafe fn from_raw(ptr: *const c_char) -> Self

Construct an FfiStr from a raw pointer.

This should not be needed most of the time, and users should instead accept FfiStr in function parameter lists.

§Safety

Dereferences a pointer and is thus unsafe.

Source

pub fn from_cstr(cstr: &'a CStr) -> Self

Construct a FfiStr from a std::ffi::CStr. This is provided for completeness, as a safe method of producing an FfiStr in Rust.

Source

pub fn as_str(&self) -> &'a str

Get an &str out of the FfiStr. This will panic in any case that FfiStr::as_opt_str would return None (e.g. null pointer or invalid UTF-8).

If the string should be optional, you should use FfiStr::as_opt_str instead. If an owned string is desired, use FfiStr::into_string or FfiStr::into_opt_string.

Source

pub fn as_opt_str(&self) -> Option<&'a str>

Get an Option<&str> out of the FfiStr. If this stores a null pointer, then None will be returned. If a string containing invalid UTF-8 was passed, then an error will be logged and None will be returned.

If the string is a required argument, use FfiStr::as_str, or FfiStr::into_string instead. If Option<String> is desired, use FfiStr::into_opt_string (which will handle invalid UTF-8 by replacing with the replacement character).

Source

pub fn into_opt_string(self) -> Option<String>

Get an Option<String> out of the FfiStr. Returns None if this FfiStr holds a null pointer. Note that unlike FfiStr::as_opt_str, invalid UTF-8 is replaced with the replacement character instead of causing us to return None.

If the string should be mandatory, you should use FfiStr::into_string instead. If an owned string is not needed, you may want to use FfiStr::as_str or FfiStr::as_opt_str instead, (however, note the differences in how invalid UTF-8 is handled, should this be relevant to your use).

Source

pub fn into_string(self) -> String

Get a String out of a FfiStr. This function is essential a convenience wrapper for ffi_str.into_opt_string().unwrap(), with a message that indicates that a null argument was passed to rust when it should be mandatory. As with FfiStr::into_opt_string, invalid UTF-8 is replaced with the replacement character if encountered.

If the string should not be mandatory, you should use FfiStr::into_opt_string instead. If an owned string is not needed, you may want to use FfiStr::as_str or FfiStr::as_opt_str instead, (however, note the differences in how invalid UTF-8 is handled, should this be relevant to your use).

Trait Implementations§

Source§

impl<'a> Debug for FfiStr<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a> From<FfiStr<'a>> for &'a str

Source§

fn from(f: FfiStr<'a>) -> Self

Converts to this type from the input type.
Source§

impl<'a> From<FfiStr<'a>> for Option<&'a str>

Source§

fn from(f: FfiStr<'a>) -> Self

Converts to this type from the input type.
Source§

impl<'a> From<FfiStr<'a>> for Option<String>

Source§

fn from(f: FfiStr<'a>) -> Self

Converts to this type from the input type.
Source§

impl<'a> From<FfiStr<'a>> for String

Source§

fn from(f: FfiStr<'a>) -> Self

Converts to this type from the input type.
Source§

impl<'a, 'b> PartialEq<&'b str> for FfiStr<'a>

Source§

fn eq(&self, other: &&'b str) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a, 'b> PartialEq<FfiStr<'a>> for &'b str

Source§

fn eq(&self, other: &FfiStr<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a> PartialEq<FfiStr<'a>> for str

Source§

fn eq(&self, other: &FfiStr<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a> PartialEq<str> for FfiStr<'a>

Source§

fn eq(&self, other: &str) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<'a> PartialEq for FfiStr<'a>

Source§

fn eq(&self, other: &FfiStr<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Auto Trait Implementations§

§

impl<'a> Freeze for FfiStr<'a>

§

impl<'a> RefUnwindSafe for FfiStr<'a>

§

impl<'a> !Send for FfiStr<'a>

§

impl<'a> !Sync for FfiStr<'a>

§

impl<'a> Unpin for FfiStr<'a>

§

impl<'a> UnwindSafe for FfiStr<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.