Document mmap safety #674

CraftSpider · 2024-09-22T03:47:45Z

Supercedes #667

Document safety preconditions and reasoning for why they're followed. I'd like to push the unsafety down another level, or just remove the mmap function (make Mmap a common type with sys impls for the platform-specific bits), but those both are a lot more work.

philipc · 2024-09-22T04:08:39Z

src/symbolize/gimli.rs

@@ -186,7 +186,9 @@ impl<'data> Context<'data> {
 fn mmap(path: &Path) -> Option<Mmap> {
    let file = File::open(path).ok()?;
    let len = file.metadata().ok()?.len().try_into().ok()?;
-    unsafe { Mmap::map(&file, len, 0) }
+    // SAFETY: All files we mmap are mmaped by the dynamic linker or the kernel already for the
+    //         executable code of the process. Modifying them would cause crashes or UB anyways.


This is true for some but not all uses of mmap in this crate. DWARF can be in a separate file that is not loaded by the dynamic linker or kernel (.dSYM on macOS, .debug/.dwz/.dwp on linux, or unpacked object files on both).

That doesn't mean we should use fs::read for those though. We don't need to read all of the DWARF, and doing so would affect performance and memory usage.

CraftSpider added 2 commits September 21, 2024 20:31

Add mmap documentation

2fd0265

Have Mmap take ownership of File

2183675

philipc reviewed Sep 22, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Document mmap safety #674

Document mmap safety #674

CraftSpider commented Sep 22, 2024

philipc Sep 22, 2024

Document mmap safety #674

Are you sure you want to change the base?

Document mmap safety #674

Conversation

CraftSpider commented Sep 22, 2024

philipc Sep 22, 2024

Choose a reason for hiding this comment