Skip to content

[StrictMemorySafety] Add unsafe annotations to OpenBSDImpl. #86616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
3405691582 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[StrictMemorySafety] Add unsafe annotations to OpenBSDImpl. #86616

3405691582 wants to merge 3 commits into from
+31 −7

Conversation

@3405691582
Copy link
Member

@3405691582 3405691582 commented Jan 17, 2026

In #86276 strict memory safety becomes an error, necessitating adding the following annotations and changes:

  • in init(): check the return value of pthread_mutex_init; since this isn't a failable initializer, fatalError if this fails, to avoid silently leaving a zero-valued pointer,

  • similarly check return values in pthread_mutex_lock, pthread_mutex_unlock, and pthread_mutex_destroy,

  • the message in fatalError should use strerror, which necessitates unsafe markings since despite strerror never returning a null pointer.

  • marking the value as @safe since the underlying mutex type is an OpaquePointer and is unsafe and all access to value occur through a safe interface,

  • thus, marking _MutexHandle @safe.

@3405691582 3405691582 requested a review from a team as a code owner January 17, 2026 16:20
@3405691582
Copy link
Member Author

3405691582 commented Jan 17, 2026

@swift-ci please test.

@3405691582 3405691582 added the OpenBSD Platform: OpenBSD label Jan 17, 2026
@grynspan
Copy link
Contributor

grynspan commented Jan 17, 2026

Can we use strerror_r()? strerror() is not thread-safe on OpenBSD (nor FreeBSD).

@3405691582
Copy link
Member Author

3405691582 commented Jan 18, 2026

Can we use strerror_r()? strerror() is not thread-safe on OpenBSD (nor FreeBSD).

Good catch. Updated; I think I've done so appropriately.

@grynspan
Copy link
Contributor

grynspan commented Jan 18, 2026

I'd use String.init(unsafeUninitializedCapacity:_:) to avoid a copy, and set its capacity it to Int(NL_TEXTMAX) per https://man.openbsd.org/strerror.3 maybe?

@3405691582
Add unsafe annotations to OpenBSDImpl.
6e31926 
In swiftlang#86276 strict memory safety becomes an error, necessitating adding
the following annotations and changes:

* in init(): check the return value of `pthread_mutex_init`; since this
  isn't a failable initializer, `fatalError` if this fails, to avoid
  silently leaving a zero-valued pointer,

* similarly check return values in `pthread_mutex_lock`,
  `pthread_mutex_unlock`, and `pthread_mutex_destroy`,

* the message in `fatalError` should use `strerror_r`, which necessitates
  `unsafe` markings since it initializes the array storage unsafely.

* marking the `value` as `@safe` since the underlying mutex type is an
  `OpaquePointer` and is unsafe and all access to value occur through
  a safe interface,

* thus, marking `_MutexHandle` `@safe`.
@3405691582
Copy link
Member Author

3405691582 commented Jan 18, 2026

I'd use String.init(unsafeUninitializedCapacity:_:) to avoid a copy, and set its capacity it to Int(NL_TEXTMAX) per https://man.openbsd.org/strerror.3 maybe?

Done. That certainly looks more idomatic now.

grynspan
grynspan requested changes Jan 18, 2026
View reviewed changes
Copy link
Contributor

@grynspan grynspan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're not quite holding the Array API right as-is. How about this instead? It avoids an intermediate heap allocation for the buffer and it uses a fallback string that still vends the error code.

@3405691582 3405691582 requested a review from grynspan January 18, 2026 13:19
@3405691582
Copy link
Member Author

3405691582 commented Jan 18, 2026
edited
Loading

(Oh -- I just noticed I was using Array's withUnsafeTemporaryAllocation instead of String's like you originally suggested. 🤦‍♀️)

@3405691582
Copy link
Member Author

3405691582 commented Jan 18, 2026

@swift-ci please test.

grynspan
grynspan reviewed Jan 18, 2026
View reviewed changes
stdlib/public/Synchronization/Mutex/OpenBSDImpl.swift

@usableFromInline
@_transparent
func errstr(_ no: Int32) -> String {
Copy link
Contributor

@grynspan grynspan Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the OpenBSD implementation call strerror() elsewhere? Not for this PR, but would be worth auditing the codebase and replacing such calls with something like this function in the future. (Same for FreeBSD.)

Copy link
Member Author

@3405691582 3405691582 Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that I'm aware of, but making this more accessible is probably a good idea...

...as well as adding other affordances for interacting with libc, which again, is another good fit with the import C pitch...

Copy link
Contributor

@grynspan grynspan Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah 🥲

@3405691582
Copy link
Member Author

3405691582 commented Jan 19, 2026

@swift-ci please test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grynspan grynspan grynspan approved these changes

Assignees

No one assigned

Labels

OpenBSD Platform: OpenBSD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@3405691582 @grynspan