1use crate::ffi::{CStr, c_char, c_void};
2use crate::marker::{FnPtr, PhantomData};
3use crate::sync::atomic::{Atomic, AtomicPtr, Ordering};
4use crate::{mem, ptr};
5
6#[cfg(test)]
7#[path = "./tests.rs"]
8mod tests;
9
10pub(crate) macro weak {
11 (fn $name:ident($($param:ident : $t:ty),* $(,)?) -> $ret:ty;) => (
12 static DLSYM: DlsymWeak<unsafe extern "C" fn($($t),*) -> $ret> = {
13 let Ok(name) = CStr::from_bytes_with_nul(concat!(stringify!($name), '\0').as_bytes()) else {
14 panic!("symbol name may not contain NUL")
15 };
16
17 // SAFETY: Whoever calls the function pointer returned by `get()`
18 // is responsible for ensuring that the signature is correct. Just
19 // like with extern blocks, this is syntactically enforced by making
20 // the function pointer be unsafe.
21 unsafe { DlsymWeak::new(name) }
22 };
23
24 let $name = &DLSYM;
25 )
26}
27
28pub(crate) struct DlsymWeak<F> {
29 /// A pointer to the nul-terminated name of the symbol.
30 // Use a pointer instead of `&'static CStr` to save space.
31 name: *const c_char,
32 func: Atomic<*mut libc::c_void>,
33 _marker: PhantomData<F>,
34}
35
36impl<F: FnPtr> DlsymWeak<F> {
37 /// # Safety
38 ///
39 /// If the signature of `F` does not match the signature of the symbol (if
40 /// it exists), calling the function pointer returned by `get()` is
41 /// undefined behaviour.
42 pub const unsafe fn new(name: &'static CStr) -> Self {
43 DlsymWeak {
44 name: name.as_ptr(),
45 func: AtomicPtr::new(ptr::without_provenance_mut(1)),
46 _marker: PhantomData,
47 }
48 }
49
50 #[inline]
51 pub fn get(&self) -> Option<F> {
52 // The caller is presumably going to read through this value
53 // (by calling the function we've dlsymed). This means we'd
54 // need to have loaded it with at least C11's consume
55 // ordering in order to be guaranteed that the data we read
56 // from the pointer isn't from before the pointer was
57 // stored. Rust has no equivalent to memory_order_consume,
58 // so we use an acquire load (sorry, ARM).
59 //
60 // Now, in practice this likely isn't needed even on CPUs
61 // where relaxed and consume mean different things. The
62 // symbols we're loading are probably present (or not) at
63 // init, and even if they aren't the runtime dynamic loader
64 // is extremely likely have sufficient barriers internally
65 // (possibly implicitly, for example the ones provided by
66 // invoking `mprotect`).
67 //
68 // That said, none of that's *guaranteed*, so we use acquire.
69 match self.func.load(Ordering::Acquire) {
70 func if func.addr() == 1 => self.initialize(),
71 func if func.is_null() => None,
72 // SAFETY:
73 // `func` is not null and `F` implements `FnPtr`, thus this
74 // transmutation is well-defined. It is the responsibility of the
75 // creator of this `DlsymWeak` to ensure that calling the resulting
76 // function pointer does not result in undefined behaviour (though
77 // the `weak!` macro delegates this responsibility to the caller
78 // of the function by using `unsafe` function pointers).
79 // FIXME: use `transmute` once it stops complaining about generics.
80 func => Some(unsafe { mem::transmute_copy::<*mut c_void, F>(&func) }),
81 }
82 }
83
84 // Cold because it should only happen during first-time initialization.
85 #[cold]
86 fn initialize(&self) -> Option<F> {
87 // SAFETY: `self.name` was created from a `&'static CStr` and is
88 // therefore a valid C string pointer.
89 let val = unsafe { libc::dlsym(libc::RTLD_DEFAULT, self.name) };
90 // This synchronizes with the acquire load in `get`.
91 self.func.store(val, Ordering::Release);
92
93 if val.is_null() {
94 None
95 } else {
96 // SAFETY: see the comment in `get`.
97 // FIXME: use `transmute` once it stops complaining about generics.
98 Some(unsafe { mem::transmute_copy::<*mut libc::c_void, F>(&val) })
99 }
100 }
101}
102
103unsafe impl<F> Send for DlsymWeak<F> {}
104unsafe impl<F> Sync for DlsymWeak<F> {}
105