1 //! Owned and borrowed OS handles.
3 #![unstable(feature = "io_safety", issue = "87074")]
5 use super::raw::{AsRawHandle, FromRawHandle, IntoRawHandle, RawHandle};
6 use crate::convert::TryFrom;
10 use crate::marker::PhantomData;
11 use crate::mem::forget;
14 use crate::sys_common::{AsInner, FromInner, IntoInner};
16 /// A borrowed handle.
18 /// This has a lifetime parameter to tie it to the lifetime of something that
21 /// This uses `repr(transparent)` and has the representation of a host handle,
22 /// so it can be used in FFI in places where a handle is passed as an argument,
23 /// it is not captured or consumed.
25 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
26 /// sometimes a valid handle value. See [here] for the full story.
28 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
29 /// detached from processes, or when `windows_subsystem` is used.
31 /// This type's `.to_owned()` implementation returns another `BorrowedHandle`
32 /// rather than an `OwnedHandle`. It just makes a trivial copy of the raw
33 /// handle, which is then borrowed under the same lifetime.
35 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
36 #[derive(Copy, Clone)]
38 #[unstable(feature = "io_safety", issue = "87074")]
39 pub struct BorrowedHandle<'handle> {
41 _phantom: PhantomData<&'handle OwnedHandle>,
46 /// This closes the handle on drop.
48 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
49 /// sometimes a valid handle value. See [here] for the full story.
51 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
52 /// detached from processes, or when `windows_subsystem` is used.
54 /// `OwnedHandle` uses [`CloseHandle`] to close its handle on drop. As such,
55 /// it must not be used with handles to open registry keys which need to be
56 /// closed with [`RegCloseKey`] instead.
58 /// [`CloseHandle`]: https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle
59 /// [`RegCloseKey`]: https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
61 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
63 #[unstable(feature = "io_safety", issue = "87074")]
64 pub struct OwnedHandle {
68 /// FFI type for handles in return values or out parameters, where `NULL` is used
69 /// as a sentry value to indicate errors, such as in the return value of `CreateThread`. This uses
70 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
73 /// The only thing you can usefully do with a `HandleOrNull` is to convert it into an
74 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
75 /// `NULL`. This ensures that such FFI calls cannot start using the handle without
76 /// checking for `NULL` first.
78 /// This type concerns any value other than `NULL` to be valid, including `INVALID_HANDLE_VALUE`.
79 /// This is because APIs that use `NULL` as their sentry value don't treat `INVALID_HANDLE_VALUE`
82 /// If this holds a valid handle, it will close the handle on drop.
84 #[unstable(feature = "io_safety", issue = "87074")]
86 pub struct HandleOrNull(OwnedHandle);
88 /// FFI type for handles in return values or out parameters, where `INVALID_HANDLE_VALUE` is used
89 /// as a sentry value to indicate errors, such as in the return value of `CreateFileW`. This uses
90 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
93 /// The only thing you can usefully do with a `HandleOrInvalid` is to convert it into an
94 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
95 /// `INVALID_HANDLE_VALUE`. This ensures that such FFI calls cannot start using the handle without
96 /// checking for `INVALID_HANDLE_VALUE` first.
98 /// This type concerns any value other than `INVALID_HANDLE_VALUE` to be valid, including `NULL`.
99 /// This is because APIs that use `INVALID_HANDLE_VALUE` as their sentry value may return `NULL`
100 /// under `windows_subsystem = "windows"` or other situations where I/O devices are detached.
102 /// If this holds a valid handle, it will close the handle on drop.
104 #[unstable(feature = "io_safety", issue = "87074")]
106 pub struct HandleOrInvalid(OwnedHandle);
108 // The Windows [`HANDLE`] type may be transferred across and shared between
109 // thread boundaries (despite containing a `*mut void`, which in general isn't
110 // `Send` or `Sync`).
112 // [`HANDLE`]: std::os::windows::raw::HANDLE
113 unsafe impl Send for OwnedHandle {}
114 unsafe impl Send for HandleOrNull {}
115 unsafe impl Send for HandleOrInvalid {}
116 unsafe impl Send for BorrowedHandle<'_> {}
117 unsafe impl Sync for OwnedHandle {}
118 unsafe impl Sync for HandleOrNull {}
119 unsafe impl Sync for HandleOrInvalid {}
120 unsafe impl Sync for BorrowedHandle<'_> {}
122 impl BorrowedHandle<'_> {
123 /// Return a `BorrowedHandle` holding the given raw handle.
127 /// The resource pointed to by `handle` must be a valid open handle, it
128 /// must remain open for the duration of the returned `BorrowedHandle`.
130 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
131 /// sometimes a valid handle value. See [here] for the full story.
133 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
134 /// detached from processes, or when `windows_subsystem` is used.
136 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
138 #[unstable(feature = "io_safety", issue = "87074")]
139 pub unsafe fn borrow_raw(handle: RawHandle) -> Self {
140 Self { handle, _phantom: PhantomData }
144 impl TryFrom<HandleOrNull> for OwnedHandle {
148 fn try_from(handle_or_null: HandleOrNull) -> Result<Self, ()> {
149 let owned_handle = handle_or_null.0;
150 if owned_handle.handle.is_null() { Err(()) } else { Ok(owned_handle) }
155 /// Creates a new `OwnedHandle` instance that shares the same underlying file handle
156 /// as the existing `OwnedHandle` instance.
157 pub fn try_clone(&self) -> crate::io::Result<Self> {
158 self.duplicate(0, false, c::DUPLICATE_SAME_ACCESS)
161 pub(crate) fn duplicate(
166 ) -> io::Result<Self> {
167 let mut ret = 0 as c::HANDLE;
169 let cur_proc = c::GetCurrentProcess();
172 self.as_raw_handle(),
180 unsafe { Ok(Self::from_raw_handle(ret)) }
184 impl TryFrom<HandleOrInvalid> for OwnedHandle {
188 fn try_from(handle_or_invalid: HandleOrInvalid) -> Result<Self, ()> {
189 let owned_handle = handle_or_invalid.0;
190 if owned_handle.handle == c::INVALID_HANDLE_VALUE { Err(()) } else { Ok(owned_handle) }
194 impl AsRawHandle for BorrowedHandle<'_> {
196 fn as_raw_handle(&self) -> RawHandle {
201 impl AsRawHandle for OwnedHandle {
203 fn as_raw_handle(&self) -> RawHandle {
208 impl IntoRawHandle for OwnedHandle {
210 fn into_raw_handle(self) -> RawHandle {
211 let handle = self.handle;
217 impl FromRawHandle for OwnedHandle {
219 unsafe fn from_raw_handle(handle: RawHandle) -> Self {
225 /// Constructs a new instance of `Self` from the given `RawHandle` returned
226 /// from a Windows API that uses null to indicate failure, such as
229 /// Use `HandleOrInvalid` instead of `HandleOrNull` for APIs that
230 /// use `INVALID_HANDLE_VALUE` to indicate failure.
234 /// The passed `handle` value must either satisfy the safety requirements
235 /// of [`FromRawHandle::from_raw_handle`], or be null. Note that not all
236 /// Windows APIs use null for errors; see [here] for the full story.
238 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
240 pub unsafe fn from_raw_handle(handle: RawHandle) -> Self {
241 Self(OwnedHandle::from_raw_handle(handle))
245 impl HandleOrInvalid {
246 /// Constructs a new instance of `Self` from the given `RawHandle` returned
247 /// from a Windows API that uses `INVALID_HANDLE_VALUE` to indicate
248 /// failure, such as `CreateFileW`.
250 /// Use `HandleOrNull` instead of `HandleOrInvalid` for APIs that
251 /// use null to indicate failure.
255 /// The passed `handle` value must either satisfy the safety requirements
256 /// of [`FromRawHandle::from_raw_handle`], or be
257 /// `INVALID_HANDLE_VALUE` (-1). Note that not all Windows APIs use
258 /// `INVALID_HANDLE_VALUE` for errors; see [here] for the full story.
260 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
262 pub unsafe fn from_raw_handle(handle: RawHandle) -> Self {
263 Self(OwnedHandle::from_raw_handle(handle))
267 impl Drop for OwnedHandle {
271 let _ = c::CloseHandle(self.handle);
276 impl fmt::Debug for BorrowedHandle<'_> {
277 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
278 f.debug_struct("BorrowedHandle").field("handle", &self.handle).finish()
282 impl fmt::Debug for OwnedHandle {
283 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
284 f.debug_struct("OwnedHandle").field("handle", &self.handle).finish()
288 /// A trait to borrow the handle from an underlying object.
289 #[unstable(feature = "io_safety", issue = "87074")]
291 /// Borrows the handle.
296 /// # #![feature(io_safety)]
297 /// use std::fs::File;
299 /// use std::os::windows::io::{AsHandle, BorrowedHandle};
301 /// let mut f = File::open("foo.txt")?;
302 /// let borrowed_handle: BorrowedHandle<'_> = f.as_handle();
303 /// # Ok::<(), io::Error>(())
305 fn as_handle(&self) -> BorrowedHandle<'_>;
308 #[unstable(feature = "io_safety", issue = "87074")]
309 impl<T: AsHandle> AsHandle for &T {
311 fn as_handle(&self) -> BorrowedHandle<'_> {
316 #[unstable(feature = "io_safety", issue = "87074")]
317 impl<T: AsHandle> AsHandle for &mut T {
319 fn as_handle(&self) -> BorrowedHandle<'_> {
324 impl AsHandle for BorrowedHandle<'_> {
326 fn as_handle(&self) -> BorrowedHandle<'_> {
331 impl AsHandle for OwnedHandle {
333 fn as_handle(&self) -> BorrowedHandle<'_> {
334 // Safety: `OwnedHandle` and `BorrowedHandle` have the same validity
335 // invariants, and the `BorrowdHandle` is bounded by the lifetime
337 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
341 impl AsHandle for fs::File {
343 fn as_handle(&self) -> BorrowedHandle<'_> {
344 self.as_inner().as_handle()
348 impl From<fs::File> for OwnedHandle {
350 fn from(file: fs::File) -> OwnedHandle {
351 file.into_inner().into_inner().into_inner().into()
355 impl From<OwnedHandle> for fs::File {
357 fn from(owned: OwnedHandle) -> Self {
358 Self::from_inner(FromInner::from_inner(FromInner::from_inner(owned)))
362 impl AsHandle for crate::io::Stdin {
364 fn as_handle(&self) -> BorrowedHandle<'_> {
365 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
369 impl<'a> AsHandle for crate::io::StdinLock<'a> {
371 fn as_handle(&self) -> BorrowedHandle<'_> {
372 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
376 impl AsHandle for crate::io::Stdout {
378 fn as_handle(&self) -> BorrowedHandle<'_> {
379 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
383 impl<'a> AsHandle for crate::io::StdoutLock<'a> {
385 fn as_handle(&self) -> BorrowedHandle<'_> {
386 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
390 impl AsHandle for crate::io::Stderr {
392 fn as_handle(&self) -> BorrowedHandle<'_> {
393 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
397 impl<'a> AsHandle for crate::io::StderrLock<'a> {
399 fn as_handle(&self) -> BorrowedHandle<'_> {
400 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
404 impl AsHandle for crate::process::ChildStdin {
406 fn as_handle(&self) -> BorrowedHandle<'_> {
407 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
411 impl From<crate::process::ChildStdin> for OwnedHandle {
413 fn from(child_stdin: crate::process::ChildStdin) -> OwnedHandle {
414 unsafe { OwnedHandle::from_raw_handle(child_stdin.into_raw_handle()) }
418 impl AsHandle for crate::process::ChildStdout {
420 fn as_handle(&self) -> BorrowedHandle<'_> {
421 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
425 impl From<crate::process::ChildStdout> for OwnedHandle {
427 fn from(child_stdout: crate::process::ChildStdout) -> OwnedHandle {
428 unsafe { OwnedHandle::from_raw_handle(child_stdout.into_raw_handle()) }
432 impl AsHandle for crate::process::ChildStderr {
434 fn as_handle(&self) -> BorrowedHandle<'_> {
435 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
439 impl From<crate::process::ChildStderr> for OwnedHandle {
441 fn from(child_stderr: crate::process::ChildStderr) -> OwnedHandle {
442 unsafe { OwnedHandle::from_raw_handle(child_stderr.into_raw_handle()) }
446 impl<T> AsHandle for crate::thread::JoinHandle<T> {
448 fn as_handle(&self) -> BorrowedHandle<'_> {
449 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
453 impl<T> From<crate::thread::JoinHandle<T>> for OwnedHandle {
455 fn from(join_handle: crate::thread::JoinHandle<T>) -> OwnedHandle {
456 join_handle.into_inner().into_handle().into_inner()