1 //! Owned and borrowed OS handles.
3 #![unstable(feature = "io_safety", issue = "87074")]
5 use super::raw::{AsRawHandle, FromRawHandle, IntoRawHandle, RawHandle};
6 use crate::convert::TryFrom;
10 use crate::marker::PhantomData;
11 use crate::mem::forget;
14 use crate::sys_common::{AsInner, FromInner, IntoInner};
16 /// A borrowed handle.
18 /// This has a lifetime parameter to tie it to the lifetime of something that
21 /// This uses `repr(transparent)` and has the representation of a host handle,
22 /// so it can be used in FFI in places where a handle is passed as an argument,
23 /// it is not captured or consumed.
25 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
26 /// sometimes a valid handle value. See [here] for the full story.
28 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
29 /// detached from processes, or when `windows_subsystem` is used.
31 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
32 #[derive(Copy, Clone)]
34 #[unstable(feature = "io_safety", issue = "87074")]
35 pub struct BorrowedHandle<'handle> {
37 _phantom: PhantomData<&'handle OwnedHandle>,
42 /// This closes the handle on drop.
44 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
45 /// sometimes a valid handle value. See [here] for the full story.
47 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
48 /// detached from processes, or when `windows_subsystem` is used.
50 /// `OwnedHandle` uses [`CloseHandle`] to close its handle on drop. As such,
51 /// it must not be used with handles to open registry keys which need to be
52 /// closed with [`RegCloseKey`] instead.
54 /// [`CloseHandle`]: https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle
55 /// [`RegCloseKey`]: https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
57 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
58 #[unstable(feature = "io_safety", issue = "87074")]
59 pub struct OwnedHandle {
63 /// FFI type for handles in return values or out parameters, where `NULL` is used
64 /// as a sentry value to indicate errors, such as in the return value of `CreateThread`. This uses
65 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
68 /// The only thing you can usefully do with a `HandleOrNull` is to convert it into an
69 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
70 /// `NULL`. This ensures that such FFI calls cannot start using the handle without
71 /// checking for `NULL` first.
73 /// This type concerns any value other than `NULL` to be valid, including `INVALID_HANDLE_VALUE`.
74 /// This is because APIs that use `NULL` as their sentry value don't treat `INVALID_HANDLE_VALUE`
77 /// If this holds a valid handle, it will close the handle on drop.
79 #[unstable(feature = "io_safety", issue = "87074")]
81 pub struct HandleOrNull(OwnedHandle);
83 /// FFI type for handles in return values or out parameters, where `INVALID_HANDLE_VALUE` is used
84 /// as a sentry value to indicate errors, such as in the return value of `CreateFileW`. This uses
85 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
88 /// The only thing you can usefully do with a `HandleOrInvalid` is to convert it into an
89 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
90 /// `INVALID_HANDLE_VALUE`. This ensures that such FFI calls cannot start using the handle without
91 /// checking for `INVALID_HANDLE_VALUE` first.
93 /// This type concerns any value other than `INVALID_HANDLE_VALUE` to be valid, including `NULL`.
94 /// This is because APIs that use `INVALID_HANDLE_VALUE` as their sentry value may return `NULL`
95 /// under `windows_subsystem = "windows"` or other situations where I/O devices are detached.
97 /// If this holds a valid handle, it will close the handle on drop.
99 #[unstable(feature = "io_safety", issue = "87074")]
101 pub struct HandleOrInvalid(OwnedHandle);
103 // The Windows [`HANDLE`] type may be transferred across and shared between
104 // thread boundaries (despite containing a `*mut void`, which in general isn't
105 // `Send` or `Sync`).
107 // [`HANDLE`]: std::os::windows::raw::HANDLE
108 unsafe impl Send for OwnedHandle {}
109 unsafe impl Send for HandleOrNull {}
110 unsafe impl Send for HandleOrInvalid {}
111 unsafe impl Send for BorrowedHandle<'_> {}
112 unsafe impl Sync for OwnedHandle {}
113 unsafe impl Sync for HandleOrNull {}
114 unsafe impl Sync for HandleOrInvalid {}
115 unsafe impl Sync for BorrowedHandle<'_> {}
117 impl BorrowedHandle<'_> {
118 /// Return a `BorrowedHandle` holding the given raw handle.
122 /// The resource pointed to by `handle` must be a valid open handle, it
123 /// must remain open for the duration of the returned `BorrowedHandle`.
125 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
126 /// sometimes a valid handle value. See [here] for the full story.
128 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
129 /// detached from processes, or when `windows_subsystem` is used.
131 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
133 #[unstable(feature = "io_safety", issue = "87074")]
134 pub unsafe fn borrow_raw_handle(handle: RawHandle) -> Self {
135 Self { handle, _phantom: PhantomData }
139 impl TryFrom<HandleOrNull> for OwnedHandle {
143 fn try_from(handle_or_null: HandleOrNull) -> Result<Self, ()> {
144 let owned_handle = handle_or_null.0;
145 if owned_handle.handle.is_null() { Err(()) } else { Ok(owned_handle) }
150 /// Creates a new `OwnedHandle` instance that shares the same underlying file handle
151 /// as the existing `OwnedHandle` instance.
152 pub fn try_clone(&self) -> crate::io::Result<Self> {
153 self.duplicate(0, false, c::DUPLICATE_SAME_ACCESS)
156 pub(crate) fn duplicate(
161 ) -> io::Result<Self> {
162 let mut ret = 0 as c::HANDLE;
164 let cur_proc = c::GetCurrentProcess();
167 self.as_raw_handle(),
175 unsafe { Ok(Self::from_raw_handle(ret)) }
179 impl TryFrom<HandleOrInvalid> for OwnedHandle {
183 fn try_from(handle_or_invalid: HandleOrInvalid) -> Result<Self, ()> {
184 let owned_handle = handle_or_invalid.0;
185 if owned_handle.handle == c::INVALID_HANDLE_VALUE { Err(()) } else { Ok(owned_handle) }
189 impl AsRawHandle for BorrowedHandle<'_> {
191 fn as_raw_handle(&self) -> RawHandle {
196 impl AsRawHandle for OwnedHandle {
198 fn as_raw_handle(&self) -> RawHandle {
203 impl IntoRawHandle for OwnedHandle {
205 fn into_raw_handle(self) -> RawHandle {
206 let handle = self.handle;
212 impl FromRawHandle for OwnedHandle {
213 /// Constructs a new instance of `Self` from the given raw handle.
217 /// The resource pointed to by `handle` must be open and suitable for
218 /// assuming ownership. The resource must not require any cleanup other
219 /// than `CloseHandle`.
221 /// In particular, it must not be used with handles to open registry
222 /// keys which need to be closed with [`RegCloseKey`] instead.
224 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
225 /// sometimes a valid handle value. See [here] for the full story.
227 /// [`RegCloseKey`]: https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
228 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
230 unsafe fn from_raw_handle(handle: RawHandle) -> Self {
235 impl FromRawHandle for HandleOrNull {
236 /// Constructs a new instance of `Self` from the given `RawHandle` returned
237 /// from a Windows API that uses null to indicate failure, such as
240 /// Use `HandleOrInvalid` instead of `HandleOrNull` for APIs that
241 /// use `INVALID_HANDLE_VALUE` to indicate failure.
245 /// The resource pointed to by `handle` must be either open and otherwise
246 /// unowned, or null. Note that not all Windows APIs use null for errors;
247 /// see [here] for the full story.
249 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
251 unsafe fn from_raw_handle(handle: RawHandle) -> Self {
252 Self(OwnedHandle::from_raw_handle(handle))
256 impl FromRawHandle for HandleOrInvalid {
257 /// Constructs a new instance of `Self` from the given `RawHandle` returned
258 /// from a Windows API that uses `INVALID_HANDLE_VALUE` to indicate
259 /// failure, such as `CreateFileW`.
261 /// Use `HandleOrNull` instead of `HandleOrInvalid` for APIs that
262 /// use null to indicate failure.
266 /// The resource pointed to by `handle` must be either open and otherwise
267 /// unowned, null, or equal to `INVALID_HANDLE_VALUE` (-1). Note that not
268 /// all Windows APIs use `INVALID_HANDLE_VALUE` for errors; see [here] for
271 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
273 unsafe fn from_raw_handle(handle: RawHandle) -> Self {
274 Self(OwnedHandle::from_raw_handle(handle))
278 impl Drop for OwnedHandle {
282 let _ = c::CloseHandle(self.handle);
287 impl fmt::Debug for BorrowedHandle<'_> {
288 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
289 f.debug_struct("BorrowedHandle").field("handle", &self.handle).finish()
293 impl fmt::Debug for OwnedHandle {
294 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
295 f.debug_struct("OwnedHandle").field("handle", &self.handle).finish()
299 /// A trait to borrow the handle from an underlying object.
300 #[unstable(feature = "io_safety", issue = "87074")]
302 /// Borrows the handle.
307 /// # #![feature(io_safety)]
308 /// use std::fs::File;
310 /// use std::os::windows::io::{AsHandle, BorrowedHandle};
312 /// let mut f = File::open("foo.txt")?;
313 /// let borrowed_handle: BorrowedHandle<'_> = f.as_handle();
314 /// # Ok::<(), io::Error>(())
316 fn as_handle(&self) -> BorrowedHandle<'_>;
319 #[unstable(feature = "io_safety", issue = "87074")]
320 impl<T: AsHandle> AsHandle for &T {
322 fn as_handle(&self) -> BorrowedHandle<'_> {
327 #[unstable(feature = "io_safety", issue = "87074")]
328 impl<T: AsHandle> AsHandle for &mut T {
330 fn as_handle(&self) -> BorrowedHandle<'_> {
335 impl AsHandle for BorrowedHandle<'_> {
337 fn as_handle(&self) -> BorrowedHandle<'_> {
342 impl AsHandle for OwnedHandle {
344 fn as_handle(&self) -> BorrowedHandle<'_> {
345 // Safety: `OwnedHandle` and `BorrowedHandle` have the same validity
346 // invariants, and the `BorrowdHandle` is bounded by the lifetime
348 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
352 impl AsHandle for fs::File {
354 fn as_handle(&self) -> BorrowedHandle<'_> {
355 self.as_inner().as_handle()
359 impl From<fs::File> for OwnedHandle {
361 fn from(file: fs::File) -> OwnedHandle {
362 file.into_inner().into_inner().into_inner().into()
366 impl From<OwnedHandle> for fs::File {
368 fn from(owned: OwnedHandle) -> Self {
369 Self::from_inner(FromInner::from_inner(FromInner::from_inner(owned)))
373 impl AsHandle for crate::io::Stdin {
375 fn as_handle(&self) -> BorrowedHandle<'_> {
376 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
380 impl<'a> AsHandle for crate::io::StdinLock<'a> {
382 fn as_handle(&self) -> BorrowedHandle<'_> {
383 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
387 impl AsHandle for crate::io::Stdout {
389 fn as_handle(&self) -> BorrowedHandle<'_> {
390 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
394 impl<'a> AsHandle for crate::io::StdoutLock<'a> {
396 fn as_handle(&self) -> BorrowedHandle<'_> {
397 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
401 impl AsHandle for crate::io::Stderr {
403 fn as_handle(&self) -> BorrowedHandle<'_> {
404 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
408 impl<'a> AsHandle for crate::io::StderrLock<'a> {
410 fn as_handle(&self) -> BorrowedHandle<'_> {
411 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
415 impl AsHandle for crate::process::ChildStdin {
417 fn as_handle(&self) -> BorrowedHandle<'_> {
418 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
422 impl From<crate::process::ChildStdin> for OwnedHandle {
424 fn from(child_stdin: crate::process::ChildStdin) -> OwnedHandle {
425 unsafe { OwnedHandle::from_raw_handle(child_stdin.into_raw_handle()) }
429 impl AsHandle for crate::process::ChildStdout {
431 fn as_handle(&self) -> BorrowedHandle<'_> {
432 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
436 impl From<crate::process::ChildStdout> for OwnedHandle {
438 fn from(child_stdout: crate::process::ChildStdout) -> OwnedHandle {
439 unsafe { OwnedHandle::from_raw_handle(child_stdout.into_raw_handle()) }
443 impl AsHandle for crate::process::ChildStderr {
445 fn as_handle(&self) -> BorrowedHandle<'_> {
446 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
450 impl From<crate::process::ChildStderr> for OwnedHandle {
452 fn from(child_stderr: crate::process::ChildStderr) -> OwnedHandle {
453 unsafe { OwnedHandle::from_raw_handle(child_stderr.into_raw_handle()) }
457 impl<T> AsHandle for crate::thread::JoinHandle<T> {
459 fn as_handle(&self) -> BorrowedHandle<'_> {
460 unsafe { BorrowedHandle::borrow_raw_handle(self.as_raw_handle()) }
464 impl<T> From<crate::thread::JoinHandle<T>> for OwnedHandle {
466 fn from(join_handle: crate::thread::JoinHandle<T>) -> OwnedHandle {
467 join_handle.into_inner().into_handle().into_inner()