1 //! Owned and borrowed OS handles.
3 #![unstable(feature = "io_safety", issue = "87074")]
5 use super::raw::{AsRawHandle, FromRawHandle, IntoRawHandle, RawHandle};
9 use crate::marker::PhantomData;
10 use crate::mem::forget;
14 use crate::sys_common::{AsInner, FromInner, IntoInner};
16 /// A borrowed handle.
18 /// This has a lifetime parameter to tie it to the lifetime of something that
21 /// This uses `repr(transparent)` and has the representation of a host handle,
22 /// so it can be used in FFI in places where a handle is passed as an argument,
23 /// it is not captured or consumed.
25 /// Note that it *may* have the value `-1`, which in `BorrowedHandle` always
26 /// represents the current process handle, and not `INVALID_HANDLE_VALUE`,
27 /// despite the two having the same value. See [here] for the full story.
29 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
30 /// detached from processes, or when `windows_subsystem` is used.
32 /// This type's `.to_owned()` implementation returns another `BorrowedHandle`
33 /// rather than an `OwnedHandle`. It just makes a trivial copy of the raw
34 /// handle, which is then borrowed under the same lifetime.
36 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
37 #[derive(Copy, Clone)]
39 #[unstable(feature = "io_safety", issue = "87074")]
40 pub struct BorrowedHandle<'handle> {
42 _phantom: PhantomData<&'handle OwnedHandle>,
47 /// This closes the handle on drop.
49 /// Note that it *may* have the value `-1`, which in `OwnedHandle` always
50 /// represents the current process handle, and not `INVALID_HANDLE_VALUE`,
51 /// despite the two having the same value. See [here] for the full story.
53 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
54 /// detached from processes, or when `windows_subsystem` is used.
56 /// `OwnedHandle` uses [`CloseHandle`] to close its handle on drop. As such,
57 /// it must not be used with handles to open registry keys which need to be
58 /// closed with [`RegCloseKey`] instead.
60 /// [`CloseHandle`]: https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-closehandle
61 /// [`RegCloseKey`]: https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
63 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
65 #[unstable(feature = "io_safety", issue = "87074")]
66 pub struct OwnedHandle {
70 /// FFI type for handles in return values or out parameters, where `NULL` is used
71 /// as a sentry value to indicate errors, such as in the return value of `CreateThread`. This uses
72 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
75 /// The only thing you can usefully do with a `HandleOrNull` is to convert it into an
76 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
77 /// `NULL`. This ensures that such FFI calls cannot start using the handle without
78 /// checking for `NULL` first.
80 /// This type may hold any handle value that [`OwnedHandle`] may hold, except `NULL`. It may
81 /// hold `-1`, even though `-1` has the same value as `INVALID_HANDLE_VALUE`, because in
82 /// `HandleOrNull`, `-1` is interpreted to mean the current process handle.
84 /// If this holds a non-null handle, it will close the handle on drop.
86 #[unstable(feature = "io_safety", issue = "87074")]
88 pub struct HandleOrNull(OwnedHandle);
90 /// FFI type for handles in return values or out parameters, where `INVALID_HANDLE_VALUE` is used
91 /// as a sentry value to indicate errors, such as in the return value of `CreateFileW`. This uses
92 /// `repr(transparent)` and has the representation of a host handle, so that it can be used in such
95 /// The only thing you can usefully do with a `HandleOrInvalid` is to convert it into an
96 /// `OwnedHandle` using its [`TryFrom`] implementation; this conversion takes care of the check for
97 /// `INVALID_HANDLE_VALUE`. This ensures that such FFI calls cannot start using the handle without
98 /// checking for `INVALID_HANDLE_VALUE` first.
100 /// This type may hold any handle value that [`OwnedHandle`] may hold, except `-1`. It must not
101 /// hold `-1`, because `-1` in `HandleOrInvalid` is interpreted to mean `INVALID_HANDLE_VALUE`.
103 /// This type may hold `NULL`, because APIs that use `INVALID_HANDLE_VALUE` as their sentry value
104 /// may return `NULL` under `windows_subsystem = "windows"` or other situations where I/O devices
107 /// If holds a handle other than `INVALID_HANDLE_VALUE`, it will close the handle on drop.
109 #[unstable(feature = "io_safety", issue = "87074")]
111 pub struct HandleOrInvalid(OwnedHandle);
113 // The Windows [`HANDLE`] type may be transferred across and shared between
114 // thread boundaries (despite containing a `*mut void`, which in general isn't
115 // `Send` or `Sync`).
117 // [`HANDLE`]: std::os::windows::raw::HANDLE
118 unsafe impl Send for OwnedHandle {}
119 unsafe impl Send for HandleOrNull {}
120 unsafe impl Send for HandleOrInvalid {}
121 unsafe impl Send for BorrowedHandle<'_> {}
122 unsafe impl Sync for OwnedHandle {}
123 unsafe impl Sync for HandleOrNull {}
124 unsafe impl Sync for HandleOrInvalid {}
125 unsafe impl Sync for BorrowedHandle<'_> {}
127 impl BorrowedHandle<'_> {
128 /// Return a `BorrowedHandle` holding the given raw handle.
132 /// The resource pointed to by `handle` must be a valid open handle, it
133 /// must remain open for the duration of the returned `BorrowedHandle`.
135 /// Note that it *may* have the value `INVALID_HANDLE_VALUE` (-1), which is
136 /// sometimes a valid handle value. See [here] for the full story.
138 /// And, it *may* have the value `NULL` (0), which can occur when consoles are
139 /// detached from processes, or when `windows_subsystem` is used.
141 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
143 #[unstable(feature = "io_safety", issue = "87074")]
144 pub const unsafe fn borrow_raw(handle: RawHandle) -> Self {
145 Self { handle, _phantom: PhantomData }
149 impl TryFrom<HandleOrNull> for OwnedHandle {
150 type Error = NullHandleError;
153 fn try_from(handle_or_null: HandleOrNull) -> Result<Self, NullHandleError> {
154 let owned_handle = handle_or_null.0;
155 if owned_handle.handle.is_null() {
156 // Don't call `CloseHandle`; it'd be harmless, except that it could
157 // overwrite the `GetLastError` error.
158 forget(owned_handle);
160 Err(NullHandleError(()))
168 /// Creates a new `OwnedHandle` instance that shares the same underlying file handle
169 /// as the existing `OwnedHandle` instance.
170 pub fn try_clone(&self) -> crate::io::Result<Self> {
171 self.duplicate(0, false, c::DUPLICATE_SAME_ACCESS)
174 pub(crate) fn duplicate(
179 ) -> io::Result<Self> {
180 let handle = self.as_raw_handle();
182 // `Stdin`, `Stdout`, and `Stderr` can all hold null handles, such as
183 // in a process with a detached console. `DuplicateHandle` would fail
184 // if we passed it a null handle, but we can treat null as a valid
185 // handle which doesn't do any I/O, and allow it to be duplicated.
186 if handle.is_null() {
187 return unsafe { Ok(Self::from_raw_handle(handle)) };
190 let mut ret = ptr::null_mut();
192 let cur_proc = c::GetCurrentProcess();
203 unsafe { Ok(Self::from_raw_handle(ret)) }
206 /// Allow child processes to inherit the handle.
207 pub(crate) fn set_inheritable(&self) -> io::Result<()> {
209 c::SetHandleInformation(
210 self.as_raw_handle(),
211 c::HANDLE_FLAG_INHERIT,
212 c::HANDLE_FLAG_INHERIT,
219 impl TryFrom<HandleOrInvalid> for OwnedHandle {
220 type Error = InvalidHandleError;
223 fn try_from(handle_or_invalid: HandleOrInvalid) -> Result<Self, InvalidHandleError> {
224 let owned_handle = handle_or_invalid.0;
225 if owned_handle.handle == c::INVALID_HANDLE_VALUE {
226 // Don't call `CloseHandle`; it'd be harmless, except that it could
227 // overwrite the `GetLastError` error.
228 forget(owned_handle);
230 Err(InvalidHandleError(()))
237 /// This is the error type used by [`HandleOrNull`] when attempting to convert
238 /// into a handle, to indicate that the value is null.
239 // The empty field prevents constructing this, and allows extending it in the future.
240 #[unstable(feature = "io_safety", issue = "87074")]
241 #[derive(Debug, Clone, PartialEq, Eq)]
242 pub struct NullHandleError(());
244 #[unstable(feature = "io_safety", issue = "87074")]
245 impl fmt::Display for NullHandleError {
246 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
247 "A HandleOrNull could not be converted to a handle because it was null".fmt(fmt)
251 #[unstable(feature = "io_safety", issue = "87074")]
252 impl crate::error::Error for NullHandleError {}
254 /// This is the error type used by [`HandleOrInvalid`] when attempting to
255 /// convert into a handle, to indicate that the value is
256 /// `INVALID_HANDLE_VALUE`.
257 // The empty field prevents constructing this, and allows extending it in the future.
258 #[unstable(feature = "io_safety", issue = "87074")]
259 #[derive(Debug, Clone, PartialEq, Eq)]
260 pub struct InvalidHandleError(());
262 #[unstable(feature = "io_safety", issue = "87074")]
263 impl fmt::Display for InvalidHandleError {
264 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
265 "A HandleOrInvalid could not be converted to a handle because it was INVALID_HANDLE_VALUE"
270 #[unstable(feature = "io_safety", issue = "87074")]
271 impl crate::error::Error for InvalidHandleError {}
273 impl AsRawHandle for BorrowedHandle<'_> {
275 fn as_raw_handle(&self) -> RawHandle {
280 impl AsRawHandle for OwnedHandle {
282 fn as_raw_handle(&self) -> RawHandle {
287 impl IntoRawHandle for OwnedHandle {
289 fn into_raw_handle(self) -> RawHandle {
290 let handle = self.handle;
296 impl FromRawHandle for OwnedHandle {
298 unsafe fn from_raw_handle(handle: RawHandle) -> Self {
304 /// Constructs a new instance of `Self` from the given `RawHandle` returned
305 /// from a Windows API that uses null to indicate failure, such as
308 /// Use `HandleOrInvalid` instead of `HandleOrNull` for APIs that
309 /// use `INVALID_HANDLE_VALUE` to indicate failure.
313 /// The passed `handle` value must either satisfy the safety requirements
314 /// of [`FromRawHandle::from_raw_handle`], or be null. Note that not all
315 /// Windows APIs use null for errors; see [here] for the full story.
317 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
319 pub unsafe fn from_raw_handle(handle: RawHandle) -> Self {
320 Self(OwnedHandle::from_raw_handle(handle))
324 impl HandleOrInvalid {
325 /// Constructs a new instance of `Self` from the given `RawHandle` returned
326 /// from a Windows API that uses `INVALID_HANDLE_VALUE` to indicate
327 /// failure, such as `CreateFileW`.
329 /// Use `HandleOrNull` instead of `HandleOrInvalid` for APIs that
330 /// use null to indicate failure.
334 /// The passed `handle` value must either satisfy the safety requirements
335 /// of [`FromRawHandle::from_raw_handle`], or be
336 /// `INVALID_HANDLE_VALUE` (-1). Note that not all Windows APIs use
337 /// `INVALID_HANDLE_VALUE` for errors; see [here] for the full story.
339 /// [here]: https://devblogs.microsoft.com/oldnewthing/20040302-00/?p=40443
341 pub unsafe fn from_raw_handle(handle: RawHandle) -> Self {
342 Self(OwnedHandle::from_raw_handle(handle))
346 impl Drop for OwnedHandle {
350 let _ = c::CloseHandle(self.handle);
355 impl fmt::Debug for BorrowedHandle<'_> {
356 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
357 f.debug_struct("BorrowedHandle").field("handle", &self.handle).finish()
361 impl fmt::Debug for OwnedHandle {
362 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
363 f.debug_struct("OwnedHandle").field("handle", &self.handle).finish()
367 /// A trait to borrow the handle from an underlying object.
368 #[unstable(feature = "io_safety", issue = "87074")]
370 /// Borrows the handle.
375 /// # #![feature(io_safety)]
376 /// use std::fs::File;
378 /// use std::os::windows::io::{AsHandle, BorrowedHandle};
380 /// let mut f = File::open("foo.txt")?;
381 /// let borrowed_handle: BorrowedHandle<'_> = f.as_handle();
382 /// # Ok::<(), io::Error>(())
384 fn as_handle(&self) -> BorrowedHandle<'_>;
387 #[unstable(feature = "io_safety", issue = "87074")]
388 impl<T: AsHandle> AsHandle for &T {
390 fn as_handle(&self) -> BorrowedHandle<'_> {
395 #[unstable(feature = "io_safety", issue = "87074")]
396 impl<T: AsHandle> AsHandle for &mut T {
398 fn as_handle(&self) -> BorrowedHandle<'_> {
403 impl AsHandle for BorrowedHandle<'_> {
405 fn as_handle(&self) -> BorrowedHandle<'_> {
410 impl AsHandle for OwnedHandle {
412 fn as_handle(&self) -> BorrowedHandle<'_> {
413 // Safety: `OwnedHandle` and `BorrowedHandle` have the same validity
414 // invariants, and the `BorrowdHandle` is bounded by the lifetime
416 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
420 impl AsHandle for fs::File {
422 fn as_handle(&self) -> BorrowedHandle<'_> {
423 self.as_inner().as_handle()
427 impl From<fs::File> for OwnedHandle {
429 fn from(file: fs::File) -> OwnedHandle {
430 file.into_inner().into_inner().into_inner().into()
434 impl From<OwnedHandle> for fs::File {
436 fn from(owned: OwnedHandle) -> Self {
437 Self::from_inner(FromInner::from_inner(FromInner::from_inner(owned)))
441 impl AsHandle for crate::io::Stdin {
443 fn as_handle(&self) -> BorrowedHandle<'_> {
444 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
448 impl<'a> AsHandle for crate::io::StdinLock<'a> {
450 fn as_handle(&self) -> BorrowedHandle<'_> {
451 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
455 impl AsHandle for crate::io::Stdout {
457 fn as_handle(&self) -> BorrowedHandle<'_> {
458 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
462 impl<'a> AsHandle for crate::io::StdoutLock<'a> {
464 fn as_handle(&self) -> BorrowedHandle<'_> {
465 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
469 impl AsHandle for crate::io::Stderr {
471 fn as_handle(&self) -> BorrowedHandle<'_> {
472 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
476 impl<'a> AsHandle for crate::io::StderrLock<'a> {
478 fn as_handle(&self) -> BorrowedHandle<'_> {
479 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
483 impl AsHandle for crate::process::ChildStdin {
485 fn as_handle(&self) -> BorrowedHandle<'_> {
486 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
490 impl From<crate::process::ChildStdin> for OwnedHandle {
492 fn from(child_stdin: crate::process::ChildStdin) -> OwnedHandle {
493 unsafe { OwnedHandle::from_raw_handle(child_stdin.into_raw_handle()) }
497 impl AsHandle for crate::process::ChildStdout {
499 fn as_handle(&self) -> BorrowedHandle<'_> {
500 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
504 impl From<crate::process::ChildStdout> for OwnedHandle {
506 fn from(child_stdout: crate::process::ChildStdout) -> OwnedHandle {
507 unsafe { OwnedHandle::from_raw_handle(child_stdout.into_raw_handle()) }
511 impl AsHandle for crate::process::ChildStderr {
513 fn as_handle(&self) -> BorrowedHandle<'_> {
514 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
518 impl From<crate::process::ChildStderr> for OwnedHandle {
520 fn from(child_stderr: crate::process::ChildStderr) -> OwnedHandle {
521 unsafe { OwnedHandle::from_raw_handle(child_stderr.into_raw_handle()) }
525 impl<T> AsHandle for crate::thread::JoinHandle<T> {
527 fn as_handle(&self) -> BorrowedHandle<'_> {
528 unsafe { BorrowedHandle::borrow_raw(self.as_raw_handle()) }
532 impl<T> From<crate::thread::JoinHandle<T>> for OwnedHandle {
534 fn from(join_handle: crate::thread::JoinHandle<T>) -> OwnedHandle {
535 join_handle.into_inner().into_handle().into_inner()