std\sys\pal\windows/
mod.rs

1#![allow(missing_docs, nonstandard_style)]
2#![forbid(unsafe_op_in_unsafe_fn)]
3
4use crate::ffi::{OsStr, OsString};
5use crate::io::ErrorKind;
6use crate::mem::MaybeUninit;
7use crate::os::windows::ffi::{OsStrExt, OsStringExt};
8use crate::path::PathBuf;
9use crate::sys::pal::windows::api::wide_str;
10use crate::time::Duration;
11
12#[macro_use]
13pub mod compat;
14
15pub mod api;
16
17pub mod c;
18#[cfg(not(target_vendor = "win7"))]
19pub mod futex;
20pub mod handle;
21pub mod os;
22pub mod pipe;
23pub mod thread;
24pub mod time;
25cfg_if::cfg_if! {
26    if #[cfg(not(target_vendor = "uwp"))] {
27        pub mod stack_overflow;
28    } else {
29        pub mod stack_overflow_uwp;
30        pub use self::stack_overflow_uwp as stack_overflow;
31    }
32}
33
34/// Map a [`Result<T, WinError>`] to [`io::Result<T>`](crate::io::Result<T>).
35pub trait IoResult<T> {
36    fn io_result(self) -> crate::io::Result<T>;
37}
38impl<T> IoResult<T> for Result<T, api::WinError> {
39    fn io_result(self) -> crate::io::Result<T> {
40        self.map_err(|e| crate::io::Error::from_raw_os_error(e.code as i32))
41    }
42}
43
44// SAFETY: must be called only once during runtime initialization.
45// NOTE: this is not guaranteed to run, for example when Rust code is called externally.
46pub unsafe fn init(_argc: isize, _argv: *const *const u8, _sigpipe: u8) {
47    unsafe {
48        stack_overflow::init();
49
50        // Normally, `thread::spawn` will call `Thread::set_name` but since this thread already
51        // exists, we have to call it ourselves.
52        thread::Thread::set_name_wide(wide_str!("main"));
53    }
54}
55
56// SAFETY: must be called only once during runtime cleanup.
57// NOTE: this is not guaranteed to run, for example when the program aborts.
58pub unsafe fn cleanup() {
59    crate::sys::net::cleanup();
60}
61
62#[inline]
63pub fn is_interrupted(_errno: i32) -> bool {
64    false
65}
66
67pub fn decode_error_kind(errno: i32) -> ErrorKind {
68    use ErrorKind::*;
69
70    match errno as u32 {
71        c::ERROR_ACCESS_DENIED => return PermissionDenied,
72        c::ERROR_ALREADY_EXISTS => return AlreadyExists,
73        c::ERROR_FILE_EXISTS => return AlreadyExists,
74        c::ERROR_BROKEN_PIPE => return BrokenPipe,
75        c::ERROR_FILE_NOT_FOUND
76        | c::ERROR_PATH_NOT_FOUND
77        | c::ERROR_INVALID_DRIVE
78        | c::ERROR_BAD_NETPATH
79        | c::ERROR_BAD_NET_NAME => return NotFound,
80        c::ERROR_NO_DATA => return BrokenPipe,
81        c::ERROR_INVALID_NAME | c::ERROR_BAD_PATHNAME => return InvalidFilename,
82        c::ERROR_INVALID_PARAMETER => return InvalidInput,
83        c::ERROR_NOT_ENOUGH_MEMORY | c::ERROR_OUTOFMEMORY => return OutOfMemory,
84        c::ERROR_SEM_TIMEOUT
85        | c::WAIT_TIMEOUT
86        | c::ERROR_DRIVER_CANCEL_TIMEOUT
87        | c::ERROR_OPERATION_ABORTED
88        | c::ERROR_SERVICE_REQUEST_TIMEOUT
89        | c::ERROR_COUNTER_TIMEOUT
90        | c::ERROR_TIMEOUT
91        | c::ERROR_RESOURCE_CALL_TIMED_OUT
92        | c::ERROR_CTX_MODEM_RESPONSE_TIMEOUT
93        | c::ERROR_CTX_CLIENT_QUERY_TIMEOUT
94        | c::FRS_ERR_SYSVOL_POPULATE_TIMEOUT
95        | c::ERROR_DS_TIMELIMIT_EXCEEDED
96        | c::DNS_ERROR_RECORD_TIMED_OUT
97        | c::ERROR_IPSEC_IKE_TIMED_OUT
98        | c::ERROR_RUNLEVEL_SWITCH_TIMEOUT
99        | c::ERROR_RUNLEVEL_SWITCH_AGENT_TIMEOUT => return TimedOut,
100        c::ERROR_CALL_NOT_IMPLEMENTED => return Unsupported,
101        c::ERROR_HOST_UNREACHABLE => return HostUnreachable,
102        c::ERROR_NETWORK_UNREACHABLE => return NetworkUnreachable,
103        c::ERROR_DIRECTORY => return NotADirectory,
104        c::ERROR_DIRECTORY_NOT_SUPPORTED => return IsADirectory,
105        c::ERROR_DIR_NOT_EMPTY => return DirectoryNotEmpty,
106        c::ERROR_WRITE_PROTECT => return ReadOnlyFilesystem,
107        c::ERROR_DISK_FULL | c::ERROR_HANDLE_DISK_FULL => return StorageFull,
108        c::ERROR_SEEK_ON_DEVICE => return NotSeekable,
109        c::ERROR_DISK_QUOTA_EXCEEDED => return QuotaExceeded,
110        c::ERROR_FILE_TOO_LARGE => return FileTooLarge,
111        c::ERROR_BUSY => return ResourceBusy,
112        c::ERROR_POSSIBLE_DEADLOCK => return Deadlock,
113        c::ERROR_NOT_SAME_DEVICE => return CrossesDevices,
114        c::ERROR_TOO_MANY_LINKS => return TooManyLinks,
115        c::ERROR_FILENAME_EXCED_RANGE => return InvalidFilename,
116        c::ERROR_CANT_RESOLVE_FILENAME => return FilesystemLoop,
117        _ => {}
118    }
119
120    match errno {
121        c::WSAEACCES => PermissionDenied,
122        c::WSAEADDRINUSE => AddrInUse,
123        c::WSAEADDRNOTAVAIL => AddrNotAvailable,
124        c::WSAECONNABORTED => ConnectionAborted,
125        c::WSAECONNREFUSED => ConnectionRefused,
126        c::WSAECONNRESET => ConnectionReset,
127        c::WSAEINVAL => InvalidInput,
128        c::WSAENOTCONN => NotConnected,
129        c::WSAEWOULDBLOCK => WouldBlock,
130        c::WSAETIMEDOUT => TimedOut,
131        c::WSAEHOSTUNREACH => HostUnreachable,
132        c::WSAENETDOWN => NetworkDown,
133        c::WSAENETUNREACH => NetworkUnreachable,
134        c::WSAEDQUOT => QuotaExceeded,
135
136        _ => Uncategorized,
137    }
138}
139
140pub fn unrolled_find_u16s(needle: u16, haystack: &[u16]) -> Option<usize> {
141    let ptr = haystack.as_ptr();
142    let mut start = haystack;
143
144    // For performance reasons unfold the loop eight times.
145    while start.len() >= 8 {
146        macro_rules! if_return {
147            ($($n:literal,)+) => {
148                $(
149                    if start[$n] == needle {
150                        return Some(((&start[$n] as *const u16).addr() - ptr.addr()) / 2);
151                    }
152                )+
153            }
154        }
155
156        if_return!(0, 1, 2, 3, 4, 5, 6, 7,);
157
158        start = &start[8..];
159    }
160
161    for c in start {
162        if *c == needle {
163            return Some(((c as *const u16).addr() - ptr.addr()) / 2);
164        }
165    }
166    None
167}
168
169pub fn to_u16s<S: AsRef<OsStr>>(s: S) -> crate::io::Result<Vec<u16>> {
170    fn inner(s: &OsStr) -> crate::io::Result<Vec<u16>> {
171        // Most paths are ASCII, so reserve capacity for as much as there are bytes
172        // in the OsStr plus one for the null-terminating character. We are not
173        // wasting bytes here as paths created by this function are primarily used
174        // in an ephemeral fashion.
175        let mut maybe_result = Vec::with_capacity(s.len() + 1);
176        maybe_result.extend(s.encode_wide());
177
178        if unrolled_find_u16s(0, &maybe_result).is_some() {
179            return Err(crate::io::const_error!(
180                ErrorKind::InvalidInput,
181                "strings passed to WinAPI cannot contain NULs",
182            ));
183        }
184        maybe_result.push(0);
185        Ok(maybe_result)
186    }
187    inner(s.as_ref())
188}
189
190// Many Windows APIs follow a pattern of where we hand a buffer and then they
191// will report back to us how large the buffer should be or how many bytes
192// currently reside in the buffer. This function is an abstraction over these
193// functions by making them easier to call.
194//
195// The first callback, `f1`, is passed a (pointer, len) pair which can be
196// passed to a syscall. The `ptr` is valid for `len` items (u16 in this case).
197// The closure is expected to:
198// - On success, return the actual length of the written data *without* the null terminator.
199//   This can be 0. In this case the last_error must be left unchanged.
200// - On insufficient buffer space,
201//   - either return the required length *with* the null terminator,
202//   - or set the last-error to ERROR_INSUFFICIENT_BUFFER and return `len`.
203// - On other failure, return 0 and set last_error.
204//
205// This is how most but not all syscalls indicate the required buffer space.
206// Other syscalls may need translation to match this protocol.
207//
208// Once the syscall has completed (errors bail out early) the second closure is
209// passed the data which has been read from the syscall. The return value
210// from this closure is then the return value of the function.
211pub fn fill_utf16_buf<F1, F2, T>(mut f1: F1, f2: F2) -> crate::io::Result<T>
212where
213    F1: FnMut(*mut u16, u32) -> u32,
214    F2: FnOnce(&[u16]) -> T,
215{
216    // Start off with a stack buf but then spill over to the heap if we end up
217    // needing more space.
218    //
219    // This initial size also works around `GetFullPathNameW` returning
220    // incorrect size hints for some short paths:
221    // https://github.com/dylni/normpath/issues/5
222    let mut stack_buf: [MaybeUninit<u16>; 512] = [MaybeUninit::uninit(); 512];
223    let mut heap_buf: Vec<MaybeUninit<u16>> = Vec::new();
224    unsafe {
225        let mut n = stack_buf.len();
226        loop {
227            let buf = if n <= stack_buf.len() {
228                &mut stack_buf[..]
229            } else {
230                let extra = n - heap_buf.len();
231                heap_buf.reserve(extra);
232                // We used `reserve` and not `reserve_exact`, so in theory we
233                // may have gotten more than requested. If so, we'd like to use
234                // it... so long as we won't cause overflow.
235                n = heap_buf.capacity().min(u32::MAX as usize);
236                // Safety: MaybeUninit<u16> does not need initialization
237                heap_buf.set_len(n);
238                &mut heap_buf[..]
239            };
240
241            // This function is typically called on windows API functions which
242            // will return the correct length of the string, but these functions
243            // also return the `0` on error. In some cases, however, the
244            // returned "correct length" may actually be 0!
245            //
246            // To handle this case we call `SetLastError` to reset it to 0 and
247            // then check it again if we get the "0 error value". If the "last
248            // error" is still 0 then we interpret it as a 0 length buffer and
249            // not an actual error.
250            c::SetLastError(0);
251            let k = match f1(buf.as_mut_ptr().cast::<u16>(), n as u32) {
252                0 if api::get_last_error().code == 0 => 0,
253                0 => return Err(crate::io::Error::last_os_error()),
254                n => n,
255            } as usize;
256            if k == n && api::get_last_error().code == c::ERROR_INSUFFICIENT_BUFFER {
257                n = n.saturating_mul(2).min(u32::MAX as usize);
258            } else if k > n {
259                n = k;
260            } else if k == n {
261                // It is impossible to reach this point.
262                // On success, k is the returned string length excluding the null.
263                // On failure, k is the required buffer length including the null.
264                // Therefore k never equals n.
265                unreachable!();
266            } else {
267                // Safety: First `k` values are initialized.
268                let slice: &[u16] = buf[..k].assume_init_ref();
269                return Ok(f2(slice));
270            }
271        }
272    }
273}
274
275pub fn os2path(s: &[u16]) -> PathBuf {
276    PathBuf::from(OsString::from_wide(s))
277}
278
279pub fn truncate_utf16_at_nul(v: &[u16]) -> &[u16] {
280    match unrolled_find_u16s(0, v) {
281        // don't include the 0
282        Some(i) => &v[..i],
283        None => v,
284    }
285}
286
287pub fn ensure_no_nuls<T: AsRef<OsStr>>(s: T) -> crate::io::Result<T> {
288    if s.as_ref().encode_wide().any(|b| b == 0) {
289        Err(crate::io::const_error!(ErrorKind::InvalidInput, "nul byte found in provided data"))
290    } else {
291        Ok(s)
292    }
293}
294
295pub trait IsZero {
296    fn is_zero(&self) -> bool;
297}
298
299macro_rules! impl_is_zero {
300    ($($t:ident)*) => ($(impl IsZero for $t {
301        fn is_zero(&self) -> bool {
302            *self == 0
303        }
304    })*)
305}
306
307impl_is_zero! { i8 i16 i32 i64 isize u8 u16 u32 u64 usize }
308
309pub fn cvt<I: IsZero>(i: I) -> crate::io::Result<I> {
310    if i.is_zero() { Err(crate::io::Error::last_os_error()) } else { Ok(i) }
311}
312
313pub fn dur2timeout(dur: Duration) -> u32 {
314    // Note that a duration is a (u64, u32) (seconds, nanoseconds) pair, and the
315    // timeouts in windows APIs are typically u32 milliseconds. To translate, we
316    // have two pieces to take care of:
317    //
318    // * Nanosecond precision is rounded up
319    // * Greater than u32::MAX milliseconds (50 days) is rounded up to INFINITE
320    //   (never time out).
321    dur.as_secs()
322        .checked_mul(1000)
323        .and_then(|ms| ms.checked_add((dur.subsec_nanos() as u64) / 1_000_000))
324        .and_then(|ms| ms.checked_add(if dur.subsec_nanos() % 1_000_000 > 0 { 1 } else { 0 }))
325        .map(|ms| if ms > <u32>::MAX as u64 { c::INFINITE } else { ms as u32 })
326        .unwrap_or(c::INFINITE)
327}
328
329/// Use `__fastfail` to abort the process
330///
331/// In Windows 8 and later, this will terminate the process immediately without
332/// running any in-process exception handlers. In earlier versions of Windows,
333/// this sequence of instructions will be treated as an access violation, which
334/// will still terminate the process but might run some exception handlers.
335///
336/// https://docs.microsoft.com/en-us/cpp/intrinsics/fastfail
337#[cfg(not(miri))] // inline assembly does not work in Miri
338pub fn abort_internal() -> ! {
339    unsafe {
340        cfg_if::cfg_if! {
341            if #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] {
342                core::arch::asm!("int $$0x29", in("ecx") c::FAST_FAIL_FATAL_APP_EXIT, options(noreturn, nostack));
343            } else if #[cfg(all(target_arch = "arm", target_feature = "thumb-mode"))] {
344                core::arch::asm!(".inst 0xDEFB", in("r0") c::FAST_FAIL_FATAL_APP_EXIT, options(noreturn, nostack));
345            } else if #[cfg(any(target_arch = "aarch64", target_arch = "arm64ec"))] {
346                core::arch::asm!("brk 0xF003", in("x0") c::FAST_FAIL_FATAL_APP_EXIT, options(noreturn, nostack));
347            } else {
348                core::intrinsics::abort();
349            }
350        }
351    }
352}
353
354#[cfg(miri)]
355pub fn abort_internal() -> ! {
356    crate::intrinsics::abort();
357}
358
359/// Align the inner value to 8 bytes.
360///
361/// This is enough for almost all of the buffers we're likely to work with in
362/// the Windows APIs we use.
363#[repr(C, align(8))]
364#[derive(Copy, Clone)]
365pub(crate) struct Align8<T: ?Sized>(pub T);