#ffi #data-structures

abi_stable

For doing Rust-to-Rust ffi,writing libraries loaded at program startup

24 releases

0.9.0 Nov 21, 2020
0.8.3 Mar 22, 2020
0.8.1 Dec 5, 2019
0.7.4 Oct 23, 2019
0.6.2 Jul 28, 2019

#43 in Rust patterns

Download history 29/week @ 2020-08-13 32/week @ 2020-08-20 28/week @ 2020-08-27 105/week @ 2020-09-03 11/week @ 2020-09-10 2/week @ 2020-09-17 5/week @ 2020-09-24 27/week @ 2020-10-01 3/week @ 2020-10-08 27/week @ 2020-10-15 3/week @ 2020-10-22 29/week @ 2020-10-29 1/week @ 2020-11-05 1/week @ 2020-11-12 44/week @ 2020-11-19 30/week @ 2020-11-26

87 downloads per month
Used in plugin_tls

MIT/Apache

1.5MB
33K SLoC

Build Status Join the chat at https://gitter.im/abi_stable_crates/community

Documentation.

For Rust-to-Rust ffi, with a focus on creating libraries loaded at program startup, and with load-time type-checking.

This library allows defining Rust libraries that can be loaded at runtime, even if they were built with a different Rust version than the crate that depends on it.

These are some usecases for this library:

  • Converting a Rust dependency tree from compiling statically into a single binary, into one binary (and potentially) many dynamic libraries, allowing separate re-compilation on changes.

  • Creating a plugin system (without support for unloading).

Features

Currently this library has these features:

  • Features the sabi_trait attribute macro, for creating ffi-safe trait objects.

  • Ffi-safe equivalent of some trait objects with DynTrait.

  • Provides ffi-safe alternatives/wrappers for many standard library types, in the std_types module.

  • Provides ffi-safe wrappers for some types defined in external crates, in the external_types module.

  • Provides the StableAbi trait for asserting that types are ffi-safe.

  • The prefix types feature for building extensible modules and vtables, without breaking ABI compatibility.

  • Supports ffi-safe nonexhaustive enums, wrapped in NonExhaustive.

  • Checking at load-time that the types in the dynamic library have the expected layout, allowing for semver compatible changes while checking the layout of types.

  • Provides the StableAbi derive macro to both assert that the type is ffi compatible, and to get the layout of the type at load-time to check that it is still compatible.

Changelog

The changelog is in the "Changelog.md" file.

Example crates

For example crates using abi_stable you can look at the crates in the examples directory, in the repository for this crate.

To run the example crates you'll generally have to build the *_impl crate, then run the *_user crate (all *_user crates should have a help message).

These are the example crates:

  • 0 - modules and interface types: Demonstrates abi_stable "modules"(structs of function pointers), and interface types through a command line application with a dynamically linked backend.

  • 1 - trait objects: Demonstrates ffi-safe trait objects (Generated using the sabi_trait attribute macro) by creating a minimal plugin system.

  • 2 - nonexhaustive-enums: Demonstrates nonexhaustive-enums as parameters and return values, for an application that manages the catalogue of a shop.

Example

This is a full example,demonstrating:

  • user crates(defined in the Architecture section below).

  • Ffi-safe trait objects, generated through the sabi_trait attribute macro.

  • DynTrait: An ffi-safe multi-trait object for a selection of traits, which can also be unerased back into the concrete type.

  • interface crates(defined in the Architecture section below).

  • ìmplementation crates(defined in the Architecture section below).

Note that each section represents its own crate , with comments for how to turn them into 3 separate crates.



/////////////////////////////////////////////////////////////////////////////////
//
//                        Application (user crate) 
//
////////////////////////////////////////////////////////////////////////////////

use abi_stable::std_types::RVec;

use interface_crate::{
    AppenderBox,Appender_TO,
    ExampleLib_Ref,BoxedInterface,load_root_module_in_directory,
};

fn main(){
    // The type annotation is for the reader
    let library: ExampleLib_Ref =
        load_root_module_in_directory("./target/debug".as_ref())
            .unwrap_or_else(|e| panic!("{}",e) );

    {
        /*/////////////////////////////////////////////////////////////////////////////////
        
        This block demonstrates `#[sabi_trait]` generated trait objects

        */////////////////////////////////////////////////////////////////////////////////

        // The type annotation is for the reader
        let mut appender: AppenderBox<u32> = library.new_appender()();
        appender.push(100);
        appender.push(200);

        // The primary way to use the methods in the trait is through the inherent methods on 
        // the ffi-safe trait object.
        Appender_TO::push(&mut appender,300);
        appender.append(vec![500,600].into());
        assert_eq!(
            appender.into_rvec(),
            RVec::from(vec![100,200,300,500,600]) 
        );
    }
    {
        /*/////////////////////////////////////////////////////////////////////////////////
        
        This block demonstrates the `DynTrait<>` trait object.
        
        `DynTrait` is used here as a safe opaque type which can only be unwrapped back to the 
        original type in the dynamic library that constructed the `DynTrait` itself.

        */////////////////////////////////////////////////////////////////////////////////

        // The type annotation is for the reader
        let mut unwrapped: BoxedInterface = library.new_boxed_interface()();

        library.append_string()(&mut unwrapped, "Hello".into());
        library.append_string()(&mut unwrapped, ", world!".into());

        assert_eq!(&*unwrapped.to_string(), "Hello, world!");
    }

    println!("success");
}


/////////////////////////////////////////////////////////////////////////////////
//
//                      Interface crate
//
//////////////////////////////////////////////////////////////////////////////////

mod interface_crate{

use std::path::Path;

use abi_stable::{
    StableAbi,
    DynTrait,
    sabi_trait,
    library::{LibraryError, RootModule},
    package_version_strings,
    std_types::{RBox, RString, RVec},
    sabi_types::VersionStrings,
};


/**
This struct is the root module,
which must be converted to `ExampleLib_Ref` to be passed through ffi.

The `#[sabi(kind(Prefix(prefix_ref="ExampleLib_Ref")))]` 
attribute tells `StableAbi` to create an ffi-safe static refernce type
for `ExampleLib` called `ExampleLib_Ref`.

The `#[sabi(missing_field(panic))]` attribute specifies that trying to 
access a field that doesn't exist must panic with a message saying that the field is inaccessible.


*/
#[repr(C)]
#[derive(StableAbi)] 
#[sabi(kind(Prefix(prefix_ref="ExampleLib_Ref")))]
#[sabi(missing_field(panic))]
pub struct ExampleLib {
    pub new_appender: extern "C" fn() -> AppenderBox<u32>,

    pub new_boxed_interface: extern "C" fn() -> BoxedInterface<'static>,

/**
The `#[sabi(last_prefix_field)]` attribute here means that this is the last field in this struct
that was defined in the first compatible version of the library
(0.1.0, 0.2.0, 0.3.0, 1.0.0, 2.0.0 ,etc),
requiring new fields to always be added below preexisting ones.

The `#[sabi(last_prefix_field)]` attribute would stay on this field until the library 
bumps its "major" version,
at which point it would be moved to the last field at the time.

*/
    #[sabi(last_prefix_field)]
    pub append_string: extern "C" fn(&mut BoxedInterface<'_>, RString),
}


/// The RootModule trait defines how to load the root module of a library.
impl RootModule for ExampleLib_Ref {

    abi_stable::declare_root_module_statics!{ExampleLib_Ref}

    const BASE_NAME: &'static str = "example_library";
    const NAME: &'static str = "example_library";
    const VERSION_STRINGS: VersionStrings = package_version_strings!();
}

/**

`#[sabi_trait]` is how one creates an ffi-safe trait object from a trait definition.

In this case the trait object is `Appender_TO<'lt, Pointer<()>, Element>`,where:

- `'lt`:
    Is the lifetime bound of the type that constructed the trait object
    (`'static` is the lifetime bound of objects that don't borrow anything).

- `Pointer<()>`:
    Is any pointer that implements some abi_stable specific traits,
    this pointer owns the value that implements `Appender`.

- `Element`:
    This is the element type of the collection that we operate on.

*/
#[sabi_trait]
pub trait Appender{
    /// The element type of the collection.
    type Element;

    /// Appends one element at the end of the collection.    
    fn push(&mut self, value: Self::Element);
    
    /// Appends many elements at the end of the collection.    
    fn append(&mut self, vec: RVec<Self::Element>);

/**
Converts this collection into an `RVec`.

As opposed to regular trait objects (as of Rust 1.47),
it is possible to call by-value methods on trait objects generated by `#[sabi_trait]`.

The `#[sabi(last_prefix_field)]` attribute here means that this is the last method 
that was defined in the first compatible version of the library
(0.1.0, 0.2.0, 0.3.0, 1.0.0, 2.0.0 ,etc),
requiring new methods to always be added below preexisting ones.

The `#[sabi(last_prefix_field)]` attribute would stay on this method until the library 
bumps its "major" version,
at which point it would be moved to the last method at the time.

*/
    #[sabi(last_prefix_field)]
    fn into_rvec(self) -> RVec<Self::Element>;
}

/// A type alias for the Appender trait object.
///
/// `'static` here means that the trait object cannot contain any borrows.
pub type AppenderBox<T> = Appender_TO<'static, RBox<()>, T>;



/*

/// This loads the root from the library in the `directory` folder.
///
/// This for the case where this example is copied into the 3 crates.
/// 
pub fn load_root_module_in_directory(directory: &Path) -> Result<ExampleLib_Ref, LibraryError> {
    ExampleLib_Ref::load_from_directory(directory)
}
*/

/// This loads the root module
///
/// This is for the case where this example is copied into a single crate
pub fn load_root_module_in_directory(_: &Path) -> Result<ExampleLib_Ref, LibraryError> {
    ExampleLib_Ref::load_module_with(|| Ok(super::implementation::get_library()) )
}

//////////////////////////////////////////////////////////


/// This type implements `ÌnterfaceType`
/// (because of the `#[sabi(impl_InterfaceType())]` helper attribute of `#[derive(StableAbi)]` ),
/// describing the traits required when constructing `DynTrait<_, TheInterface>`,
/// and are then implemented by it.
#[repr(C)]
#[derive(StableAbi)]
#[sabi(impl_InterfaceType(Sync,Send,Debug,Display))]
pub struct TheInterface;


/// An alias for the trait object used in this example
pub type BoxedInterface<'borr> = DynTrait<'borr, RBox<()>, TheInterface>;

}



/////////////////////////////////////////////////////////////////////////////////
//
//                            Implementation crate
//
// This is generally done in a separate crate than the interface.
//
//////////////////////////////////////////////////////////////////////////////////
//
// If you copy paste this into its own crate use this setting in the 
// Cargo.toml file.
//
// ```
// [lib]
// name = "example_library"
// crate-type = ["cdylib",'rlib']
// ```
//
//
//////////////////////////////////////////////////////////////////////////////////

mod implementation {

use std::fmt::{self, Display};


// Comment this out if this is on its own crate
use super::interface_crate;

use interface_crate::{
    Appender,
    AppenderBox,
    Appender_TO,
    BoxedInterface,
    ExampleLib_Ref,
    ExampleLib,
    TheInterface,
};

use abi_stable::{
    ImplType,
    DynTrait,
    erased_types::TypeInfo,
    export_root_module,
    sabi_extern_fn,
    impl_get_type_info,
    prefix_type::PrefixTypeTrait,
    sabi_trait::prelude::TU_Opaque,
    std_types::{RString, RVec},
};


/**
The function which exports the root module of the library.

The root module is exported inside a static of `LibHeader` type,
which has this extra metadata:

- The abi_stable version number used by the dynamic library.

- A constant describing the layout of the exported root module,and every type it references.

- A lazily initialized reference to the root module.

- The constructor function of the root module.


*/
#[export_root_module]
pub fn get_library() -> ExampleLib_Ref {
    ExampleLib{
        new_appender,
        new_boxed_interface,
        append_string,
    }.leak_into_prefix()
}

/**
This is the `implementation crate` dual of `TheInterface`.

A `DynTrait<_, TheInterface>` is expected to (but not enforced to) only be constructed from a `StringBuilder`
.

*/
#[derive(Debug,Clone)]
pub struct StringBuilder{
    pub text: String,
    pub appended: Vec<RString>,
}

///
/// Defines this as an `implementation type`,
/// this trait is mostly for improving error messages when unerasing the DynTrait.
///
impl ImplType for StringBuilder {
    type Interface = TheInterface;

    const INFO: &'static TypeInfo = impl_get_type_info! { Self };
}

impl Display for StringBuilder{
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result{
        fmt::Display::fmt(&self.text, f)
    }
}

impl StringBuilder{
    /// Appends the string at the end.
    pub fn append_string(&mut self, string: RString){
        self.text.push_str(&string);
        self.appended.push(string);
    }
}

#[sabi_extern_fn]
pub fn new_appender() -> AppenderBox<u32>{
    /*
    What `TU_Opaque` does here is specify that the trait object cannot be unerased,
    disallowing the `Appender_TO` from being unwrapped back into an `RVec<u32>`
    using the `trait_object.obj.*_unerased_*()` methods.
    
    To be able to unwrap a `#[sabi_trait]` trait object back into the type it 
    was constructed with,you must:

    - Have a type that implements `std::anu::Any`
    (it requires that the type doesn't borrow anything).

    - Pass `TU_Unerasable` instead of `TU_Opaque` to Appender_TO::{from_value,from_ptr}.

    - Unerase the trait object back into the original type with
        `trait_object.obj.into_unerased_impltype::<RVec<u32>>().unwrap()` 
        (or the other unerasure methods).

    Unerasing a trait object will fail in any of these conditions:

    - It wasn't constructed in the same dynamic library.
    
    - It's not the same type.

    - It was constructed with `TU_Opaque`.

    */
    Appender_TO::from_value(RVec::new(),TU_Opaque)
}


/// Constructs a BoxedInterface.
#[sabi_extern_fn]
fn new_boxed_interface() -> BoxedInterface<'static>{
    DynTrait::from_value(StringBuilder{
        text:"".into(),
        appended:vec![],
    })
}


/// Appends a string to the erased `StringBuilderType`.
#[sabi_extern_fn]
fn append_string(wrapped: &mut BoxedInterface<'_>, string: RString){
    wrapped
        .as_unerased_mut_impltype::<StringBuilder>() // Returns `Result<&mut StringBuilder, _>`
        .unwrap() // Returns `&mut StringBuilder`
        .append_string(string);
}


impl<T> Appender for RVec<T>{
    type Element=T;
    fn push(&mut self,value:Self::Element){
        self.push(value);
    }
    fn append(&mut self,vec:RVec<Self::Element>){
        self.extend(vec);
    }
    fn into_rvec(self) -> RVec<Self::Element>{
        self
    }
}


}

Safety

This library ensures that the loaded libraries are safe to use through these mechanisms:

  • The abi_stable ABI of the library is checked, Each 0.y.0 version and x.0.0 version of abi_stable defines its own ABI which is incompatible with previous versions.

  • Types are recursively checked when the dynamic library is loaded, before any function can be called.

Note that this library assumes that dynamic libraries come from a benign source, these checks are done purely to detect programming errors.

Planned features

None right now.

Non-features (extremely unlikely to be added)

Supporting library unloading, since this requires building the entire library with the assumption that anything might get unloaded at any time.

Architecture

This is a way that users can structure their libraries to allow for dynamic linking.

For how to evolve dynamically loaded libraries loaded using the safe API in abi_stable look here.

Interface crate

A crate which declares:

  • The root module (a structs of function pointers/other modules), which implements the RootModule trait, exported from the dynamic library.

  • All the sub-modules of the root module.

  • All the public types passed to and returned by the functions.

  • Optionally: declare the ffi-safe traits with the sabi_trait attribute, used as trait objects in the public interface.

  • Optionally: declares ìnterface types,types which implement InterfaceType, used to specify the traits usable in the DynTrait ffi-safe trait object .

Implementation crate

The crate compiled as a dynamic library that:

  • Implements all the functions declared in the interface crate.

  • Declares a function to export the root module, using the export_root_module attribute to export the module.

  • Optionally: Implement traits that were annotated with the sabi_trait attribute, constructing their trait objects exposed in the public API.

  • Optionally:create types which implement ImplType<Iterface= FooInterface >, where FooInterface is a type that implements InterfaceType declared in the interface crate, so as to be able to use wrap it in DynTraits of that interface.

User crate

A crate that that declares the ìnterface crate as a dependency, and loads the pre-compiled implementation crate dynamic library from some path.

Minimum Rust version

This crate support Rust back to 1.41.0 , using a build script to automatically enable features from newer versions.

Cargo Features

If it becomes possible to disable build scripts, you can manually enable support for Rust past 1.41.0 features with the rust_*_* cargo features.

These are default cargo features that enable optional crates :

  • "channels": Depends on crossbeam-channel, wrapping channels from it for ffi in abi_stable::external_types::crossbeam_channel .

  • "serde_json": Depends on serde_json, providing ffi-safe equivalents of &serde_json::value::RawValue and Box<serde_json::value::RawValue>, in abi_stable::external_types::serde_json .

To disable the default features use:

[dependencies.abi_stable]
version = "<current_version>"
default-features = false
features = o[  ]

enabling the features you need in the features array.

Manually enabled

These are features to manually enabled support for newer language features, required until this library is updated to automatically detect them, every one of which has a nightly_* equivalent.

Features:

  • const_params: Enables items in abi_stable that use const generics.

Nightly features

The all_nightly feature enables all the nightly_* equivalents of the manually enabled features.

Every nightly_* feature enables both support from abi_stable, as well as the nightly feature flag in the compiler.

Tools

Here are some tools,all of which are in the "tools" directory(folder).

sabi_extract

A program to extract a variety of information from an abi_stable dynamic library.

License

abi_stable is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in abi_stable by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~2–2.8MB
~59K SLoC