This commit refactors and reorganises the `memory.rs` module. Now,
it consists of two submodules: `memory::ptr` which contains `GuestPtr`
and `GuestRef` (and their mutable versions), and `memory::array` which
contains `GuestArray` and `GuestArrayRef` (and their mutable versions).
This commit also adds basic unit sanity tests for the `memory::ptr`
submodule.
* Add first pass at GuestArray
* Return &'a [T] instead of Vec<Refs>
Also, add a sanity test for `GuestArray`.
* Change approach in GuestArray::as_ref
The new approach should avoid unnecessary copying (does it?) by
iterating through the memory and firstly validating the guest pointers,
to then extracting the slice `&'a [T]` using the unsafe `slice::from_raw_parts`
fn.
* Redo implementation of GuestArray and GuestArrayMut
This commit:
* redos the impl of `as_ref` and `as_ref_mut` for `GuestArray` and
`GuestArrayMut` structs in that they now return dynamically borrow
checked `GuestArrayRef` and `GuestArrayRefMut` structs
* introduces `GuestArrayRef` and `GuestArrayRefMut` structs which
perform dynamic borrow-checking of memory region at runtime, and
can be derefed to `&[T]` and `&mut [T]`
* adds a few sanity checks for the introduced types
* Rename r#ref to ref_
* Add constructors for GuestArray and GuestArrayMut
This commit:
* adds constructors for `GuestArray` and `GuestArrayMut` both of
which can now *only* be constructed from `GuestPtr::array` and
`GuestPtrMut::array_mut` respectively
* changes `Region::extend` to extend the region by adding to the
current `len` (avoids problem of asserting for > 0)
* implements `fmt::Debug` for most of memory types for easier testing
(implementation is *not* enforced on the generic parameter `T` in
the struct; rather, if `T` impls `fmt::Debug` then so does the
memory type such as `GuestPtr<'_, T>`)
* Add some basic sanity tests for Region
This commit adds some basic sanity tests for `overlap` method
of `Region`.
* Refactor overlaps method of Region struct
This commit refactors `Region::overlaps` method.
* Add some docs
* Assert Region's len is nonzero
* generator: take an &mut GuestMemory
rather than pass the owned GuestMemory in, just give exclusive access
to it. Makes testing easier.
* tests: start transforming tests to check abi-level generated code as well
* finish lowering of test funcs
* tests: rename variables to more sensible names
* proptesting: reliably finds that we dont allow stuff to be right against end of memory!
* memory: fix off-by-one calc in GuestMemory::contains(&self, Region)
ty proptest!
also, refactored the Region::overlaps to be the same code but easier to
read.
* generator: better location information in GuestError
* testing: proptest generates memory areas, tests everything
* Add some (incomplete set) basic sanity end-to-end tests
This commit adds some (an incomplete set of) basic sanity end-to-end
tests. It uses `test.witx` to autogenerate types and module interface
functions (aka the syscalls), and tests their implementation. For
the host memory, it uses simplistic `&mut [u8]` where we have full
control of the addressing and contents.
* Add sanity test for baz interface func
This commit adds a sanity test for the `Foo::baz` interface func.
* Upcast start/len for Region to avoid overflow
* Reenable alignment checking for memory
* use an array to implement hostmemory
Co-authored-by: Pat Hickey <pat@moreproductive.org>
