Fix fstatat

[sporksmith]

• TypedPluginPtr: make slice method generic over RangeBounds
• MemoryManager.read_ptr: let caller slice instead of taking offset
• MemoryManager: generalize read_ptr -> readv_ptr
• Split MemoryReader.copy to read_some and read_exact
• MemoryReader: split as_ref into ref_some and ref_exact
• Reimplement process_getReadableString using new Reader API
• Add process_readString
• fileat syscalls: fix memory access bugs
• Add test for fstatat

Fixes #1332

[codecov]

Codecov Report

Merging #1351 (e3c27a7) into dev (b277326) will increase coverage by 0.09%.
The diff coverage is 35.55%.

@@            Coverage Diff             @@
##              dev    #1351      +/-   ##
==========================================
+ Coverage   56.43%   56.52%   +0.09%     
==========================================
  Files         141      141              
  Lines       20084    20098      +14     
  Branches     4977     4983       +6     
==========================================
+ Hits        11335    11361      +26     
+ Misses       5868     5839      -29     
- Partials     2881     2898      +17     

Flag	Coverage Δ
tests	56.52% <35.55%> (+0.09%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/main/host/syscall/fileat.c	15.87% <10.00%> (+6.49%)	⬆️
src/test/file/test_file.c	51.83% <41.66%> (-0.60%)	⬇️
src/main/host/process.c	70.02% <69.23%> (-0.05%)	⬇️
src/support/logger/rust_bindings/src/lib.rs	40.26% <0.00%> (-0.30%)	⬇️
src/main/host/descriptor/file.c	34.07% <0.00%> (+0.66%)	⬆️
src/main/host/syscall_handler.c	53.16% <0.00%> (+0.84%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b277326...e3c27a7. Read the comment docs.

[stevenengler]

This can technically overflow, but shouldn't in practice. Maybe use checked_add().unwrap() here?

[sporksmith]

IIUC overflow will be caught in Debug builds; given that, I don't think it's worth wrapping every arithmetic operation in checks. rust-lang/rfcs#560

[stevenengler]

Should this be self.count + 1 so that it doesn't exclude the last byte?

[sporksmith]

I don't think so - we're getting the excluded end-bound. e.g. buf[..buf.len()] is all of buf.

[stevenengler]

This generic T isn't used anywhere.

[sporksmith]

Done (I'm surprised Rust didn't complain)

[stevenengler]

A debug log here might be useful if we ever need to debug this.

[sporksmith]

Done (in helpers)

[stevenengler]

A debug log here might be useful if we ever need to debug this.

[sporksmith]

Done (now in memory_manager.read_exact)

[stevenengler]

Can the (&*self.reader) be just self.reader?

[sporksmith]

Done

[stevenengler]

1. This seems like it's mixing counts (buf.len()) with bytes (page_size()). Should this be using buf.len() * sizeof(T)?
2. This seems to be reading in chunks of page_size(), but the chunks don't seem to be aligned at page boundaries if self.ptr itself isn't aligned to a page boundary.

[sporksmith]

This seems like it's mixing counts (buf.len()) with bytes (page_size()). Should this be using buf.len() * sizeof(T)?

Oops; you're right. I'd originally implemented only for u8 intead of for T, but missed the corresponding changes here. (I couldn't figure out a way to define methods in a trait only when T=u8)

I changed the MemoryManager helpers to only take u8 and put the conversions here.

This seems to be reading in chunks of page_size(), but the chunks don't seem to be aligned at page boundaries if self.ptr itself isn't aligned to a page boundary.

... wow yeah I totally botched that. Thanks for catching it!

[stevenengler]

In order to stay consistent with the other functions, I think read_some() should return the number of T items, not the number of bytes returned by readv_ptrs(). So it should return self.memory_manager.readv_ptrs() / size_of(T).

[sporksmith]

Done

[stevenengler]

I think it would be good to assert that str here isn't null.

[sporksmith]

I started to add debug_asserts, but I think we can depend on Rust to do it for us. e.g. https://doc.rust-lang.org/src/core/slice/raw.rs.html#130

[stevenengler]

I don't think debug asserts in the standard library run, for example this code doesn't panic: https://play.rust-lang.org/?version=nightly&mode=debug&edition=2018&gist=9fbb2471cca367c2624d2a04767e37e8

[sporksmith]

Oh wow, that's surprising. I'll go ahead and add it then. I see I also missed a few other comments somehow; will make another pass

[sporksmith]

Done

[sporksmith]

I realized that currently if the caller calls CopyingMemoryReader::ref_exact, and it fails, later calls to CopyingMemoryReader::ref_some will also fail. I also realized that we already have a similar issue with CopyingMemoryWriter::as_mut and CopyingMemoryWriter::as_mut_uninit; the first call "wins".

I think what I'd like to do is move the public methods returning references into MemoryManager, so that the exact type of reference is determined at the time of creation. Probably better to save that for another PR, though.

Thank you for your patience and diligence reviewing all these iterations!

[sporksmith]

I realized that currently if the caller calls CopyingMemoryReader::ref_exact, and it fails, later calls to CopyingMemoryReader::ref_some will also fail

Oh no, that's right I did fix that. But the way I fixed it is that we always go through the more complex read_some path when copying the data. If we move the ref-returning methods into the MemoryManager though, ref_exact can go through the simpler path (which may be marginally faster). mut vs mut_uninit is the bigger issue.

[stevenengler]

I realized that currently if the caller calls CopyingMemoryReader::ref_exact, and it fails, later calls to CopyingMemoryReader::ref_some will also fail

Oh no, that's right I did fix that. But the way I fixed it is that we always go through the more complex read_some path when copying the data. If we move the ref-returning methods into the MemoryManager though, ref_exact can go through the simpler path (which may be marginally faster). mut vs mut_uninit is the bigger issue.

I don't think I follow these comments, but I'll wait to see what the next change looks like :)