ffi - How can I initialize sigset_t or other variables used as "out parameters" in Rust?

Question

I'm trying to learn more about FFI in Rust and linking with C libraries, specifically libc. While on my "quest", I came across the following problem.

Normal pattern in C

void(* sig_set(int sig, void(*handler)(int))) {
    // uninitialized sigaction structs
    struct sigaction new_action, old_action;

    // assign options to new action
    new_action.sa_flags = SA_RESTART;
    new_action.sa_handler = handler;
    sigemptyset(&new_action.sa_mask);

    if(sigaction(sig, &new_action, &old_action) < 0) {
        fprintf(stderr, "Error: %s!
", "signal error");
        exit(1);
    }
    return old_action.sa_handler;
}

Attempt in Rust

use libc; // 0.2.77

fn sig_init(sig: i32, handler: fn(i32) -> ()) -> usize {
    unsafe {
        let mut new_action: libc::sigaction;
        let mut old_action: libc::sigaction;

        new_action.sa_flags = 0x10000000;
        new_action.sa_sigaction = handler as usize;
        libc::sigemptyset(&mut new_action.sa_mask as *mut libc::sigset_t);

        libc::sigaction(
            sig,
            &mut new_action as *mut libc::sigaction,
            &mut old_action as *mut libc::sigaction,
        );
        old_action.sa_sigaction
    }
}

The compiler will throw the following error:

error[E0381]: assign to part of possibly-uninitialized variable: `new_action`
 --> src/lib.rs:8:9
  |
8 |         new_action.sa_flags = 0x10000000;
  |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ use of possibly-uninitialized `new_action`

error[E0381]: borrow of possibly-uninitialized variable: `old_action`
  --> src/lib.rs:15:13
   |
15 |             &mut old_action as *mut libc::sigaction,
   |             ^^^^^^^^^^^^^^^ use of possibly-uninitialized `old_action`

This makes sense as very bad things could happen if sigemptyset were to read from sa_mask. So I tried the following on line 3 of the above.

let mut new_action: libc::sigaction = libc::sigaction {
    sa_sigaction: handler as usize,
    sa_flags: 0x10000000,
    sa_mask: mask,
};

This will not work as _restorer is missing in the above example, but _restorer is private. How would I get around this problem or a similar situation? Would you use something like mem::transmute?

Answer 1

The standard library defines a couple of types and functions to deal with initialization. They are generic, so they can be used to initialize values of any type.

Modern Rust suggests using MaybeUninit in most cases. Applied to your case, it would look something like:

use std::mem::MaybeUninit;

let mut new_action: libc::sigaction = MaybeUninit::zeroed().assume_init();
let mut old_action: libc::sigaction = MaybeUninit::zeroed().assume_init();

MaybeUninit was stabilized in Rust 1.36. Before that, you could use std::mem::uninitialized(), which gives you an uninitialized value. LLVM will consider the contents to be undefined, and will perform aggressive optimizations based on this. You must initialize any value before it's read.

More appropriate to your case, there's std::mem::zeroed(), which gives you a value whose storage is filled with zeroes. This function is unsafe because such a value is not necessarily legal for all types. zeroed() is appropriate for "plain old data" (POD) types. Applied to your case, it would look something like:

use std::mem;

let mut new_action: libc::sigaction = mem::zeroed();
let mut old_action: libc::sigaction = mem::zeroed();