Description
The uefi and uefi-services crates currently uses a number of unstable features. Right now I don't think we can avoid unstable features, but eventually we want to be able to compile on stable Rust. I figure a good thing to do in support of that goal is to track what unstable features we use, the status of those features, and why we need them. (This list will likely change over time, I'll try to keep this issue up to date.)
Note: I'm not including the unstable -Zbuild-std feature in this issue, as that's a cargo feature. It's also not a hard requirement for a couple reasons:
Theueficrate doesn't have to be built for one of the UEFI targets, e.g. it can be used from within an ELF kernel that was booted on a UEFI device.If you are building for a UEFI target, it doesn't necessarily have to be done with-Zbuild-std. You can build a stable Rust compiler with support for the UEFI targets, they just aren't available as prebuilts with rustup because they are tier 3 platforms.- Update:
-Zbuild-stdis no longer required as the three UEFI targets are now tier 2 and available via rustup.
What features are used
ueficrate:abi_efiapimaybe_uninit_slicenegative_implsptr_metadatatry_trait_v2vec_into_raw_parts
uefi-servicescrate:
Why do we need these features?
These features fall into three categories:
- Required (these are features we can't really do without):
abi_efiapi: When compiling for a UEFI target this is pretty much equivalent to using the C ABI, but specifying the EFI ABI is necessary when compiling for other targets.alloc_error_handler: This is required when using the standardalloccrate without thestdcrate. There is a relateddefault_alloc_error_handlerwhich seems like it might be more likely to get stabilized.
- Safety (we could potentially drop some of these features, but they help make the code safer, or to make unsafe code more readable):
maybe_uninit_slice: could probably be replaced with some unsafe casts.maybe_uninit_sliceandvec_into_raw_partsfeatures #622negative_impls: this is used to mark implementors ofProtocolas!Sendand!Sync. The practical consequences of this seem pretty limited to me since prior to exiting boot services you're running on a single processor anyway, and there's no threading support. But I definitely haven't thought about this deeply, perhaps there's more to it.unsafe_protocolmacro and drop use of the unstablenegative_implsfeature #607ptr_metadata: makes the DST code cleaner, but could be replaced with someunsafehacks.ptr_metadependency #621vec_into_raw_parts: only used in one place, could probably be replaced by copying some code from thealloclib.maybe_uninit_sliceandvec_into_raw_partsfeatures #622
- Nice-to-have (we could drop these features without much loss of functionality):
try_trait_v2: This is used to make?work withStatus. Within theueficrate this feature is actually barely used. Harder to say if users of the crate are making use of the feature, but I think it would probably be fine to drop it as it can generally be replaced withResult::from(status)?.
Next steps
I don't think there's much for us to do until abi_efiapi and alloc_error_handler (or default_alloc_error_handler) are stabilized, since as described above those seem pretty necessary to me for the functionality we want to expose from uefi and uefi-services.
We should continue to be judicious about enabling more unstable features, but for new features in the mold of maybe_uninit_slice that just make unsafe code more readable and are easy to replace with local polyfills I don't think there's much reason not to add them where useful.
Once those two required features are stabilized though, we might want to consider trying to more aggressively prune away remaining uses of unstable features so that the crates can compile on stable, possibly with some additional crate features to gate use of unstable features for users that remain on nightly.