You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been working on a safe abstraction layer over wdk-sys called wdk-safe
and wanted to share it here and get some feedback from people who actually
know this space.
The main idea was simple — instead of relying on documentation to enforce
kernel invariants, encode them directly in the type system so the compiler
catches mistakes before they become BSODs.
Three things I'm most curious about:
Linear IRP ownership — Irp<C> consumes itself on complete(),
so double-complete is a compile error. There's also a #[must_use]
drop bomb in debug builds if you forget to complete an IRP.
IrpCompleter trait — decouples IoCompleteRequest from the core
logic, so the full test suite runs on any Windows host without a WDK
installed. Found this really useful during development.
define_ioctl! macro — instead of passing around untyped *mut u8
buffers, you declare input/output types at the call site.
I know wdk crate is the official direction and this isn't meant to compete
with it — more like one possible answer to "what could the ergonomic layer
above wdk-sys look like."
Would love any feedback — including "this doesn't make sense" or
"we already thought about this and here's why we went differently."
Both are useful to me.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hellooo everyone,
I've been working on a safe abstraction layer over wdk-sys called wdk-safe
and wanted to share it here and get some feedback from people who actually
know this space.
The main idea was simple — instead of relying on documentation to enforce
kernel invariants, encode them directly in the type system so the compiler
catches mistakes before they become BSODs.
Three things I'm most curious about:
Linear IRP ownership —
Irp<C>consumes itself oncomplete(),so double-complete is a compile error. There's also a
#[must_use]drop bomb in debug builds if you forget to complete an IRP.
IrpCompleter trait — decouples
IoCompleteRequestfrom the corelogic, so the full test suite runs on any Windows host without a WDK
installed. Found this really useful during development.
define_ioctl!macro — instead of passing around untyped*mut u8buffers, you declare input/output types at the call site.
I know
wdkcrate is the official direction and this isn't meant to competewith it — more like one possible answer to "what could the ergonomic layer
above wdk-sys look like."
Repo: https://github.com/arelove/wdk-safe
Would love any feedback — including "this doesn't make sense" or
"we already thought about this and here's why we went differently."
Both are useful to me.
Beta Was this translation helpful? Give feedback.
All reactions