From: "Andreas Hindborg (Samsung)" <nmi@metaspace.dk>
To: Alice Ryhl <aliceryhl@google.com>
Cc: alex.gaynor@gmail.com, benno.lossin@proton.me,
bjorn3_gh@protonmail.com, boqun.feng@gmail.com, gary@garyguo.net,
linux-kernel@vger.kernel.org, ojeda@kernel.org,
patches@lists.linux.dev, rust-for-linux@vger.kernel.org,
wedsonaf@gmail.com
Subject: Re: [PATCH v1] rust: add improved version of `ForeignOwnable::borrow_mut`
Date: Wed, 23 Aug 2023 10:43:18 +0200 [thread overview]
Message-ID: <87msyi406u.fsf@metaspace.dk> (raw)
In-Reply-To: <20230822093154.3478754-1-aliceryhl@google.com>
Alice Ryhl <aliceryhl@google.com> writes:
> Andreas Hindborg <nmi@metaspace.dk> writes:
>>> diff --git a/rust/kernel/sync/arc.rs b/rust/kernel/sync/arc.rs
>>> index 172f563976a9..f152a562c9c3 100644
>>> --- a/rust/kernel/sync/arc.rs
>>> +++ b/rust/kernel/sync/arc.rs
>>> @@ -232,26 +232,35 @@ pub fn ptr_eq(this: &Self, other: &Self) -> bool {
>>>
>>> impl<T: 'static> ForeignOwnable for Arc<T> {
>>> type Borrowed<'a> = ArcBorrow<'a, T>;
>>> + // Mutable access to the `Arc` does not give any extra abilities over
>>> + // immutable access.
>>> + type BorrowedMut<'a> = ArcBorrow<'a, T>;
>>>
>>> fn into_foreign(self) -> *const core::ffi::c_void {
>>> ManuallyDrop::new(self).ptr.as_ptr() as _
>>> }
>>>
>>> - unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T> {
>>> - // SAFETY: By the safety requirement of this function, we know that `ptr` came from
>>> - // a previous call to `Arc::into_foreign`.
>>> - let inner = NonNull::new(ptr as *mut ArcInner<T>).unwrap();
>>> -
>>> - // SAFETY: The safety requirements of `from_foreign` ensure that the object remains alive
>>> - // for the lifetime of the returned value.
>>> - unsafe { ArcBorrow::new(inner) }
>>> - }
>>> -
>>> unsafe fn from_foreign(ptr: *const core::ffi::c_void) -> Self {
>>> // SAFETY: By the safety requirement of this function, we know that `ptr` came from
>>> // a previous call to `Arc::into_foreign`, which guarantees that `ptr` is valid and
>>> // holds a reference count increment that is transferrable to us.
>>> - unsafe { Self::from_inner(NonNull::new(ptr as _).unwrap()) }
>>> + unsafe { Self::from_inner(NonNull::new_unchecked(ptr as _)) }
>>> }
>>> +
>>> + unsafe fn borrow<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T> {
>>> + // SAFETY: By the safety requirement of this function, we know that `ptr` came from
>>> + // a previous call to `Arc::into_foreign`.
>>> + let inner = unsafe { NonNull::new_unchecked(ptr as *mut ArcInner<T>) };
>>> +
>>> + // SAFETY: The safety requirements ensure that we will not give up our
>>> + // foreign-owned refcount while the `ArcBorrow` is still live.
>>> + unsafe { ArcBorrow::new(inner) }
>>> + }
>>> +
>>> + unsafe fn borrow_mut<'a>(ptr: *const core::ffi::c_void) -> ArcBorrow<'a, T> {
>>> + // SAFETY: The safety requirements for `borrow_mut` are a superset of the safety
>>> + // requirements for `borrow`.
>>> + unsafe { Self::borrow(ptr) }
>>> + }
>>
>> I am not sure this makes sense. How about splitting the trait in two,
>> immutable and mutable and only implementing the immutable one or Arc?
>
> I used this design based on what would make sense for a linked list. The
> idea is that we can have two different types of cursors for a linked
> list: immutable and mutable. The immutable cursor lets you:
>
> * move around the linked list
> * access the values using `borrow`
>
> The mutable cursor lets you:
>
> * move around the linked list
> * delete or add items to the list
> * access the values using `borrow_mut`
>
> The mutable cursor gives you extra abilities beyond the `borrow` vs
> `borrow_mut` distinction, so we want to provide both types of cursors
> even if the pointer type is Arc. To do that, we need a trait that
> defines what it means to have mutable access to an Arc.
I don't see how that prevents this trait from being split in two?
BR Andreas
next prev parent reply other threads:[~2023-08-23 8:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-10 7:46 [PATCH v1] rust: add improved version of `ForeignOwnable::borrow_mut` Alice Ryhl
2023-07-11 17:42 ` Boqun Feng
2023-07-14 10:28 ` Alice Ryhl
2023-07-13 3:28 ` Martin Rodriguez Reboredo
2023-07-15 13:38 ` Benno Lossin
2023-08-09 14:09 ` Andreas Hindborg (Samsung)
2023-08-22 9:31 ` Alice Ryhl
2023-08-23 8:40 ` Andreas Hindborg (Samsung)
2023-08-22 9:31 ` Alice Ryhl
2023-08-23 8:43 ` Andreas Hindborg (Samsung) [this message]
2023-08-23 10:34 ` Alice Ryhl
2023-08-23 16:09 ` Andreas Hindborg (Samsung)
2023-10-25 12:22 ` Ariel Miculas (amiculas)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msyi406u.fsf@metaspace.dk \
--to=nmi@metaspace.dk \
--cc=alex.gaynor@gmail.com \
--cc=aliceryhl@google.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=gary@garyguo.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=patches@lists.linux.dev \
--cc=rust-for-linux@vger.kernel.org \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.