Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling

linux-gpio.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Erik Schilling" <erik.schilling@linaro.org>
To: "Viresh Kumar" <viresh.kumar@linaro.org>
Cc: "Linux-GPIO" <linux-gpio@vger.kernel.org>,
	"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>
Subject: Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
Date: Fri, 29 Sep 2023 12:58:38 +0200	[thread overview]
Message-ID: <CVVCJRMQOWE2.23245F2VB5792@ablu-work> (raw)
In-Reply-To: <20230929103915.mkq5hbzmks4rhykh@vireshk-i7>

On Fri Sep 29, 2023 at 12:39 PM CEST, Viresh Kumar wrote:
> On 28-09-23, 14:27, Erik Schilling wrote:
> > On Thu Sep 28, 2023 at 1:27 PM CEST, Viresh Kumar wrote:
> > > > -    /// Get the Line info object associated with an event.
> > > > -    pub(crate) fn new_from_event(info: *mut gpiod::gpiod_line_info) -> Result<Self> {
> > > > -        Info::new_internal(info, true)
> > > > +    fn as_raw_ptr(&self) -> *mut gpiod::gpiod_line_info {
> > > > +        self as *const _ as *mut _
> > >
> > > What's wrong with keeping `_info` as `info` in the structure and using it
> > > directly instead of this, since this is private anyway ?
>
> Ahh, I missed that it is not *mut anymore. Shouldn't we mark it with & as well,
> since it is a reference to the gpiod structure ? Something like ? (I must admit
> that I have forgotten a lot of Rust during my long absence from work :)).
>
>     _info: &'a gpiod::gpiod_line_info,

Technically, yes. But that would require a 'a lifetime parameter on
the `Info` struct. Then, instead of using `&Info` you would need to
use `Info<'a>` everywhere.

Which then gets ugly pretty fast since you need to carry it through all
impl blocks, the `Deref` implementation on `InfoOwned` and force it onto
the consumer of the lib.

I think staying with `&Info` keeps the API a lot simpler (and this code
simpler).

>
> > We would still need to cast it the same way. One _could_ write:
> > 
> >     fn as_raw_ptr(&self) -> *mut gpiod::gpiod_line_info {
> >         &self.info as *const _ as *mut _
> >     }
>
> Can we use deref to just do this magically for us in this file somehow ?

Hm... Not exactly sure what you mean here. Do you mean a `Deref`
implementation? That one would leak this implementation detail into
public API.

>
> > But the cast dance is still required since we need a *mut, but start
> > with a readonly reference.
> > 
> > This is required since libgpiod's C lib keeps the struct internals
> > opaque and does not make guarantees about immutable datastructures for
> > any API calls.
> > 
> > Technically, the 1:1 mapping of this to Rust would be to restrict the
> > entire API to `&mut self`. One could do that - it would probably allow
> > us to advertise the structs as `Sync` - but it would require consumers
> > to declare all libgpiod-related variables as `mut`.

next prev parent reply	other threads:[~2023-09-29 10:59 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-27 16:29 [libgpiod][PATCH 0/3] bindings: rust: fix modeling of line_info lifetimes Erik Schilling
2023-09-27 16:29 ` [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling Erik Schilling
2023-09-28 11:27   ` Viresh Kumar
2023-09-28 12:27     ` Erik Schilling
2023-09-29 10:39       ` Viresh Kumar
2023-09-29 10:58         ` Erik Schilling [this message]
2023-09-29 11:02           ` Viresh Kumar
2023-09-28 13:24   ` Erik Schilling
2023-09-29 10:39     ` Viresh Kumar
2023-09-29 11:06       ` Erik Schilling
2023-09-29 10:50     ` Manos Pitsidianakis
2023-09-27 16:29 ` [libgpiod][PATCH 2/3] bindings: rust: allow cloning line::Info -> line::OwnedInfo Erik Schilling
2023-09-28 12:52   ` Erik Schilling
2023-09-29 10:50     ` Viresh Kumar
2023-09-29 11:05       ` Erik Schilling
2023-09-27 16:29 ` [libgpiod][PATCH 3/3] bindings: rust: bump major for libgpiod crate Erik Schilling
2023-09-29 12:43   ` Bartosz Golaszewski
2023-09-29 12:45     ` Erik Schilling

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CVVCJRMQOWE2.23245F2VB5792@ablu-work \
    --to=erik.schilling@linaro.org \
    --cc=linux-gpio@vger.kernel.org \
    --cc=manos.pitsidianakis@linaro.org \
    --cc=viresh.kumar@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).