From: Paolo Bonzini <pbonzini@redhat.com>
To: Zhao Liu <zhao1.liu@intel.com>
Cc: qemu-devel@nongnu.org, qemu-rust@nongnu.org
Subject: Re: [PATCH 02/10] rust: qom: add reference counting functionality
Date: Wed, 29 Jan 2025 11:16:21 +0100 [thread overview]
Message-ID: <CABgObfbLaHXtoGAkUVW9CUXio-N_1A=Awq0=ZCY3G8sAO+9NXQ@mail.gmail.com> (raw)
In-Reply-To: <Z5c8gVcUn4rzVpID@intel.com>
On Mon, Jan 27, 2025 at 8:38 AM Zhao Liu <zhao1.liu@intel.com> wrote:
>
> > +impl<T: ObjectType> Owned<T> {
> > + /// Convert a raw C pointer into an owned reference to the QOM
> > + /// object it points to. The object's reference count will be
> > + /// decreased when the `Owned` is dropped.
> > + ///
> > + /// # Panics
> > + ///
> > + /// Panics if `ptr` is NULL.
> > + ///
> > + /// # Safety
> > + ///
> > + /// The caller must indeed own a reference to the QOM object.
> > + /// The object must not be embedded in another unless the outer
> > + /// object is guaranteed to have a longer lifetime.
> > + ///
> > + /// A raw pointer obtained via [`Owned::into_raw()`] can always be passed
> > + /// back to `from_raw()` (assuming the original `Owned` was valid!),
> > + /// since the owned reference remains there between the calls to
> > + /// `into_raw()` and `from_raw()`.
> > + #[allow(clippy::missing_const_for_fn)]
> > + pub unsafe fn from_raw(ptr: *const T) -> Self {
> > + // SAFETY NOTE: while NonNull requires a mutable pointer, only
> > + // Deref is implemented so the pointer passed to from_raw
> > + // remains const
> > + Owned(NonNull::new(ptr as *mut T).unwrap())
> > + }
>
> ...
>
> > + /// Increase the reference count of a QOM object and return
> > + /// a new owned reference to it.
> > + ///
> > + /// # Safety
> > + ///
> > + /// The object must not be embedded in another, unless the outer
> > + /// object is guaranteed to have a longer lifetime.
> > + pub unsafe fn from(obj: &T) -> Self {
> > + unsafe {
> > + object_ref(obj.as_object_mut_ptr().cast::<c_void>());
> > +
> > + // SAFETY NOTE: while NonNull requires a mutable pointer, only
> > + // Deref is implemented so the reference passed to from_raw
> > + // remains shared
> > + Owned(NonNull::new_unchecked(obj.as_mut_ptr()))
> > + }
> > + }
> > +}
> > +
>
> About the difference between from_raw() and from(), I understand if the
> C side also holds a pointer, the Rust side must increase the reference
> count (using Owned::from), and If the C side does not have any other
> pointers, Rust can directly use Owned::from_raw. Am I right?
Pretty much - more precisely you use Object::from_raw 1) if the C side
gifts a reference 2) if you got the pointer from Owned::into_raw. The
second case is similar to Arc::from_raw, which expects that you got a
reference from Arc::into_raw. The first is the more common case.
>
> * The use of from():
>
> let clk = bindings::qdev_init_clock_in(...)
> Owned::from(&*clk)
In this case the C side wants to manage the reference that
qdev_init_clock_in() returns; it is dropped in
qdev_finalize_clocklist(). So Rust code needs to increase the
refcount.
> * The use of from_raw():
>
> fn new() -> Owned<Self> {
> assert!(bql_locked());
> // SAFETY: the object created by object_new is allocated on
> // the heap and has a reference count of 1
> unsafe {
> let obj = &*object_new(Self::TYPE_NAME.as_ptr());
> Owned::from_raw(obj.unsafe_cast::<Self>())
> }
> }
In this case the C side lets the caller manage the (only) reference
when object_new returns, so you must not increase the refcount.
Owned::from() is slightly less efficient, though that almost never
matters. If it does you can use ManuallyDrop::new(Owned::from_raw(p)).
> Comparing with these 2 use cases, I find the difference is
> qdev_init_clock_in() creates a pointer in qdev_init_clocklist().
That is related, but more precisely the difference is that
qdev_init_clock_in() wants to unref that pointer later.
> Then the comment "the clock is heap allocated and does not have
> a reference" sounds like a conflict. I'm sure I'm missing something. :-(
Changed:
// SAFETY: the clock is heap allocated, but qdev_init_clock_in()
// does not gift the reference to its caller; so use Owned::from to
// add one. the callback is disabled automatically when the clock
// is unparented, which happens before the device is finalized.
Thanks for the review!
Paolo
next prev parent reply other threads:[~2025-01-29 10:16 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-17 19:39 [RFC PATCH 00/10] rust: remaining part of qdev bindings Paolo Bonzini
2025-01-17 19:39 ` [PATCH 01/10] rust: qemu-api: add sub-subclass to the integration tests Paolo Bonzini
2025-01-20 16:40 ` Zhao Liu
2025-01-17 19:39 ` [PATCH 02/10] rust: qom: add reference counting functionality Paolo Bonzini
2025-01-26 15:15 ` Zhao Liu
2025-01-29 10:03 ` Paolo Bonzini
2025-02-05 8:28 ` Zhao Liu
2025-01-27 7:57 ` Zhao Liu
2025-01-29 10:16 ` Paolo Bonzini [this message]
2025-02-05 9:13 ` Zhao Liu
2025-02-05 9:10 ` Paolo Bonzini
2025-02-05 9:40 ` Zhao Liu
2025-02-06 3:26 ` Zhao Liu
2025-01-17 19:39 ` [PATCH 03/10] rust: qom: add object creation functionality Paolo Bonzini
2025-02-06 7:49 ` Zhao Liu
2025-02-06 7:39 ` Paolo Bonzini
2025-01-17 19:39 ` [PATCH 04/10] rust: callbacks: allow passing optional callbacks as () Paolo Bonzini
2025-01-27 8:41 ` Zhao Liu
2025-01-17 19:39 ` [PATCH 05/10] rust: qdev: add clock creation Paolo Bonzini
2025-02-06 8:15 ` Zhao Liu
2025-01-17 19:39 ` [PATCH 06/10] rust: qom: allow initializing interface vtables Paolo Bonzini
2025-01-27 10:33 ` Zhao Liu
2025-01-17 19:40 ` [PATCH 07/10] rust: qdev: make ObjectImpl a supertrait of DeviceImpl Paolo Bonzini
2025-01-27 9:10 ` Zhao Liu
2025-02-06 8:37 ` Philippe Mathieu-Daudé
2025-01-17 19:40 ` [PATCH 08/10] rust: qdev: switch from legacy reset to Resettable Paolo Bonzini
2025-01-27 10:31 ` Zhao Liu
2025-01-27 18:01 ` Paolo Bonzini
2025-01-28 9:25 ` Zhao Liu
2025-02-06 8:31 ` Zhao Liu
2025-01-17 19:40 ` [PATCH 09/10] rust: bindings: add Sync markers to types referred to by MemoryRegionOps Paolo Bonzini
2025-01-27 10:58 ` Zhao Liu
2025-01-17 19:40 ` [PATCH 10/10] rust: bindings for MemoryRegionOps Paolo Bonzini
2025-01-27 12:12 ` Zhao Liu
2025-01-27 18:11 ` Paolo Bonzini
2025-02-06 9:15 ` Zhao Liu
2025-02-06 9:15 ` Paolo Bonzini
2025-02-06 8:39 ` Philippe Mathieu-Daudé
2025-02-06 8:46 ` Paolo Bonzini
2025-02-06 10:02 ` Philippe Mathieu-Daudé
2025-02-06 10:19 ` Paolo Bonzini
2025-02-10 10:38 ` Philippe Mathieu-Daudé
2025-01-24 2:46 ` [RFC PATCH 00/10] rust: remaining part of qdev bindings Zhao Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABgObfbLaHXtoGAkUVW9CUXio-N_1A=Awq0=ZCY3G8sAO+9NXQ@mail.gmail.com' \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-rust@nongnu.org \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).