From: Alice Ryhl <aliceryhl@google.com>
To: Benno Lossin <benno.lossin@proton.me>
Cc: "Matt Gilbride" <mattgilbride@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Alex Gaynor" <alex.gaynor@gmail.com>,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Andreas Hindborg" <a.hindborg@samsung.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
"Carlos Llamas" <cmllamas@google.com>,
"Suren Baghdasaryan" <surenb@google.com>,
"Christian Brauner" <brauner@kernel.org>,
"Rob Landley" <rob@landley.net>,
"Davidlohr Bueso" <dave@stgolabs.net>,
"Michel Lespinasse" <michel@lespinasse.org>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 5/6] rust: rbtree: add `RBTreeCursor`
Date: Tue, 6 Aug 2024 10:24:56 +0200 [thread overview]
Message-ID: <CAH5fLgh30z2Cfixn1aC-LPp-ua46eJ+jREWDTfhMK3aqXzbt-A@mail.gmail.com> (raw)
In-Reply-To: <309d3d27-62d0-42b0-b50a-40692a019b40@proton.me>
On Mon, Aug 5, 2024 at 9:35 PM Benno Lossin <benno.lossin@proton.me> wrote:
>
> On 27.07.24 22:30, Matt Gilbride wrote:
> > + /// Returns a cursor over the tree nodes based on the given key.
> > + ///
> > + /// If the given key exists, the cursor starts there.
> > + /// Otherwise it starts with the first larger key in sort order.
> > + /// If there is no larger key, it returns [`None`].
> > + pub fn cursor_lower_bound(&mut self, key: &K) -> Option<RBTreeCursor<'_, K, V>>
> > + where
> > + K: Ord,
> > + {
> > + let mut node = self.root.rb_node;
> > + let mut best_match: Option<NonNull<Node<K, V>>> = None;
> > + while !node.is_null() {
> > + // SAFETY: By the type invariant of `Self`, all non-null `rb_node` pointers stored in `self`
> > + // point to the links field of `Node<K, V>` objects.
> > + let this = unsafe { container_of!(node, Node<K, V>, links) }.cast_mut();
> > + // SAFETY: `this` is a non-null node so it is valid by the type invariants.
> > + let this_key = unsafe { &(*this).key };
> > + // SAFETY: `node` is a non-null node so it is valid by the type invariants.
> > + let left_child = unsafe { (*node).rb_left };
> > + // SAFETY: `node` is a non-null node so it is valid by the type invariants.
> > + let right_child = unsafe { (*node).rb_right };
> > + if key == this_key {
> > + return NonNull::new(node).map(|current| {
> > + // INVARIANT:
> > + // - `node` is a valid node in the [`RBTree`] pointed to by `self`.
> > + // - Due to the type signature of this function, the returned [`RBTreeCursor`]
> > + // borrows mutably from `self`.
> > + RBTreeCursor {
> > + current,
> > + tree: self,
> > + }
> > + });
> > + } else {
> > + node = if key > this_key {
> > + right_child
> > + } else {
> > + let is_better_match = match best_match {
> > + None => true,
> > + Some(best) => {
> > + // SAFETY: `best` is a non-null node so it is valid by the type invariants.
> > + let best_key = unsafe { &(*best.as_ptr()).key };
> > + best_key > this_key
> > + }
> > + };
> > + if is_better_match {
> > + best_match = NonNull::new(this);
> > + }
> > + left_child
> > + };
> > + }
> > + }
> > +
> > + let best = best_match?;
> > +
> > + // SAFETY: `best` is a non-null node so it is valid by the type invariants.
> > + let links = unsafe { addr_of_mut!((*best.as_ptr()).links) };
> > +
> > + NonNull::new(links).map(|current| {
>
> Why would `links` be a null pointer? AFAIK it just came from `best`
> which is non-null. (I don't know if we want to use `new_unchecked`
> instead, but wanted to mention it)
It's never a null pointer in this branch. Do you prefer an extra
unsafe block to call new_unchecked?
> > + // INVARIANT:
> > + // - `current` is a valid node in the [`RBTree`] pointed to by `self`.
> > + // - Due to the type signature of this function, the returned [`RBTreeCursor`]
> > + // borrows mutably from `self`.
> > + RBTreeCursor {
> > + current,
> > + tree: self,
> > + }
> > + })
> > + }
>
> [...]
>
> > +/// // Calling `remove_next` removes and returns the last element.
> > +/// assert_eq!(cursor.remove_next().unwrap().to_key_value(), (30, 300));
> > +///
> > +/// # Ok::<(), Error>(())
> > +/// ```
>
> I would put a newline here.
Ok.
> > +/// # Invariants
> > +/// - `current` points to a node that is in the same [`RBTree`] as `tree`.
> > +pub struct RBTreeCursor<'a, K, V> {
>
> I think we can name it just `Cursor`, since one can refer to it as
> `rbtree::Cursor` and then it also follows the naming scheme for `Iter`
> etc.
You are welcome to submit that as a follow-up change.
> > + tree: &'a mut RBTree<K, V>,
> > + current: NonNull<bindings::rb_node>,
> > +}
> > +
> > +// SAFETY: The [`RBTreeCursor`] gives out immutable references to K and mutable references to V,
> > +// so it has the same thread safety requirements as mutable references.
> > +unsafe impl<'a, K: Send, V: Send> Send for RBTreeCursor<'a, K, V> {}
>
> Again, do we want to use `K: Sync` here instead?
In this case, `K: Send` and `K: Sync` are both sufficient conditions,
but `K: Send` will generally be less restrictive for the user.
> > + fn peek(&self, direction: Direction) -> Option<(&K, &V)> {
> > + self.get_neighbor_raw(direction)
> > + // SAFETY:
> > + // - `neighbor` is a valid tree node.
> > + // - By the function signature, we have an immutable reference to `self`.
> > + .map(|neighbor| unsafe { Self::to_key_value(neighbor) })
>
> Alternative way of formatting this:
>
> self.get_neighbor_raw(direction).map(|neighbor| {
> // SAFETY:
> // - `neighbor` is a valid tree node.
> // - By the function signature, we have an immutable reference to `self`.
> unsafe { Self::to_key_value(neighbor) }
> })
>
> I think it looks nicer, but we should probably have a written
> preference.
We can reformat since we need another version anyway, but otherwise I
would have asked you to make this a follow-up change.
> > + }
> > +
> > + /// Access the previous node mutably without moving the cursor.
> > + pub fn peek_prev_mut(&mut self) -> Option<(&K, &mut V)> {
> > + self.peek_mut(Direction::Prev)
> > + }
> > +
> > + /// Access the next node mutably without moving the cursor.
> > + pub fn peek_next_mut(&mut self) -> Option<(&K, &mut V)> {
> > + self.peek_mut(Direction::Next)
> > + }
> > +
> > + fn peek_mut(&mut self, direction: Direction) -> Option<(&K, &mut V)> {
> > + self.get_neighbor_raw(direction)
> > + // SAFETY:
> > + // - `neighbor` is a valid tree node.
> > + // - By the function signature, we have a mutable reference to `self`.
> > + .map(|neighbor| unsafe { Self::to_key_value_mut(neighbor) })
>
> Ditto.
Ditto.
Alice
next prev parent reply other threads:[~2024-08-06 8:25 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-27 20:30 [PATCH v8 0/6] Red-black tree abstraction needed by Rust Binder Matt Gilbride
2024-07-27 20:30 ` [PATCH v8 1/6] rust: kernel: add `drop_contents` to `BoxExt` Matt Gilbride
2024-08-01 9:00 ` Alice Ryhl
2024-08-01 9:02 ` Alice Ryhl
2024-07-27 20:30 ` [PATCH v8 2/6] rust: rbtree: add red-black tree implementation backed by the C version Matt Gilbride
2024-07-30 21:54 ` Boqun Feng
2024-07-30 21:56 ` Boqun Feng
2024-08-05 19:02 ` Benno Lossin
2024-08-06 8:41 ` Alice Ryhl
2024-08-06 8:51 ` Benno Lossin
2024-07-27 20:30 ` [PATCH v8 3/6] rust: rbtree: add iterator Matt Gilbride
2024-08-05 19:08 ` Benno Lossin
2024-07-27 20:30 ` [PATCH v8 4/6] rust: rbtree: add mutable iterator Matt Gilbride
2024-08-05 19:22 ` Benno Lossin
2024-08-06 8:30 ` Alice Ryhl
2024-08-06 9:23 ` Benno Lossin
2024-07-27 20:30 ` [PATCH v8 5/6] rust: rbtree: add `RBTreeCursor` Matt Gilbride
2024-08-05 19:35 ` Benno Lossin
2024-08-06 8:24 ` Alice Ryhl [this message]
2024-08-06 9:01 ` Benno Lossin
2024-08-06 9:04 ` Alice Ryhl
2024-08-06 9:27 ` Benno Lossin
2024-07-27 20:30 ` [PATCH v8 6/6] rust: rbtree: add `RBTree::entry` Matt Gilbride
2024-08-05 20:02 ` Benno Lossin
2024-08-06 8:39 ` Alice Ryhl
2024-07-30 21:57 ` [PATCH v8 0/6] Red-black tree abstraction needed by Rust Binder Boqun Feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH5fLgh30z2Cfixn1aC-LPp-ua46eJ+jREWDTfhMK3aqXzbt-A@mail.gmail.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@samsung.com \
--cc=alex.gaynor@gmail.com \
--cc=arve@android.com \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=dave@stgolabs.net \
--cc=gary@garyguo.net \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=mattgilbride@google.com \
--cc=michel@lespinasse.org \
--cc=ojeda@kernel.org \
--cc=rob@landley.net \
--cc=rust-for-linux@vger.kernel.org \
--cc=surenb@google.com \
--cc=tkjos@android.com \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).