On Wed, Dec 11, 2024 at 11:48 AM Benoît du Garreau <benoit@xxxxxxxxxxxx> wrote:
>
> On Tue, 10 Dec 2024 23:46:33 +0100 Danilo Krummrich <dakr@xxxxxxxxxx> wrote:
> > +/// A guard that allows access to a revocable object and keeps it alive.
> > +///
> > +/// CPUs may not sleep while holding on to [`RevocableGuard`] because it's in atomic context
> > +/// holding the RCU read-side lock.
> > +///
> > +/// # Invariants
> > +///
> > +/// The RCU read-side lock is held while the guard is alive.
> > +pub struct RevocableGuard<'a, T> {
> > + data_ref: *const T,
> > + _rcu_guard: rcu::Guard,
> > + _p: PhantomData<&'a ()>,
> > +}
>
> Shouldn't this type hold a `&'a T` directly instead of a raw pointer ?
No, because the value might get destroyed before the end of the
lifetime 'a. It's not legal to use references for containers that
might free or otherwise invalidate the referent in their destructor.
That said, the PhantomData field should probably be `&'a T`. It
doesn't actually change anything, but it carries the right intent.
Alice
