On 10.01.24 19:32, Wedson Almeida Filho wrote:
>>> +#[pinned_drop]
>>> +impl PinnedDrop for Registration {
>>> + fn drop(self: Pin<&mut Self>) {
>>> + // SAFETY: If an instance of `Self` has been successfully created, a call to
>>> + // `register_filesystem` has necessarily succeeded. So it's ok to call
>>> + // `unregister_filesystem` on the previously registered fs.
>>
>> I would simply add an invariant on `Registration` that `self.fs` is
>> registered, then you do not need such a lengthy explanation here.
>
> Since this is the only place I need this explanation, I prefer to
> leave it here because it's exactly where I need it.
I get why you want this, but consider this: someone adds a another
`new` function, but forgets to call `register_filesystem`. They have
no indication except for this comment in the `Drop` impl, that they
are doing something wrong.
I took a look at the implement ion of `unregister_filesystem` and
found that you can pass an unregistered filesystem, in that case
the function just returns an error. I think the only safety
requirement of `unregister_filesystem` is that if the supplied
pointer is a registered filesystem, the pointee is valid.
--
Cheers,
Benno
