Hi Tamir,
This looks good to me overall, a few comments below:
On Thu, Feb 06, 2025 at 11:24:44AM -0500, Tamir Duberstein wrote:
[...]
> +impl<'a, T: ForeignOwnable> Guard<'a, T> {
[...]
> + /// Loads an entry from the array.
> + ///
> + /// Returns the entry at the given index.
> + pub fn get(&self, index: usize) -> Option<T::Borrowed<'_>> {
> + self.load(index, |ptr| {
> + // SAFETY: `ptr` came from `T::into_foreign`.
> + unsafe { T::borrow(ptr.as_ptr()) }
> + })
> + }
> +
> + /// Loads an entry from the array.
Nit: firstly, this function has the same description of `get()`, also
I would prefer something like "Returns a [`T::Borrowed`] of the object
at `index`" rather then "Loads an entry from the array", thoughts?
> + ///
> + /// Returns the entry at the given index.
> + pub fn get_mut(&mut self, index: usize) -> Option<T::BorrowedMut<'_>> {
> + self.load(index, |ptr| {
> + // SAFETY: `ptr` came from `T::into_foreign`.
> + unsafe { T::borrow_mut(ptr.as_ptr()) }
> + })
> + }
> +
> + /// Erases an entry from the array.
Nit: s/Erases/Removes?
> + ///
> + /// Returns the entry which was previously at the given index.
> + pub fn remove(&mut self, index: usize) -> Option<T> {
> + // SAFETY: `self.xa.xa` is always valid by the type invariant.
> + //
> + // SAFETY: The caller holds the lock.
> + let ptr = unsafe { bindings::__xa_erase(self.xa.xa.get(), index) }.cast();
> + // SAFETY: `ptr` is either NULL or came from `T::into_foreign`.
SAFETY comment here needs to mention why there is no alive `T::Borrowed`
or `T::BorrowedMut` out there per the safety requirement.
Regards,
Boqun
> + unsafe { T::try_from_foreign(ptr) }
> + }
> +
[...]
