On Fri Sep 29, 2023 at 12:39 PM CEST, Viresh Kumar wrote:
> On 28-09-23, 14:27, Erik Schilling wrote:
> > On Thu Sep 28, 2023 at 1:27 PM CEST, Viresh Kumar wrote:
> > > > - /// Get the Line info object associated with an event.
> > > > - pub(crate) fn new_from_event(info: *mut gpiod::gpiod_line_info) -> Result<Self> {
> > > > - Info::new_internal(info, true)
> > > > + fn as_raw_ptr(&self) -> *mut gpiod::gpiod_line_info {
> > > > + self as *const _ as *mut _
> > >
> > > What's wrong with keeping `_info` as `info` in the structure and using it
> > > directly instead of this, since this is private anyway ?
>
> Ahh, I missed that it is not *mut anymore. Shouldn't we mark it with & as well,
> since it is a reference to the gpiod structure ? Something like ? (I must admit
> that I have forgotten a lot of Rust during my long absence from work :)).
>
> _info: &'a gpiod::gpiod_line_info,
Technically, yes. But that would require a 'a lifetime parameter on
the `Info` struct. Then, instead of using `&Info` you would need to
use `Info<'a>` everywhere.
Which then gets ugly pretty fast since you need to carry it through all
impl blocks, the `Deref` implementation on `InfoOwned` and force it onto
the consumer of the lib.
I think staying with `&Info` keeps the API a lot simpler (and this code
simpler).
>
> > We would still need to cast it the same way. One _could_ write:
> >
> > fn as_raw_ptr(&self) -> *mut gpiod::gpiod_line_info {
> > &self.info as *const _ as *mut _
> > }
>
> Can we use deref to just do this magically for us in this file somehow ?
Hm... Not exactly sure what you mean here. Do you mean a `Deref`
implementation? That one would leak this implementation detail into
public API.
>
> > But the cast dance is still required since we need a *mut, but start
> > with a readonly reference.
> >
> > This is required since libgpiod's C lib keeps the struct internals
> > opaque and does not make guarantees about immutable datastructures for
> > any API calls.
> >
> > Technically, the 1:1 mapping of this to Rust would be to restrict the
> > entire API to `&mut self`. One could do that - it would probably allow
> > us to advertise the structs as `Sync` - but it would require consumers
> > to declare all libgpiod-related variables as `mut`.
Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- From: "Erik Schilling" <erik.schilling@xxxxxxxxxx>
- Date: Fri, 29 Sep 2023 12:58:38 +0200
- In-reply-to: <20230929103915.mkq5hbzmks4rhykh@vireshk-i7>
- References: <20230927-rust-line-info-soundness-v1-0-990dce6f18ab@linaro.org> <20230927-rust-line-info-soundness-v1-1-990dce6f18ab@linaro.org> <20230928112733.nkzirzdcdirmxr3w@vireshk-i7> <CVUJTBQZYN6B.17WXH28G8MKZ2@ablu-work> <20230929103915.mkq5hbzmks4rhykh@vireshk-i7>
- Follow-Ups:
- References:
- [libgpiod][PATCH 0/3] bindings: rust: fix modeling of line_info lifetimes
- From: Erik Schilling
- [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- From: Erik Schilling
- Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- From: Viresh Kumar
- Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- From: Erik Schilling
- Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- From: Viresh Kumar
- [libgpiod][PATCH 0/3] bindings: rust: fix modeling of line_info lifetimes
- Prev by Date: Re: [libgpiod][PATCH 3/3] bindings: rust: mark all owning types as `Send`
- Next by Date: Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- Previous by thread: Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- Next by thread: Re: [libgpiod][PATCH 1/3] bindings: rust: fix soundness of line_info modeling
- Index(es):
 |