On 01.08.24 16:37, Alice Ryhl wrote: > On Thu, Aug 1, 2024 at 4:02 PM Benno Lossin <benno.lossin@xxxxxxxxx> wrote: >> On 01.08.24 14:58, Alice Ryhl wrote: >>> +/// A wrapper for the kernel's `struct mm_struct`. >>> +/// >>> +/// This type is identical to `MmWithUser` except that it uses `mmput_async` when dropping a >>> +/// refcount. This means that the destructor of `ARef<MmWithUserAsync>` is safe to call in atomic >>> +/// context. >> >> Missing Invariants. > > Hmm. Structs will inherit invariants from their fields, no? No, usually the fields handle their invariants on their own, eg NonNull can only be constructed if the pointer is not null. But Refcounted structs are somewhat special in this regard, since you cannot construct them by-value. Thus if you build a new struct that contains them, then that also needs to be refcounted and have its own invariant to guarantee that the field still is refcounted. --- Cheers, Benno
