-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Pin to pin RWLock. #77865
Use Pin to pin RWLock. #77865
Conversation
☔ The latest upstream changes (presumably #82982) made this pull request unmergeable. Please resolve the merge conflicts. |
/// Behavior is undefined if there are any currently active users of this | ||
/// lock. | ||
impl Drop for RWLock { | ||
#[inline] | ||
pub unsafe fn destroy(&self) { | ||
self.0.destroy() | ||
fn drop(&mut self) { | ||
// SAFETY: The rwlock wasn't moved since using any of its | ||
// functions, because they all require a Pin. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this changing the safety preconditions? Previously there was something about "active users", which is no longer mentioned.
This seems related to #85434. The "no active users" condition is not actually upheld by the users of this code. So it makes sense to remove this comment here, but IMO then there should be a comment one layer down -- because there pthread_mutex_destroy
is being called and the safety precondition does not ensure all that needs to be ensured. (Basically, this moves the "active users" comment instead of removing it entirely, and acknowledges that we have a gap in our safety reasoning here.)
@m-ou-se any updates on this? |
Closing this due to inactivity. |
Use Pin to guarantee the no-moving requirement of
sys_common::RWLock
.This makes some things safe that were unsafe before.
sys_common::RWLock::destroy
is now changed to a regular (safe) Drop implementation, because it no longer has unsafe requirements.This change leaves the unsafe
sys::RwLock
untouched. Those implementations should probably also use aPin
to make them a bit safer, and move theirdestroy()
toDrop
. But that can be a later change. (I want to wait for #77666 and #77657 before touchingsys
.)r? @withoutboats
Following our conversation on Zulip, this is a better example where
Pin<&Self>
is useful.