rust-for-linux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alice Ryhl <aliceryhl@google.com>
To: mcanal@igalia.com
Cc: a.hindborg@samsung.com, alex.gaynor@gmail.com,
	aliceryhl@google.com,  benno.lossin@proton.me,
	bjorn3_gh@protonmail.com, boqun.feng@gmail.com,
	 gary@garyguo.net, kernel-dev@igalia.com, lina@asahilina.net,
	 linux-fsdevel@vger.kernel.org, ojeda@kernel.org,
	 rust-for-linux@vger.kernel.org, wedsonaf@gmail.com,
	willy@infradead.org
Subject: Re: [PATCH v7 2/2] rust: xarray: Add an abstraction for XArray
Date: Wed, 28 Feb 2024 10:32:20 +0000	[thread overview]
Message-ID: <20240228103220.3941367-1-aliceryhl@google.com> (raw)
In-Reply-To: <20240209223201.2145570-4-mcanal@igalia.com>

> From: Asahi Lina <lina@asahilina.net>
> 
> The XArray is an abstract data type which behaves like a very large
> array of pointers. Add a Rust abstraction for this data type.
> 
> The initial implementation uses explicit locking on get operations and
> returns a guard which blocks mutation, ensuring that the referenced
> object remains alive. To avoid excessive serialization, users are
> expected to use an inner type that can be efficiently cloned (such as
> Arc<T>), and eagerly clone and drop the guard to unblock other users
> after a lookup.
> 
> Future variants may support using RCU instead to avoid mutex locking.
> 
> This abstraction also introduces a reservation mechanism, which can be
> used by alloc-capable XArrays to reserve a free slot without immediately
> filling it, and then do so at a later time. If the reservation is
> dropped without being filled, the slot is freed again for other users,
> which eliminates the need for explicit cleanup code.
> 
> Signed-off-by: Asahi Lina <lina@asahilina.net>
> Co-developed-by: Maíra Canal <mcanal@igalia.com>
> Signed-off-by: Maíra Canal <mcanal@igalia.com>

Sorry for the delay in reviewing this.

I have one important comment (the first one), and the rest are nits that
are not so important.


> +pub struct Guard<'a, T: ForeignOwnable>(NonNull<T>, &'a XArray<T>);

This stores a pointer to a `T`, but really it's the pointer returned by
`into_foreign`, correct? So e.g. in the case of `T = Box<U>`, you have
an `NonNull<Box<U>>`, even though the pointer actually points at an
`U`, not a `Box<U>`.

I think it's better to keep this as `NonNull<c_void>`, since that's the
type used by `into_foreign`. That also lets you remove a bunch of calls
to `.cast()`.

> +/// INVARIANT: All pointers stored in the array are pointers obtained by
> +/// calling `T::into_foreign` or are NULL pointers. By using the pin-init
> +/// initialization, `self.xa` is always an initialized and valid XArray.

Nit: usually invariants listed on structs use this heading:

/// # Invariants
/// 
/// All pointers stored ...

Nit: You also do not need to mention that you use pin-init to make
`self.xa` be initialized and valid. It's enough to explain that it is
always initialized and valid - the *how* is not necessary in this type
of comment.

> +/// Represents a reserved slot in an `XArray`, which does not yet have a value but has an assigned
> +/// index and may not be allocated by any other user. If the Reservation is dropped without
> +/// being filled, the entry is marked as available again.
> +///
> +/// Users must ensure that reserved slots are not filled by other mechanisms, or otherwise their
> +/// contents may be dropped and replaced (which will print a warning).
> +pub struct Reservation<'a, T: ForeignOwnable>(&'a XArray<T>, usize, PhantomData<T>);

Nit: I don't think the PhantomData is necessary here.

> +            if !new.is_null() {
> +                // SAFETY: If `new` is not NULL, it came from the `ForeignOwnable` we got
> +                // from the caller.
> +                unsafe { T::from_foreign(new) };
> +            }

Nit: Adding a call to `drop` here makes the code more clear to me.

> +        unsafe {
> +            bindings::xa_destroy(self.xa.get());
> +        }

Nit: Moving the semicolon outside of the unsafe block formats better.

Alice

  parent reply	other threads:[~2024-02-28 10:32 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-09 22:31 [PATCH v7 0/2] rust: xarray: Add an abstraction for XArray Maíra Canal
2024-02-09 22:31 ` [PATCH v7 1/2] rust: types: add FOREIGN_ALIGN to ForeignOwnable Maíra Canal
2024-02-27  7:53   ` Andreas Hindborg
2024-02-28 10:09   ` Alice Ryhl
2024-02-09 22:31 ` [PATCH v7 2/2] rust: xarray: Add an abstraction for XArray Maíra Canal
2024-02-27  7:54   ` Andreas Hindborg
2024-02-28  9:56     ` Andreas Hindborg
2024-02-28 10:32   ` Alice Ryhl [this message]
2024-02-28 10:44   ` Miguel Ojeda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240228103220.3941367-1-aliceryhl@google.com \
    --to=aliceryhl@google.com \
    --cc=a.hindborg@samsung.com \
    --cc=alex.gaynor@gmail.com \
    --cc=benno.lossin@proton.me \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun.feng@gmail.com \
    --cc=gary@garyguo.net \
    --cc=kernel-dev@igalia.com \
    --cc=lina@asahilina.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=mcanal@igalia.com \
    --cc=ojeda@kernel.org \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=wedsonaf@gmail.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).