[PATCH RFC 02/18] rust: drm: Add Device and Driver abstractions

Boqun Feng boqun.feng at gmail.com
Fri Mar 10 18:56:31 UTC 2023


On Tue, Mar 07, 2023 at 11:25:27PM +0900, Asahi Lina wrote:
[...]
> +
> +// SAFETY: `Device` only holds a pointer to a C device, which is safe to be used from any thread.
> +unsafe impl<T: drm::drv::Driver> Send for Device<T> {}
> +
> +// SAFETY: `Device` only holds a pointer to a C device, references to which are safe to be used
> +// from any thread.
> +unsafe impl<T: drm::drv::Driver> Sync for Device<T> {}
> +

Here is the mind model I use to check whether a type is `Send` or
`Sync`

*	If an object of a type can be created on one thread and dropped
	on the another thread, then it's `Send`.

*	If multiple threads can call the immutable functions (i.e.
	functions with `&self`) of the same object of a type, then the
	it's `Sync`.

Maybe it's incomplete, but at least I find it useful to determine
whether a type is `Send` or `Sync`: it's not just the struct
representation, the behaviors (functions) of the struct also matter.

If that looks reasonable to you, maybe update the "SAFETY" comments in
the future version? Thanks ;-)

(I know you brought this up in the meeting, sorry I guess I wasn't fully
woken when answering you ;-))

Regards,
Boqun

> +// Make drm::Device work for dev_info!() and friends
> +unsafe impl<T: drm::drv::Driver> device::RawDevice for Device<T> {
> +    fn raw_device(&self) -> *mut bindings::device {
> +        // SAFETY: ptr must be valid per the type invariant
> +        unsafe { (*self.ptr).dev }
> +    }
> +}
[...]


More information about the dri-devel mailing list