Re: [PATCH v2 3/5] rust: add pin-init API
From: Benno Lossin
Date: Fri Mar 24 2023 - 04:39:54 EST
On 23.03.23 07:30, Boqun Feng wrote:
> On Tue, Mar 21, 2023 at 07:50:00PM +0000, Benno Lossin wrote:
> [...]
>> +/// # Syntax
>> +///
>> +/// As already mentioned in the examples above, inside of `pin_init!` a `struct` initializer with
>> +/// the following modifications is expected:
>> +/// - Fields that you want to initialize in-place have to use `<-` instead of `:`.
>> +/// - In front of the initializer you can write `&this in` to have access to a [`NonNull<Self>`]
>> +/// pointer named `this` inside of the initializer.
>> +///
>> +/// For instance:
>> +///
>> +/// ```rust
>> +/// # use kernel::pin_init;
>> +/// # use macros::pin_data;
>> +/// # use core::{ptr::addr_of_mut, marker::PhantomPinned};
>> +/// #[pin_data]
>> +/// struct Buf {
>> +/// ptr: *mut u8,
>> +/// buf: [u8; 64],
>
> Say we have an extra field,
>
> a: u8,
>
>> +/// #[pin]
>> +/// pin: PhantomPinned,
>> +/// }
>> +/// pin_init!(&this in Buf {
>> +/// buf: [0; 64],
>> +/// ptr: unsafe { addr_of_mut!((*this.as_ptr()).buf).cast() },
>
> And I think we want to disallow:
>
> a: unsafe { (*addr_of!(*this.as_ptr().buf))[0] }
>
> , right? Because we don't want `pin_init!` to provide any initialization
> order guarantee? If so, maybe add one or two sentences to call it out.
>
> If not sure, I think we can leave it as it is, until someone really uses
> this pattern ;-)
The `pin_init!` macro initializes everything in the order specified, so
if `a` is the last field you initialize, the code above is fine. I think
we could guarantee this. I will add a comment.
--
Cheers,
Benno