Re: Rust kernel policy

From: Willy Tarreau
Date: Wed Feb 19 2025 - 11:18:03 EST


On Wed, Feb 19, 2025 at 06:07:23PM +0200, Laurent Pinchart wrote:

> > Regardless I do understand how these cleanups can help in a number of
> > case, at least to avoid some code duplication.
>
> They're particularly useful to "destroy" local variables that don't need
> to be returned. This allows implementing scope guards, to facilitate
> lock handling for instance. Once a mutex guard is instantiated, the
> mutex is locked, and it will be guaranteed to be unlocked in every
> return path.

Yeah absolutely. However I remember having faced code in the past where
developers had abused this "unlock on return" concept resulting in locks
lazily being kept way too long after an operation. I don't think this
will happen in the kernel thanks to reviews, but typically all the stuff
that's done after a locked retrieval was done normally is down outside
of the lock, while here for the sake of not dealing with unlocks, quite
a few lines were still covered by the lock for no purpose. Anyway
there's no perfect solution.

Ideally when a compiler is smart enough to say "I would have cleaned
up here", it could be cool to just have a warning so that the developer
decides where to perform it. The problem is that it'd quickly becomes
a mess since the compiler cannot guess that you've done your own cleanup
before (without yet other anotations), which precisely is the point of
doing it unconditionally when leaving scope.

Willy