On Tue, Mar 07, 2023 at 11:25:27PM +0900, Asahi Lina wrote:
[...]
> +
> +// SAFETY: `Device` only holds a pointer to a C device, which is safe to be
> used from any thread.
> +unsafe impl<T: drm::drv::Driver> Send for Device<T> {}
> +
> +// SAFETY: `Device` only holds a pointer to a C device, references to which
> are safe to be used
> +// from any thread.
> +unsafe impl<T: drm::drv::Driver> Sync for Device<T> {}
> +
Here is the mind model I use to check whether a type is `Send` or
`Sync`
* If an object of a type can be created on one thread and dropped
on the another thread, then it's `Send`.
* If multiple threads can call the immutable functions (i.e.
functions with `&self`) of the same object of a type, then the
it's `Sync`.
Maybe it's incomplete, but at least I find it useful to determine
whether a type is `Send` or `Sync`: it's not just the struct
representation, the behaviors (functions) of the struct also matter.
If that looks reasonable to you, maybe update the "SAFETY" comments in
the future version? Thanks ;-)
(I know you brought this up in the meeting, sorry I guess I wasn't fully
woken when answering you ;-))
Regards,
Boqun
> +// Make drm::Device work for dev_info!() and friends
> +unsafe impl<T: drm::drv::Driver> device::RawDevice for Device<T> {
> + fn raw_device(&self) -> *mut bindings::device {
> + // SAFETY: ptr must be valid per the type invariant
> + unsafe { (*self.ptr).dev }
> + }
> +}
[...]
