Paolo Bonzini <pbonz...@redhat.com> writes:
> QEMU objects usually have their pointer shared with the "outside
> world" very early in their lifetime, for example when they create their
> MemoryRegions. Because at this point it is not valid anymore to
> create a &mut reference to the device, individual parts of the
> device struct must be made mutable in a controlled manner.
>
> QEMU's Big Lock (BQL) effectively turns multi-threaded code into
> single-threaded code while device code runs, as long as the BQL is not
> released while the device is borrowed (because C code could sneak in and
> mutate the device). We can then introduce custom interior mutability
> primitives
> that are semantically similar to the standard library's (single-threaded)
> Cell and RefCell, but account for QEMU's threading model. Accessing
> the "BqlCell" or borrowing the "BqlRefCell" requires proving that the
> BQL is held, and attempting to access without the BQL is a runtime panic,
> similar to RefCell's already-borrowed panic.
>
> With respect to naming I also considered omitting the "Bql" prefix or
> moving it to the module, e.g. qemu_api::bql::{Cell, RefCell}. However,
> this could easily lead to mistakes and confusion; for example rustc could
> suggest the wrong import, leading to subtle bugs.
>
> As a start introduce the an equivalent of Cell. Almost all of the code
> was taken from Rust's standard library, while removing unstable features
> and probably-unnecessary functionality that constitute a large of the
> original code. A lot of what's left is documentation, as well as unit
> tests in the form of doctests. These are not yet integrated in "make
> check" but can be run with "cargo test --doc".
>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
Reviewed-by: Junjie Mao <junjie....@hotmail.com>
--
Best Regards
Junjie Mao
