This is a step towards safe bindings to instance_init: making the implementation safe, though ensuring that *all* fields as initialized is still up to the implementor. This helps making it clear what we want from crates like pinned-init (the Linux one) or its inspiration pin-init.
This series has two concoctions that are a bit more advanced. The one in the first patch is probably going to be temporary once instance_init takes its final form, but it's very useful while we're stuck with piece-by-piece initialization. The fourth patch instead is an adaptation of the technique in GhostCell (https://plv.mpi-sws.org/rustbelt/ghostcell/), which allows to isolate an object within the invocation of a function. This one probably will stay, together with the ParentInit struct that (in one shape or another) acts as the "proof" that instance_init has been called on the parent classes. Paolo Paolo Bonzini (5): rust: qemu_api: introduce MaybeUninit field projection rust: hpet: fully initialize object after instance_init rust: qom: introduce ParentInit rust: qom: make ParentInit lifetime-invariant rust: qom: change instance_init to take a ParentInit<> rust/hw/char/pl011/src/device.rs | 34 +++--- rust/hw/timer/hpet/src/device.rs | 56 +++++----- rust/qemu-api/meson.build | 1 + rust/qemu-api/src/lib.rs | 1 + rust/qemu-api/src/memory.rs | 12 +-- rust/qemu-api/src/qdev.rs | 51 +++++---- rust/qemu-api/src/qom.rs | 175 ++++++++++++++++++++++++++++++- rust/qemu-api/src/uninit.rs | 85 +++++++++++++++ 8 files changed, 341 insertions(+), 74 deletions(-) create mode 100644 rust/qemu-api/src/uninit.rs -- 2.49.0
