Rust 1.83 fixes #598
Merged
Rust 1.83 fixes #598
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this became mandatory in 1.83 to remove warnings. I think it should have no impact on functionality.
So in Rust 1.83, we now get a strongly worded warning telling us to really, really don't use static muts. They aren't wrong, except that in some places like the kernel we have few options: we are conjuring pointers out of thin air, creating memory mappings, and then doing things with them that are hard for the compiler to reason about. I think the newly minted warning was made because the intention is that we could use the new fancy `const` semantics to take the place of static mut usage by wrapping things in UnsafeCell, and I think maaaaybe in some cases this could apply here, but as a simple example a dive into the kernel debug UART indicates that to initialize the shared variable we have to allocate pages in the page table, which involves calling the memory manager and doing some decidedly non-const type of things. So one option is we could just push the debug UART initialization into the loader and paper over the whole thing by pretending it's static. Instead of that, we adopt a pattern of casting all our static muts to a raw pointer, and then back into what we want. The cast to raw pointer is like an "uber unsafe" marker that says "no we really mean that this pointer is where it is and we conjured it out of thin air and we promise that the behavior is defined and values are representable, etc.". In general we're fairly judicious about the use of static mut in the kernel, and when in the kernel there's no thread pre-emption (although we could take an interrupt or page fault) so generally we are single-threaded. The trickiest spots are when we have to take a page fault while handling a page fault (for example, allocating a new L1 page table entry would require something like this) but this code path is fairly carefully vetted. So instead of just doing a global lint silence, we use an `&raw` idiom to call out the fact that we're doing something naughty wherever we do it, which makes the compiler "happy" (for now) while still making the code ugly enough that it looks sufficiently scary and you have to apply some cognitive burden to even reason about what's going on, which I *think* is the intention of Rust in this case. Basically you get a get out of jail free card but you can't simply wear it on a lanyard and pass through the gate -- every time we need to use it, we have to do a little dance and wash ourselves in the waters of unsafety and recite the mantras about defined behavior, representable numbers, thread safety, etc.
this is probably the most significant source of consternation but also this code path has been fairly well-trodden. That being said it might be worth considering if there is any way to use some of the new Rust const based reasoning logic to see if we can't tighten this up someday, but today is not that day.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.