Mark get_raw as unsafe.

kaist-cp · Jan 20, 2021 · ddecffe · ddecffe
1 parent 159d99e
commit ddecffe
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/kernel-rs/src/proc.rs b/kernel-rs/src/proc.rs
@@ -207,9 +207,15 @@ pub enum Procstate {
     USED,
 }
 
-pub trait WaitableGuard {
+/// Represents lock guards that can be slept in a `WaitChannel`.
+pub trait Waitable {
     /// Returns a reference to the inner `RawSpinlock`.
-    fn get_raw(&self) -> &RawSpinlock;
+    ///
+    /// # Safety
+    ///
+    /// You should manually prove the correctness when directly accessing
+    /// the inner `RawSpinlock` instead of using the lock's API.
+    unsafe fn get_raw(&self) -> &RawSpinlock;
 }
 
 pub struct WaitChannel {
@@ -229,7 +235,7 @@ impl WaitChannel {
     /// # Safety
     ///
     /// Make sure `lk` is the only lock we currently hold.
-    pub unsafe fn sleep<T: WaitableGuard>(&self, lk: &mut T) {
+    pub unsafe fn sleep<T: Waitable>(&self, lk: &mut T) {
         let p = &*myproc();
 
         // Must acquire p->lock in order to

diff --git a/kernel-rs/src/sleepablelock.rs b/kernel-rs/src/sleepablelock.rs
@@ -1,5 +1,5 @@
 //! Sleepable locks
-use crate::proc::{WaitChannel, WaitableGuard};
+use crate::proc::{WaitChannel, Waitable};
 use crate::spinlock::RawSpinlock;
 use core::cell::UnsafeCell;
 use core::marker::PhantomData;
@@ -71,8 +71,8 @@ impl<T> SleepablelockGuard<'_, T> {
     }
 }
 
-impl<T> WaitableGuard for SleepablelockGuard<'_, T> {
-    fn get_raw(&self) -> &RawSpinlock {
+impl<T> Waitable for SleepablelockGuard<'_, T> {
+    unsafe fn get_raw(&self) -> &RawSpinlock {
         &self.lock.lock
     }
 }

diff --git a/kernel-rs/src/spinlock.rs b/kernel-rs/src/spinlock.rs
@@ -1,6 +1,6 @@
 use crate::{
     kernel::kernel,
-    proc::{Cpu, WaitableGuard},
+    proc::{Cpu, Waitable},
     riscv::{intr_get, intr_off, intr_on},
 };
 use core::cell::UnsafeCell;
@@ -198,8 +198,8 @@ impl<T> SpinlockGuard<'_, T> {
     }
 }
 
-impl<T> WaitableGuard for SpinlockGuard<'_, T> {
-    fn get_raw(&self) -> &RawSpinlock {
+impl<T> Waitable for SpinlockGuard<'_, T> {
+    unsafe fn get_raw(&self) -> &RawSpinlock {
         &self.lock.lock
     }
 }
@@ -264,8 +264,8 @@ impl<T> SpinlockProtected<T> {
     }
 }
 
-impl WaitableGuard for SpinlockProtectedGuard<'_> {
-    fn get_raw(&self) -> &RawSpinlock {
+impl Waitable for SpinlockProtectedGuard<'_> {
+    unsafe fn get_raw(&self) -> &RawSpinlock {
         &self.lock
     }
 }