Sometimes these requirements were reasonable, just unwritten. Sometimes they were a bit too flexible/wild and I had to make some opinionated decisions when writing the Rust abstractions to narrow it down to a safe usage.
Sometimes I had to add extra locking inside the abstraction in order to make it practical to make safe. Sometimes I had to make some small changes to the C side to make it more orthogonal or logical and usable, e.g. to expose an unlocked function to be used with a lock taken.
Sometimes the locking was subtle enough that while I was able to write a safe Rust abstraction, it came with a big doc comment explaining how you have to be careful with usage and drop order to avoid deadlocks (deadlocks are "safe", Rust doesn't inherently protect against them).
Sometimes it was a lost cause without making the C side more reasonable (drm_sched only, really).
However, most of the time the compromises made when writing the Rust abstraction point at issues with the C side design and how it could be improved.
In general the approach is "write the Rust side making as few changes to the C side first to avoid conflict, then maybe propose changes to the C side based on lessons learned" (we haven't really gotten to the second part yet at all).
Asahi Lina (朝日リナ) // nullptr::live /
npub1cx…z6wtz
2024-08-31 11:44:22
in reply to nevent1q…my4g
Author Public Key
npub1cxqje22r8ewnr30rt625d58cr8gpdjnw405cq5765m2qsvghnmpquz6wtzPublished at
2024-08-31 11:44:22Event JSON
{
"id": "b712817777c6885873a730561aedf6d5f6153f450ae0663c9d8d685811b75a18",
"pubkey": "c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2",
"created_at": 1725104662,
"kind": 1,
"tags": [
[
"p",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"proxy",
"https://vt.social/@lina/113056459179184253",
"web"
],
[
"e",
"b853271c1960b8ee9ad9bbd5e5d71cf93dab8ec3348aabdd9d441d592923e6e6",
"",
"root",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"proxy",
"https://vt.social/users/lina/statuses/113056459179184253",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://vt.social/users/lina/statuses/113056459179184253",
"pink.momostr"
],
[
"-"
]
],
"content": "Sometimes these requirements were reasonable, just unwritten. Sometimes they were a bit too flexible/wild and I had to make some opinionated decisions when writing the Rust abstractions to narrow it down to a safe usage.\n\nSometimes I had to add extra locking inside the abstraction in order to make it practical to make safe. Sometimes I had to make some small changes to the C side to make it more orthogonal or logical and usable, e.g. to expose an unlocked function to be used with a lock taken.\n\nSometimes the locking was subtle enough that while I was able to write a safe Rust abstraction, it came with a big doc comment explaining how you have to be careful with usage and drop order to avoid deadlocks (deadlocks are \"safe\", Rust doesn't inherently protect against them).\n\nSometimes it was a lost cause without making the C side more reasonable (drm_sched only, really).\n\nHowever, most of the time the compromises made when writing the Rust abstraction point at issues with the C side design and how it could be improved.\n\nIn general the approach is \"write the Rust side making as few changes to the C side first to avoid conflict, then maybe propose changes to the C side based on lessons learned\" (we haven't really gotten to the second part yet at all).",
"sig": "01217af6c837962d65b8161c3badea5005ab9f7ca060c975fcf39f9e0e513823bde3cd0904db2217173db334832d7d0a2ef0ed1d21ae1928a824b30e6cb77d3e"
}