[PATCH v10 1/8] rust: types: add `NotThreadSafe`

[Gary Guo]

On Wed, 25 Sep 2024 08:59:04 -0500
"Serge E. Hallyn" <serge at hallyn.com> wrote:

> On Wed, Sep 25, 2024 at 01:06:10PM +0200, Alice Ryhl wrote:
> > On Tue, Sep 24, 2024 at 9:45 PM Serge E. Hallyn <serge at hallyn.com> wrote:  
> > >
> > > On Sun, Sep 15, 2024 at 02:31:27PM +0000, Alice Ryhl wrote:  
> > > > This introduces a new marker type for types that shouldn't be thread
> > > > safe. By adding a field of this type to a struct, it becomes non-Send
> > > > and non-Sync, which means that it cannot be accessed in any way from
> > > > threads other than the one it was created on.
> > > >
> > > > This is useful for APIs that require globals such as `current` to remain
> > > > constant while the value exists.
> > > >
> > > > We update two existing users in the Kernel to use this helper:
> > > >
> > > >  * `Task::current()` - moving the return type of this value to a
> > > >    different thread would not be safe as you can no longer be guaranteed
> > > >    that the `current` pointer remains valid.
> > > >  * Lock guards. Mutexes and spinlocks should be unlocked on the same
> > > >    thread as where they were locked, so we enforce this using the Send
> > > >    trait.  
> > >
> > > Hi,
> > >
> > > this sounds useful, however from kernel side when I think thread-safe,
> > > I think must not be used across a sleep.  Would something like ThreadLocked
> > > or LockedToThread make sense?  
> > 
> > Hmm, those names seem pretty similar to the current name to me?  
> 
> Seems very different to me:
> 
> If @foo is not threadsafe, it may be global or be usable by many
> threads, but must be locked to one thread during access.
> 
> What you're describing here is (iiuc) that @foo must only be used
> by one particular thread.

"locked to one thread during access" means it might be `Send` but not
`!Sync`.

What Alice has here is something is neither `Send` nor `Sync`, so I
think the `NotThreadSafe` is a good name here because it cancels both
guarantees.

Best,
Gary