Commit 8b3d955f authored by Benno Lossin's avatar Benno Lossin
Browse files

rust: pin-init: improve safety documentation for `impl<T> [Pin]Init<T> for T` 

The inner SAFETY comments were missing since commit 5cfe7bef6751 ("rust:
enable `clippy::undocumented_unsafe_blocks` lint").

Also rework the implementation of `__pinned_init` to better justify the
SAFETY comment.

Link: https://github.com/Rust-for-Linux/pin-init/pull/62/commits/df925b2e27d499b7144df7e62b01acb00d4b94b8


Reviewed-by: default avatarBoqun Feng <boqun.feng@gmail.com>
Link: https://lore.kernel.org/all/20250529081027.297648-1-lossin@kernel.org


Signed-off-by: default avatarBenno Lossin <lossin@kernel.org>
parent 19272b37

rust/pin-init/src/lib.rs

+7 −5
Original line number Diff line number Diff line
@@ -1390,20 +1390,22 @@ pub fn pin_init_array_from_fn<I, const N: usize, T, E>( 
    unsafe { pin_init_from_closure(init) }

}



// SAFETY: Every type can be initialized by-value.

// SAFETY: the `__init` function always returns `Ok(())` and initializes every field of `slot`.

unsafe impl<T, E> Init<T, E> for T {

    unsafe fn __init(self, slot: *mut T) -> Result<(), E> {

        // SAFETY: TODO.

        // SAFETY: `slot` is valid for writes by the safety requirements of this function.

        unsafe { slot.write(self) };

        Ok(())

    }

}



// SAFETY: Every type can be initialized by-value. `__pinned_init` calls `__init`.

// SAFETY: the `__pinned_init` function always returns `Ok(())` and initializes every field of

// `slot`. Additionally, all pinning invariants of `T` are upheld.

unsafe impl<T, E> PinInit<T, E> for T {

    unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {

        // SAFETY: TODO.

        unsafe { self.__init(slot) }

        // SAFETY: `slot` is valid for writes by the safety requirements of this function.

        unsafe { slot.write(self) };

        Ok(())

    }

}