diff options
| author | David Tolnay <dtolnay@chromium.org> | 2018-12-03 23:37:46 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-12-05 01:13:41 -0800 |
| commit | 1d4d44a8e229d63aa16d05615ed33100f949863e (patch) | |
| tree | 773bb9b2e6eb29b64d0d68e4985c6e2daf3bb7cc /usb_util | |
| parent | 2ea8f3d0aa7230da41b3e6beba27ff9140f661d3 (diff) | |
| download | crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar.gz crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar.bz2 crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar.lz crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar.xz crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.tar.zst crosvm-1d4d44a8e229d63aa16d05615ed33100f949863e.zip | |
sync: Mutex type with methods that panic instead of return error
This CL adds a crate `sync` containing a type sync::Mutex which wraps the standard library Mutex and mirrors the same methods, except that they panic where the standard library would return a PoisonError. This API codifies our error handling strategy around poisoned mutexes in crosvm. - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is held (or ever) takes down the entire process. Thus we would like for code not to have to consider the possibility of poison. - We could ask developers to always write `.lock().unwrap()` on a standard library mutex. However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but only on mutex lock results. During code review it may not always be obvious whether a particular unwrap is unwrapping a mutex lock result or a different error that should be handled in a more principled way. Developers should feel free to use sync::Mutex anywhere in crosvm that they would otherwise be using std::sync::Mutex. TEST=boot linux Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f Reviewed-on: https://chromium-review.googlesource.com/1359923 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'usb_util')
| -rw-r--r-- | usb_util/Cargo.toml | 1 | ||||
| -rw-r--r-- | usb_util/src/lib.rs | 2 | ||||
| -rw-r--r-- | usb_util/src/libusb_context.rs | 6 |
3 files changed, 7 insertions, 2 deletions
diff --git a/usb_util/Cargo.toml b/usb_util/Cargo.toml index a0984a2..c455981 100644 --- a/usb_util/Cargo.toml +++ b/usb_util/Cargo.toml @@ -6,6 +6,7 @@ build = "build.rs" [dependencies] data_model = { path = "../data_model" } +sync = { path = "../sync" } [build-dependencies] pkg-config = "=0.3.11" diff --git a/usb_util/src/lib.rs b/usb_util/src/lib.rs index 82d35b5..5c7889d 100644 --- a/usb_util/src/lib.rs +++ b/usb_util/src/lib.rs @@ -11,6 +11,8 @@ mod bindings; extern crate data_model; +extern crate sync; + #[macro_use] pub mod error; pub mod config_descriptor; diff --git a/usb_util/src/libusb_context.rs b/usb_util/src/libusb_context.rs index 65cd2cc..b9f2f1a 100644 --- a/usb_util/src/libusb_context.rs +++ b/usb_util/src/libusb_context.rs @@ -9,7 +9,9 @@ use std::os::unix::io::RawFd; use bindings; use error::{Error, Result}; use libusb_device::LibUsbDevice; -use std::sync::{Arc, Mutex}; +use std::sync::Arc; + +use sync::Mutex; pub struct LibUsbContextInner { context: *mut bindings::libusb_context, @@ -123,7 +125,7 @@ impl LibUsbContext { } // Safe because raw_holder is from Boxed pointer. let holder = unsafe { Box::from_raw(raw_holder) }; - *self.inner.pollfd_change_handler.lock().unwrap() = Some(holder); + *self.inner.pollfd_change_handler.lock() = Some(holder); } /// Remove the previous registered notifiers. |