Update documentation of as_ptr function of Atomic$Int to clarify circumstances of usage
#139637
Conversation
rustbot
added
S-waiting-on-review
madhav-madhusoodanan
changed the title
as_ptr to reflect that its usage must not lead to data racesas_ptr function of Atomic$Int to reflect that its usage must not lead to data races
madhav-madhusoodanan
changed the title
as_ptr function of Atomic$Int to reflect that its usage must not lead to data racesas_ptr function of Atomic$Int to clarify circumstances of usage
This comment has been minimized.
This comment has been minimized.
madhav-madhusoodanan
force-pushed
the
Atomic_as_ptr_doc_update
branch
from
c1108bf to
27c0b65
Compare
|
I've added an example where there is no |
|
@rustbot author |
rustbot
added
S-waiting-on-author
|
Reminder, once the PR becomes ready for a review, use |
…ead to data races.
…mstances of usage
madhav-madhusoodanan
force-pushed
the
Atomic_as_ptr_doc_update
branch
from
27c0b65 to
a87f6ea
Compare
|
@rustbot ready |
rustbot
added
S-waiting-on-review
| /// use of the returned raw pointer requires an `unsafe` block and still has to uphold the same | ||
| /// restriction: operations on it must be atomic. | ||
| /// All modifications of an atomic change the value through a shared reference, and can do so safely | ||
| /// as long as they use atomic operations. |
There was a problem hiding this comment.
I don't get the first part of this sentence... what else would they do?
There was a problem hiding this comment.
Github is being silly and doesn't let me make this a suggestion, so let me post this manually -- how about:
/// Note that doing non-atomic reads or writes on the resulting integer can be
/// Undefined Behavior due to a data race; see the [memory model section] for further information.
///
/// This method is mostly useful for FFI, where the function signature may use
#[doc = concat!("`*mut ", stringify!($int_type), "` instead of `&", stringify!($atomic_type), "`.")]As I said before, this should link to the module-level memory model docs. You can probably use an intra-doc link like that... crate::sync::atomic#memory-model-for-atomic-accesses should work.
|
@rustbot author |
rustbot
added
S-waiting-on-author
| /// | ||
| /// Returning an `*mut` pointer from a shared reference to this atomic is safe because the |
There was a problem hiding this comment.
Just wanted to clarify one thing, would it be a good idea to note about interior mutability too?
There was a problem hiding this comment.
No, I would say interior mutability is an implementation detail.
There was a problem hiding this comment.
Got it.
|
@rustbot ready |
rustbot
added
S-waiting-on-review
library/core/src/sync/atomic.rs
Outdated
| /// This method is mostly useful for FFI, where the function signature may use | ||
| /// `*mut bool` instead of `&AtomicBool`. | ||
| /// Note that doing non-atomic reads or writes on the resulting integer can be | ||
| /// Undefined Behavior due to a data race; see the [Memory model section] for further information. |
There was a problem hiding this comment.
| /// Undefined Behavior due to a data race; see the [Memory model section] for further information. | |
| /// Undefined Behavior due to a data race; see the [memory model section] for further information. |
Why did you not just copy-paste my suggestion?
There was a problem hiding this comment.
Apologies.
I take it as an exercise in learning and understanding the nuances of what my changes do, especially when I'm dealing with comments. Hence i usually avoid directly copy pasting.
There was a problem hiding this comment.
May I ask if intradoc links are case sensitive? I'm slightly new to rustdoc and I wasn't able to notice this detail.
There was a problem hiding this comment.
This is just standard markdown, not rustdoc: if you write [Memory], it will be shown as "Memory" in the rendered HTML, but we do not want this to be capitalized.
I take it as an exercise in learning and understanding the nuances of what my changes do, especially when I'm dealing with comments. Hence i usually avoid directly copy pasting.
Feel free to do this and then diff the result, but as a reviewer it takes a lot of extra attention if I can't even rely on suggestions being realized correctly. You can of course have a good reason to diverge from my suggestion, but then you should explain why.
| /// All modifications of an atomic change the value through a shared reference, and can do so safely | ||
| /// as long as they use atomic operations. |
There was a problem hiding this comment.
What is the point of this last sentence? It did not exist in my suggestion.
There was a problem hiding this comment.
That was not added. That is the consequence of removing the sentences surrounding it in this commit:
- The "interior mutability" detail
- The "unsafe" block detail
There was a problem hiding this comment.
I guess I wasn't clear enough then when posting my suggestion -- please remove this sentence. I've already told you a week ago that by removing the sentence before this, you made this sentence here entirely void of context and confusing.
|
@madhav-madhusoodanan if you prefer I can just post a PR myself for this, that has a lot less friction than me trying to explain to you my suggested edits, in particular since we seem to need 2 round-trips for each suggestion. ;) |
madhav-madhusoodanan
force-pushed
the
Atomic_as_ptr_doc_update
branch
from
c8ad0bc to
2415282
Compare
|
That odd sentence "All modifications of an atomic change the value through a shared reference, and can do so safely as long as they use atomic operations." is still around. I don't know how to make it any more clear that you should remove it everywhere. It made sense before your PR due to the surrounding context, but you removed that context, and now it's entirely unclear what the point of that sentence is. @rustbot author |
rustbot
added
S-waiting-on-author
Context
The documentation of
as_ptrmentions that "operations on it must be atomic". This may confuse developers, since non-atomic reads may be safely performed in certain circumstances (eg: when they do not lead to a data race).The core message is that non-atomic accesses are UB if they cause a data race.
This update ensures such clarity on the circumstances of usage of the
as_ptrfunction.Associated Issue
cc: @RalfJung @briansmith