crosvm/sync/src/lib.rs

// Copyright 2018 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

//! Sync primitive types whose methods panic rather than returning error in case of poison.
//!
//! The Mutex/Condvar type in this crates wraps the standard library versions and mirrors the same
//! methods, except that they panic where the standard library would return an Error. This API
//! codifies our error handling strategy around poisoned mutexes in crosvm.
//!
//! - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is
//!   held (or ever) takes down the entire process. Thus we would like for code not to have to
//!   consider the possibility of poison.
//!
//! - We could ask developers to always write `.lock().unwrap()` on a standard library mutex.
//!   However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but
//!   only on mutex lock results. During code review it may not always be obvious whether a
//!   particular unwrap is unwrapping a mutex lock result or a different error that should be
//!   handled in a more principled way.
//!
//! Developers should feel free to use types defined in this crate anywhere in crosvm that they
//! would otherwise be using the corresponding types in std::sync.

mod condvar;
mod mutex;

pub use condvar::Condvar;
pub use mutex::{Mutex, WouldBlock};
sync: Mutex type with methods that panic instead of return error This CL adds a crate `sync` containing a type sync::Mutex which wraps the standard library Mutex and mirrors the same methods, except that they panic where the standard library would return a PoisonError. This API codifies our error handling strategy around poisoned mutexes in crosvm. - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is held (or ever) takes down the entire process. Thus we would like for code not to have to consider the possibility of poison. - We could ask developers to always write `.lock().unwrap()` on a standard library mutex. However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but only on mutex lock results. During code review it may not always be obvious whether a particular unwrap is unwrapping a mutex lock result or a different error that should be handled in a more principled way. Developers should feel free to use sync::Mutex anywhere in crosvm that they would otherwise be using std::sync::Mutex. TEST=boot linux Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f Reviewed-on: https://chromium-review.googlesource.com/1359923 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org> 2018-12-04 07:37:46 +00:00			`// Copyright 2018 The Chromium OS Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

sync: add Convar wrapper that panics instead of returning Result The Condvar wrapper exposed by this change is analogous to the Mutex wrapper in this crate. Instead of a Result being returned in the case of a poisoned Mutex, a panic is triggered. TEST=cargo build BUG=chromium:920875 Change-Id: Id8bd6bc2891bfc5c8ce334fbdb482ef40500f2d7 Reviewed-on: https://chromium-review.googlesource.com/1416316 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> 2019-01-16 22:11:35 +00:00			`//! Sync primitive types whose methods panic rather than returning error in case of poison.`
			`//!`
			`//! The Mutex/Condvar type in this crates wraps the standard library versions and mirrors the same`
			`//! methods, except that they panic where the standard library would return an Error. This API`
			`//! codifies our error handling strategy around poisoned mutexes in crosvm.`
			`//!`
			`//! - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is`
			`//! held (or ever) takes down the entire process. Thus we would like for code not to have to`
			`//! consider the possibility of poison.`
			`//!`
			//! - We could ask developers to always write `.lock().unwrap()` on a standard library mutex.
			`//! However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but`
			`//! only on mutex lock results. During code review it may not always be obvious whether a`
			`//! particular unwrap is unwrapping a mutex lock result or a different error that should be`
			`//! handled in a more principled way.`
			`//!`
			`//! Developers should feel free to use types defined in this crate anywhere in crosvm that they`
			`//! would otherwise be using the corresponding types in std::sync.`

			`mod condvar;`
sync: Mutex type with methods that panic instead of return error This CL adds a crate `sync` containing a type sync::Mutex which wraps the standard library Mutex and mirrors the same methods, except that they panic where the standard library would return a PoisonError. This API codifies our error handling strategy around poisoned mutexes in crosvm. - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is held (or ever) takes down the entire process. Thus we would like for code not to have to consider the possibility of poison. - We could ask developers to always write `.lock().unwrap()` on a standard library mutex. However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but only on mutex lock results. During code review it may not always be obvious whether a particular unwrap is unwrapping a mutex lock result or a different error that should be handled in a more principled way. Developers should feel free to use sync::Mutex anywhere in crosvm that they would otherwise be using std::sync::Mutex. TEST=boot linux Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f Reviewed-on: https://chromium-review.googlesource.com/1359923 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org> 2018-12-04 07:37:46 +00:00			`mod mutex;`

sync: add Convar wrapper that panics instead of returning Result The Condvar wrapper exposed by this change is analogous to the Mutex wrapper in this crate. Instead of a Result being returned in the case of a poisoned Mutex, a panic is triggered. TEST=cargo build BUG=chromium:920875 Change-Id: Id8bd6bc2891bfc5c8ce334fbdb482ef40500f2d7 Reviewed-on: https://chromium-review.googlesource.com/1416316 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> 2019-01-16 22:11:35 +00:00			`pub use condvar::Condvar;`
sync: Mutex type with methods that panic instead of return error This CL adds a crate `sync` containing a type sync::Mutex which wraps the standard library Mutex and mirrors the same methods, except that they panic where the standard library would return a PoisonError. This API codifies our error handling strategy around poisoned mutexes in crosvm. - Crosvm releases are built with panic=abort so poisoning never occurs. A panic while a mutex is held (or ever) takes down the entire process. Thus we would like for code not to have to consider the possibility of poison. - We could ask developers to always write `.lock().unwrap()` on a standard library mutex. However, we would like to stigmatize the use of unwrap. It is confusing to permit unwrap but only on mutex lock results. During code review it may not always be obvious whether a particular unwrap is unwrapping a mutex lock result or a different error that should be handled in a more principled way. Developers should feel free to use sync::Mutex anywhere in crosvm that they would otherwise be using std::sync::Mutex. TEST=boot linux Change-Id: I9727b6f8fee439edb4a8d52cf19d59acf04d990f Reviewed-on: https://chromium-review.googlesource.com/1359923 Commit-Ready: David Tolnay <dtolnay@chromium.org> Tested-by: David Tolnay <dtolnay@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org> 2018-12-04 07:37:46 +00:00			`pub use mutex::{Mutex, WouldBlock};`