Merge #548

548: Fixed aliasing issue due to RacyCell implementation r=perlindgren a=korken89



Co-authored-by: Emil Fresk <emil.fresk@gmail.com>
Co-authored-by: Per Lindgren <per.lindgren@ltu.se>

1 files changed, 27 insertions, 6 deletions

diff --git a/src/lib.rs b/src/lib.rs
index ca52ec1e..8463442a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -59,6 +59,27 @@ where
 use core::cell::UnsafeCell;
 
 /// Internal replacement for `static mut T`
+///
+/// Used to represent RTIC Resources
+///
+/// Soundness:
+/// 1) Unsafe API for internal use only
+/// 2) get_mut(&self) -> *mut T
+///    returns a raw mutable pointer to the inner T
+///    casting to &mut T is under control of RTIC
+///    RTIC ensures &mut T to be unique under Rust aliasing rules.
+///
+///    Implementation uses the underlying UnsafeCell<T>
+///    self.0.get() -> *mut T
+///
+/// 3) get(&self) -> *const T
+///    returns a raw immutable (const) pointer to the inner T
+///    casting to &T is under control of RTIC
+///    RTIC ensures &T to be shared under Rust aliasing rules.
+///
+///    Implementation uses the underlying UnsafeCell<T>
+///    self.0.get() -> *mut T, demoted to *const T
+///    
 #[repr(transparent)]
 pub struct RacyCell<T>(UnsafeCell<T>);
 
@@ -69,16 +90,16 @@ impl<T> RacyCell<T> {
         RacyCell(UnsafeCell::new(value))
     }
 
-    /// Get `&mut T`
+    /// Get `*mut T`
     #[inline(always)]
-    pub unsafe fn get_mut_unchecked(&self) -> &mut T {
-        &mut *self.0.get()
+    pub unsafe fn get_mut(&self) -> *mut T {
+        self.0.get()
     }
 
-    /// Get `&T`
+    /// Get `*const T`
     #[inline(always)]
-    pub unsafe fn get_unchecked(&self) -> &T {
-        &*self.0.get()
+    pub unsafe fn get(&self) -> *const T {
+        self.0.get()
     }
 }