Make properly Send safe #156
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In earlier iterations I accidentally removed Send from Session and then later restored it in an unsafe way. This commit restructures the bindings so that each of the objects holds a reference to the appropriate thing to keep everything alive safely, without awkward lifetimes to deal with. The key to this is that the underlying Session is tracked by an Arc<Mutex<>>, with the related objects ensuring that they lock this before they call into the underlying API. In order to make this work, I've had to adjust the API around iterating both known hosts and agent identities: previously these would iterate over internal references but with this shift there isn't a reasonable way to make that safe. The strategy is instead to return a copy of the host/identity data and then later look up the associated raw pointer when needed. The purist in me feels that the copy feels slightly wasteful, but the realist justifies this with the observation that the cardinality of both known hosts and identities is typically small enough that the cost of this is in the noise compared to actually doing the crypto+network ops. I've removed a couple of error code related helpers from some of the objects: those were really internal APIs and were redundant with methods exported by the Error type anyway. Fixes: #154 Refs: #137
Heh, I removed this by accident at the last minute before submitting the PR to the CI... restore it!
This allows Channel and Stream to be Send
|
@spebern I'd appreciate you taking a look over this when you have some cycles: it builds in part on the accessors you added in your recent PR, except that they lock. I think this will be fine for your async bindings: the locks are held only during the underlying API calls, and in non-blocking mode these should all be short lived. |
@richardwhiuk requested this. While it is safe to move to another thread, it will still lock internally, and if you are in blocking mode that may be undesirable.
spebern
reviewed
Jan 19, 2020
and not the last sftp error. Confusing!
|
Could |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In earlier iterations I accidentally removed Send from Session and then
later restored it in an unsafe way. This commit restructures the
bindings so that each of the objects holds a reference to the
appropriate thing to keep everything alive safely, without awkward
lifetimes to deal with.
The key to this is that the underlying Session is tracked by an
Arc<Mutex<>>, with the related objects ensuring that they lock this
before they call into the underlying API.
In order to make this work, I've had to adjust the API around iterating
both known hosts and agent identities: previously these would iterate
over internal references but with this shift there isn't a reasonable
way to make that safe. The strategy is instead to return a copy of the
host/identity data and then later look up the associated raw pointer
when needed. The purist in me feels that the copy feels slightly
wasteful, but the realist justifies this with the observation that the
cardinality of both known hosts and identities is typically small enough
that the cost of this is in the noise compared to actually doing the
crypto+network ops.
I've removed a couple of error code related helpers from some of
the objects: those were really internal APIs and were redundant
with methods exported by the Error type anyway.
Fixes: #154
Refs: #137