Skip to content

Commit

Permalink
fix(thread): seal Arguable so users cannot impl it
Browse files Browse the repository at this point in the history
Otherwise users would be able to pass any type they want to functions
that create threads (e.g., `thread_create`), which we cannot guarantee
to be sound.
  • Loading branch information
ROMemories committed Jan 10, 2025
1 parent 16402b9 commit e2581e3
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/ariel-os-threads/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -522,24 +522,33 @@ pub unsafe fn start_threading() {
Cpu::start_threading();
}

trait Sealed {}

/// Trait for types that fit into a single register.
pub trait Arguable {
#[expect(private_bounds, reason = "sealed trait")]
pub trait Arguable: Sealed {
#[doc(hidden)]
fn into_arg(self) -> usize;
}

impl Sealed for usize {}

impl Arguable for usize {
fn into_arg(self) -> usize {
self
}
}

impl Sealed for () {}

impl Arguable for () {
fn into_arg(self) -> usize {
0
}
}

impl<T> Sealed for &'static T {}

/// [`Arguable`] is only implemented on *static* references because the references passed to a
/// thread must be valid for its entire lifetime.
impl<T> Arguable for &'static T {
Expand Down

0 comments on commit e2581e3

Please sign in to comment.