[13/17] rust/vmstate: Support vmstate_validate

Message ID	20250317151236.536673-14-zhao1.liu@intel.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Zhao Liu <zhao1.liu@intel.com> To: Paolo Bonzini <pbonzini@redhat.com> Cc: qemu-devel@nongnu.org, qemu-rust@nongnu.org, Zhao Liu <zhao1.liu@intel.com> Subject: [PATCH 13/17] rust/vmstate: Support vmstate_validate Date: Mon, 17 Mar 2025 23:12:32 +0800 Message-Id: <20250317151236.536673-14-zhao1.liu@intel.com> In-Reply-To: <20250317151236.536673-1-zhao1.liu@intel.com> References: <20250317151236.536673-1-zhao1.liu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=192.198.163.10; envelope-from=zhao1.liu@intel.com; helo=mgamail.intel.com X-Spam_score_int: -46 X-Spam_score: -4.7 X-Spam_bar: ---- X-Spam_report: (-4.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.335, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Series	rust/vmstate: Clean up, fix, enhance & test \| expand [00/17] rust/vmstate: Clean up, fix, enhance & test [01/17] rust/vmstate: Remove unnecessary unsafe [02/17] rust/vmstate: Fix num_offset in vmstate macros [03/17] rust/vmstate: Add a prefix separator ", " for the array field in vmstate macros [04/17] rust/vmstate: Use ident instead of expr to parse vmsd in vmstate_struct macro [05/17] rust/vmstate: Fix num field when varray flags are set [06/17] rust/vmstate: Fix size field of VMStateField with VMS_ARRAY_OF_POINTER flag [07/17] rust/vmstate: Fix type check for varray in vmstate_struct [08/17] rust/vmstate: Fix "cannot infer type" error in vmstate_struct [09/17] rust/vmstate: Fix unnecessary VMState bound of with_varray_flag() [10/17] rust/vmstate: Relax array check when build varray in vmstate_struct [11/17] rust/vmstate: Re-implement VMState trait for timer binding [12/17] rust/vmstate: Support version field in vmstate macros [13/17] rust/vmstate: Support vmstate_validate [14/17] rust/vmstate: Add unit test for vmstate_of macro [15/17] rust/vmstate: Add unit test for vmstate_{of\|struct} macro [16/17] rust/vmstate: Add unit test for pointer case [17/17] rust/vmstate: Add unit test for vmstate_validate

Message ID

20250317151236.536673-14-zhao1.liu@intel.com (mailing list archive)

State

New

Headers

From: Zhao Liu <zhao1.liu@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-rust@nongnu.org,
 Zhao Liu <zhao1.liu@intel.com>
Subject: [PATCH 13/17] rust/vmstate: Support vmstate_validate
Date: Mon, 17 Mar 2025 23:12:32 +0800
Message-Id: <20250317151236.536673-14-zhao1.liu@intel.com>
In-Reply-To: <20250317151236.536673-1-zhao1.liu@intel.com>
References: <20250317151236.536673-1-zhao1.liu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=192.198.163.10;
 envelope-from=zhao1.liu@intel.com;
 helo=mgamail.intel.com
X-Spam_score_int: -46
X-Spam_score: -4.7
X-Spam_bar: ----
X-Spam_report: (-4.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.335,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Series

rust/vmstate: Clean up, fix, enhance & test | expand

Commit Message

Zhao Liu March 17, 2025, 3:12 p.m. UTC

In C version, VMSTATE_VALIDATE accepts the function pointer, which is
used to check if some conditions of structure could meet, although the
C version macro doesn't accept any structure as the opaque type.

But it's hard to integrate VMSTATE_VALIDAE into vmstate_struct, a new
macro has to be introduced to specifically handle the case corresponding
to VMSTATE_VALIDATE.

One of the difficulties is inferring the type of a callback by its name
`test_fn`. We can't directly use `test_fn` as a parameter of
test_cb_builder__() to get its type "F", because in this way, Rust
compiler will be too conservative on drop check and complain "the
destructor for this type cannot be evaluated in constant functions".

Fortunately, PhantomData<T> could help in this case, because it is
considered to never have a destructor, no matter its field type [*].

The `phantom__()` in the `call_func_with_field` macro provides a good
example of using PhantomData to infer type. So copy this idea and apply
it to the `vmstate_validate` macro.

[*]: https://doc.rust-lang.org/std/ops/trait.Drop.html#drop-check

Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
---
 rust/qemu-api/src/vmstate.rs | 57 +++++++++++++++++++++++++++++++++++-
 1 file changed, 56 insertions(+), 1 deletion(-)

Comments

Paolo Bonzini March 17, 2025, 5:18 p.m. UTC | #1

On Mon, Mar 17, 2025 at 3:52 PM Zhao Liu <zhao1.liu@intel.com> wrote:
>
> In C version, VMSTATE_VALIDATE accepts the function pointer, which is
> used to check if some conditions of structure could meet, although the
> C version macro doesn't accept any structure as the opaque type.
>
> But it's hard to integrate VMSTATE_VALIDAE into vmstate_struct, a new
> macro has to be introduced to specifically handle the case corresponding
> to VMSTATE_VALIDATE.
>
> One of the difficulties is inferring the type of a callback by its name
> `test_fn`. We can't directly use `test_fn` as a parameter of
> test_cb_builder__() to get its type "F", because in this way, Rust
> compiler will be too conservative on drop check and complain "the
> destructor for this type cannot be evaluated in constant functions".
>
> Fortunately, PhantomData<T> could help in this case, because it is
> considered to never have a destructor, no matter its field type [*].
>
> The `phantom__()` in the `call_func_with_field` macro provides a good
> example of using PhantomData to infer type. So copy this idea and apply
> it to the `vmstate_validate` macro.
>
> [*]: https://doc.rust-lang.org/std/ops/trait.Drop.html#drop-check
>
> Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> ---
>  rust/qemu-api/src/vmstate.rs | 57 +++++++++++++++++++++++++++++++++++-
>  1 file changed, 56 insertions(+), 1 deletion(-)
>
> diff --git a/rust/qemu-api/src/vmstate.rs b/rust/qemu-api/src/vmstate.rs
> index bb41bfd291c0..4eefd54ca120 100644
> --- a/rust/qemu-api/src/vmstate.rs
> +++ b/rust/qemu-api/src/vmstate.rs
> @@ -25,9 +25,12 @@
>  //!   functionality that is missing from `vmstate_of!`.
>
>  use core::{marker::PhantomData, mem, ptr::NonNull};
> +use std::os::raw::{c_int, c_void};
>
>  pub use crate::bindings::{VMStateDescription, VMStateField};
> -use crate::{bindings::VMStateFlags, prelude::*, qom::Owned, zeroable::Zeroable};
> +use crate::{
> +    bindings::VMStateFlags, callbacks::FnCall, prelude::*, qom::Owned, zeroable::Zeroable,
> +};
>
>  /// This macro is used to call a function with a generic argument bound
>  /// to the type of a field.  The function must take a
> @@ -292,6 +295,14 @@ pub const fn with_varray_multiply(mut self, num: u32) -> VMStateField {
>          self.num = num as i32;
>          self
>      }
> +
> +    #[must_use]
> +    pub const fn with_exist_check(mut self) -> Self {
> +        assert!(self.flags.0 == 0);
> +        self.flags = VMStateFlags(VMStateFlags::VMS_MUST_EXIST.0 | VMStateFlags::VMS_ARRAY.0);
> +        self.num = 0; // 0 elements: no data, only run test_fn callback
> +        self
> +    }
>  }
>
>  /// This macro can be used (by just passing it a type) to forward the `VMState`
> @@ -510,6 +521,50 @@ macro_rules! vmstate_fields {
>      }}
>  }
>
> +pub extern "C" fn rust_vms_test_field_exists<T, F: for<'a> FnCall<(&'a T, u8), bool>>(
> +    opaque: *mut c_void,
> +    version_id: c_int,
> +) -> bool {
> +    let owner: &T = unsafe { &*(opaque.cast::<T>()) };
> +    let version: u8 = version_id.try_into().unwrap();
> +    // SAFETY: the opaque was passed as a reference to `T`.
> +    F::call((owner, version))
> +}
> +
> +pub type VMSFieldExistCb = unsafe extern "C" fn(
> +    opaque: *mut std::os::raw::c_void,
> +    version_id: std::os::raw::c_int,
> +) -> bool;
> +
> +#[doc(alias = "VMSTATE_VALIDATE")]
> +#[macro_export]
> +macro_rules! vmstate_validate {
> +    ($struct_name:ty, $test_name:expr, $test_fn:expr $(,)?) => {
> +        $crate::bindings::VMStateField {
> +            name: ::std::ffi::CStr::as_ptr($test_name),
> +            // TODO: Use safe callback.

Why is the TODO still there?

> +            field_exists: {
> +                const fn test_cb_builder__<
> +                    T,
> +                    F: for<'a> $crate::callbacks::FnCall<(&'a T, u8), bool>,
> +                >(
> +                    _phantom: ::core::marker::PhantomData<F>,
> +                ) -> $crate::vmstate::VMSFieldExistCb {
> +                    let _: () = F::ASSERT_IS_SOME;
> +                    $crate::vmstate::rust_vms_test_field_exists::<T, F>
> +                }
> +
> +                const fn phantom__<T>(_: &T) -> ::core::marker::PhantomData<T> {
> +                    ::core::marker::PhantomData
> +                }
> +                Some(test_cb_builder__::<$struct_name, _>(phantom__(&$test_fn)))
> +            },
> +            ..$crate::zeroable::Zeroable::ZERO
> +        }
> +        .with_exist_check()
> +    };

Would it be possible, or make sense, to move most of the code for
field_exists inside .with_exist_check()?

Paolo

Paolo Bonzini March 18, 2025, 6:34 a.m. UTC | #2

Il mar 18 mar 2025, 07:16 Zhao Liu <zhao1.liu@intel.com> ha scritto:

> > Would it be possible, or make sense, to move most of the code for
> > field_exists inside .with_exist_check()?
> >
>
> If so, the method would be like:
>
>     pub fn with_exist_check<T, F>(
>          mut self,
>          _cb: F
>      ) -> Self
>      where
>          F: for<'a> FnCall<(&'a T, u8), bool>,
>
> Then the use case could be like:
>
>     vmstate_struct!(HPETState, timers[0 .. num_timers],
> &VMSTATE_HPET_TIMER,
> BqlRefCell<HPETTimer>).with_exist_check<HPETState, _>(foo_field_check),
>
> Here we need to specify the structure type in with_exist_check, though it's
> already specified in vmstate_struct as the first field.
>
> In this way, I understand with_exist_check() doesn't need phantom__()
> trick.
>
> Instead, (after I dropped the few patches you mentioned,) now vmstate_of
> & vmstate_struct could accept the optional "test_fn" field (luckily, at
> least test_fn can still be parsed!), then the example would be:
>
>     vmstate_struct!(HPETState, timers[0 .. num_timers],
> &VMSTATE_HPET_TIMER,
> BqlRefCell<HPETTimer>, foo_field_check)
>
> And in this way, phantom__() is necessary.
>
> So I think the main issue is the format, which do you prefer?
>

For now I would leave out a generic field-exists check, and keep the
implementation of vmstate_validate as you did it in v1.

Once we look more in the builder concept we can think of adding also a
VMStateField<T> (with a PhantomData<fn(&T) -> bool> inside) and add
with_field_exists().

Paolo


> Thanks,
> Zhao
>
>

Zhao Liu March 18, 2025, 6:36 a.m. UTC | #3

> > +#[doc(alias = "VMSTATE_VALIDATE")]
> > +#[macro_export]
> > +macro_rules! vmstate_validate {
> > +    ($struct_name:ty, $test_name:expr, $test_fn:expr $(,)?) => {
> > +        $crate::bindings::VMStateField {
> > +            name: ::std::ffi::CStr::as_ptr($test_name),
> > +            // TODO: Use safe callback.
> 
> Why is the TODO still there?

I forgot to delete this comment...

> > +            field_exists: {
> > +                const fn test_cb_builder__<
> > +                    T,
> > +                    F: for<'a> $crate::callbacks::FnCall<(&'a T, u8), bool>,
> > +                >(
> > +                    _phantom: ::core::marker::PhantomData<F>,
> > +                ) -> $crate::vmstate::VMSFieldExistCb {
> > +                    let _: () = F::ASSERT_IS_SOME;
> > +                    $crate::vmstate::rust_vms_test_field_exists::<T, F>
> > +                }
> > +
> > +                const fn phantom__<T>(_: &T) -> ::core::marker::PhantomData<T> {
> > +                    ::core::marker::PhantomData
> > +                }
> > +                Some(test_cb_builder__::<$struct_name, _>(phantom__(&$test_fn)))
> > +            },
> > +            ..$crate::zeroable::Zeroable::ZERO
> > +        }
> > +        .with_exist_check()
> > +    };
> 
> Would it be possible, or make sense, to move most of the code for
> field_exists inside .with_exist_check()?
> 

If so, the method would be like:

    pub fn with_exist_check<T, F>(
         mut self,
         _cb: F
     ) -> Self
     where
         F: for<'a> FnCall<(&'a T, u8), bool>,

Then the use case could be like:

    vmstate_struct!(HPETState, timers[0 .. num_timers], &VMSTATE_HPET_TIMER,
BqlRefCell<HPETTimer>).with_exist_check<HPETState, _>(foo_field_check),

Here we need to specify the structure type in with_exist_check, though it's
already specified in vmstate_struct as the first field.

In this way, I understand with_exist_check() doesn't need phantom__()
trick.

Instead, (after I dropped the few patches you mentioned,) now vmstate_of
& vmstate_struct could accept the optional "test_fn" field (luckily, at
least test_fn can still be parsed!), then the example would be:

    vmstate_struct!(HPETState, timers[0 .. num_timers], &VMSTATE_HPET_TIMER,
BqlRefCell<HPETTimer>, foo_field_check)

And in this way, phantom__() is necessary.

So I think the main issue is the format, which do you prefer?

Thanks,
Zhao

Zhao Liu March 18, 2025, 7:20 a.m. UTC | #4

> For now I would leave out a generic field-exists check, and keep the
> implementation of vmstate_validate as you did it in v1.
> 
> Once we look more in the builder concept we can think of adding also a
> VMStateField<T> (with a PhantomData<fn(&T) -> bool> inside) and add
> with_field_exists().

This makes sense!

Thanks,
Zhao

diff --git a/rust/qemu-api/src/vmstate.rs b/rust/qemu-api/src/vmstate.rs
index bb41bfd291c0..4eefd54ca120 100644
--- a/rust/qemu-api/src/vmstate.rs
+++ b/rust/qemu-api/src/vmstate.rs
@@ -25,9 +25,12 @@ 
 //!   functionality that is missing from `vmstate_of!`.
 
 use core::{marker::PhantomData, mem, ptr::NonNull};
+use std::os::raw::{c_int, c_void};
 
 pub use crate::bindings::{VMStateDescription, VMStateField};
-use crate::{bindings::VMStateFlags, prelude::*, qom::Owned, zeroable::Zeroable};
+use crate::{
+    bindings::VMStateFlags, callbacks::FnCall, prelude::*, qom::Owned, zeroable::Zeroable,
+};
 
 /// This macro is used to call a function with a generic argument bound
 /// to the type of a field.  The function must take a
@@ -292,6 +295,14 @@  pub const fn with_varray_multiply(mut self, num: u32) -> VMStateField {
         self.num = num as i32;
         self
     }
+
+    #[must_use]
+    pub const fn with_exist_check(mut self) -> Self {
+        assert!(self.flags.0 == 0);
+        self.flags = VMStateFlags(VMStateFlags::VMS_MUST_EXIST.0 | VMStateFlags::VMS_ARRAY.0);
+        self.num = 0; // 0 elements: no data, only run test_fn callback
+        self
+    }
 }
 
 /// This macro can be used (by just passing it a type) to forward the `VMState`
@@ -510,6 +521,50 @@  macro_rules! vmstate_fields {
     }}
 }
 
+pub extern "C" fn rust_vms_test_field_exists<T, F: for<'a> FnCall<(&'a T, u8), bool>>(
+    opaque: *mut c_void,
+    version_id: c_int,
+) -> bool {
+    let owner: &T = unsafe { &*(opaque.cast::<T>()) };
+    let version: u8 = version_id.try_into().unwrap();
+    // SAFETY: the opaque was passed as a reference to `T`.
+    F::call((owner, version))
+}
+
+pub type VMSFieldExistCb = unsafe extern "C" fn(
+    opaque: *mut std::os::raw::c_void,
+    version_id: std::os::raw::c_int,
+) -> bool;
+
+#[doc(alias = "VMSTATE_VALIDATE")]
+#[macro_export]
+macro_rules! vmstate_validate {
+    ($struct_name:ty, $test_name:expr, $test_fn:expr $(,)?) => {
+        $crate::bindings::VMStateField {
+            name: ::std::ffi::CStr::as_ptr($test_name),
+            // TODO: Use safe callback.
+            field_exists: {
+                const fn test_cb_builder__<
+                    T,
+                    F: for<'a> $crate::callbacks::FnCall<(&'a T, u8), bool>,
+                >(
+                    _phantom: ::core::marker::PhantomData<F>,
+                ) -> $crate::vmstate::VMSFieldExistCb {
+                    let _: () = F::ASSERT_IS_SOME;
+                    $crate::vmstate::rust_vms_test_field_exists::<T, F>
+                }
+
+                const fn phantom__<T>(_: &T) -> ::core::marker::PhantomData<T> {
+                    ::core::marker::PhantomData
+                }
+                Some(test_cb_builder__::<$struct_name, _>(phantom__(&$test_fn)))
+            },
+            ..$crate::zeroable::Zeroable::ZERO
+        }
+        .with_exist_check()
+    };
+}
+
 /// A transparent wrapper type for the `subsections` field of
 /// [`VMStateDescription`].
 ///

[13/17] rust/vmstate: Support vmstate_validate

Commit Message

Comments

Patch