docs: more Send and Sync safety documentation #4471
Conversation
| @@ -61,9 +61,56 @@ impl fmt::Debug for Connection { | |||
|
|
|||
| /// # Safety | |||
| /// | |||
| /// s2n_connection objects can be sent across threads | |||
| /// NonNull / the raw s2n_connection pointer isn't Send because its data may be | |||
There was a problem hiding this comment.
This is a note in general for your doc comments. It's not important to know why the raw pointer isn't Send/Sync. I would prefer it if you started out with why the Connection/Config/CertChain is Send/Sync. If you need to elaborate on why the raw s2n_connection pointer isn't Send/Sync, maybe do that after? But I think most people are just looking for why this Rust struct was tagged with Send/Sync.
So with that in mind, I would probably restructure your comment like:
The Connection is Send because the existing interface ensures that only one owned Connection can exist for each s2n_connection C object.
The raw s2n_connection pointer it wraps is not Send, and therefore library developers MUST ensure that new methods do not expose the raw s2n_connection pointer...
Resolved issues:
resolves #4413
Description of changes:
I try to explain why structs aren't automatically Send / Sync and why it's safe to mark them Send / Sync anyway. I'm trying not to explain Send / Sync, since existing Rust documentation already does that and that shouldn't be the responsibility of our docs. On the other hand, I want developers who haven't read that documentation to still have an idea how not to break our Send / Sync safety.
Testing:
Mostly documentation changes, with Sync added to some certificate structs.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.