pub enum ResourceEntry<T> {
Empty,
Owned(T),
Borrowed(Arc<RwLock<bool>>, *const T),
}Expand description
The semantics of component model resources are, pleasingly, roughly compatible with those of Rust references, so we would like to use the more-or-less directly in interfaces generated by hyperlight_component_macro. Less pleasingly, it’s not terribly easy to show the semantic agreement statically.
In particular, if the host calls into the guest and gives it a borrow of a resource, reentrant host function calls that use that borrow need to be able to resolve the original reference and use it in an appropriately scoped manner, but it is not simple to do this, because the core Hyperlight machinery doesn’t offer an easy way to augment the host’s context for the span of time of a guest function call. This may be worth revisiting at some time, but in the meantime, it’s easier to just do it dynamically.
§Safety
Informally: this only creates SharedRead references, so having a
bunch of them going at once is fine. Safe Rust in the host can’t
use any earlier borrows (potentially invalidating these) until
borrow passed into ResourceEntry::lend has expired. Because
that borrow outlives the LentResourceGuard, it will not expire
until that destructor is called. That destructor ensures that (a)
there are no outstanding BorrowedResourceGuards alive (since
they would be holding the read side of the RwLock if they
were), and that (b) the shared flag has been set to false, so
ResourceEntry::borrow will never create another borrow