Non-`'static` Allow and Subscribe API design (tracking issue)
jrvanwhy opened this issue · comments
For Ti50 and Manticore, we need an Allow API design that supports non-'static
buffers. It would also be preferable to support non-'static
Subscribe callbacks, in order to produce more idiomatic Rust code.
There are multiple designs that might work for this API. To avoid confusing the different designs, I suggest we put the designs into separate issues (or separate PRs as submitted documentation). This issue is to discuss requirements for the non-'static
Allow and Subscribe APIs, and to link to other discussions (such as issues with specific designs).
I believe the requirements for the APIs are as follows:
- Support both Read-Only Allow and Read-Write Allow on buffers on the stack.
- Support Read-Only Allow for buffers in read-only storage (flash).
- Support multiple concurrent operations. An use case is cancellation: e.g. "read from the console unless interrupted by a button press or timeout". An additional example use case is flashing lights while an operation is ongoing (e.g. while waiting for a USB message).
- Have a safe API that is sound. It should be possible to implement the drivers without using
unsafe
.
Additional nice-to-have requirements are:
- Avoid relying on dynamic memory allocation.
- Avoid relying on any unstable features.
- Support drivers written in idiomatic Rust. While extensive use of interior mutability works, it is not ideal and not the preferred option.
- Support
'static
buffers and callbacks as well (to avoid needing separate'static
APIs).
And as always, code size and RAM usage are priorities as well.
WIP solutions
Here are the designs we are currently working on:
For now, I think I'll go with the Pin<>
-based design described in #338 . We can replace it later if we find a better design, but I want to get a Tock 2.0-compatible libtock-rs
out ASAP.