On Fri, Feb 27, 2026 at 12:47 AM Matthew Wood <[email protected]> wrote:
>
> +/// This type is `Copy` by storing only a raw pointer. The underlying string
Please use intra-doc links where possible/reasonable.
> +/// # Safety
> +///
> +/// The pointer is only valid while the module is loaded. The kernel ensures
> +/// the string memory remains valid for the module's lifetime.
> +#[derive(Copy, Clone)]
> +#[repr(transparent)]
> +pub struct StringParam {
A `# Safety` section for a type? What do you mean here?
I think you may want to establish an invariant instead.
> + // SAFETY: pointer validity is checked above
> + Some(unsafe { CStr::from_char_ptr(self.ptr) })
I assume you mean that the non-null implies the validity, but validity
is not really "checked" above. That is why you probably want to have a
proper invariant in the type, so that you can invoke it here etc.
> +unsafe impl Sync for StringParam {}
This is missing a `// SAFETY:` comment -- please double-check
`CLIPPY=1` passes clean.
Cheers,
Miguel
