xref: /qemu/rust/qemu-api/src/qom.rs (revision 4551f342fed66af7f5e2b099fa06f4007db356e6) 
15a5110d2SManos Pitsidianakis // Copyright 2024, Linaro Limited
25a5110d2SManos Pitsidianakis // Author(s): Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
35a5110d2SManos Pitsidianakis // SPDX-License-Identifier: GPL-2.0-or-later
45a5110d2SManos Pitsidianakis 
54aed0296SPaolo Bonzini //! Bindings to access QOM functionality from Rust.
64aed0296SPaolo Bonzini //!
7f50cd85cSPaolo Bonzini //! The QEMU Object Model (QOM) provides inheritance and dynamic typing for QEMU
8ba3b81f3SPaolo Bonzini //! devices. This module makes QOM's features available in Rust through three
9ba3b81f3SPaolo Bonzini //! main mechanisms:
10f50cd85cSPaolo Bonzini //!
11f50cd85cSPaolo Bonzini //! * Automatic creation and registration of `TypeInfo` for classes that are
12f50cd85cSPaolo Bonzini //!   written in Rust, as well as mapping between Rust traits and QOM vtables.
13f50cd85cSPaolo Bonzini //!
14f50cd85cSPaolo Bonzini //! * Type-safe casting between parent and child classes, through the [`IsA`]
15f50cd85cSPaolo Bonzini //!   trait and methods such as [`upcast`](ObjectCast::upcast) and
16f50cd85cSPaolo Bonzini //!   [`downcast`](ObjectCast::downcast).
174aed0296SPaolo Bonzini //!
18ba3b81f3SPaolo Bonzini //! * Automatic delegation of parent class methods to child classes. When a
19ba3b81f3SPaolo Bonzini //!   trait uses [`IsA`] as a bound, its contents become available to all child
20ba3b81f3SPaolo Bonzini //!   classes through blanket implementations. This works both for class methods
21ba3b81f3SPaolo Bonzini //!   and for instance methods accessed through references or smart pointers.
22ba3b81f3SPaolo Bonzini //!
234aed0296SPaolo Bonzini //! # Structure of a class
244aed0296SPaolo Bonzini //!
254aed0296SPaolo Bonzini //! A leaf class only needs a struct holding instance state. The struct must
26f50cd85cSPaolo Bonzini //! implement the [`ObjectType`] and [`IsA`] traits, as well as any `*Impl`
27f50cd85cSPaolo Bonzini //! traits that exist for its superclasses.
284aed0296SPaolo Bonzini //!
294aed0296SPaolo Bonzini //! If a class has subclasses, it will also provide a struct for instance data,
304aed0296SPaolo Bonzini //! with the same characteristics as for concrete classes, but it also needs
314aed0296SPaolo Bonzini //! additional components to support virtual methods:
324aed0296SPaolo Bonzini //!
334aed0296SPaolo Bonzini //! * a struct for class data, for example `DeviceClass`. This corresponds to
344aed0296SPaolo Bonzini //!   the C "class struct" and holds the vtable that is used by instances of the
354aed0296SPaolo Bonzini //!   class and its subclasses. It must start with its parent's class struct.
364aed0296SPaolo Bonzini //!
374aed0296SPaolo Bonzini //! * a trait for virtual method implementations, for example `DeviceImpl`.
384aed0296SPaolo Bonzini //!   Child classes implement this trait to provide their own behavior for
394aed0296SPaolo Bonzini //!   virtual methods. The trait's methods take `&self` to access instance data.
40ac5699c5SPaolo Bonzini //!   The traits have the appropriate specialization of `IsA<>` as a supertrait,
41ac5699c5SPaolo Bonzini //!   for example `IsA<DeviceState>` for `DeviceImpl`.
424aed0296SPaolo Bonzini //!
434aed0296SPaolo Bonzini //! * an implementation of [`ClassInitImpl`], for example
444aed0296SPaolo Bonzini //!   `ClassInitImpl<DeviceClass>`. This fills the vtable in the class struct;
454aed0296SPaolo Bonzini //!   the source for this is the `*Impl` trait; the associated consts and
464aed0296SPaolo Bonzini //!   functions if needed are wrapped to map C types into Rust types.
47ba3b81f3SPaolo Bonzini //!
48ba3b81f3SPaolo Bonzini //! * a trait for instance methods, for example `DeviceMethods`. This trait is
49ba3b81f3SPaolo Bonzini //!   automatically implemented for any reference or smart pointer to a device
50ba3b81f3SPaolo Bonzini //!   instance.  It calls into the vtable provides access across all subclasses
51ba3b81f3SPaolo Bonzini //!   to methods defined for the class.
52ba3b81f3SPaolo Bonzini //!
53ba3b81f3SPaolo Bonzini //! * optionally, a trait for class methods, for example `DeviceClassMethods`.
54ba3b81f3SPaolo Bonzini //!   This provides access to class-wide functionality that doesn't depend on
55ba3b81f3SPaolo Bonzini //!   instance data. Like instance methods, these are automatically inherited by
56ba3b81f3SPaolo Bonzini //!   child classes.
575a5110d2SManos Pitsidianakis 
58f50cd85cSPaolo Bonzini use std::{
59f50cd85cSPaolo Bonzini     ffi::CStr,
60ca0d60a6SPaolo Bonzini     fmt,
610fcccf3fSPaolo Bonzini     mem::ManuallyDrop,
62f50cd85cSPaolo Bonzini     ops::{Deref, DerefMut},
63f50cd85cSPaolo Bonzini     os::raw::c_void,
647d052039SPaolo Bonzini     ptr::NonNull,
65f50cd85cSPaolo Bonzini };
665a5110d2SManos Pitsidianakis 
67716d89f9SPaolo Bonzini pub use bindings::{Object, ObjectClass};
68716d89f9SPaolo Bonzini 
690fcccf3fSPaolo Bonzini use crate::{
700fcccf3fSPaolo Bonzini     bindings::{
71688c6741SPaolo Bonzini         self, object_class_dynamic_cast, object_dynamic_cast, object_get_class,
72688c6741SPaolo Bonzini         object_get_typename, object_new, object_ref, object_unref, TypeInfo,
730fcccf3fSPaolo Bonzini     },
740fcccf3fSPaolo Bonzini     cell::bql_locked,
750fcccf3fSPaolo Bonzini };
76f50cd85cSPaolo Bonzini 
77f50cd85cSPaolo Bonzini /// Marker trait: `Self` can be statically upcasted to `P` (i.e. `P` is a direct
78f50cd85cSPaolo Bonzini /// or indirect parent of `Self`).
79f50cd85cSPaolo Bonzini ///
80f50cd85cSPaolo Bonzini /// # Safety
81f50cd85cSPaolo Bonzini ///
82f50cd85cSPaolo Bonzini /// The struct `Self` must be `#[repr(C)]` and must begin, directly or
83f50cd85cSPaolo Bonzini /// indirectly, with a field of type `P`.  This ensures that invalid casts,
84f50cd85cSPaolo Bonzini /// which rely on `IsA<>` for static checking, are rejected at compile time.
85f50cd85cSPaolo Bonzini pub unsafe trait IsA<P: ObjectType>: ObjectType {}
86f50cd85cSPaolo Bonzini 
87f50cd85cSPaolo Bonzini // SAFETY: it is always safe to cast to your own type
88f50cd85cSPaolo Bonzini unsafe impl<T: ObjectType> IsA<T> for T {}
89f50cd85cSPaolo Bonzini 
90f50cd85cSPaolo Bonzini /// Macro to mark superclasses of QOM classes.  This enables type-safe
91f50cd85cSPaolo Bonzini /// up- and downcasting.
92f50cd85cSPaolo Bonzini ///
93f50cd85cSPaolo Bonzini /// # Safety
94f50cd85cSPaolo Bonzini ///
95f50cd85cSPaolo Bonzini /// This macro is a thin wrapper around the [`IsA`] trait and performs
96f50cd85cSPaolo Bonzini /// no checking whatsoever of what is declared.  It is the caller's
97f50cd85cSPaolo Bonzini /// responsibility to have $struct begin, directly or indirectly, with
98f50cd85cSPaolo Bonzini /// a field of type `$parent`.
99f50cd85cSPaolo Bonzini #[macro_export]
100f50cd85cSPaolo Bonzini macro_rules! qom_isa {
101f50cd85cSPaolo Bonzini     ($struct:ty : $($parent:ty),* ) => {
102f50cd85cSPaolo Bonzini         $(
103f50cd85cSPaolo Bonzini             // SAFETY: it is the caller responsibility to have $parent as the
104f50cd85cSPaolo Bonzini             // first field
105f50cd85cSPaolo Bonzini             unsafe impl $crate::qom::IsA<$parent> for $struct {}
106f50cd85cSPaolo Bonzini 
107f50cd85cSPaolo Bonzini             impl AsRef<$parent> for $struct {
108f50cd85cSPaolo Bonzini                 fn as_ref(&self) -> &$parent {
109f50cd85cSPaolo Bonzini                     // SAFETY: follows the same rules as for IsA<U>, which is
110f50cd85cSPaolo Bonzini                     // declared above.
111f50cd85cSPaolo Bonzini                     let ptr: *const Self = self;
112f50cd85cSPaolo Bonzini                     unsafe { &*ptr.cast::<$parent>() }
113f50cd85cSPaolo Bonzini                 }
114f50cd85cSPaolo Bonzini             }
115f50cd85cSPaolo Bonzini         )*
116f50cd85cSPaolo Bonzini     };
117f50cd85cSPaolo Bonzini }
1185a5110d2SManos Pitsidianakis 
119ca0d60a6SPaolo Bonzini /// This is the same as [`ManuallyDrop<T>`](std::mem::ManuallyDrop), though
120ca0d60a6SPaolo Bonzini /// it hides the standard methods of `ManuallyDrop`.
121ca0d60a6SPaolo Bonzini ///
122ca0d60a6SPaolo Bonzini /// The first field of an `ObjectType` must be of type `ParentField<T>`.
123ca0d60a6SPaolo Bonzini /// (Technically, this is only necessary if there is at least one Rust
124ca0d60a6SPaolo Bonzini /// superclass in the hierarchy).  This is to ensure that the parent field is
125ca0d60a6SPaolo Bonzini /// dropped after the subclass; this drop order is enforced by the C
126ca0d60a6SPaolo Bonzini /// `object_deinit` function.
127ca0d60a6SPaolo Bonzini ///
128ca0d60a6SPaolo Bonzini /// # Examples
129ca0d60a6SPaolo Bonzini ///
130ca0d60a6SPaolo Bonzini /// ```ignore
131ca0d60a6SPaolo Bonzini /// #[repr(C)]
132ca0d60a6SPaolo Bonzini /// #[derive(qemu_api_macros::Object)]
133ca0d60a6SPaolo Bonzini /// pub struct MyDevice {
134ca0d60a6SPaolo Bonzini ///     parent: ParentField<DeviceState>,
135ca0d60a6SPaolo Bonzini ///     ...
136ca0d60a6SPaolo Bonzini /// }
137ca0d60a6SPaolo Bonzini /// ```
138ca0d60a6SPaolo Bonzini #[derive(Debug)]
139ca0d60a6SPaolo Bonzini #[repr(transparent)]
140ca0d60a6SPaolo Bonzini pub struct ParentField<T: ObjectType>(std::mem::ManuallyDrop<T>);
141ca0d60a6SPaolo Bonzini 
142ca0d60a6SPaolo Bonzini impl<T: ObjectType> Deref for ParentField<T> {
143ca0d60a6SPaolo Bonzini     type Target = T;
144ca0d60a6SPaolo Bonzini 
145ca0d60a6SPaolo Bonzini     #[inline(always)]
146ca0d60a6SPaolo Bonzini     fn deref(&self) -> &Self::Target {
147ca0d60a6SPaolo Bonzini         &self.0
148ca0d60a6SPaolo Bonzini     }
149ca0d60a6SPaolo Bonzini }
150ca0d60a6SPaolo Bonzini 
151ca0d60a6SPaolo Bonzini impl<T: ObjectType> DerefMut for ParentField<T> {
152ca0d60a6SPaolo Bonzini     #[inline(always)]
153ca0d60a6SPaolo Bonzini     fn deref_mut(&mut self) -> &mut Self::Target {
154ca0d60a6SPaolo Bonzini         &mut self.0
155ca0d60a6SPaolo Bonzini     }
156ca0d60a6SPaolo Bonzini }
157ca0d60a6SPaolo Bonzini 
158ca0d60a6SPaolo Bonzini impl<T: fmt::Display + ObjectType> fmt::Display for ParentField<T> {
159ca0d60a6SPaolo Bonzini     #[inline(always)]
160ca0d60a6SPaolo Bonzini     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> {
161ca0d60a6SPaolo Bonzini         self.0.fmt(f)
162ca0d60a6SPaolo Bonzini     }
163ca0d60a6SPaolo Bonzini }
164ca0d60a6SPaolo Bonzini 
1651f9d52c9SPaolo Bonzini unsafe extern "C" fn rust_instance_init<T: ObjectImpl>(obj: *mut Object) {
1667d052039SPaolo Bonzini     let mut state = NonNull::new(obj).unwrap().cast::<T>();
1671f9d52c9SPaolo Bonzini     // SAFETY: obj is an instance of T, since rust_instance_init<T>
1681f9d52c9SPaolo Bonzini     // is called from QOM core as the instance_init function
1691f9d52c9SPaolo Bonzini     // for class T
1707d052039SPaolo Bonzini     unsafe {
1717d052039SPaolo Bonzini         T::INSTANCE_INIT.unwrap()(state.as_mut());
1727d052039SPaolo Bonzini     }
1731f9d52c9SPaolo Bonzini }
1741f9d52c9SPaolo Bonzini 
1751f9d52c9SPaolo Bonzini unsafe extern "C" fn rust_instance_post_init<T: ObjectImpl>(obj: *mut Object) {
1767d052039SPaolo Bonzini     let state = NonNull::new(obj).unwrap().cast::<T>();
1771f9d52c9SPaolo Bonzini     // SAFETY: obj is an instance of T, since rust_instance_post_init<T>
1781f9d52c9SPaolo Bonzini     // is called from QOM core as the instance_post_init function
1791f9d52c9SPaolo Bonzini     // for class T
1807d052039SPaolo Bonzini     T::INSTANCE_POST_INIT.unwrap()(unsafe { state.as_ref() });
1811f9d52c9SPaolo Bonzini }
1821f9d52c9SPaolo Bonzini 
183*4551f342SPaolo Bonzini unsafe extern "C" fn rust_class_init<T: ObjectType + ObjectImpl>(
1846dd818fbSPaolo Bonzini     klass: *mut ObjectClass,
1856dd818fbSPaolo Bonzini     _data: *mut c_void,
1866dd818fbSPaolo Bonzini ) {
1877d052039SPaolo Bonzini     let mut klass = NonNull::new(klass)
1887d052039SPaolo Bonzini         .unwrap()
1897d052039SPaolo Bonzini         .cast::<<T as ObjectType>::Class>();
1906dd818fbSPaolo Bonzini     // SAFETY: klass is a T::Class, since rust_class_init<T>
1916dd818fbSPaolo Bonzini     // is called from QOM core as the class_init function
1926dd818fbSPaolo Bonzini     // for class T
193*4551f342SPaolo Bonzini     <T as ObjectImpl>::CLASS_INIT(unsafe { klass.as_mut() })
1946dd818fbSPaolo Bonzini }
1956dd818fbSPaolo Bonzini 
19633aa6605SPaolo Bonzini unsafe extern "C" fn drop_object<T: ObjectImpl>(obj: *mut Object) {
19733aa6605SPaolo Bonzini     // SAFETY: obj is an instance of T, since drop_object<T> is called
19833aa6605SPaolo Bonzini     // from the QOM core function object_deinit() as the instance_finalize
19933aa6605SPaolo Bonzini     // function for class T.  Note that while object_deinit() will drop the
20033aa6605SPaolo Bonzini     // superclass field separately after this function returns, `T` must
20133aa6605SPaolo Bonzini     // implement the unsafe trait ObjectType; the safety rules for the
20233aa6605SPaolo Bonzini     // trait mandate that the parent field is manually dropped.
20333aa6605SPaolo Bonzini     unsafe { std::ptr::drop_in_place(obj.cast::<T>()) }
20433aa6605SPaolo Bonzini }
20533aa6605SPaolo Bonzini 
2067bd8e3efSPaolo Bonzini /// Trait exposed by all structs corresponding to QOM objects.
2071f9d52c9SPaolo Bonzini ///
2081f9d52c9SPaolo Bonzini /// # Safety
2091f9d52c9SPaolo Bonzini ///
2107bd8e3efSPaolo Bonzini /// For classes declared in C:
2111f9d52c9SPaolo Bonzini ///
2127bd8e3efSPaolo Bonzini /// - `Class` and `TYPE` must match the data in the `TypeInfo`;
2137bd8e3efSPaolo Bonzini ///
2147bd8e3efSPaolo Bonzini /// - the first field of the struct must be of the instance type corresponding
2157bd8e3efSPaolo Bonzini ///   to the superclass, as declared in the `TypeInfo`
2167bd8e3efSPaolo Bonzini ///
2177bd8e3efSPaolo Bonzini /// - likewise, the first field of the `Class` struct must be of the class type
2187bd8e3efSPaolo Bonzini ///   corresponding to the superclass
2197bd8e3efSPaolo Bonzini ///
2207bd8e3efSPaolo Bonzini /// For classes declared in Rust and implementing [`ObjectImpl`]:
2217bd8e3efSPaolo Bonzini ///
2227bd8e3efSPaolo Bonzini /// - the struct must be `#[repr(C)]`;
2231f9d52c9SPaolo Bonzini ///
224ca0d60a6SPaolo Bonzini /// - the first field of the struct must be of type
225ca0d60a6SPaolo Bonzini ///   [`ParentField<T>`](ParentField), where `T` is the parent type
226ca0d60a6SPaolo Bonzini ///   [`ObjectImpl::ParentType`]
2277bd8e3efSPaolo Bonzini ///
228ca0d60a6SPaolo Bonzini /// - the first field of the `Class` must be of the class struct corresponding
229ca0d60a6SPaolo Bonzini ///   to the superclass, which is `ObjectImpl::ParentType::Class`. `ParentField`
230ca0d60a6SPaolo Bonzini ///   is not needed here.
231ca0d60a6SPaolo Bonzini ///
232ca0d60a6SPaolo Bonzini /// In both cases, having a separate class type is not necessary if the subclass
233ca0d60a6SPaolo Bonzini /// does not add any field.
2347bd8e3efSPaolo Bonzini pub unsafe trait ObjectType: Sized {
2356dd818fbSPaolo Bonzini     /// The QOM class object corresponding to this struct.  This is used
2366dd818fbSPaolo Bonzini     /// to automatically generate a `class_init` method.
237c6c4f3e0SPaolo Bonzini     type Class;
2381f9d52c9SPaolo Bonzini 
2391f9d52c9SPaolo Bonzini     /// The name of the type, which can be passed to `object_new()` to
2401f9d52c9SPaolo Bonzini     /// generate an instance of this type.
2415a5110d2SManos Pitsidianakis     const TYPE_NAME: &'static CStr;
242f50cd85cSPaolo Bonzini 
243f50cd85cSPaolo Bonzini     /// Return the receiver as an Object.  This is always safe, even
244f50cd85cSPaolo Bonzini     /// if this type represents an interface.
245f50cd85cSPaolo Bonzini     fn as_object(&self) -> &Object {
246f50cd85cSPaolo Bonzini         unsafe { &*self.as_object_ptr() }
2477bd8e3efSPaolo Bonzini     }
2481f9d52c9SPaolo Bonzini 
249f50cd85cSPaolo Bonzini     /// Return the receiver as a const raw pointer to Object.
250f50cd85cSPaolo Bonzini     /// This is preferrable to `as_object_mut_ptr()` if a C
251f50cd85cSPaolo Bonzini     /// function only needs a `const Object *`.
252f50cd85cSPaolo Bonzini     fn as_object_ptr(&self) -> *const Object {
253f50cd85cSPaolo Bonzini         self.as_ptr().cast()
254f50cd85cSPaolo Bonzini     }
255f50cd85cSPaolo Bonzini 
256f50cd85cSPaolo Bonzini     /// Return the receiver as a mutable raw pointer to Object.
257f50cd85cSPaolo Bonzini     ///
258f50cd85cSPaolo Bonzini     /// # Safety
259f50cd85cSPaolo Bonzini     ///
260f50cd85cSPaolo Bonzini     /// This cast is always safe, but because the result is mutable
261f50cd85cSPaolo Bonzini     /// and the incoming reference is not, this should only be used
262f50cd85cSPaolo Bonzini     /// for calls to C functions, and only if needed.
263f50cd85cSPaolo Bonzini     unsafe fn as_object_mut_ptr(&self) -> *mut Object {
264f50cd85cSPaolo Bonzini         self.as_object_ptr() as *mut _
265f50cd85cSPaolo Bonzini     }
266f50cd85cSPaolo Bonzini }
267f50cd85cSPaolo Bonzini 
268688c6741SPaolo Bonzini /// Trait exposed by all structs corresponding to QOM interfaces.
269688c6741SPaolo Bonzini /// Unlike `ObjectType`, it is implemented on the class type (which provides
270688c6741SPaolo Bonzini /// the vtable for the interfaces).
271688c6741SPaolo Bonzini ///
272688c6741SPaolo Bonzini /// # Safety
273688c6741SPaolo Bonzini ///
274688c6741SPaolo Bonzini /// `TYPE` must match the contents of the `TypeInfo` as found in the C code;
275688c6741SPaolo Bonzini /// right now, interfaces can only be declared in C.
276688c6741SPaolo Bonzini pub unsafe trait InterfaceType: Sized {
277688c6741SPaolo Bonzini     /// The name of the type, which can be passed to
278688c6741SPaolo Bonzini     /// `object_class_dynamic_cast()` to obtain the pointer to the vtable
279688c6741SPaolo Bonzini     /// for this interface.
280688c6741SPaolo Bonzini     const TYPE_NAME: &'static CStr;
281688c6741SPaolo Bonzini 
282688c6741SPaolo Bonzini     /// Initialize the vtable for the interface; the generic argument `T` is the
283688c6741SPaolo Bonzini     /// type being initialized, while the generic argument `U` is the type that
284688c6741SPaolo Bonzini     /// lists the interface in its `TypeInfo`.
285688c6741SPaolo Bonzini     ///
286688c6741SPaolo Bonzini     /// # Panics
287688c6741SPaolo Bonzini     ///
288688c6741SPaolo Bonzini     /// Panic if the incoming argument if `T` does not implement the interface.
289688c6741SPaolo Bonzini     fn interface_init<
290688c6741SPaolo Bonzini         T: ObjectType + ClassInitImpl<Self> + ClassInitImpl<U::Class>,
291688c6741SPaolo Bonzini         U: ObjectType,
292688c6741SPaolo Bonzini     >(
293688c6741SPaolo Bonzini         klass: &mut U::Class,
294688c6741SPaolo Bonzini     ) {
295688c6741SPaolo Bonzini         unsafe {
296688c6741SPaolo Bonzini             // SAFETY: upcasting to ObjectClass is always valid, and the
297688c6741SPaolo Bonzini             // return type is either NULL or the argument itself
298688c6741SPaolo Bonzini             let result: *mut Self = object_class_dynamic_cast(
299688c6741SPaolo Bonzini                 (klass as *mut U::Class).cast(),
300688c6741SPaolo Bonzini                 Self::TYPE_NAME.as_ptr(),
301688c6741SPaolo Bonzini             )
302688c6741SPaolo Bonzini             .cast();
303688c6741SPaolo Bonzini 
304688c6741SPaolo Bonzini             <T as ClassInitImpl<Self>>::class_init(result.as_mut().unwrap())
305688c6741SPaolo Bonzini         }
306688c6741SPaolo Bonzini     }
307688c6741SPaolo Bonzini }
308688c6741SPaolo Bonzini 
309f50cd85cSPaolo Bonzini /// This trait provides safe casting operations for QOM objects to raw pointers,
310f50cd85cSPaolo Bonzini /// to be used for example for FFI. The trait can be applied to any kind of
311f50cd85cSPaolo Bonzini /// reference or smart pointers, and enforces correctness through the [`IsA`]
312f50cd85cSPaolo Bonzini /// trait.
313f50cd85cSPaolo Bonzini pub trait ObjectDeref: Deref
314f50cd85cSPaolo Bonzini where
315f50cd85cSPaolo Bonzini     Self::Target: ObjectType,
316f50cd85cSPaolo Bonzini {
317f50cd85cSPaolo Bonzini     /// Convert to a const Rust pointer, to be used for example for FFI.
318f50cd85cSPaolo Bonzini     /// The target pointer type must be the type of `self` or a superclass
319f50cd85cSPaolo Bonzini     fn as_ptr<U: ObjectType>(&self) -> *const U
320f50cd85cSPaolo Bonzini     where
321f50cd85cSPaolo Bonzini         Self::Target: IsA<U>,
322f50cd85cSPaolo Bonzini     {
323f50cd85cSPaolo Bonzini         let ptr: *const Self::Target = self.deref();
324f50cd85cSPaolo Bonzini         ptr.cast::<U>()
325f50cd85cSPaolo Bonzini     }
326f50cd85cSPaolo Bonzini 
327f50cd85cSPaolo Bonzini     /// Convert to a mutable Rust pointer, to be used for example for FFI.
328f50cd85cSPaolo Bonzini     /// The target pointer type must be the type of `self` or a superclass.
329f50cd85cSPaolo Bonzini     /// Used to implement interior mutability for objects.
330f50cd85cSPaolo Bonzini     ///
331f50cd85cSPaolo Bonzini     /// # Safety
332f50cd85cSPaolo Bonzini     ///
3330fcccf3fSPaolo Bonzini     /// This method is safe because only the actual dereference of the pointer
3340fcccf3fSPaolo Bonzini     /// has to be unsafe.  Bindings to C APIs will use it a lot, but care has
3350fcccf3fSPaolo Bonzini     /// to be taken because it overrides the const-ness of `&self`.
3360fcccf3fSPaolo Bonzini     fn as_mut_ptr<U: ObjectType>(&self) -> *mut U
337f50cd85cSPaolo Bonzini     where
338f50cd85cSPaolo Bonzini         Self::Target: IsA<U>,
339f50cd85cSPaolo Bonzini     {
340f50cd85cSPaolo Bonzini         #[allow(clippy::as_ptr_cast_mut)]
341f50cd85cSPaolo Bonzini         {
342f50cd85cSPaolo Bonzini             self.as_ptr::<U>() as *mut _
343f50cd85cSPaolo Bonzini         }
344f50cd85cSPaolo Bonzini     }
345f50cd85cSPaolo Bonzini }
346f50cd85cSPaolo Bonzini 
347f50cd85cSPaolo Bonzini /// Trait that adds extra functionality for `&T` where `T` is a QOM
348f50cd85cSPaolo Bonzini /// object type.  Allows conversion to/from C objects in generic code.
349f50cd85cSPaolo Bonzini pub trait ObjectCast: ObjectDeref + Copy
350f50cd85cSPaolo Bonzini where
351f50cd85cSPaolo Bonzini     Self::Target: ObjectType,
352f50cd85cSPaolo Bonzini {
353f50cd85cSPaolo Bonzini     /// Safely convert from a derived type to one of its parent types.
354f50cd85cSPaolo Bonzini     ///
355f50cd85cSPaolo Bonzini     /// This is always safe; the [`IsA`] trait provides static verification
356f50cd85cSPaolo Bonzini     /// trait that `Self` dereferences to `U` or a child of `U`.
357f50cd85cSPaolo Bonzini     fn upcast<'a, U: ObjectType>(self) -> &'a U
358f50cd85cSPaolo Bonzini     where
359f50cd85cSPaolo Bonzini         Self::Target: IsA<U>,
360f50cd85cSPaolo Bonzini         Self: 'a,
361f50cd85cSPaolo Bonzini     {
362f50cd85cSPaolo Bonzini         // SAFETY: soundness is declared via IsA<U>, which is an unsafe trait
363f50cd85cSPaolo Bonzini         unsafe { self.unsafe_cast::<U>() }
364f50cd85cSPaolo Bonzini     }
365f50cd85cSPaolo Bonzini 
366f50cd85cSPaolo Bonzini     /// Attempt to convert to a derived type.
367f50cd85cSPaolo Bonzini     ///
368f50cd85cSPaolo Bonzini     /// Returns `None` if the object is not actually of type `U`. This is
369f50cd85cSPaolo Bonzini     /// verified at runtime by checking the object's type information.
370f50cd85cSPaolo Bonzini     fn downcast<'a, U: IsA<Self::Target>>(self) -> Option<&'a U>
371f50cd85cSPaolo Bonzini     where
372f50cd85cSPaolo Bonzini         Self: 'a,
373f50cd85cSPaolo Bonzini     {
374f50cd85cSPaolo Bonzini         self.dynamic_cast::<U>()
375f50cd85cSPaolo Bonzini     }
376f50cd85cSPaolo Bonzini 
377f50cd85cSPaolo Bonzini     /// Attempt to convert between any two types in the QOM hierarchy.
378f50cd85cSPaolo Bonzini     ///
379f50cd85cSPaolo Bonzini     /// Returns `None` if the object is not actually of type `U`. This is
380f50cd85cSPaolo Bonzini     /// verified at runtime by checking the object's type information.
381f50cd85cSPaolo Bonzini     fn dynamic_cast<'a, U: ObjectType>(self) -> Option<&'a U>
382f50cd85cSPaolo Bonzini     where
383f50cd85cSPaolo Bonzini         Self: 'a,
384f50cd85cSPaolo Bonzini     {
385f50cd85cSPaolo Bonzini         unsafe {
386f50cd85cSPaolo Bonzini             // SAFETY: upcasting to Object is always valid, and the
387f50cd85cSPaolo Bonzini             // return type is either NULL or the argument itself
388f50cd85cSPaolo Bonzini             let result: *const U =
389f50cd85cSPaolo Bonzini                 object_dynamic_cast(self.as_object_mut_ptr(), U::TYPE_NAME.as_ptr()).cast();
390f50cd85cSPaolo Bonzini 
391f50cd85cSPaolo Bonzini             result.as_ref()
392f50cd85cSPaolo Bonzini         }
393f50cd85cSPaolo Bonzini     }
394f50cd85cSPaolo Bonzini 
395f50cd85cSPaolo Bonzini     /// Convert to any QOM type without verification.
396f50cd85cSPaolo Bonzini     ///
397f50cd85cSPaolo Bonzini     /// # Safety
398f50cd85cSPaolo Bonzini     ///
399f50cd85cSPaolo Bonzini     /// What safety? You need to know yourself that the cast is correct; only
400f50cd85cSPaolo Bonzini     /// use when performance is paramount.  It is still better than a raw
401f50cd85cSPaolo Bonzini     /// pointer `cast()`, which does not even check that you remain in the
402f50cd85cSPaolo Bonzini     /// realm of QOM `ObjectType`s.
403f50cd85cSPaolo Bonzini     ///
404f50cd85cSPaolo Bonzini     /// `unsafe_cast::<Object>()` is always safe.
405f50cd85cSPaolo Bonzini     unsafe fn unsafe_cast<'a, U: ObjectType>(self) -> &'a U
406f50cd85cSPaolo Bonzini     where
407f50cd85cSPaolo Bonzini         Self: 'a,
408f50cd85cSPaolo Bonzini     {
409f50cd85cSPaolo Bonzini         unsafe { &*(self.as_ptr::<Self::Target>().cast::<U>()) }
410f50cd85cSPaolo Bonzini     }
411f50cd85cSPaolo Bonzini }
412f50cd85cSPaolo Bonzini 
413f50cd85cSPaolo Bonzini impl<T: ObjectType> ObjectDeref for &T {}
414f50cd85cSPaolo Bonzini impl<T: ObjectType> ObjectCast for &T {}
415f50cd85cSPaolo Bonzini 
416f50cd85cSPaolo Bonzini /// Trait for mutable type casting operations in the QOM hierarchy.
417f50cd85cSPaolo Bonzini ///
418f50cd85cSPaolo Bonzini /// This trait provides the mutable counterparts to [`ObjectCast`]'s conversion
419f50cd85cSPaolo Bonzini /// functions. Unlike `ObjectCast`, this trait returns `Result` for fallible
420f50cd85cSPaolo Bonzini /// conversions to preserve the original smart pointer if the cast fails. This
421f50cd85cSPaolo Bonzini /// is necessary because mutable references cannot be copied, so a failed cast
422f50cd85cSPaolo Bonzini /// must return ownership of the original reference. For example:
423f50cd85cSPaolo Bonzini ///
424f50cd85cSPaolo Bonzini /// ```ignore
425f50cd85cSPaolo Bonzini /// let mut dev = get_device();
426f50cd85cSPaolo Bonzini /// // If this fails, we need the original `dev` back to try something else
427f50cd85cSPaolo Bonzini /// match dev.dynamic_cast_mut::<FooDevice>() {
428f50cd85cSPaolo Bonzini ///    Ok(foodev) => /* use foodev */,
429f50cd85cSPaolo Bonzini ///    Err(dev) => /* still have ownership of dev */
430f50cd85cSPaolo Bonzini /// }
431f50cd85cSPaolo Bonzini /// ```
432f50cd85cSPaolo Bonzini pub trait ObjectCastMut: Sized + ObjectDeref + DerefMut
433f50cd85cSPaolo Bonzini where
434f50cd85cSPaolo Bonzini     Self::Target: ObjectType,
435f50cd85cSPaolo Bonzini {
436f50cd85cSPaolo Bonzini     /// Safely convert from a derived type to one of its parent types.
437f50cd85cSPaolo Bonzini     ///
438f50cd85cSPaolo Bonzini     /// This is always safe; the [`IsA`] trait provides static verification
439f50cd85cSPaolo Bonzini     /// that `Self` dereferences to `U` or a child of `U`.
440f50cd85cSPaolo Bonzini     fn upcast_mut<'a, U: ObjectType>(self) -> &'a mut U
441f50cd85cSPaolo Bonzini     where
442f50cd85cSPaolo Bonzini         Self::Target: IsA<U>,
443f50cd85cSPaolo Bonzini         Self: 'a,
444f50cd85cSPaolo Bonzini     {
445f50cd85cSPaolo Bonzini         // SAFETY: soundness is declared via IsA<U>, which is an unsafe trait
446f50cd85cSPaolo Bonzini         unsafe { self.unsafe_cast_mut::<U>() }
447f50cd85cSPaolo Bonzini     }
448f50cd85cSPaolo Bonzini 
449f50cd85cSPaolo Bonzini     /// Attempt to convert to a derived type.
450f50cd85cSPaolo Bonzini     ///
451f50cd85cSPaolo Bonzini     /// Returns `Ok(..)` if the object is of type `U`, or `Err(self)` if the
452f50cd85cSPaolo Bonzini     /// object if the conversion failed. This is verified at runtime by
453f50cd85cSPaolo Bonzini     /// checking the object's type information.
454f50cd85cSPaolo Bonzini     fn downcast_mut<'a, U: IsA<Self::Target>>(self) -> Result<&'a mut U, Self>
455f50cd85cSPaolo Bonzini     where
456f50cd85cSPaolo Bonzini         Self: 'a,
457f50cd85cSPaolo Bonzini     {
458f50cd85cSPaolo Bonzini         self.dynamic_cast_mut::<U>()
459f50cd85cSPaolo Bonzini     }
460f50cd85cSPaolo Bonzini 
461f50cd85cSPaolo Bonzini     /// Attempt to convert between any two types in the QOM hierarchy.
462f50cd85cSPaolo Bonzini     ///
463f50cd85cSPaolo Bonzini     /// Returns `Ok(..)` if the object is of type `U`, or `Err(self)` if the
464f50cd85cSPaolo Bonzini     /// object if the conversion failed. This is verified at runtime by
465f50cd85cSPaolo Bonzini     /// checking the object's type information.
466f50cd85cSPaolo Bonzini     fn dynamic_cast_mut<'a, U: ObjectType>(self) -> Result<&'a mut U, Self>
467f50cd85cSPaolo Bonzini     where
468f50cd85cSPaolo Bonzini         Self: 'a,
469f50cd85cSPaolo Bonzini     {
470f50cd85cSPaolo Bonzini         unsafe {
471f50cd85cSPaolo Bonzini             // SAFETY: upcasting to Object is always valid, and the
472f50cd85cSPaolo Bonzini             // return type is either NULL or the argument itself
473f50cd85cSPaolo Bonzini             let result: *mut U =
474f50cd85cSPaolo Bonzini                 object_dynamic_cast(self.as_object_mut_ptr(), U::TYPE_NAME.as_ptr()).cast();
475f50cd85cSPaolo Bonzini 
476f50cd85cSPaolo Bonzini             result.as_mut().ok_or(self)
477f50cd85cSPaolo Bonzini         }
478f50cd85cSPaolo Bonzini     }
479f50cd85cSPaolo Bonzini 
480f50cd85cSPaolo Bonzini     /// Convert to any QOM type without verification.
481f50cd85cSPaolo Bonzini     ///
482f50cd85cSPaolo Bonzini     /// # Safety
483f50cd85cSPaolo Bonzini     ///
484f50cd85cSPaolo Bonzini     /// What safety? You need to know yourself that the cast is correct; only
485f50cd85cSPaolo Bonzini     /// use when performance is paramount.  It is still better than a raw
486f50cd85cSPaolo Bonzini     /// pointer `cast()`, which does not even check that you remain in the
487f50cd85cSPaolo Bonzini     /// realm of QOM `ObjectType`s.
488f50cd85cSPaolo Bonzini     ///
489f50cd85cSPaolo Bonzini     /// `unsafe_cast::<Object>()` is always safe.
490f50cd85cSPaolo Bonzini     unsafe fn unsafe_cast_mut<'a, U: ObjectType>(self) -> &'a mut U
491f50cd85cSPaolo Bonzini     where
492f50cd85cSPaolo Bonzini         Self: 'a,
493f50cd85cSPaolo Bonzini     {
494f50cd85cSPaolo Bonzini         unsafe { &mut *self.as_mut_ptr::<Self::Target>().cast::<U>() }
495f50cd85cSPaolo Bonzini     }
496f50cd85cSPaolo Bonzini }
497f50cd85cSPaolo Bonzini 
498f50cd85cSPaolo Bonzini impl<T: ObjectType> ObjectDeref for &mut T {}
499f50cd85cSPaolo Bonzini impl<T: ObjectType> ObjectCastMut for &mut T {}
500f50cd85cSPaolo Bonzini 
5017bd8e3efSPaolo Bonzini /// Trait a type must implement to be registered with QEMU.
502*4551f342SPaolo Bonzini pub trait ObjectImpl: ObjectType + IsA<Object> {
503ca0d60a6SPaolo Bonzini     /// The parent of the type.  This should match the first field of the
504ca0d60a6SPaolo Bonzini     /// struct that implements `ObjectImpl`, minus the `ParentField<_>` wrapper.
505166e8a1fSPaolo Bonzini     type ParentType: ObjectType;
5061f9d52c9SPaolo Bonzini 
5071f9d52c9SPaolo Bonzini     /// Whether the object can be instantiated
508b2a48545SPaolo Bonzini     const ABSTRACT: bool = false;
5093701fb22SPaolo Bonzini 
5101f9d52c9SPaolo Bonzini     /// Function that is called to initialize an object.  The parent class will
5111f9d52c9SPaolo Bonzini     /// have already been initialized so the type is only responsible for
5121f9d52c9SPaolo Bonzini     /// initializing its own members.
5131f9d52c9SPaolo Bonzini     ///
5141f9d52c9SPaolo Bonzini     /// FIXME: The argument is not really a valid reference. `&mut
5151f9d52c9SPaolo Bonzini     /// MaybeUninit<Self>` would be a better description.
5161f9d52c9SPaolo Bonzini     const INSTANCE_INIT: Option<unsafe fn(&mut Self)> = None;
5171f9d52c9SPaolo Bonzini 
5181f9d52c9SPaolo Bonzini     /// Function that is called to finish initialization of an object, once
5191f9d52c9SPaolo Bonzini     /// `INSTANCE_INIT` functions have been called.
52022a18f0aSPaolo Bonzini     const INSTANCE_POST_INIT: Option<fn(&Self)> = None;
5211f9d52c9SPaolo Bonzini 
5226dd818fbSPaolo Bonzini     /// Called on descendent classes after all parent class initialization
5236dd818fbSPaolo Bonzini     /// has occurred, but before the class itself is initialized.  This
5246dd818fbSPaolo Bonzini     /// is only useful if a class is not a leaf, and can be used to undo
5256dd818fbSPaolo Bonzini     /// the effects of copying the contents of the parent's class struct
5266dd818fbSPaolo Bonzini     /// to the descendants.
5276dd818fbSPaolo Bonzini     const CLASS_BASE_INIT: Option<
5286dd818fbSPaolo Bonzini         unsafe extern "C" fn(klass: *mut ObjectClass, data: *mut c_void),
5296dd818fbSPaolo Bonzini     > = None;
5306dd818fbSPaolo Bonzini 
5313701fb22SPaolo Bonzini     const TYPE_INFO: TypeInfo = TypeInfo {
5323701fb22SPaolo Bonzini         name: Self::TYPE_NAME.as_ptr(),
533166e8a1fSPaolo Bonzini         parent: Self::ParentType::TYPE_NAME.as_ptr(),
5343701fb22SPaolo Bonzini         instance_size: core::mem::size_of::<Self>(),
5353701fb22SPaolo Bonzini         instance_align: core::mem::align_of::<Self>(),
5361f9d52c9SPaolo Bonzini         instance_init: match Self::INSTANCE_INIT {
5371f9d52c9SPaolo Bonzini             None => None,
5381f9d52c9SPaolo Bonzini             Some(_) => Some(rust_instance_init::<Self>),
5391f9d52c9SPaolo Bonzini         },
5401f9d52c9SPaolo Bonzini         instance_post_init: match Self::INSTANCE_POST_INIT {
5411f9d52c9SPaolo Bonzini             None => None,
5421f9d52c9SPaolo Bonzini             Some(_) => Some(rust_instance_post_init::<Self>),
5431f9d52c9SPaolo Bonzini         },
54433aa6605SPaolo Bonzini         instance_finalize: Some(drop_object::<Self>),
5453701fb22SPaolo Bonzini         abstract_: Self::ABSTRACT,
5463701fb22SPaolo Bonzini         class_size: core::mem::size_of::<Self::Class>(),
5476dd818fbSPaolo Bonzini         class_init: Some(rust_class_init::<Self>),
5486dd818fbSPaolo Bonzini         class_base_init: Self::CLASS_BASE_INIT,
5493701fb22SPaolo Bonzini         class_data: core::ptr::null_mut(),
5503701fb22SPaolo Bonzini         interfaces: core::ptr::null_mut(),
5513701fb22SPaolo Bonzini     };
552cb36da9bSPaolo Bonzini 
553cb36da9bSPaolo Bonzini     // methods on ObjectClass
554cb36da9bSPaolo Bonzini     const UNPARENT: Option<fn(&Self)> = None;
555*4551f342SPaolo Bonzini 
556*4551f342SPaolo Bonzini     /// Store into the argument the virtual method implementations
557*4551f342SPaolo Bonzini     /// for `Self`.  On entry, the virtual method pointers are set to
558*4551f342SPaolo Bonzini     /// the default values coming from the parent classes; the function
559*4551f342SPaolo Bonzini     /// can change them to override virtual methods of a parent class.
560*4551f342SPaolo Bonzini     ///
561*4551f342SPaolo Bonzini     /// Usually defined as `<Self as ClassInitImpl<Self::Class>::class_init`.
562*4551f342SPaolo Bonzini     const CLASS_INIT: fn(&mut Self::Class);
5635a5110d2SManos Pitsidianakis }
5645a5110d2SManos Pitsidianakis 
5656dd818fbSPaolo Bonzini /// Internal trait used to automatically fill in a class struct.
56693ea0896SPaolo Bonzini ///
56793ea0896SPaolo Bonzini /// Each QOM class that has virtual methods describes them in a
56893ea0896SPaolo Bonzini /// _class struct_.  Class structs include a parent field corresponding
56993ea0896SPaolo Bonzini /// to the vtable of the parent class, all the way up to [`ObjectClass`].
5706dd818fbSPaolo Bonzini /// Each QOM type has one such class struct; this trait takes care of
5716dd818fbSPaolo Bonzini /// initializing the `T` part of the class struct, for the type that
5726dd818fbSPaolo Bonzini /// implements the trait.
57393ea0896SPaolo Bonzini ///
5746dd818fbSPaolo Bonzini /// Each struct will implement this trait with `T` equal to each
5756dd818fbSPaolo Bonzini /// superclass.  For example, a device should implement at least
576716d89f9SPaolo Bonzini /// `ClassInitImpl<`[`DeviceClass`](crate::qdev::DeviceClass)`>` and
577716d89f9SPaolo Bonzini /// `ClassInitImpl<`[`ObjectClass`]`>`.  Such implementations are made
578716d89f9SPaolo Bonzini /// in one of two ways.
5796dd818fbSPaolo Bonzini ///
5806dd818fbSPaolo Bonzini /// For most superclasses, `ClassInitImpl` is provided by the `qemu-api`
5816dd818fbSPaolo Bonzini /// crate itself.  The Rust implementation of methods will come from a
5824aed0296SPaolo Bonzini /// trait like [`ObjectImpl`] or [`DeviceImpl`](crate::qdev::DeviceImpl),
5834aed0296SPaolo Bonzini /// and `ClassInitImpl` is provided by blanket implementations that
5844aed0296SPaolo Bonzini /// operate on all implementors of the `*Impl`* trait.  For example:
5856dd818fbSPaolo Bonzini ///
5866dd818fbSPaolo Bonzini /// ```ignore
5876dd818fbSPaolo Bonzini /// impl<T> ClassInitImpl<DeviceClass> for T
5886dd818fbSPaolo Bonzini /// where
589cb36da9bSPaolo Bonzini ///     T: ClassInitImpl<ObjectClass> + DeviceImpl,
5906dd818fbSPaolo Bonzini /// ```
5916dd818fbSPaolo Bonzini ///
592cb36da9bSPaolo Bonzini /// The bound on `ClassInitImpl<ObjectClass>` is needed so that,
593cb36da9bSPaolo Bonzini /// after initializing the `DeviceClass` part of the class struct,
594cb36da9bSPaolo Bonzini /// the parent [`ObjectClass`] is initialized as well.
595cb36da9bSPaolo Bonzini ///
5966dd818fbSPaolo Bonzini /// The other case is when manual implementation of the trait is needed.
5976dd818fbSPaolo Bonzini /// This covers the following cases:
5986dd818fbSPaolo Bonzini ///
5996dd818fbSPaolo Bonzini /// * if a class implements a QOM interface, the Rust code _has_ to define its
6006dd818fbSPaolo Bonzini ///   own class struct `FooClass` and implement `ClassInitImpl<FooClass>`.
6016dd818fbSPaolo Bonzini ///   `ClassInitImpl<FooClass>`'s `class_init` method will then forward to
6026dd818fbSPaolo Bonzini ///   multiple other `class_init`s, for the interfaces as well as the
6036dd818fbSPaolo Bonzini ///   superclass. (Note that there is no Rust example yet for using interfaces).
6046dd818fbSPaolo Bonzini ///
6056dd818fbSPaolo Bonzini /// * for classes implemented outside the ``qemu-api`` crate, it's not possible
6066dd818fbSPaolo Bonzini ///   to add blanket implementations like the above one, due to orphan rules. In
6076dd818fbSPaolo Bonzini ///   that case, the easiest solution is to implement
6086dd818fbSPaolo Bonzini ///   `ClassInitImpl<YourSuperclass>` for each subclass and not have a
6096dd818fbSPaolo Bonzini ///   `YourSuperclassImpl` trait at all.
6106dd818fbSPaolo Bonzini ///
6116dd818fbSPaolo Bonzini /// ```ignore
6126dd818fbSPaolo Bonzini /// impl ClassInitImpl<YourSuperclass> for YourSubclass {
6136dd818fbSPaolo Bonzini ///     fn class_init(klass: &mut YourSuperclass) {
6146dd818fbSPaolo Bonzini ///         klass.some_method = Some(Self::some_method);
6156dd818fbSPaolo Bonzini ///         <Self as ClassInitImpl<SysBusDeviceClass>>::class_init(&mut klass.parent_class);
6166dd818fbSPaolo Bonzini ///     }
6176dd818fbSPaolo Bonzini /// }
6186dd818fbSPaolo Bonzini /// ```
6196dd818fbSPaolo Bonzini ///
6206dd818fbSPaolo Bonzini ///   While this method incurs a small amount of code duplication,
6216dd818fbSPaolo Bonzini ///   it is generally limited to the recursive call on the last line.
6226dd818fbSPaolo Bonzini ///   This is because classes defined in Rust do not need the same
6236dd818fbSPaolo Bonzini ///   glue code that is needed when the classes are defined in C code.
6246dd818fbSPaolo Bonzini ///   You may consider using a macro if you have many subclasses.
6256dd818fbSPaolo Bonzini pub trait ClassInitImpl<T> {
6266dd818fbSPaolo Bonzini     /// Initialize `klass` to point to the virtual method implementations
6276dd818fbSPaolo Bonzini     /// for `Self`.  On entry, the virtual method pointers are set to
62893ea0896SPaolo Bonzini     /// the default values coming from the parent classes; the function
62993ea0896SPaolo Bonzini     /// can change them to override virtual methods of a parent class.
6306dd818fbSPaolo Bonzini     ///
6316dd818fbSPaolo Bonzini     /// The virtual method implementations usually come from another
6324aed0296SPaolo Bonzini     /// trait, for example [`DeviceImpl`](crate::qdev::DeviceImpl)
633716d89f9SPaolo Bonzini     /// when `T` is [`DeviceClass`](crate::qdev::DeviceClass).
6346dd818fbSPaolo Bonzini     ///
6356dd818fbSPaolo Bonzini     /// On entry, `klass`'s parent class is initialized, while the other fields
6366dd818fbSPaolo Bonzini     /// are all zero; it is therefore assumed that all fields in `T` can be
6376dd818fbSPaolo Bonzini     /// zeroed, otherwise it would not be possible to provide the class as a
6386dd818fbSPaolo Bonzini     /// `&mut T`.  TODO: add a bound of [`Zeroable`](crate::zeroable::Zeroable)
6396dd818fbSPaolo Bonzini     /// to T; this is more easily done once Zeroable does not require a manual
6406dd818fbSPaolo Bonzini     /// implementation (Rust 1.75.0).
6416dd818fbSPaolo Bonzini     fn class_init(klass: &mut T);
6425a5110d2SManos Pitsidianakis }
6435a5110d2SManos Pitsidianakis 
644cb36da9bSPaolo Bonzini /// # Safety
645cb36da9bSPaolo Bonzini ///
646cb36da9bSPaolo Bonzini /// We expect the FFI user of this function to pass a valid pointer that
647cb36da9bSPaolo Bonzini /// can be downcasted to type `T`. We also expect the device is
648cb36da9bSPaolo Bonzini /// readable/writeable from one thread at any time.
649cb36da9bSPaolo Bonzini unsafe extern "C" fn rust_unparent_fn<T: ObjectImpl>(dev: *mut Object) {
6507d052039SPaolo Bonzini     let state = NonNull::new(dev).unwrap().cast::<T>();
6517d052039SPaolo Bonzini     T::UNPARENT.unwrap()(unsafe { state.as_ref() });
652cb36da9bSPaolo Bonzini }
653cb36da9bSPaolo Bonzini 
654cb36da9bSPaolo Bonzini impl<T> ClassInitImpl<ObjectClass> for T
655cb36da9bSPaolo Bonzini where
656cb36da9bSPaolo Bonzini     T: ObjectImpl,
657cb36da9bSPaolo Bonzini {
658cb36da9bSPaolo Bonzini     fn class_init(oc: &mut ObjectClass) {
659cb36da9bSPaolo Bonzini         if <T as ObjectImpl>::UNPARENT.is_some() {
660cb36da9bSPaolo Bonzini             oc.unparent = Some(rust_unparent_fn::<T>);
661cb36da9bSPaolo Bonzini         }
662cb36da9bSPaolo Bonzini     }
663cb36da9bSPaolo Bonzini }
664cb36da9bSPaolo Bonzini 
665cb36da9bSPaolo Bonzini unsafe impl ObjectType for Object {
666cb36da9bSPaolo Bonzini     type Class = ObjectClass;
667cb36da9bSPaolo Bonzini     const TYPE_NAME: &'static CStr =
668cb36da9bSPaolo Bonzini         unsafe { CStr::from_bytes_with_nul_unchecked(bindings::TYPE_OBJECT) };
669cb36da9bSPaolo Bonzini }
670ba3b81f3SPaolo Bonzini 
6710fcccf3fSPaolo Bonzini /// A reference-counted pointer to a QOM object.
6720fcccf3fSPaolo Bonzini ///
6730fcccf3fSPaolo Bonzini /// `Owned<T>` wraps `T` with automatic reference counting.  It increases the
6740fcccf3fSPaolo Bonzini /// reference count when created via [`Owned::from`] or cloned, and decreases
6750fcccf3fSPaolo Bonzini /// it when dropped.  This ensures that the reference count remains elevated
6760fcccf3fSPaolo Bonzini /// as long as any `Owned<T>` references to it exist.
6770fcccf3fSPaolo Bonzini ///
6780fcccf3fSPaolo Bonzini /// `Owned<T>` can be used for two reasons:
6790fcccf3fSPaolo Bonzini /// * because the lifetime of the QOM object is unknown and someone else could
6800fcccf3fSPaolo Bonzini ///   take a reference (similar to `Arc<T>`, for example): in this case, the
6810fcccf3fSPaolo Bonzini ///   object can escape and outlive the Rust struct that contains the `Owned<T>`
6820fcccf3fSPaolo Bonzini ///   field;
6830fcccf3fSPaolo Bonzini ///
6840fcccf3fSPaolo Bonzini /// * to ensure that the object stays alive until after `Drop::drop` is called
6850fcccf3fSPaolo Bonzini ///   on the Rust struct: in this case, the object will always die together with
6860fcccf3fSPaolo Bonzini ///   the Rust struct that contains the `Owned<T>` field.
6870fcccf3fSPaolo Bonzini ///
6880fcccf3fSPaolo Bonzini /// Child properties are an example of the second case: in C, an object that
6890fcccf3fSPaolo Bonzini /// is created with `object_initialize_child` will die *before*
6900fcccf3fSPaolo Bonzini /// `instance_finalize` is called, whereas Rust expects the struct to have valid
6910fcccf3fSPaolo Bonzini /// contents when `Drop::drop` is called.  Therefore Rust structs that have
6920fcccf3fSPaolo Bonzini /// child properties need to keep a reference to the child object.  Right now
6930fcccf3fSPaolo Bonzini /// this can be done with `Owned<T>`; in the future one might have a separate
6940fcccf3fSPaolo Bonzini /// `Child<'parent, T>` smart pointer that keeps a reference to a `T`, like
6950fcccf3fSPaolo Bonzini /// `Owned`, but does not allow cloning.
6960fcccf3fSPaolo Bonzini ///
6970fcccf3fSPaolo Bonzini /// Note that dropping an `Owned<T>` requires the big QEMU lock to be taken.
6980fcccf3fSPaolo Bonzini #[repr(transparent)]
6990fcccf3fSPaolo Bonzini #[derive(PartialEq, Eq, Hash, PartialOrd, Ord)]
7000fcccf3fSPaolo Bonzini pub struct Owned<T: ObjectType>(NonNull<T>);
7010fcccf3fSPaolo Bonzini 
7020fcccf3fSPaolo Bonzini // The following rationale for safety is taken from Linux's kernel::sync::Arc.
7030fcccf3fSPaolo Bonzini 
7040fcccf3fSPaolo Bonzini // SAFETY: It is safe to send `Owned<T>` to another thread when the underlying
7050fcccf3fSPaolo Bonzini // `T` is `Sync` because it effectively means sharing `&T` (which is safe
7060fcccf3fSPaolo Bonzini // because `T` is `Sync`); additionally, it needs `T` to be `Send` because any
7070fcccf3fSPaolo Bonzini // thread that has an `Owned<T>` may ultimately access `T` using a
7080fcccf3fSPaolo Bonzini // mutable reference when the reference count reaches zero and `T` is dropped.
7090fcccf3fSPaolo Bonzini unsafe impl<T: ObjectType + Send + Sync> Send for Owned<T> {}
7100fcccf3fSPaolo Bonzini 
7110fcccf3fSPaolo Bonzini // SAFETY: It is safe to send `&Owned<T>` to another thread when the underlying
7120fcccf3fSPaolo Bonzini // `T` is `Sync` because it effectively means sharing `&T` (which is safe
7130fcccf3fSPaolo Bonzini // because `T` is `Sync`); additionally, it needs `T` to be `Send` because any
7140fcccf3fSPaolo Bonzini // thread that has a `&Owned<T>` may clone it and get an `Owned<T>` on that
7150fcccf3fSPaolo Bonzini // thread, so the thread may ultimately access `T` using a mutable reference
7160fcccf3fSPaolo Bonzini // when the reference count reaches zero and `T` is dropped.
7170fcccf3fSPaolo Bonzini unsafe impl<T: ObjectType + Sync + Send> Sync for Owned<T> {}
7180fcccf3fSPaolo Bonzini 
7190fcccf3fSPaolo Bonzini impl<T: ObjectType> Owned<T> {
7200fcccf3fSPaolo Bonzini     /// Convert a raw C pointer into an owned reference to the QOM
7210fcccf3fSPaolo Bonzini     /// object it points to.  The object's reference count will be
7220fcccf3fSPaolo Bonzini     /// decreased when the `Owned` is dropped.
7230fcccf3fSPaolo Bonzini     ///
7240fcccf3fSPaolo Bonzini     /// # Panics
7250fcccf3fSPaolo Bonzini     ///
7260fcccf3fSPaolo Bonzini     /// Panics if `ptr` is NULL.
7270fcccf3fSPaolo Bonzini     ///
7280fcccf3fSPaolo Bonzini     /// # Safety
7290fcccf3fSPaolo Bonzini     ///
7300fcccf3fSPaolo Bonzini     /// The caller must indeed own a reference to the QOM object.
7310fcccf3fSPaolo Bonzini     /// The object must not be embedded in another unless the outer
7320fcccf3fSPaolo Bonzini     /// object is guaranteed to have a longer lifetime.
7330fcccf3fSPaolo Bonzini     ///
7340fcccf3fSPaolo Bonzini     /// A raw pointer obtained via [`Owned::into_raw()`] can always be passed
7350fcccf3fSPaolo Bonzini     /// back to `from_raw()` (assuming the original `Owned` was valid!),
7360fcccf3fSPaolo Bonzini     /// since the owned reference remains there between the calls to
7370fcccf3fSPaolo Bonzini     /// `into_raw()` and `from_raw()`.
7380fcccf3fSPaolo Bonzini     pub unsafe fn from_raw(ptr: *const T) -> Self {
7390fcccf3fSPaolo Bonzini         // SAFETY NOTE: while NonNull requires a mutable pointer, only
7400fcccf3fSPaolo Bonzini         // Deref is implemented so the pointer passed to from_raw
7410fcccf3fSPaolo Bonzini         // remains const
7420fcccf3fSPaolo Bonzini         Owned(NonNull::new(ptr as *mut T).unwrap())
7430fcccf3fSPaolo Bonzini     }
7440fcccf3fSPaolo Bonzini 
7450fcccf3fSPaolo Bonzini     /// Obtain a raw C pointer from a reference.  `src` is consumed
7460fcccf3fSPaolo Bonzini     /// and the reference is leaked.
7470fcccf3fSPaolo Bonzini     #[allow(clippy::missing_const_for_fn)]
7480fcccf3fSPaolo Bonzini     pub fn into_raw(src: Owned<T>) -> *mut T {
7490fcccf3fSPaolo Bonzini         let src = ManuallyDrop::new(src);
7500fcccf3fSPaolo Bonzini         src.0.as_ptr()
7510fcccf3fSPaolo Bonzini     }
7520fcccf3fSPaolo Bonzini 
7530fcccf3fSPaolo Bonzini     /// Increase the reference count of a QOM object and return
7540fcccf3fSPaolo Bonzini     /// a new owned reference to it.
7550fcccf3fSPaolo Bonzini     ///
7560fcccf3fSPaolo Bonzini     /// # Safety
7570fcccf3fSPaolo Bonzini     ///
7580fcccf3fSPaolo Bonzini     /// The object must not be embedded in another, unless the outer
7590fcccf3fSPaolo Bonzini     /// object is guaranteed to have a longer lifetime.
7600fcccf3fSPaolo Bonzini     pub unsafe fn from(obj: &T) -> Self {
7610fcccf3fSPaolo Bonzini         unsafe {
7620fcccf3fSPaolo Bonzini             object_ref(obj.as_object_mut_ptr().cast::<c_void>());
7630fcccf3fSPaolo Bonzini 
7640fcccf3fSPaolo Bonzini             // SAFETY NOTE: while NonNull requires a mutable pointer, only
7650fcccf3fSPaolo Bonzini             // Deref is implemented so the reference passed to from_raw
7660fcccf3fSPaolo Bonzini             // remains shared
7670fcccf3fSPaolo Bonzini             Owned(NonNull::new_unchecked(obj.as_mut_ptr()))
7680fcccf3fSPaolo Bonzini         }
7690fcccf3fSPaolo Bonzini     }
7700fcccf3fSPaolo Bonzini }
7710fcccf3fSPaolo Bonzini 
7720fcccf3fSPaolo Bonzini impl<T: ObjectType> Clone for Owned<T> {
7730fcccf3fSPaolo Bonzini     fn clone(&self) -> Self {
7740fcccf3fSPaolo Bonzini         // SAFETY: creation method is unsafe; whoever calls it has
7750fcccf3fSPaolo Bonzini         // responsibility that the pointer is valid, and remains valid
7760fcccf3fSPaolo Bonzini         // throughout the lifetime of the `Owned<T>` and its clones.
7770fcccf3fSPaolo Bonzini         unsafe { Owned::from(self.deref()) }
7780fcccf3fSPaolo Bonzini     }
7790fcccf3fSPaolo Bonzini }
7800fcccf3fSPaolo Bonzini 
7810fcccf3fSPaolo Bonzini impl<T: ObjectType> Deref for Owned<T> {
7820fcccf3fSPaolo Bonzini     type Target = T;
7830fcccf3fSPaolo Bonzini 
7840fcccf3fSPaolo Bonzini     fn deref(&self) -> &Self::Target {
7850fcccf3fSPaolo Bonzini         // SAFETY: creation method is unsafe; whoever calls it has
7860fcccf3fSPaolo Bonzini         // responsibility that the pointer is valid, and remains valid
7870fcccf3fSPaolo Bonzini         // throughout the lifetime of the `Owned<T>` and its clones.
7880fcccf3fSPaolo Bonzini         // With that guarantee, reference counting ensures that
7890fcccf3fSPaolo Bonzini         // the object remains alive.
7900fcccf3fSPaolo Bonzini         unsafe { &*self.0.as_ptr() }
7910fcccf3fSPaolo Bonzini     }
7920fcccf3fSPaolo Bonzini }
7930fcccf3fSPaolo Bonzini impl<T: ObjectType> ObjectDeref for Owned<T> {}
7940fcccf3fSPaolo Bonzini 
7950fcccf3fSPaolo Bonzini impl<T: ObjectType> Drop for Owned<T> {
7960fcccf3fSPaolo Bonzini     fn drop(&mut self) {
7970fcccf3fSPaolo Bonzini         assert!(bql_locked());
7980fcccf3fSPaolo Bonzini         // SAFETY: creation method is unsafe, and whoever calls it has
7990fcccf3fSPaolo Bonzini         // responsibility that the pointer is valid, and remains valid
8000fcccf3fSPaolo Bonzini         // throughout the lifetime of the `Owned<T>` and its clones.
8010fcccf3fSPaolo Bonzini         unsafe {
8020fcccf3fSPaolo Bonzini             object_unref(self.as_object_mut_ptr().cast::<c_void>());
8030fcccf3fSPaolo Bonzini         }
8040fcccf3fSPaolo Bonzini     }
8050fcccf3fSPaolo Bonzini }
8060fcccf3fSPaolo Bonzini 
8070fcccf3fSPaolo Bonzini impl<T: IsA<Object>> fmt::Debug for Owned<T> {
8080fcccf3fSPaolo Bonzini     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
8090fcccf3fSPaolo Bonzini         self.deref().debug_fmt(f)
8100fcccf3fSPaolo Bonzini     }
8110fcccf3fSPaolo Bonzini }
8120fcccf3fSPaolo Bonzini 
813ec3eba98SPaolo Bonzini /// Trait for class methods exposed by the Object class.  The methods can be
814ec3eba98SPaolo Bonzini /// called on all objects that have the trait `IsA<Object>`.
815ec3eba98SPaolo Bonzini ///
816ec3eba98SPaolo Bonzini /// The trait should only be used through the blanket implementation,
817ec3eba98SPaolo Bonzini /// which guarantees safety via `IsA`
818ec3eba98SPaolo Bonzini pub trait ObjectClassMethods: IsA<Object> {
819ec3eba98SPaolo Bonzini     /// Return a new reference counted instance of this class
820ec3eba98SPaolo Bonzini     fn new() -> Owned<Self> {
821ec3eba98SPaolo Bonzini         assert!(bql_locked());
822ec3eba98SPaolo Bonzini         // SAFETY: the object created by object_new is allocated on
823ec3eba98SPaolo Bonzini         // the heap and has a reference count of 1
824ec3eba98SPaolo Bonzini         unsafe {
825ec3eba98SPaolo Bonzini             let obj = &*object_new(Self::TYPE_NAME.as_ptr());
826ec3eba98SPaolo Bonzini             Owned::from_raw(obj.unsafe_cast::<Self>())
827ec3eba98SPaolo Bonzini         }
828ec3eba98SPaolo Bonzini     }
829ec3eba98SPaolo Bonzini }
830ec3eba98SPaolo Bonzini 
831ba3b81f3SPaolo Bonzini /// Trait for methods exposed by the Object class.  The methods can be
832ba3b81f3SPaolo Bonzini /// called on all objects that have the trait `IsA<Object>`.
833ba3b81f3SPaolo Bonzini ///
834ba3b81f3SPaolo Bonzini /// The trait should only be used through the blanket implementation,
835ba3b81f3SPaolo Bonzini /// which guarantees safety via `IsA`
836ba3b81f3SPaolo Bonzini pub trait ObjectMethods: ObjectDeref
837ba3b81f3SPaolo Bonzini where
838ba3b81f3SPaolo Bonzini     Self::Target: IsA<Object>,
839ba3b81f3SPaolo Bonzini {
840ba3b81f3SPaolo Bonzini     /// Return the name of the type of `self`
841ba3b81f3SPaolo Bonzini     fn typename(&self) -> std::borrow::Cow<'_, str> {
842ba3b81f3SPaolo Bonzini         let obj = self.upcast::<Object>();
843ba3b81f3SPaolo Bonzini         // SAFETY: safety of this is the requirement for implementing IsA
844ba3b81f3SPaolo Bonzini         // The result of the C API has static lifetime
845ba3b81f3SPaolo Bonzini         unsafe {
846ba3b81f3SPaolo Bonzini             let p = object_get_typename(obj.as_mut_ptr());
847ba3b81f3SPaolo Bonzini             CStr::from_ptr(p).to_string_lossy()
848ba3b81f3SPaolo Bonzini         }
849ba3b81f3SPaolo Bonzini     }
850ba3b81f3SPaolo Bonzini 
851ba3b81f3SPaolo Bonzini     fn get_class(&self) -> &'static <Self::Target as ObjectType>::Class {
852ba3b81f3SPaolo Bonzini         let obj = self.upcast::<Object>();
853ba3b81f3SPaolo Bonzini 
854ba3b81f3SPaolo Bonzini         // SAFETY: all objects can call object_get_class; the actual class
855ba3b81f3SPaolo Bonzini         // type is guaranteed by the implementation of `ObjectType` and
856ba3b81f3SPaolo Bonzini         // `ObjectImpl`.
857ba3b81f3SPaolo Bonzini         let klass: &'static <Self::Target as ObjectType>::Class =
858ba3b81f3SPaolo Bonzini             unsafe { &*object_get_class(obj.as_mut_ptr()).cast() };
859ba3b81f3SPaolo Bonzini 
860ba3b81f3SPaolo Bonzini         klass
861ba3b81f3SPaolo Bonzini     }
8620fcccf3fSPaolo Bonzini 
8630fcccf3fSPaolo Bonzini     /// Convenience function for implementing the Debug trait
8640fcccf3fSPaolo Bonzini     fn debug_fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
8650fcccf3fSPaolo Bonzini         f.debug_tuple(&self.typename())
8660fcccf3fSPaolo Bonzini             .field(&(self as *const Self))
8670fcccf3fSPaolo Bonzini             .finish()
8680fcccf3fSPaolo Bonzini     }
869ba3b81f3SPaolo Bonzini }
870ba3b81f3SPaolo Bonzini 
871ec3eba98SPaolo Bonzini impl<T> ObjectClassMethods for T where T: IsA<Object> {}
872ba3b81f3SPaolo Bonzini impl<R: ObjectDeref> ObjectMethods for R where R::Target: IsA<Object> {}
873