8000 kernel: debug panic: Use Capabilities instead of `unsafe` by bradjc · Pull Request #4479 · tock/tock · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

kernel: debug panic: Use Capabilities instead of unsafe #4479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

kernel: debug panic: Use Capabilities instead of unsafe #4479

wants to merge 5 commits into from

Conversation

bradjc
Copy link
Contributor
@bradjc bradjc commented Jun 23, 2025

Pull Request Overview

This is a step towards enabling the lint missing_safety_doc (https://rust-lang.github.io/rust-clippy/master/#/missing_safety_doc).

One place we have undocumented unsafe APIs in the kernel is in debug, particularly for the panic helpers. It seems to me that these are unsafe because we don't want capsules to call them, not because we are signaling that there are Rust invariants that must be considered before calling them.

This adds a DebugCapability capability and switches the debug panic APIs from unsafe to using the capability. This propagates into chips and arch. Again, I don't know if specifying print_state as unsafe was intentional or just propagated the unsafe.

Draft because switching to capabilities may not be the way to go. However, having this PR I think is still helpful because we should either switch to capabilities or document the unsafe expectations.

Testing Strategy

draft

TODO or Help Wanted

  • Do you agree that capabilities are more appropriate for the panic debug APIs?
  • Can you help write the safety doc for arch/cortex-m/src/lib.rs::print_cortexm_state?
  • Is the safety doc for debug::flush() correct?

Documentation Updated

  • Updated the relevant files in /docs, or no updates are required.

Formatting

  • Ran make prepush.

@github-actions github-actions bot added kernel nrf Change pertains to the nRF5x family of MCUs. labels Jun 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kernel nrf Change pertains to the nRF5x family of MCUs.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bradjc
0