From 281b625832d8f2dfa0fad85ec293e1672d976cf3 Mon Sep 17 00:00:00 2001 From: Petros Angelatos Date: Tue, 7 Mar 2023 22:36:12 +0100 Subject: [PATCH] publicly expose the capability module The `CapabilityTrait` trait is part of the public API of `timely` (e.g `OutputHandle::session` expects one, but the trait itself is not publicly accessible. This is because implementing this trait would circumvent the safety properties of capabilities. However, not exposing it also prevents safe wrapping of handles to provide additional functionality on top of them. This PR offers a solution by making the `capability` module public and using the [sealed trait pattern](https://rust-lang.github.io/api-guidelines/future-proofing.html) to prevent any foreign crate from implementing `CapabilityTrait`. Signed-off-by: Petros Angelatos --- timely/src/dataflow/operators/capability.rs | 15 ++++++++++++++- timely/src/dataflow/operators/mod.rs | 3 +-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/timely/src/dataflow/operators/capability.rs b/timely/src/dataflow/operators/capability.rs index 5caa9bce8..72c872350 100644 --- a/timely/src/dataflow/operators/capability.rs +++ b/timely/src/dataflow/operators/capability.rs @@ -34,9 +34,10 @@ use crate::scheduling::Activations; use crate::dataflow::channels::pullers::counter::ConsumedGuard; /// An internal trait expressing the capability to send messages with a given timestamp. -pub trait CapabilityTrait { +pub trait CapabilityTrait: private::Sealed { /// The timestamp associated with the capability. fn time(&self) -> &T; + /// Checks if this capability is valid for the output port associated with `query_buffer` fn valid_for_output(&self, query_buffer: &Rc>>) -> bool; } @@ -53,6 +54,18 @@ impl<'a, T: Timestamp, C: CapabilityTrait> CapabilityTrait for &'a mut C { } } +mod private { + use crate::progress::Timestamp; + + pub trait Sealed {} + + impl<'a, C: Sealed> Sealed for &'a C { } + impl<'a, C: Sealed> Sealed for &'a mut C { } + impl Sealed for super::Capability { } + impl Sealed for super::InputCapability { } + impl Sealed for super::ActivateCapability { } +} + /// The capability to send data with a certain timestamp on a dataflow edge. /// /// Capabilities are used by timely dataflow's progress tracking machinery to restrict and track diff --git a/timely/src/dataflow/operators/mod.rs b/timely/src/dataflow/operators/mod.rs index 508d10ac6..a8c00c401 100644 --- a/timely/src/dataflow/operators/mod.rs +++ b/timely/src/dataflow/operators/mod.rs @@ -60,6 +60,5 @@ pub mod generic; pub mod reclock; pub mod count; -// keep "mint" module-private -mod capability; +pub mod capability; pub use self::capability::{ActivateCapability, Capability, InputCapability, CapabilitySet, DowngradeError};