aya-bpf: Add docs for the main lib and few map types #244
Conversation
vadorovsky
force-pushed
the
aya-bpf-docs-1
branch
2 times, most recently
from
be662d2 to
fee288a
Compare
vadorovsky
changed the title
vadorovsky
force-pushed
the
aya-bpf-docs-1
branch
2 times, most recently
from
82ef66d to
d0263e5
Compare
There was a problem hiding this comment.
Thanks so much for getting this started!
See my comments. I think the reference docs are generally ok, but I think we need better examples.
I wouldn't worry about the module level documentation too much for now. I think we'll have to be very thorough when we get to that, and possibly cross reference examples with the user space API. I think that's going to be a lot of work so we can probably do it separately/at the end once everything else is in place.
bpf/aya-bpf/src/maps/hash_map.rs
Outdated
| /// # use aya_bpf::programs::LsmContext; | ||
| /// | ||
| /// #[map] | ||
| /// static mut MY_MAP: HashMap<u32, u32> = HashMap::with_max_entries(1024, 0); |
There was a problem hiding this comment.
I think it would be better to have concrete examples. They can still be just 2-3 lines, but with actual (simple) use cases.
There was a problem hiding this comment.
Perhaps given the limits on everyone's time, and the fact that this PR ended up going stale would suggest that follow-up items for expanding this documentation would be good: e.g. we could accept this as-is for now as "better than nothing" and then follow-up issues to extend the documentation further could be created, tagged as good-first-issue so as to provide some smaller, simple places new contributors could jump in and contribute?
| /// #[map] | ||
| /// static mut MY_MAP: HashMap<u32, u32> = HashMap::with_max_entries(1024, 0); | ||
| /// | ||
| /// # unsafe fn try_test(ctx: &LsmContext) -> Result<i32, i32> { |
There was a problem hiding this comment.
In all the examples, I think we should explicitly show unsafe usage, so the wrapper funcs shouldn't be unsafe
There was a problem hiding this comment.
+1 if I'm understanding the original intention here it was to try and "scare" the caller of the code into noticing that what they're doing is unsafe, and I get that. However in Rust it's more idiomatic to "wrap" the unsafe functionality with code that carefully considers and accounts for all the potential safety issues and then provide a safe interface to that functionality.
Given my impression that the intention here was meant to alert the reader of the safety issues, I think a good compromise here would be to place the unsafe around the exact thing it needs to be around but make the function itself safe as @alessandrod suggests, but THEN add comments to that code which explains why we must currently do that as unsafe (extra credit if there's an open issue we can link to which tracks making that code safe in the future).
| @@ -19,6 +41,16 @@ pub struct HashMap<K, V> { | |||
| } | |||
|
|
|||
| impl<K, V> HashMap<K, V> { | |||
| /// Creates a `HashMap` with the maximum number of elements. | |||
There was a problem hiding this comment.
Creates an empty `HashMap<K, V>` with the specified maximum number of elements.
Tip: for inspiration on how to phrase the docs for the userspace API, I took inspiration from similar stdlib docs, eg Vec::with_capacity() is a good analogous of ::with_max_entries().
bpf/aya-bpf/src/maps/hash_map.rs
Outdated
| @@ -27,6 +59,17 @@ impl<K, V> HashMap<K, V> { | |||
| } | |||
| } | |||
|
|
|||
| /// Creates a `HashMap` pinned in the BPFFS filesystem, with the maximum | |||
There was a problem hiding this comment.
Creates an empty `HashMap<K, V>` with the specified maximum number of elements, and pins it to the BPF file system (bpffs).
bpf/aya-bpf/src/maps/hash_map.rs
Outdated
| /// | ||
| /// # unsafe fn try_test(ctx: &LsmContext) -> Result<i32, i32> { | ||
| /// let key: u32 = 13; | ||
| /// if let Some(mut value) = MY_MAP.get_mut(&key) { |
There was a problem hiding this comment.
Especially for mutable methods, I think it's important to show examples that make sense and aren't racy. And the documentation should point out that all the mutable methods are potentially racy if the keys aren't carefully chosen.
There was a problem hiding this comment.
+1 we should be careful about examples that might not have clear implications to code readers, as example code often unfortunately finds it's way into production.
dave-tucker
added
documentation
vadorovsky
force-pushed
the
aya-bpf-docs-1
branch
from
d0263e5 to
36b9cae
Compare
❌ Deploy Preview for aya-rs-docs failed.Built without sensitive environment variables
|
There was a problem hiding this comment.
Overall Looking good: this significantly improves documentation.
I think for docs that could simply use more elaboration it may be fair to create follow-up issues as good-first-issues for newcomers to get a chance to make a small change. However I think there's a couple examples here that need more explanation, or perhaps some re-working before we merge.
bpf/aya-bpf/src/maps/hash_map.rs
Outdated
| /// # use aya_bpf::programs::LsmContext; | ||
| /// | ||
| /// #[map] | ||
| /// static mut MY_MAP: HashMap<u32, u32> = HashMap::with_max_entries(1024, 0); |
There was a problem hiding this comment.
Perhaps given the limits on everyone's time, and the fact that this PR ended up going stale would suggest that follow-up items for expanding this documentation would be good: e.g. we could accept this as-is for now as "better than nothing" and then follow-up issues to extend the documentation further could be created, tagged as good-first-issue so as to provide some smaller, simple places new contributors could jump in and contribute?
| /// #[map] | ||
| /// static mut MY_MAP: HashMap<u32, u32> = HashMap::with_max_entries(1024, 0); | ||
| /// | ||
| /// # unsafe fn try_test(ctx: &LsmContext) -> Result<i32, i32> { |
There was a problem hiding this comment.
+1 if I'm understanding the original intention here it was to try and "scare" the caller of the code into noticing that what they're doing is unsafe, and I get that. However in Rust it's more idiomatic to "wrap" the unsafe functionality with code that carefully considers and accounts for all the potential safety issues and then provide a safe interface to that functionality.
Given my impression that the intention here was meant to alert the reader of the safety issues, I think a good compromise here would be to place the unsafe around the exact thing it needs to be around but make the function itself safe as @alessandrod suggests, but THEN add comments to that code which explains why we must currently do that as unsafe (extra credit if there's an open issue we can link to which tracks making that code safe in the future).
bpf/aya-bpf/src/maps/hash_map.rs
Outdated
| /// | ||
| /// # unsafe fn try_test(ctx: &LsmContext) -> Result<i32, i32> { | ||
| /// let key: u32 = 13; | ||
| /// if let Some(mut value) = MY_MAP.get_mut(&key) { |
There was a problem hiding this comment.
+1 we should be careful about examples that might not have clear implications to code readers, as example code often unfortunately finds it's way into production.
vadorovsky
force-pushed
the
aya-bpf-docs-1
branch
2 times, most recently
from
5de6a05 to
e0f2aed
Compare
Signed-off-by: Michal Rostecki <[email protected]>
vadorovsky
force-pushed
the
aya-bpf-docs-1
branch
from
e0f2aed to
61dbd64
Compare
|
Closing it. I will submit smaller PRs per map type every day Attempting to document everything at once isn't really working. |
This change adds a summary of the aya-bpf lib and docs for:
Signed-off-by: Michal Rostecki [email protected]