i.e. do not allow to create ThisModules without going through the constructor, even inside the kernel crate.
In addition, we should ensure the pointer is not passed to other modules. A solution would be to only allow to read the pointer through an unsafe get() method in ThisModule which explains this restriction and making the get() private outside kernel (i.e. kernel modules should not need to access the pointer inside ThisModule since they should not be calling the C bindings directly).
Furthermore, as a bonus, it would be nice to have a lint to warn about code creating ThisModule's objects on their own. In general, modules should only use the THIS_MODULE static provided via module!.
Finally, update the documentation as needed (e.g. currently we don't have an # Invariants in the doc comments).
i.e. do not allow to create
ThisModules without going through the constructor, even inside thekernelcrate.In addition, we should ensure the pointer is not passed to other modules. A solution would be to only allow to read the pointer through an unsafe
get()method inThisModulewhich explains this restriction and making theget()private outsidekernel(i.e. kernel modules should not need to access the pointer insideThisModulesince they should not be calling the C bindings directly).Furthermore, as a bonus, it would be nice to have a lint to warn about code creating
ThisModule's objects on their own. In general, modules should only use theTHIS_MODULEstaticprovided viamodule!.Finally, update the documentation as needed (e.g. currently we don't have an
# Invariantsin the doc comments).