On 9/29/25 18:12, Zhao Liu wrote:
+ fn snapshot_migration_state(&self, target: &mut i64) -> Result<(), InvalidError> { + // SAFETY: as_ptr() is unsafe to ensure that the caller reasons about + // the pinning of the data inside the Opaque<>. Here all we do is + // access a field. + *target = unsafe { &*self.as_ptr() }.expire_time;C side checks timer_pending(), which ensures when the timer is inactive, it always saves u64::MAX. But now we save the expire_time directly in Rust. I think this would be possible to break the migration from Rust timer to C timer, because at C side, timer_get() checks whether expire_time is -1 and we can't ensure expire_time won't store -2 (or other unusual negative values).
I think this should work in both cases because timer_pending() checks >= 0 and negative values are extremely far in the future. But I'll change it to timer_expire_time_ns() for safety and clarity.
Paolo
