Add a flag to prevent duplicate initialization

JalonWong · JalonWong · commit f5ba1563c10c · 2025-08-26T12:26:21.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 
 - Added a `init` macro to make initialization easier.
+- Added a flag to prevent duplicate initialization
 
 ## [v0.6.0] - 2024-09-01
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -30,6 +30,13 @@ pub use tlsf::Heap as TlsfHeap;
 /// It internally calls `Heap::init(...)` on the heap,
 /// so `Heap::init(...)` should not be called directly if this macro is used.
 ///
+/// # Panics
+///
+/// This macro will panic if either of the following are true:
+///
+/// - this function is called more than ONCE.
+/// - `size == 0`.
+///
 /// # Example
 ///
 /// ```rust
diff --git a/src/llff.rs b/src/llff.rs
@@ -1,5 +1,5 @@
 use core::alloc::{GlobalAlloc, Layout};
-use core::cell::RefCell;
+use core::cell::{Cell, RefCell};
 use core::ptr::{self, NonNull};
 
 use critical_section::Mutex;
@@ -8,6 +8,7 @@ use linked_list_allocator::Heap as LLHeap;
 /// A linked list first fit heap.
 pub struct Heap {
     heap: Mutex<RefCell<LLHeap>>,
+    once_flag: Mutex<Cell<bool>>,
 }
 
 impl Heap {
@@ -18,6 +19,7 @@ impl Heap {
     pub const fn empty() -> Heap {
         Heap {
             heap: Mutex::new(RefCell::new(LLHeap::empty())),
+            once_flag: Mutex::new(Cell::new(false)),
         }
     }
 
@@ -41,12 +43,16 @@ impl Heap {
     ///
     /// # Safety
     ///
-    /// Obey these or Bad Stuff will happen.
+    /// This function will panic if either of the following are true:
     ///
-    /// - This function must be called exactly ONCE.
-    /// - `size > 0`
+    /// - this function is called more than ONCE.
+    /// - `size == 0`.
     pub unsafe fn init(&self, start_addr: usize, size: usize) {
+        assert!(size > 0);
         critical_section::with(|cs| {
+            assert!(!self.once_flag.borrow(cs).get());
+            self.once_flag.borrow(cs).set(true);
+
             self.heap
                 .borrow(cs)
                 .borrow_mut()
diff --git a/src/tlsf.rs b/src/tlsf.rs
@@ -1,5 +1,5 @@
 use core::alloc::{GlobalAlloc, Layout};
-use core::cell::RefCell;
+use core::cell::{Cell, RefCell};
 use core::ptr::{self, NonNull};
 
 use const_default::ConstDefault;
@@ -11,6 +11,7 @@ type TlsfHeap = Tlsf<'static, usize, usize, { usize::BITS as usize }, { usize::B
 /// A two-Level segregated fit heap.
 pub struct Heap {
     heap: Mutex<RefCell<TlsfHeap>>,
+    once_flag: Mutex<Cell<bool>>,
 }
 
 impl Heap {
@@ -21,6 +22,7 @@ impl Heap {
     pub const fn empty() -> Heap {
         Heap {
             heap: Mutex::new(RefCell::new(ConstDefault::DEFAULT)),
+            once_flag: Mutex::new(Cell::new(false)),
         }
     }
 
@@ -44,12 +46,16 @@ impl Heap {
     ///
     /// # Safety
     ///
-    /// Obey these or Bad Stuff will happen.
+    /// This function will panic if either of the following are true:
     ///
-    /// - This function must be called exactly ONCE.
-    /// - `size > 0`
+    /// - this function is called more than ONCE.
+    /// - `size == 0`.
     pub unsafe fn init(&self, start_addr: usize, size: usize) {
+        assert!(size > 0);
         critical_section::with(|cs| {
+            assert!(!self.once_flag.borrow(cs).get());
+            self.once_flag.borrow(cs).set(true);
+
             let block: &[u8] = core::slice::from_raw_parts(start_addr as *const u8, size);
             self.heap
                 .borrow(cs)
