Clarify intended time for which a NetDir should be held; make sure code is behaving sensibly.
See discussion at !1228 (cd133bdc, comment 2910285) .
Basically, we should at least document that when you get an Arc<NetDir>
from an NetDirProvider
, you shouldn't hold on to it longer than you need to. (The reason being: said Arc
is pointing to a Mutex<Arc<NetDir>>
that can get updated with Arc::get_mut()
, which can clone the NetDir
if somebody has a reference to it.)
Additionally, we should look through our code and explain why we are holding NetDir
s for the "right" amount of time, and use this to inform best practices. (For example, this is part of the reason why, when constructing a circuit path, we construct the entire path all at once. It is also part of the reason why OwnedCircTarget
exists.)
Possibly, we should turn Relay into a type that holds Arc<> rather than a reference. Doing this would alleviate some of our pain, but not all.