1 | // Copyright 2017 Robert Grosse |
2 | |
3 | // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or |
4 | // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license |
5 | // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your |
6 | // option. This file may not be copied, modified, or distributed |
7 | // except according to those terms. |
8 | |
9 | /*! |
10 | This module defines an unsafe marker trait, StableDeref, for container types that deref to a fixed address which is valid even when the containing type is moved. For example, Box, Vec, Rc, Arc and String implement this trait. Additionally, it defines CloneStableDeref for types like Rc where clones deref to the same address. |
11 | |
12 | It is intended to be used by crates such as [owning_ref](https://crates.io/crates/owning_ref) and [rental](https://crates.io/crates/rental), as well as library authors who wish to make their code interoperable with such crates. For example, if you write a custom Vec type, you can implement StableDeref, and then users will be able to use your custom type together with owning_ref and rental. |
13 | |
14 | no_std support can be enabled by disabling default features (specifically "std"). In this case, the trait will not be implemented for the std types mentioned above, but you can still use it for your own types. |
15 | */ |
16 | |
17 | #![cfg_attr (not(feature = "std" ), no_std)] |
18 | |
19 | #[cfg (feature = "std" )] |
20 | extern crate core; |
21 | |
22 | #[cfg (feature = "alloc" )] |
23 | extern crate alloc; |
24 | |
25 | use core::ops::Deref; |
26 | |
27 | |
28 | /** |
29 | An unsafe marker trait for types that deref to a stable address, even when moved. For example, this is implemented by Box, Vec, Rc, Arc and String, among others. Even when a Box is moved, the underlying storage remains at a fixed location. |
30 | |
31 | More specifically, implementors must ensure that the result of calling deref() is valid for the lifetime of the object, not just the lifetime of the borrow, and that the deref is valid even if the object is moved. Also, it must be valid even after invoking arbitrary &self methods or doing anything transitively accessible from &Self. If Self also implements DerefMut, the same restrictions apply to deref_mut() and it must remain valid if anything transitively accessible from the result of deref_mut() is mutated/called. Additionally, multiple calls to deref, (and deref_mut if implemented) must return the same address. No requirements are placed on &mut self methods other than deref_mut() and drop(), if applicable. |
32 | |
33 | Basically, it must be valid to convert the result of deref() to a pointer, and later dereference that pointer, as long as the original object is still live, even if it has been moved or &self methods have been called on it. If DerefMut is also implemented, it must be valid to get pointers from deref() and deref_mut() and dereference them while the object is live, as long as you don't simultaneously dereference both of them. |
34 | |
35 | Additionally, Deref and DerefMut implementations must not panic, but users of the trait are not allowed to rely on this fact (so that this restriction can be removed later without breaking backwards compatibility, should the need arise). |
36 | |
37 | Here are some examples to help illustrate the requirements for implementing this trait: |
38 | |
39 | ``` |
40 | # use std::ops::Deref; |
41 | struct Foo(u8); |
42 | impl Deref for Foo { |
43 | type Target = u8; |
44 | fn deref(&self) -> &Self::Target { &self.0 } |
45 | } |
46 | ``` |
47 | |
48 | Foo cannot implement StableDeref because the int will move when Foo is moved, invalidating the result of deref(). |
49 | |
50 | ``` |
51 | # use std::ops::Deref; |
52 | struct Foo(Box<u8>); |
53 | impl Deref for Foo { |
54 | type Target = u8; |
55 | fn deref(&self) -> &Self::Target { &*self.0 } |
56 | } |
57 | ``` |
58 | |
59 | Foo can safely implement StableDeref, due to the use of Box. |
60 | |
61 | |
62 | ``` |
63 | # use std::ops::Deref; |
64 | # use std::ops::DerefMut; |
65 | # use std::rc::Rc; |
66 | #[derive(Clone)] |
67 | struct Foo(Rc<u8>); |
68 | impl Deref for Foo { |
69 | type Target = u8; |
70 | fn deref(&self) -> &Self::Target { &*self.0 } |
71 | } |
72 | impl DerefMut for Foo { |
73 | fn deref_mut(&mut self) -> &mut Self::Target { Rc::make_mut(&mut self.0) } |
74 | } |
75 | ``` |
76 | |
77 | This is a simple implementation of copy-on-write: Foo's deref_mut will copy the underlying int if it is not uniquely owned, ensuring unique access at the point where deref_mut() returns. However, Foo cannot implement StableDeref because calling deref_mut(), followed by clone().deref() will result in mutable and immutable references to the same location. Note that if the DerefMut implementation were removed, Foo could safely implement StableDeref. Likewise, if the Clone implementation were removed, it would be safe to implement StableDeref, although Foo would not be very useful in that case, (without clones, the rc will always be uniquely owned). |
78 | |
79 | |
80 | ``` |
81 | # use std::ops::Deref; |
82 | struct Foo; |
83 | impl Deref for Foo { |
84 | type Target = str; |
85 | fn deref(&self) -> &Self::Target { &"Hello" } |
86 | } |
87 | ``` |
88 | Foo can safely implement StableDeref. It doesn't own the data being derefed, but the data is gaurenteed to live long enough, due to it being 'static. |
89 | |
90 | ``` |
91 | # use std::ops::Deref; |
92 | # use std::cell::Cell; |
93 | struct Foo(Cell<bool>); |
94 | impl Deref for Foo { |
95 | type Target = str; |
96 | fn deref(&self) -> &Self::Target { |
97 | let b = self.0.get(); |
98 | self.0.set(!b); |
99 | if b { &"Hello" } else { &"World" } |
100 | } |
101 | } |
102 | ``` |
103 | Foo cannot safely implement StableDeref, even though every possible result of deref lives long enough. In order to safely implement StableAddress, multiple calls to deref must return the same result. |
104 | |
105 | ``` |
106 | # use std::ops::Deref; |
107 | # use std::ops::DerefMut; |
108 | struct Foo(Box<(u8, u8)>); |
109 | impl Deref for Foo { |
110 | type Target = u8; |
111 | fn deref(&self) -> &Self::Target { &self.0.deref().0 } |
112 | } |
113 | impl DerefMut for Foo { |
114 | fn deref_mut(&mut self) -> &mut Self::Target { &mut self.0.deref_mut().1 } |
115 | } |
116 | ``` |
117 | |
118 | Foo cannot implement StableDeref because deref and deref_mut return different addresses. |
119 | |
120 | |
121 | */ |
122 | pub unsafe trait StableDeref: Deref {} |
123 | |
124 | /** |
125 | An unsafe marker trait for types where clones deref to the same address. This has all the requirements of StableDeref, and additionally requires that after calling clone(), both the old and new value deref to the same address. For example, Rc and Arc implement CloneStableDeref, but Box and Vec do not. |
126 | |
127 | Note that a single type should never implement both DerefMut and CloneStableDeref. If it did, this would let you get two mutable references to the same location, by cloning and then calling deref_mut() on both values. |
128 | */ |
129 | pub unsafe trait CloneStableDeref: StableDeref + Clone {} |
130 | |
131 | ///////////////////////////////////////////////////////////////////////////// |
132 | // std types integration |
133 | ///////////////////////////////////////////////////////////////////////////// |
134 | |
135 | #[cfg (feature = "alloc" )] |
136 | use alloc::boxed::Box; |
137 | #[cfg (feature = "alloc" )] |
138 | use alloc::rc::Rc; |
139 | #[cfg (feature = "alloc" )] |
140 | use alloc::sync::Arc; |
141 | #[cfg (feature = "alloc" )] |
142 | use alloc::vec::Vec; |
143 | #[cfg (feature = "alloc" )] |
144 | use alloc::string::String; |
145 | |
146 | #[cfg (feature = "std" )] |
147 | use std::ffi::{CString, OsString}; |
148 | #[cfg (feature = "std" )] |
149 | use std::path::PathBuf; |
150 | #[cfg (feature = "std" )] |
151 | use std::sync::{MutexGuard, RwLockReadGuard, RwLockWriteGuard}; |
152 | |
153 | use core::cell::{Ref, RefMut}; |
154 | |
155 | |
156 | #[cfg (feature = "alloc" )] |
157 | unsafe impl<T: ?Sized> StableDeref for Box<T> {} |
158 | #[cfg (feature = "alloc" )] |
159 | unsafe impl<T> StableDeref for Vec<T> {} |
160 | #[cfg (feature = "alloc" )] |
161 | unsafe impl StableDeref for String {} |
162 | #[cfg (feature = "std" )] |
163 | unsafe impl StableDeref for CString {} |
164 | #[cfg (feature = "std" )] |
165 | unsafe impl StableDeref for OsString {} |
166 | #[cfg (feature = "std" )] |
167 | unsafe impl StableDeref for PathBuf {} |
168 | |
169 | #[cfg (feature = "alloc" )] |
170 | unsafe impl<T: ?Sized> StableDeref for Rc<T> {} |
171 | #[cfg (feature = "alloc" )] |
172 | unsafe impl<T: ?Sized> CloneStableDeref for Rc<T> {} |
173 | #[cfg (feature = "alloc" )] |
174 | unsafe impl<T: ?Sized> StableDeref for Arc<T> {} |
175 | #[cfg (feature = "alloc" )] |
176 | unsafe impl<T: ?Sized> CloneStableDeref for Arc<T> {} |
177 | |
178 | unsafe impl<'a, T: ?Sized> StableDeref for Ref<'a, T> {} |
179 | unsafe impl<'a, T: ?Sized> StableDeref for RefMut<'a, T> {} |
180 | #[cfg (feature = "std" )] |
181 | unsafe impl<'a, T: ?Sized> StableDeref for MutexGuard<'a, T> {} |
182 | #[cfg (feature = "std" )] |
183 | unsafe impl<'a, T: ?Sized> StableDeref for RwLockReadGuard<'a, T> {} |
184 | #[cfg (feature = "std" )] |
185 | unsafe impl<'a, T: ?Sized> StableDeref for RwLockWriteGuard<'a, T> {} |
186 | |
187 | unsafe impl<'a, T: ?Sized> StableDeref for &'a T {} |
188 | unsafe impl<'a, T: ?Sized> CloneStableDeref for &'a T {} |
189 | unsafe impl<'a, T: ?Sized> StableDeref for &'a mut T {} |
190 | |