1// This file is part of ICU4X. For terms of use, please see the file
2// called LICENSE at the top level of the ICU4X source tree
3// (online at: https://github.com/unicode-org/icu4x/blob/main/LICENSE ).
4
5use core::mem::{ManuallyDrop, MaybeUninit};
6use core::ops::{Deref, DerefMut};
7
8/// This type is intended to be similar to the type `MaybeDangling<T>`
9/// proposed in [RFC 3336].
10///
11/// The effect of this is that in Rust's safety model, types inside here are not
12/// expected to have any memory dependent validity properties (`dereferenceable`, `noalias`).
13///
14/// See [#3696] for a testcase where `Yoke` fails this under miri's field-retagging mode.
15///
16/// This has `T: 'static` since we don't need anything
17/// else and we don't want to have to think (more) about variance over lifetimes or dropck.
18///
19/// After [RFC 3336] lands we can use `MaybeDangling` instead.
20///
21/// Note that a version of this type also exists publicly as the [`maybe_dangling`]
22/// crate; which also exports a patched `ManuallyDrop` with similar semantics and
23/// does not require `T: 'static`. Consider using this if you need something more general
24/// and are okay with adding dependencies.
25///
26/// [RFC 3336]: https://github.com/rust-lang/rfcs/pull/3336
27/// [#3696]: https://github.com/unicode-org/icu4x/issues/3696
28/// [`maybe_dangling`](https://docs.rs/maybe-dangling/0.1.0/maybe_dangling/struct.MaybeDangling.html)
29#[repr(transparent)]
30pub(crate) struct KindaSortaDangling<T: 'static> {
31 /// Safety invariant: This is always an initialized T, never uninit or other
32 /// invalid bit patterns. Its drop glue will execute during Drop::drop rather than
33 /// during the drop glue for KindaSortaDangling, which means that we have to be careful about
34 /// not touching the values as initialized during `drop` after that, but that's a short period of time.
35 dangle: MaybeUninit<T>,
36}
37
38impl<T: 'static> KindaSortaDangling<T> {
39 #[inline]
40 pub(crate) const fn new(dangle: T) -> Self {
41 KindaSortaDangling {
42 dangle: MaybeUninit::new(val:dangle),
43 }
44 }
45 #[inline]
46 pub(crate) fn into_inner(self) -> T {
47 // Self has a destructor, we want to avoid having it be called
48 let manual: ManuallyDrop> = ManuallyDrop::new(self);
49 // Safety:
50 // We can call assume_init_read() due to the library invariant on this type,
51 // however since it is a read() we must be careful about data duplication.
52 // The only code using `self` after this is the drop glue, which we have disabled via
53 // the ManuallyDrop.
54 unsafe { manual.dangle.assume_init_read() }
55 }
56}
57
58impl<T: 'static> Deref for KindaSortaDangling<T> {
59 type Target = T;
60 #[inline]
61 fn deref(&self) -> &T {
62 // Safety: Safe due to the safety invariant on `dangle`;
63 // we can always assume initialized
64 unsafe { self.dangle.assume_init_ref() }
65 }
66}
67
68impl<T: 'static> DerefMut for KindaSortaDangling<T> {
69 #[inline]
70 fn deref_mut(&mut self) -> &mut T {
71 // Safety: Safe due to the safety invariant on `dangle`;
72 // we can always assume initialized
73 unsafe { self.dangle.assume_init_mut() }
74 }
75}
76
77impl<T: 'static> Drop for KindaSortaDangling<T> {
78 #[inline]
79 fn drop(&mut self) {
80 unsafe {
81 // Safety: We are reading and dropping a valid initialized T.
82 //
83 // As `drop_in_place()` is a `read()`-like duplication operation we must be careful that the original value isn't
84 // used afterwards. It won't be because this is drop and the only
85 // code that will run after this is `self`'s drop glue, and that drop glue is empty
86 // because MaybeUninit has no drop.
87 //
88 // We use `drop_in_place()` instead of `let _ = ... .assume_init_read()` to avoid creating a move
89 // of the inner `T` (without `KindaSortaDangling` protection!) type into a local -- we don't want to
90 // assert any of `T`'s memory-related validity properties here.
91 self.dangle.as_mut_ptr().drop_in_place();
92 }
93 }
94}
95