1// Seemingly inconsequential code changes to this file can lead to measurable
2// performance impact on compilation times, due at least in part to the fact
3// that the layout code gets called from many instantiations of the various
4// collections, resulting in having to optimize down excess IR multiple times.
5// Your performance intuition is useless. Run perf.
6
7use crate::cmp;
8use crate::error::Error;
9use crate::fmt;
10use crate::mem;
11use crate::ptr::{Alignment, NonNull};
12
13// While this function is used in one place and its implementation
14// could be inlined, the previous attempts to do so made rustc
15// slower:
16//
17// * https://github.com/rust-lang/rust/pull/72189
18// * https://github.com/rust-lang/rust/pull/79827
19const fn size_align<T>() -> (usize, usize) {
20 (mem::size_of::<T>(), mem::align_of::<T>())
21}
22
23/// Layout of a block of memory.
24///
25/// An instance of `Layout` describes a particular layout of memory.
26/// You build a `Layout` up as an input to give to an allocator.
27///
28/// All layouts have an associated size and a power-of-two alignment.
29///
30/// (Note that layouts are *not* required to have non-zero size,
31/// even though `GlobalAlloc` requires that all memory requests
32/// be non-zero in size. A caller must either ensure that conditions
33/// like this are met, use specific allocators with looser
34/// requirements, or use the more lenient `Allocator` interface.)
35#[stable(feature = "alloc_layout", since = "1.28.0")]
36#[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
37#[lang = "alloc_layout"]
38pub struct Layout {
39 // size of the requested block of memory, measured in bytes.
40 size: usize,
41
42 // alignment of the requested block of memory, measured in bytes.
43 // we ensure that this is always a power-of-two, because API's
44 // like `posix_memalign` require it and it is a reasonable
45 // constraint to impose on Layout constructors.
46 //
47 // (However, we do not analogously require `align >= sizeof(void*)`,
48 // even though that is *also* a requirement of `posix_memalign`.)
49 align: Alignment,
50}
51
52impl Layout {
53 /// Constructs a `Layout` from a given `size` and `align`,
54 /// or returns `LayoutError` if any of the following conditions
55 /// are not met:
56 ///
57 /// * `align` must not be zero,
58 ///
59 /// * `align` must be a power of two,
60 ///
61 /// * `size`, when rounded up to the nearest multiple of `align`,
62 /// must not overflow isize (i.e., the rounded value must be
63 /// less than or equal to `isize::MAX`).
64 #[stable(feature = "alloc_layout", since = "1.28.0")]
65 #[rustc_const_stable(feature = "const_alloc_layout_size_align", since = "1.50.0")]
66 #[inline]
67 #[rustc_allow_const_fn_unstable(ptr_alignment_type)]
68 pub const fn from_size_align(size: usize, align: usize) -> Result<Self, LayoutError> {
69 if !align.is_power_of_two() {
70 return Err(LayoutError);
71 }
72
73 // SAFETY: just checked that align is a power of two.
74 Layout::from_size_alignment(size, unsafe { Alignment::new_unchecked(align) })
75 }
76
77 #[inline(always)]
78 const fn max_size_for_align(align: Alignment) -> usize {
79 // (power-of-two implies align != 0.)
80
81 // Rounded up size is:
82 // size_rounded_up = (size + align - 1) & !(align - 1);
83 //
84 // We know from above that align != 0. If adding (align - 1)
85 // does not overflow, then rounding up will be fine.
86 //
87 // Conversely, &-masking with !(align - 1) will subtract off
88 // only low-order-bits. Thus if overflow occurs with the sum,
89 // the &-mask cannot subtract enough to undo that overflow.
90 //
91 // Above implies that checking for summation overflow is both
92 // necessary and sufficient.
93 isize::MAX as usize - (align.as_usize() - 1)
94 }
95
96 /// Internal helper constructor to skip revalidating alignment validity.
97 #[inline]
98 const fn from_size_alignment(size: usize, align: Alignment) -> Result<Self, LayoutError> {
99 if size > Self::max_size_for_align(align) {
100 return Err(LayoutError);
101 }
102
103 // SAFETY: Layout::size invariants checked above.
104 Ok(Layout { size, align })
105 }
106
107 /// Creates a layout, bypassing all checks.
108 ///
109 /// # Safety
110 ///
111 /// This function is unsafe as it does not verify the preconditions from
112 /// [`Layout::from_size_align`].
113 #[stable(feature = "alloc_layout", since = "1.28.0")]
114 #[rustc_const_stable(feature = "const_alloc_layout_unchecked", since = "1.36.0")]
115 #[must_use]
116 #[inline]
117 #[rustc_allow_const_fn_unstable(ptr_alignment_type)]
118 pub const unsafe fn from_size_align_unchecked(size: usize, align: usize) -> Self {
119 // SAFETY: the caller is required to uphold the preconditions.
120 unsafe { Layout { size, align: Alignment::new_unchecked(align) } }
121 }
122
123 /// The minimum size in bytes for a memory block of this layout.
124 #[stable(feature = "alloc_layout", since = "1.28.0")]
125 #[rustc_const_stable(feature = "const_alloc_layout_size_align", since = "1.50.0")]
126 #[must_use]
127 #[inline]
128 pub const fn size(&self) -> usize {
129 self.size
130 }
131
132 /// The minimum byte alignment for a memory block of this layout.
133 ///
134 /// The returned alignment is guaranteed to be a power of two.
135 #[stable(feature = "alloc_layout", since = "1.28.0")]
136 #[rustc_const_stable(feature = "const_alloc_layout_size_align", since = "1.50.0")]
137 #[must_use = "this returns the minimum alignment, \
138 without modifying the layout"]
139 #[inline]
140 #[rustc_allow_const_fn_unstable(ptr_alignment_type)]
141 pub const fn align(&self) -> usize {
142 self.align.as_usize()
143 }
144
145 /// Constructs a `Layout` suitable for holding a value of type `T`.
146 #[stable(feature = "alloc_layout", since = "1.28.0")]
147 #[rustc_const_stable(feature = "alloc_layout_const_new", since = "1.42.0")]
148 #[must_use]
149 #[inline]
150 pub const fn new<T>() -> Self {
151 let (size, align) = size_align::<T>();
152 // SAFETY: if the type is instantiated, rustc already ensures that its
153 // layout is valid. Use the unchecked constructor to avoid inserting a
154 // panicking codepath that needs to be optimized out.
155 unsafe { Layout::from_size_align_unchecked(size, align) }
156 }
157
158 /// Produces layout describing a record that could be used to
159 /// allocate backing structure for `T` (which could be a trait
160 /// or other unsized type like a slice).
161 #[stable(feature = "alloc_layout", since = "1.28.0")]
162 #[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
163 #[must_use]
164 #[inline]
165 pub const fn for_value<T: ?Sized>(t: &T) -> Self {
166 let (size, align) = (mem::size_of_val(t), mem::align_of_val(t));
167 // SAFETY: see rationale in `new` for why this is using the unsafe variant
168 unsafe { Layout::from_size_align_unchecked(size, align) }
169 }
170
171 /// Produces layout describing a record that could be used to
172 /// allocate backing structure for `T` (which could be a trait
173 /// or other unsized type like a slice).
174 ///
175 /// # Safety
176 ///
177 /// This function is only safe to call if the following conditions hold:
178 ///
179 /// - If `T` is `Sized`, this function is always safe to call.
180 /// - If the unsized tail of `T` is:
181 /// - a [slice], then the length of the slice tail must be an initialized
182 /// integer, and the size of the *entire value*
183 /// (dynamic tail length + statically sized prefix) must fit in `isize`.
184 /// - a [trait object], then the vtable part of the pointer must point
185 /// to a valid vtable for the type `T` acquired by an unsizing coercion,
186 /// and the size of the *entire value*
187 /// (dynamic tail length + statically sized prefix) must fit in `isize`.
188 /// - an (unstable) [extern type], then this function is always safe to
189 /// call, but may panic or otherwise return the wrong value, as the
190 /// extern type's layout is not known. This is the same behavior as
191 /// [`Layout::for_value`] on a reference to an extern type tail.
192 /// - otherwise, it is conservatively not allowed to call this function.
193 ///
194 /// [trait object]: ../../book/ch17-02-trait-objects.html
195 /// [extern type]: ../../unstable-book/language-features/extern-types.html
196 #[unstable(feature = "layout_for_ptr", issue = "69835")]
197 #[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
198 #[must_use]
199 pub const unsafe fn for_value_raw<T: ?Sized>(t: *const T) -> Self {
200 // SAFETY: we pass along the prerequisites of these functions to the caller
201 let (size, align) = unsafe { (mem::size_of_val_raw(t), mem::align_of_val_raw(t)) };
202 // SAFETY: see rationale in `new` for why this is using the unsafe variant
203 unsafe { Layout::from_size_align_unchecked(size, align) }
204 }
205
206 /// Creates a `NonNull` that is dangling, but well-aligned for this Layout.
207 ///
208 /// Note that the pointer value may potentially represent a valid pointer,
209 /// which means this must not be used as a "not yet initialized"
210 /// sentinel value. Types that lazily allocate must track initialization by
211 /// some other means.
212 #[unstable(feature = "alloc_layout_extra", issue = "55724")]
213 #[rustc_const_unstable(feature = "alloc_layout_extra", issue = "55724")]
214 #[must_use]
215 #[inline]
216 pub const fn dangling(&self) -> NonNull<u8> {
217 // SAFETY: align is guaranteed to be non-zero
218 unsafe { NonNull::new_unchecked(crate::ptr::invalid_mut::<u8>(self.align())) }
219 }
220
221 /// Creates a layout describing the record that can hold a value
222 /// of the same layout as `self`, but that also is aligned to
223 /// alignment `align` (measured in bytes).
224 ///
225 /// If `self` already meets the prescribed alignment, then returns
226 /// `self`.
227 ///
228 /// Note that this method does not add any padding to the overall
229 /// size, regardless of whether the returned layout has a different
230 /// alignment. In other words, if `K` has size 16, `K.align_to(32)`
231 /// will *still* have size 16.
232 ///
233 /// Returns an error if the combination of `self.size()` and the given
234 /// `align` violates the conditions listed in [`Layout::from_size_align`].
235 #[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
236 #[inline]
237 pub fn align_to(&self, align: usize) -> Result<Self, LayoutError> {
238 Layout::from_size_align(self.size(), cmp::max(self.align(), align))
239 }
240
241 /// Returns the amount of padding we must insert after `self`
242 /// to ensure that the following address will satisfy `align`
243 /// (measured in bytes).
244 ///
245 /// e.g., if `self.size()` is 9, then `self.padding_needed_for(4)`
246 /// returns 3, because that is the minimum number of bytes of
247 /// padding required to get a 4-aligned address (assuming that the
248 /// corresponding memory block starts at a 4-aligned address).
249 ///
250 /// The return value of this function has no meaning if `align` is
251 /// not a power-of-two.
252 ///
253 /// Note that the utility of the returned value requires `align`
254 /// to be less than or equal to the alignment of the starting
255 /// address for the whole allocated block of memory. One way to
256 /// satisfy this constraint is to ensure `align <= self.align()`.
257 #[unstable(feature = "alloc_layout_extra", issue = "55724")]
258 #[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
259 #[must_use = "this returns the padding needed, \
260 without modifying the `Layout`"]
261 #[inline]
262 pub const fn padding_needed_for(&self, align: usize) -> usize {
263 let len = self.size();
264
265 // Rounded up value is:
266 // len_rounded_up = (len + align - 1) & !(align - 1);
267 // and then we return the padding difference: `len_rounded_up - len`.
268 //
269 // We use modular arithmetic throughout:
270 //
271 // 1. align is guaranteed to be > 0, so align - 1 is always
272 // valid.
273 //
274 // 2. `len + align - 1` can overflow by at most `align - 1`,
275 // so the &-mask with `!(align - 1)` will ensure that in the
276 // case of overflow, `len_rounded_up` will itself be 0.
277 // Thus the returned padding, when added to `len`, yields 0,
278 // which trivially satisfies the alignment `align`.
279 //
280 // (Of course, attempts to allocate blocks of memory whose
281 // size and padding overflow in the above manner should cause
282 // the allocator to yield an error anyway.)
283
284 let len_rounded_up = len.wrapping_add(align).wrapping_sub(1) & !align.wrapping_sub(1);
285 len_rounded_up.wrapping_sub(len)
286 }
287
288 /// Creates a layout by rounding the size of this layout up to a multiple
289 /// of the layout's alignment.
290 ///
291 /// This is equivalent to adding the result of `padding_needed_for`
292 /// to the layout's current size.
293 #[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
294 #[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
295 #[must_use = "this returns a new `Layout`, \
296 without modifying the original"]
297 #[inline]
298 pub const fn pad_to_align(&self) -> Layout {
299 let pad = self.padding_needed_for(self.align());
300 // This cannot overflow. Quoting from the invariant of Layout:
301 // > `size`, when rounded up to the nearest multiple of `align`,
302 // > must not overflow isize (i.e., the rounded value must be
303 // > less than or equal to `isize::MAX`)
304 let new_size = self.size() + pad;
305
306 // SAFETY: padded size is guaranteed to not exceed `isize::MAX`.
307 unsafe { Layout::from_size_align_unchecked(new_size, self.align()) }
308 }
309
310 /// Creates a layout describing the record for `n` instances of
311 /// `self`, with a suitable amount of padding between each to
312 /// ensure that each instance is given its requested size and
313 /// alignment. On success, returns `(k, offs)` where `k` is the
314 /// layout of the array and `offs` is the distance between the start
315 /// of each element in the array.
316 ///
317 /// On arithmetic overflow, returns `LayoutError`.
318 #[unstable(feature = "alloc_layout_extra", issue = "55724")]
319 #[inline]
320 pub fn repeat(&self, n: usize) -> Result<(Self, usize), LayoutError> {
321 // This cannot overflow. Quoting from the invariant of Layout:
322 // > `size`, when rounded up to the nearest multiple of `align`,
323 // > must not overflow isize (i.e., the rounded value must be
324 // > less than or equal to `isize::MAX`)
325 let padded_size = self.size() + self.padding_needed_for(self.align());
326 let alloc_size = padded_size.checked_mul(n).ok_or(LayoutError)?;
327
328 // The safe constructor is called here to enforce the isize size limit.
329 let layout = Layout::from_size_alignment(alloc_size, self.align)?;
330 Ok((layout, padded_size))
331 }
332
333 /// Creates a layout describing the record for `self` followed by
334 /// `next`, including any necessary padding to ensure that `next`
335 /// will be properly aligned, but *no trailing padding*.
336 ///
337 /// In order to match C representation layout `repr(C)`, you should
338 /// call `pad_to_align` after extending the layout with all fields.
339 /// (There is no way to match the default Rust representation
340 /// layout `repr(Rust)`, as it is unspecified.)
341 ///
342 /// Note that the alignment of the resulting layout will be the maximum of
343 /// those of `self` and `next`, in order to ensure alignment of both parts.
344 ///
345 /// Returns `Ok((k, offset))`, where `k` is layout of the concatenated
346 /// record and `offset` is the relative location, in bytes, of the
347 /// start of the `next` embedded within the concatenated record
348 /// (assuming that the record itself starts at offset 0).
349 ///
350 /// On arithmetic overflow, returns `LayoutError`.
351 ///
352 /// # Examples
353 ///
354 /// To calculate the layout of a `#[repr(C)]` structure and the offsets of
355 /// the fields from its fields' layouts:
356 ///
357 /// ```rust
358 /// # use std::alloc::{Layout, LayoutError};
359 /// pub fn repr_c(fields: &[Layout]) -> Result<(Layout, Vec<usize>), LayoutError> {
360 /// let mut offsets = Vec::new();
361 /// let mut layout = Layout::from_size_align(0, 1)?;
362 /// for &field in fields {
363 /// let (new_layout, offset) = layout.extend(field)?;
364 /// layout = new_layout;
365 /// offsets.push(offset);
366 /// }
367 /// // Remember to finalize with `pad_to_align`!
368 /// Ok((layout.pad_to_align(), offsets))
369 /// }
370 /// # // test that it works
371 /// # #[repr(C)] struct S { a: u64, b: u32, c: u16, d: u32 }
372 /// # let s = Layout::new::<S>();
373 /// # let u16 = Layout::new::<u16>();
374 /// # let u32 = Layout::new::<u32>();
375 /// # let u64 = Layout::new::<u64>();
376 /// # assert_eq!(repr_c(&[u64, u32, u16, u32]), Ok((s, vec![0, 8, 12, 16])));
377 /// ```
378 #[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
379 #[inline]
380 pub fn extend(&self, next: Self) -> Result<(Self, usize), LayoutError> {
381 let new_align = cmp::max(self.align, next.align);
382 let pad = self.padding_needed_for(next.align());
383
384 let offset = self.size().checked_add(pad).ok_or(LayoutError)?;
385 let new_size = offset.checked_add(next.size()).ok_or(LayoutError)?;
386
387 // The safe constructor is called here to enforce the isize size limit.
388 let layout = Layout::from_size_alignment(new_size, new_align)?;
389 Ok((layout, offset))
390 }
391
392 /// Creates a layout describing the record for `n` instances of
393 /// `self`, with no padding between each instance.
394 ///
395 /// Note that, unlike `repeat`, `repeat_packed` does not guarantee
396 /// that the repeated instances of `self` will be properly
397 /// aligned, even if a given instance of `self` is properly
398 /// aligned. In other words, if the layout returned by
399 /// `repeat_packed` is used to allocate an array, it is not
400 /// guaranteed that all elements in the array will be properly
401 /// aligned.
402 ///
403 /// On arithmetic overflow, returns `LayoutError`.
404 #[unstable(feature = "alloc_layout_extra", issue = "55724")]
405 #[inline]
406 pub fn repeat_packed(&self, n: usize) -> Result<Self, LayoutError> {
407 let size = self.size().checked_mul(n).ok_or(LayoutError)?;
408 // The safe constructor is called here to enforce the isize size limit.
409 Layout::from_size_alignment(size, self.align)
410 }
411
412 /// Creates a layout describing the record for `self` followed by
413 /// `next` with no additional padding between the two. Since no
414 /// padding is inserted, the alignment of `next` is irrelevant,
415 /// and is not incorporated *at all* into the resulting layout.
416 ///
417 /// On arithmetic overflow, returns `LayoutError`.
418 #[unstable(feature = "alloc_layout_extra", issue = "55724")]
419 #[inline]
420 pub fn extend_packed(&self, next: Self) -> Result<Self, LayoutError> {
421 let new_size = self.size().checked_add(next.size()).ok_or(LayoutError)?;
422 // The safe constructor is called here to enforce the isize size limit.
423 Layout::from_size_alignment(new_size, self.align)
424 }
425
426 /// Creates a layout describing the record for a `[T; n]`.
427 ///
428 /// On arithmetic overflow or when the total size would exceed
429 /// `isize::MAX`, returns `LayoutError`.
430 #[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
431 #[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
432 #[inline]
433 pub const fn array<T>(n: usize) -> Result<Self, LayoutError> {
434 // Reduce the amount of code we need to monomorphize per `T`.
435 return inner(mem::size_of::<T>(), Alignment::of::<T>(), n);
436
437 #[inline]
438 const fn inner(
439 element_size: usize,
440 align: Alignment,
441 n: usize,
442 ) -> Result<Layout, LayoutError> {
443 // We need to check two things about the size:
444 // - That the total size won't overflow a `usize`, and
445 // - That the total size still fits in an `isize`.
446 // By using division we can check them both with a single threshold.
447 // That'd usually be a bad idea, but thankfully here the element size
448 // and alignment are constants, so the compiler will fold all of it.
449 if element_size != 0 && n > Layout::max_size_for_align(align) / element_size {
450 return Err(LayoutError);
451 }
452
453 // SAFETY: We just checked that we won't overflow `usize` when we multiply.
454 // This is a useless hint inside this function, but after inlining this helps
455 // deduplicate checks for whether the overall capacity is zero (e.g., in RawVec's
456 // allocation path) before/after this multiplication.
457 let array_size = unsafe { element_size.unchecked_mul(n) };
458
459 // SAFETY: We just checked above that the `array_size` will not
460 // exceed `isize::MAX` even when rounded up to the alignment.
461 // And `Alignment` guarantees it's a power of two.
462 unsafe { Ok(Layout::from_size_align_unchecked(array_size, align.as_usize())) }
463 }
464 }
465}
466
467#[stable(feature = "alloc_layout", since = "1.28.0")]
468#[deprecated(
469 since = "1.52.0",
470 note = "Name does not follow std convention, use LayoutError",
471 suggestion = "LayoutError"
472)]
473pub type LayoutErr = LayoutError;
474
475/// The parameters given to `Layout::from_size_align`
476/// or some other `Layout` constructor
477/// do not satisfy its documented constraints.
478#[stable(feature = "alloc_layout_error", since = "1.50.0")]
479#[non_exhaustive]
480#[derive(Clone, PartialEq, Eq, Debug)]
481pub struct LayoutError;
482
483#[stable(feature = "alloc_layout", since = "1.28.0")]
484impl Error for LayoutError {}
485
486// (we need this for downstream impl of trait Error)
487#[stable(feature = "alloc_layout", since = "1.28.0")]
488impl fmt::Display for LayoutError {
489 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
490 f.write_str(data:"invalid parameters to Layout::from_size_align")
491 }
492}
493