1//! Basic functions for dealing with memory.
2//!
3//! This module contains functions for querying the size and alignment of
4//! types, initializing and manipulating memory.
5
6#![stable(feature = "rust1", since = "1.0.0")]
7
8use crate::clone;
9use crate::cmp;
10use crate::fmt;
11use crate::hash;
12use crate::intrinsics;
13use crate::marker::DiscriminantKind;
14use crate::ptr;
15
16mod manually_drop;
17#[stable(feature = "manually_drop", since = "1.20.0")]
18pub use manually_drop::ManuallyDrop;
19
20mod maybe_uninit;
21#[stable(feature = "maybe_uninit", since = "1.36.0")]
22pub use maybe_uninit::MaybeUninit;
23
24mod transmutability;
25#[unstable(feature = "transmutability", issue = "99571")]
26pub use transmutability::{Assume, BikeshedIntrinsicFrom};
27
28#[stable(feature = "rust1", since = "1.0.0")]
29#[doc(inline)]
30pub use crate::intrinsics::transmute;
31
32/// Takes ownership and "forgets" about the value **without running its destructor**.
33///
34/// Any resources the value manages, such as heap memory or a file handle, will linger
35/// forever in an unreachable state. However, it does not guarantee that pointers
36/// to this memory will remain valid.
37///
38/// * If you want to leak memory, see [`Box::leak`].
39/// * If you want to obtain a raw pointer to the memory, see [`Box::into_raw`].
40/// * If you want to dispose of a value properly, running its destructor, see
41/// [`mem::drop`].
42///
43/// # Safety
44///
45/// `forget` is not marked as `unsafe`, because Rust's safety guarantees
46/// do not include a guarantee that destructors will always run. For example,
47/// a program can create a reference cycle using [`Rc`][rc], or call
48/// [`process::exit`][exit] to exit without running destructors. Thus, allowing
49/// `mem::forget` from safe code does not fundamentally change Rust's safety
50/// guarantees.
51///
52/// That said, leaking resources such as memory or I/O objects is usually undesirable.
53/// The need comes up in some specialized use cases for FFI or unsafe code, but even
54/// then, [`ManuallyDrop`] is typically preferred.
55///
56/// Because forgetting a value is allowed, any `unsafe` code you write must
57/// allow for this possibility. You cannot return a value and expect that the
58/// caller will necessarily run the value's destructor.
59///
60/// [rc]: ../../std/rc/struct.Rc.html
61/// [exit]: ../../std/process/fn.exit.html
62///
63/// # Examples
64///
65/// The canonical safe use of `mem::forget` is to circumvent a value's destructor
66/// implemented by the `Drop` trait. For example, this will leak a `File`, i.e. reclaim
67/// the space taken by the variable but never close the underlying system resource:
68///
69/// ```no_run
70/// use std::mem;
71/// use std::fs::File;
72///
73/// let file = File::open("foo.txt").unwrap();
74/// mem::forget(file);
75/// ```
76///
77/// This is useful when the ownership of the underlying resource was previously
78/// transferred to code outside of Rust, for example by transmitting the raw
79/// file descriptor to C code.
80///
81/// # Relationship with `ManuallyDrop`
82///
83/// While `mem::forget` can also be used to transfer *memory* ownership, doing so is error-prone.
84/// [`ManuallyDrop`] should be used instead. Consider, for example, this code:
85///
86/// ```
87/// use std::mem;
88///
89/// let mut v = vec![65, 122];
90/// // Build a `String` using the contents of `v`
91/// let s = unsafe { String::from_raw_parts(v.as_mut_ptr(), v.len(), v.capacity()) };
92/// // leak `v` because its memory is now managed by `s`
93/// mem::forget(v); // ERROR - v is invalid and must not be passed to a function
94/// assert_eq!(s, "Az");
95/// // `s` is implicitly dropped and its memory deallocated.
96/// ```
97///
98/// There are two issues with the above example:
99///
100/// * If more code were added between the construction of `String` and the invocation of
101/// `mem::forget()`, a panic within it would cause a double free because the same memory
102/// is handled by both `v` and `s`.
103/// * After calling `v.as_mut_ptr()` and transmitting the ownership of the data to `s`,
104/// the `v` value is invalid. Even when a value is just moved to `mem::forget` (which won't
105/// inspect it), some types have strict requirements on their values that
106/// make them invalid when dangling or no longer owned. Using invalid values in any
107/// way, including passing them to or returning them from functions, constitutes
108/// undefined behavior and may break the assumptions made by the compiler.
109///
110/// Switching to `ManuallyDrop` avoids both issues:
111///
112/// ```
113/// use std::mem::ManuallyDrop;
114///
115/// let v = vec![65, 122];
116/// // Before we disassemble `v` into its raw parts, make sure it
117/// // does not get dropped!
118/// let mut v = ManuallyDrop::new(v);
119/// // Now disassemble `v`. These operations cannot panic, so there cannot be a leak.
120/// let (ptr, len, cap) = (v.as_mut_ptr(), v.len(), v.capacity());
121/// // Finally, build a `String`.
122/// let s = unsafe { String::from_raw_parts(ptr, len, cap) };
123/// assert_eq!(s, "Az");
124/// // `s` is implicitly dropped and its memory deallocated.
125/// ```
126///
127/// `ManuallyDrop` robustly prevents double-free because we disable `v`'s destructor
128/// before doing anything else. `mem::forget()` doesn't allow this because it consumes its
129/// argument, forcing us to call it only after extracting anything we need from `v`. Even
130/// if a panic were introduced between construction of `ManuallyDrop` and building the
131/// string (which cannot happen in the code as shown), it would result in a leak and not a
132/// double free. In other words, `ManuallyDrop` errs on the side of leaking instead of
133/// erring on the side of (double-)dropping.
134///
135/// Also, `ManuallyDrop` prevents us from having to "touch" `v` after transferring the
136/// ownership to `s` — the final step of interacting with `v` to dispose of it without
137/// running its destructor is entirely avoided.
138///
139/// [`Box`]: ../../std/boxed/struct.Box.html
140/// [`Box::leak`]: ../../std/boxed/struct.Box.html#method.leak
141/// [`Box::into_raw`]: ../../std/boxed/struct.Box.html#method.into_raw
142/// [`mem::drop`]: drop
143/// [ub]: ../../reference/behavior-considered-undefined.html
144#[inline]
145#[rustc_const_stable(feature = "const_forget", since = "1.46.0")]
146#[stable(feature = "rust1", since = "1.0.0")]
147#[cfg_attr(not(test), rustc_diagnostic_item = "mem_forget")]
148pub const fn forget<T>(t: T) {
149 let _ = ManuallyDrop::new(t);
150}
151
152/// Like [`forget`], but also accepts unsized values.
153///
154/// This function is just a shim intended to be removed when the `unsized_locals` feature gets
155/// stabilized.
156#[inline]
157#[unstable(feature = "forget_unsized", issue = "none")]
158pub fn forget_unsized<T: ?Sized>(t: T) {
159 intrinsics::forget(t)
160}
161
162/// Returns the size of a type in bytes.
163///
164/// More specifically, this is the offset in bytes between successive elements
165/// in an array with that item type including alignment padding. Thus, for any
166/// type `T` and length `n`, `[T; n]` has a size of `n * size_of::<T>()`.
167///
168/// In general, the size of a type is not stable across compilations, but
169/// specific types such as primitives are.
170///
171/// The following table gives the size for primitives.
172///
173/// Type | `size_of::<Type>()`
174/// ---- | ---------------
175/// () | 0
176/// bool | 1
177/// u8 | 1
178/// u16 | 2
179/// u32 | 4
180/// u64 | 8
181/// u128 | 16
182/// i8 | 1
183/// i16 | 2
184/// i32 | 4
185/// i64 | 8
186/// i128 | 16
187/// f32 | 4
188/// f64 | 8
189/// char | 4
190///
191/// Furthermore, `usize` and `isize` have the same size.
192///
193/// The types [`*const T`], `&T`, [`Box<T>`], [`Option<&T>`], and `Option<Box<T>>` all have
194/// the same size. If `T` is `Sized`, all of those types have the same size as `usize`.
195///
196/// The mutability of a pointer does not change its size. As such, `&T` and `&mut T`
197/// have the same size. Likewise for `*const T` and `*mut T`.
198///
199/// # Size of `#[repr(C)]` items
200///
201/// The `C` representation for items has a defined layout. With this layout,
202/// the size of items is also stable as long as all fields have a stable size.
203///
204/// ## Size of Structs
205///
206/// For `struct`s, the size is determined by the following algorithm.
207///
208/// For each field in the struct ordered by declaration order:
209///
210/// 1. Add the size of the field.
211/// 2. Round up the current size to the nearest multiple of the next field's [alignment].
212///
213/// Finally, round the size of the struct to the nearest multiple of its [alignment].
214/// The alignment of the struct is usually the largest alignment of all its
215/// fields; this can be changed with the use of `repr(align(N))`.
216///
217/// Unlike `C`, zero sized structs are not rounded up to one byte in size.
218///
219/// ## Size of Enums
220///
221/// Enums that carry no data other than the discriminant have the same size as C enums
222/// on the platform they are compiled for.
223///
224/// ## Size of Unions
225///
226/// The size of a union is the size of its largest field.
227///
228/// Unlike `C`, zero sized unions are not rounded up to one byte in size.
229///
230/// # Examples
231///
232/// ```
233/// use std::mem;
234///
235/// // Some primitives
236/// assert_eq!(4, mem::size_of::<i32>());
237/// assert_eq!(8, mem::size_of::<f64>());
238/// assert_eq!(0, mem::size_of::<()>());
239///
240/// // Some arrays
241/// assert_eq!(8, mem::size_of::<[i32; 2]>());
242/// assert_eq!(12, mem::size_of::<[i32; 3]>());
243/// assert_eq!(0, mem::size_of::<[i32; 0]>());
244///
245///
246/// // Pointer size equality
247/// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<*const i32>());
248/// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<Box<i32>>());
249/// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<Option<&i32>>());
250/// assert_eq!(mem::size_of::<Box<i32>>(), mem::size_of::<Option<Box<i32>>>());
251/// ```
252///
253/// Using `#[repr(C)]`.
254///
255/// ```
256/// use std::mem;
257///
258/// #[repr(C)]
259/// struct FieldStruct {
260/// first: u8,
261/// second: u16,
262/// third: u8
263/// }
264///
265/// // The size of the first field is 1, so add 1 to the size. Size is 1.
266/// // The alignment of the second field is 2, so add 1 to the size for padding. Size is 2.
267/// // The size of the second field is 2, so add 2 to the size. Size is 4.
268/// // The alignment of the third field is 1, so add 0 to the size for padding. Size is 4.
269/// // The size of the third field is 1, so add 1 to the size. Size is 5.
270/// // Finally, the alignment of the struct is 2 (because the largest alignment amongst its
271/// // fields is 2), so add 1 to the size for padding. Size is 6.
272/// assert_eq!(6, mem::size_of::<FieldStruct>());
273///
274/// #[repr(C)]
275/// struct TupleStruct(u8, u16, u8);
276///
277/// // Tuple structs follow the same rules.
278/// assert_eq!(6, mem::size_of::<TupleStruct>());
279///
280/// // Note that reordering the fields can lower the size. We can remove both padding bytes
281/// // by putting `third` before `second`.
282/// #[repr(C)]
283/// struct FieldStructOptimized {
284/// first: u8,
285/// third: u8,
286/// second: u16
287/// }
288///
289/// assert_eq!(4, mem::size_of::<FieldStructOptimized>());
290///
291/// // Union size is the size of the largest field.
292/// #[repr(C)]
293/// union ExampleUnion {
294/// smaller: u8,
295/// larger: u16
296/// }
297///
298/// assert_eq!(2, mem::size_of::<ExampleUnion>());
299/// ```
300///
301/// [alignment]: align_of
302/// [`*const T`]: primitive@pointer
303/// [`Box<T>`]: ../../std/boxed/struct.Box.html
304/// [`Option<&T>`]: crate::option::Option
305///
306#[inline(always)]
307#[must_use]
308#[stable(feature = "rust1", since = "1.0.0")]
309#[rustc_promotable]
310#[rustc_const_stable(feature = "const_mem_size_of", since = "1.24.0")]
311#[cfg_attr(not(test), rustc_diagnostic_item = "mem_size_of")]
312pub const fn size_of<T>() -> usize {
313 intrinsics::size_of::<T>()
314}
315
316/// Returns the size of the pointed-to value in bytes.
317///
318/// This is usually the same as [`size_of::<T>()`]. However, when `T` *has* no
319/// statically-known size, e.g., a slice [`[T]`][slice] or a [trait object],
320/// then `size_of_val` can be used to get the dynamically-known size.
321///
322/// [trait object]: ../../book/ch17-02-trait-objects.html
323///
324/// # Examples
325///
326/// ```
327/// use std::mem;
328///
329/// assert_eq!(4, mem::size_of_val(&5i32));
330///
331/// let x: [u8; 13] = [0; 13];
332/// let y: &[u8] = &x;
333/// assert_eq!(13, mem::size_of_val(y));
334/// ```
335///
336/// [`size_of::<T>()`]: size_of
337#[inline]
338#[must_use]
339#[stable(feature = "rust1", since = "1.0.0")]
340#[rustc_const_unstable(feature = "const_size_of_val", issue = "46571")]
341#[cfg_attr(not(test), rustc_diagnostic_item = "mem_size_of_val")]
342pub const fn size_of_val<T: ?Sized>(val: &T) -> usize {
343 // SAFETY: `val` is a reference, so it's a valid raw pointer
344 unsafe { intrinsics::size_of_val(val) }
345}
346
347/// Returns the size of the pointed-to value in bytes.
348///
349/// This is usually the same as [`size_of::<T>()`]. However, when `T` *has* no
350/// statically-known size, e.g., a slice [`[T]`][slice] or a [trait object],
351/// then `size_of_val_raw` can be used to get the dynamically-known size.
352///
353/// # Safety
354///
355/// This function is only safe to call if the following conditions hold:
356///
357/// - If `T` is `Sized`, this function is always safe to call.
358/// - If the unsized tail of `T` is:
359/// - a [slice], then the length of the slice tail must be an initialized
360/// integer, and the size of the *entire value*
361/// (dynamic tail length + statically sized prefix) must fit in `isize`.
362/// - a [trait object], then the vtable part of the pointer must point
363/// to a valid vtable acquired by an unsizing coercion, and the size
364/// of the *entire value* (dynamic tail length + statically sized prefix)
365/// must fit in `isize`.
366/// - an (unstable) [extern type], then this function is always safe to
367/// call, but may panic or otherwise return the wrong value, as the
368/// extern type's layout is not known. This is the same behavior as
369/// [`size_of_val`] on a reference to a type with an extern type tail.
370/// - otherwise, it is conservatively not allowed to call this function.
371///
372/// [`size_of::<T>()`]: size_of
373/// [trait object]: ../../book/ch17-02-trait-objects.html
374/// [extern type]: ../../unstable-book/language-features/extern-types.html
375///
376/// # Examples
377///
378/// ```
379/// #![feature(layout_for_ptr)]
380/// use std::mem;
381///
382/// assert_eq!(4, mem::size_of_val(&5i32));
383///
384/// let x: [u8; 13] = [0; 13];
385/// let y: &[u8] = &x;
386/// assert_eq!(13, unsafe { mem::size_of_val_raw(y) });
387/// ```
388#[inline]
389#[must_use]
390#[unstable(feature = "layout_for_ptr", issue = "69835")]
391#[rustc_const_unstable(feature = "const_size_of_val_raw", issue = "46571")]
392pub const unsafe fn size_of_val_raw<T: ?Sized>(val: *const T) -> usize {
393 // SAFETY: the caller must provide a valid raw pointer
394 unsafe { intrinsics::size_of_val(val) }
395}
396
397/// Returns the [ABI]-required minimum alignment of a type in bytes.
398///
399/// Every reference to a value of the type `T` must be a multiple of this number.
400///
401/// This is the alignment used for struct fields. It may be smaller than the preferred alignment.
402///
403/// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface
404///
405/// # Examples
406///
407/// ```
408/// # #![allow(deprecated)]
409/// use std::mem;
410///
411/// assert_eq!(4, mem::min_align_of::<i32>());
412/// ```
413#[inline]
414#[must_use]
415#[stable(feature = "rust1", since = "1.0.0")]
416#[deprecated(note = "use `align_of` instead", since = "1.2.0", suggestion = "align_of")]
417pub fn min_align_of<T>() -> usize {
418 intrinsics::min_align_of::<T>()
419}
420
421/// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in
422/// bytes.
423///
424/// Every reference to a value of the type `T` must be a multiple of this number.
425///
426/// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface
427///
428/// # Examples
429///
430/// ```
431/// # #![allow(deprecated)]
432/// use std::mem;
433///
434/// assert_eq!(4, mem::min_align_of_val(&5i32));
435/// ```
436#[inline]
437#[must_use]
438#[stable(feature = "rust1", since = "1.0.0")]
439#[deprecated(note = "use `align_of_val` instead", since = "1.2.0", suggestion = "align_of_val")]
440pub fn min_align_of_val<T: ?Sized>(val: &T) -> usize {
441 // SAFETY: val is a reference, so it's a valid raw pointer
442 unsafe { intrinsics::min_align_of_val(val) }
443}
444
445/// Returns the [ABI]-required minimum alignment of a type in bytes.
446///
447/// Every reference to a value of the type `T` must be a multiple of this number.
448///
449/// This is the alignment used for struct fields. It may be smaller than the preferred alignment.
450///
451/// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface
452///
453/// # Examples
454///
455/// ```
456/// use std::mem;
457///
458/// assert_eq!(4, mem::align_of::<i32>());
459/// ```
460#[inline(always)]
461#[must_use]
462#[stable(feature = "rust1", since = "1.0.0")]
463#[rustc_promotable]
464#[rustc_const_stable(feature = "const_align_of", since = "1.24.0")]
465pub const fn align_of<T>() -> usize {
466 intrinsics::min_align_of::<T>()
467}
468
469/// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in
470/// bytes.
471///
472/// Every reference to a value of the type `T` must be a multiple of this number.
473///
474/// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface
475///
476/// # Examples
477///
478/// ```
479/// use std::mem;
480///
481/// assert_eq!(4, mem::align_of_val(&5i32));
482/// ```
483#[inline]
484#[must_use]
485#[stable(feature = "rust1", since = "1.0.0")]
486#[rustc_const_unstable(feature = "const_align_of_val", issue = "46571")]
487#[allow(deprecated)]
488pub const fn align_of_val<T: ?Sized>(val: &T) -> usize {
489 // SAFETY: val is a reference, so it's a valid raw pointer
490 unsafe { intrinsics::min_align_of_val(val) }
491}
492
493/// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in
494/// bytes.
495///
496/// Every reference to a value of the type `T` must be a multiple of this number.
497///
498/// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface
499///
500/// # Safety
501///
502/// This function is only safe to call if the following conditions hold:
503///
504/// - If `T` is `Sized`, this function is always safe to call.
505/// - If the unsized tail of `T` is:
506/// - a [slice], then the length of the slice tail must be an initialized
507/// integer, and the size of the *entire value*
508/// (dynamic tail length + statically sized prefix) must fit in `isize`.
509/// - a [trait object], then the vtable part of the pointer must point
510/// to a valid vtable acquired by an unsizing coercion, and the size
511/// of the *entire value* (dynamic tail length + statically sized prefix)
512/// must fit in `isize`.
513/// - an (unstable) [extern type], then this function is always safe to
514/// call, but may panic or otherwise return the wrong value, as the
515/// extern type's layout is not known. This is the same behavior as
516/// [`align_of_val`] on a reference to a type with an extern type tail.
517/// - otherwise, it is conservatively not allowed to call this function.
518///
519/// [trait object]: ../../book/ch17-02-trait-objects.html
520/// [extern type]: ../../unstable-book/language-features/extern-types.html
521///
522/// # Examples
523///
524/// ```
525/// #![feature(layout_for_ptr)]
526/// use std::mem;
527///
528/// assert_eq!(4, unsafe { mem::align_of_val_raw(&5i32) });
529/// ```
530#[inline]
531#[must_use]
532#[unstable(feature = "layout_for_ptr", issue = "69835")]
533#[rustc_const_unstable(feature = "const_align_of_val_raw", issue = "46571")]
534pub const unsafe fn align_of_val_raw<T: ?Sized>(val: *const T) -> usize {
535 // SAFETY: the caller must provide a valid raw pointer
536 unsafe { intrinsics::min_align_of_val(val) }
537}
538
539/// Returns `true` if dropping values of type `T` matters.
540///
541/// This is purely an optimization hint, and may be implemented conservatively:
542/// it may return `true` for types that don't actually need to be dropped.
543/// As such always returning `true` would be a valid implementation of
544/// this function. However if this function actually returns `false`, then you
545/// can be certain dropping `T` has no side effect.
546///
547/// Low level implementations of things like collections, which need to manually
548/// drop their data, should use this function to avoid unnecessarily
549/// trying to drop all their contents when they are destroyed. This might not
550/// make a difference in release builds (where a loop that has no side-effects
551/// is easily detected and eliminated), but is often a big win for debug builds.
552///
553/// Note that [`drop_in_place`] already performs this check, so if your workload
554/// can be reduced to some small number of [`drop_in_place`] calls, using this is
555/// unnecessary. In particular note that you can [`drop_in_place`] a slice, and that
556/// will do a single needs_drop check for all the values.
557///
558/// Types like Vec therefore just `drop_in_place(&mut self[..])` without using
559/// `needs_drop` explicitly. Types like [`HashMap`], on the other hand, have to drop
560/// values one at a time and should use this API.
561///
562/// [`drop_in_place`]: crate::ptr::drop_in_place
563/// [`HashMap`]: ../../std/collections/struct.HashMap.html
564///
565/// # Examples
566///
567/// Here's an example of how a collection might make use of `needs_drop`:
568///
569/// ```
570/// use std::{mem, ptr};
571///
572/// pub struct MyCollection<T> {
573/// # data: [T; 1],
574/// /* ... */
575/// }
576/// # impl<T> MyCollection<T> {
577/// # fn iter_mut(&mut self) -> &mut [T] { &mut self.data }
578/// # fn free_buffer(&mut self) {}
579/// # }
580///
581/// impl<T> Drop for MyCollection<T> {
582/// fn drop(&mut self) {
583/// unsafe {
584/// // drop the data
585/// if mem::needs_drop::<T>() {
586/// for x in self.iter_mut() {
587/// ptr::drop_in_place(x);
588/// }
589/// }
590/// self.free_buffer();
591/// }
592/// }
593/// }
594/// ```
595#[inline]
596#[must_use]
597#[stable(feature = "needs_drop", since = "1.21.0")]
598#[rustc_const_stable(feature = "const_mem_needs_drop", since = "1.36.0")]
599#[rustc_diagnostic_item = "needs_drop"]
600pub const fn needs_drop<T: ?Sized>() -> bool {
601 intrinsics::needs_drop::<T>()
602}
603
604/// Returns the value of type `T` represented by the all-zero byte-pattern.
605///
606/// This means that, for example, the padding byte in `(u8, u16)` is not
607/// necessarily zeroed.
608///
609/// There is no guarantee that an all-zero byte-pattern represents a valid value
610/// of some type `T`. For example, the all-zero byte-pattern is not a valid value
611/// for reference types (`&T`, `&mut T`) and functions pointers. Using `zeroed`
612/// on such types causes immediate [undefined behavior][ub] because [the Rust
613/// compiler assumes][inv] that there always is a valid value in a variable it
614/// considers initialized.
615///
616/// This has the same effect as [`MaybeUninit::zeroed().assume_init()`][zeroed].
617/// It is useful for FFI sometimes, but should generally be avoided.
618///
619/// [zeroed]: MaybeUninit::zeroed
620/// [ub]: ../../reference/behavior-considered-undefined.html
621/// [inv]: MaybeUninit#initialization-invariant
622///
623/// # Examples
624///
625/// Correct usage of this function: initializing an integer with zero.
626///
627/// ```
628/// use std::mem;
629///
630/// let x: i32 = unsafe { mem::zeroed() };
631/// assert_eq!(0, x);
632/// ```
633///
634/// *Incorrect* usage of this function: initializing a reference with zero.
635///
636/// ```rust,no_run
637/// # #![allow(invalid_value)]
638/// use std::mem;
639///
640/// let _x: &i32 = unsafe { mem::zeroed() }; // Undefined behavior!
641/// let _y: fn() = unsafe { mem::zeroed() }; // And again!
642/// ```
643#[inline(always)]
644#[must_use]
645#[stable(feature = "rust1", since = "1.0.0")]
646#[allow(deprecated_in_future)]
647#[allow(deprecated)]
648#[rustc_diagnostic_item = "mem_zeroed"]
649#[track_caller]
650#[rustc_const_stable(feature = "const_mem_zeroed", since = "1.75.0")]
651pub const unsafe fn zeroed<T>() -> T {
652 // SAFETY: the caller must guarantee that an all-zero value is valid for `T`.
653 unsafe {
654 intrinsics::assert_zero_valid::<T>();
655 MaybeUninit::zeroed().assume_init()
656 }
657}
658
659/// Bypasses Rust's normal memory-initialization checks by pretending to
660/// produce a value of type `T`, while doing nothing at all.
661///
662/// **This function is deprecated.** Use [`MaybeUninit<T>`] instead.
663/// It also might be slower than using `MaybeUninit<T>` due to mitigations that were put in place to
664/// limit the potential harm caused by incorrect use of this function in legacy code.
665///
666/// The reason for deprecation is that the function basically cannot be used
667/// correctly: it has the same effect as [`MaybeUninit::uninit().assume_init()`][uninit].
668/// As the [`assume_init` documentation][assume_init] explains,
669/// [the Rust compiler assumes][inv] that values are properly initialized.
670///
671/// Truly uninitialized memory like what gets returned here
672/// is special in that the compiler knows that it does not have a fixed value.
673/// This makes it undefined behavior to have uninitialized data in a variable even
674/// if that variable has an integer type.
675///
676/// Therefore, it is immediate undefined behavior to call this function on nearly all types,
677/// including integer types and arrays of integer types, and even if the result is unused.
678///
679/// [uninit]: MaybeUninit::uninit
680/// [assume_init]: MaybeUninit::assume_init
681/// [inv]: MaybeUninit#initialization-invariant
682#[inline(always)]
683#[must_use]
684#[deprecated(since = "1.39.0", note = "use `mem::MaybeUninit` instead")]
685#[stable(feature = "rust1", since = "1.0.0")]
686#[allow(deprecated_in_future)]
687#[allow(deprecated)]
688#[rustc_diagnostic_item = "mem_uninitialized"]
689#[track_caller]
690pub unsafe fn uninitialized<T>() -> T {
691 // SAFETY: the caller must guarantee that an uninitialized value is valid for `T`.
692 unsafe {
693 intrinsics::assert_mem_uninitialized_valid::<T>();
694 let mut val: MaybeUninit = MaybeUninit::<T>::uninit();
695
696 // Fill memory with 0x01, as an imperfect mitigation for old code that uses this function on
697 // bool, nonnull, and noundef types. But don't do this if we actively want to detect UB.
698 if !cfg!(any(miri, sanitize = "memory")) {
699 val.as_mut_ptr().write_bytes(val:0x01, count:1);
700 }
701
702 val.assume_init()
703 }
704}
705
706/// Swaps the values at two mutable locations, without deinitializing either one.
707///
708/// * If you want to swap with a default or dummy value, see [`take`].
709/// * If you want to swap with a passed value, returning the old value, see [`replace`].
710///
711/// # Examples
712///
713/// ```
714/// use std::mem;
715///
716/// let mut x = 5;
717/// let mut y = 42;
718///
719/// mem::swap(&mut x, &mut y);
720///
721/// assert_eq!(42, x);
722/// assert_eq!(5, y);
723/// ```
724#[inline]
725#[stable(feature = "rust1", since = "1.0.0")]
726#[rustc_const_unstable(feature = "const_swap", issue = "83163")]
727#[rustc_diagnostic_item = "mem_swap"]
728pub const fn swap<T>(x: &mut T, y: &mut T) {
729 // NOTE(eddyb) SPIR-V's Logical addressing model doesn't allow for arbitrary
730 // reinterpretation of values as (chunkable) byte arrays, and the loop in the
731 // block optimization in `swap_slice` is hard to rewrite back
732 // into the (unoptimized) direct swapping implementation, so we disable it.
733 #[cfg(not(any(target_arch = "spirv")))]
734 {
735 // For types that are larger multiples of their alignment, the simple way
736 // tends to copy the whole thing to stack rather than doing it one part
737 // at a time, so instead treat them as one-element slices and piggy-back
738 // the slice optimizations that will split up the swaps.
739 if const { size_of::<T>() / align_of::<T>() > 2 } {
740 // SAFETY: exclusive references always point to one non-overlapping
741 // element and are non-null and properly aligned.
742 return unsafe { ptr::swap_nonoverlapping(x, y, 1) };
743 }
744 }
745
746 // If a scalar consists of just a small number of alignment units, let
747 // the codegen just swap those pieces directly, as it's likely just a
748 // few instructions and anything else is probably overcomplicated.
749 //
750 // Most importantly, this covers primitives and simd types that tend to
751 // have size=align where doing anything else can be a pessimization.
752 // (This will also be used for ZSTs, though any solution works for them.)
753 swap_simple(x, y);
754}
755
756/// Same as [`swap`] semantically, but always uses the simple implementation.
757///
758/// Used elsewhere in `mem` and `ptr` at the bottom layer of calls.
759#[rustc_const_unstable(feature = "const_swap", issue = "83163")]
760#[inline]
761pub(crate) const fn swap_simple<T>(x: &mut T, y: &mut T) {
762 // We arrange for this to typically be called with small types,
763 // so this reads-and-writes approach is actually better than using
764 // copy_nonoverlapping as it easily puts things in LLVM registers
765 // directly and doesn't end up inlining allocas.
766 // And LLVM actually optimizes it to 3×memcpy if called with
767 // a type larger than it's willing to keep in a register.
768 // Having typed reads and writes in MIR here is also good as
769 // it lets Miri and CTFE understand them better, including things
770 // like enforcing type validity for them.
771 // Importantly, read+copy_nonoverlapping+write introduces confusing
772 // asymmetry to the behaviour where one value went through read+write
773 // whereas the other was copied over by the intrinsic (see #94371).
774 // Furthermore, using only read+write here benefits limited backends
775 // such as SPIR-V that work on an underlying *typed* view of memory,
776 // and thus have trouble with Rust's untyped memory operations.
777
778 // SAFETY: exclusive references are always valid to read/write,
779 // including being aligned, and nothing here panics so it's drop-safe.
780 unsafe {
781 let a = ptr::read(x);
782 let b = ptr::read(y);
783 ptr::write(x, b);
784 ptr::write(y, a);
785 }
786}
787
788/// Replaces `dest` with the default value of `T`, returning the previous `dest` value.
789///
790/// * If you want to replace the values of two variables, see [`swap`].
791/// * If you want to replace with a passed value instead of the default value, see [`replace`].
792///
793/// # Examples
794///
795/// A simple example:
796///
797/// ```
798/// use std::mem;
799///
800/// let mut v: Vec<i32> = vec![1, 2];
801///
802/// let old_v = mem::take(&mut v);
803/// assert_eq!(vec![1, 2], old_v);
804/// assert!(v.is_empty());
805/// ```
806///
807/// `take` allows taking ownership of a struct field by replacing it with an "empty" value.
808/// Without `take` you can run into issues like these:
809///
810/// ```compile_fail,E0507
811/// struct Buffer<T> { buf: Vec<T> }
812///
813/// impl<T> Buffer<T> {
814/// fn get_and_reset(&mut self) -> Vec<T> {
815/// // error: cannot move out of dereference of `&mut`-pointer
816/// let buf = self.buf;
817/// self.buf = Vec::new();
818/// buf
819/// }
820/// }
821/// ```
822///
823/// Note that `T` does not necessarily implement [`Clone`], so it can't even clone and reset
824/// `self.buf`. But `take` can be used to disassociate the original value of `self.buf` from
825/// `self`, allowing it to be returned:
826///
827/// ```
828/// use std::mem;
829///
830/// # struct Buffer<T> { buf: Vec<T> }
831/// impl<T> Buffer<T> {
832/// fn get_and_reset(&mut self) -> Vec<T> {
833/// mem::take(&mut self.buf)
834/// }
835/// }
836///
837/// let mut buffer = Buffer { buf: vec![0, 1] };
838/// assert_eq!(buffer.buf.len(), 2);
839///
840/// assert_eq!(buffer.get_and_reset(), vec![0, 1]);
841/// assert_eq!(buffer.buf.len(), 0);
842/// ```
843#[inline]
844#[stable(feature = "mem_take", since = "1.40.0")]
845pub fn take<T: Default>(dest: &mut T) -> T {
846 replace(dest, T::default())
847}
848
849/// Moves `src` into the referenced `dest`, returning the previous `dest` value.
850///
851/// Neither value is dropped.
852///
853/// * If you want to replace the values of two variables, see [`swap`].
854/// * If you want to replace with a default value, see [`take`].
855///
856/// # Examples
857///
858/// A simple example:
859///
860/// ```
861/// use std::mem;
862///
863/// let mut v: Vec<i32> = vec![1, 2];
864///
865/// let old_v = mem::replace(&mut v, vec![3, 4, 5]);
866/// assert_eq!(vec![1, 2], old_v);
867/// assert_eq!(vec![3, 4, 5], v);
868/// ```
869///
870/// `replace` allows consumption of a struct field by replacing it with another value.
871/// Without `replace` you can run into issues like these:
872///
873/// ```compile_fail,E0507
874/// struct Buffer<T> { buf: Vec<T> }
875///
876/// impl<T> Buffer<T> {
877/// fn replace_index(&mut self, i: usize, v: T) -> T {
878/// // error: cannot move out of dereference of `&mut`-pointer
879/// let t = self.buf[i];
880/// self.buf[i] = v;
881/// t
882/// }
883/// }
884/// ```
885///
886/// Note that `T` does not necessarily implement [`Clone`], so we can't even clone `self.buf[i]` to
887/// avoid the move. But `replace` can be used to disassociate the original value at that index from
888/// `self`, allowing it to be returned:
889///
890/// ```
891/// # #![allow(dead_code)]
892/// use std::mem;
893///
894/// # struct Buffer<T> { buf: Vec<T> }
895/// impl<T> Buffer<T> {
896/// fn replace_index(&mut self, i: usize, v: T) -> T {
897/// mem::replace(&mut self.buf[i], v)
898/// }
899/// }
900///
901/// let mut buffer = Buffer { buf: vec![0, 1] };
902/// assert_eq!(buffer.buf[0], 0);
903///
904/// assert_eq!(buffer.replace_index(0, 2), 0);
905/// assert_eq!(buffer.buf[0], 2);
906/// ```
907#[inline]
908#[stable(feature = "rust1", since = "1.0.0")]
909#[must_use = "if you don't need the old value, you can just assign the new value directly"]
910#[rustc_const_unstable(feature = "const_replace", issue = "83164")]
911#[cfg_attr(not(test), rustc_diagnostic_item = "mem_replace")]
912pub const fn replace<T>(dest: &mut T, src: T) -> T {
913 // It may be tempting to use `swap` to avoid `unsafe` here. Don't!
914 // The compiler optimizes the implementation below to two `memcpy`s
915 // while `swap` would require at least three. See PR#83022 for details.
916
917 // SAFETY: We read from `dest` but directly write `src` into it afterwards,
918 // such that the old value is not duplicated. Nothing is dropped and
919 // nothing here can panic.
920 unsafe {
921 let result: T = ptr::read(src:dest);
922 ptr::write(dst:dest, src);
923 result
924 }
925}
926
927/// Disposes of a value.
928///
929/// This does so by calling the argument's implementation of [`Drop`][drop].
930///
931/// This effectively does nothing for types which implement `Copy`, e.g.
932/// integers. Such values are copied and _then_ moved into the function, so the
933/// value persists after this function call.
934///
935/// This function is not magic; it is literally defined as
936///
937/// ```
938/// pub fn drop<T>(_x: T) {}
939/// ```
940///
941/// Because `_x` is moved into the function, it is automatically dropped before
942/// the function returns.
943///
944/// [drop]: Drop
945///
946/// # Examples
947///
948/// Basic usage:
949///
950/// ```
951/// let v = vec![1, 2, 3];
952///
953/// drop(v); // explicitly drop the vector
954/// ```
955///
956/// Since [`RefCell`] enforces the borrow rules at runtime, `drop` can
957/// release a [`RefCell`] borrow:
958///
959/// ```
960/// use std::cell::RefCell;
961///
962/// let x = RefCell::new(1);
963///
964/// let mut mutable_borrow = x.borrow_mut();
965/// *mutable_borrow = 1;
966///
967/// drop(mutable_borrow); // relinquish the mutable borrow on this slot
968///
969/// let borrow = x.borrow();
970/// println!("{}", *borrow);
971/// ```
972///
973/// Integers and other types implementing [`Copy`] are unaffected by `drop`.
974///
975/// ```
976/// # #![allow(dropping_copy_types)]
977/// #[derive(Copy, Clone)]
978/// struct Foo(u8);
979///
980/// let x = 1;
981/// let y = Foo(2);
982/// drop(x); // a copy of `x` is moved and dropped
983/// drop(y); // a copy of `y` is moved and dropped
984///
985/// println!("x: {}, y: {}", x, y.0); // still available
986/// ```
987///
988/// [`RefCell`]: crate::cell::RefCell
989#[inline]
990#[stable(feature = "rust1", since = "1.0.0")]
991#[cfg_attr(not(test), rustc_diagnostic_item = "mem_drop")]
992pub fn drop<T>(_x: T) {}
993
994/// Bitwise-copies a value.
995///
996/// This function is not magic; it is literally defined as
997/// ```
998/// pub fn copy<T: Copy>(x: &T) -> T { *x }
999/// ```
1000///
1001/// It is useful when you want to pass a function pointer to a combinator, rather than defining a new closure.
1002///
1003/// Example:
1004/// ```
1005/// #![feature(mem_copy_fn)]
1006/// use core::mem::copy;
1007/// let result_from_ffi_function: Result<(), &i32> = Err(&1);
1008/// let result_copied: Result<(), i32> = result_from_ffi_function.map_err(copy);
1009/// ```
1010#[inline]
1011#[unstable(feature = "mem_copy_fn", issue = "98262")]
1012pub const fn copy<T: Copy>(x: &T) -> T {
1013 *x
1014}
1015
1016/// Interprets `src` as having type `&Dst`, and then reads `src` without moving
1017/// the contained value.
1018///
1019/// This function will unsafely assume the pointer `src` is valid for [`size_of::<Dst>`][size_of]
1020/// bytes by transmuting `&Src` to `&Dst` and then reading the `&Dst` (except that this is done
1021/// in a way that is correct even when `&Dst` has stricter alignment requirements than `&Src`).
1022/// It will also unsafely create a copy of the contained value instead of moving out of `src`.
1023///
1024/// It is not a compile-time error if `Src` and `Dst` have different sizes, but it
1025/// is highly encouraged to only invoke this function where `Src` and `Dst` have the
1026/// same size. This function triggers [undefined behavior][ub] if `Dst` is larger than
1027/// `Src`.
1028///
1029/// [ub]: ../../reference/behavior-considered-undefined.html
1030///
1031/// # Examples
1032///
1033/// ```
1034/// use std::mem;
1035///
1036/// #[repr(packed)]
1037/// struct Foo {
1038/// bar: u8,
1039/// }
1040///
1041/// let foo_array = [10u8];
1042///
1043/// unsafe {
1044/// // Copy the data from 'foo_array' and treat it as a 'Foo'
1045/// let mut foo_struct: Foo = mem::transmute_copy(&foo_array);
1046/// assert_eq!(foo_struct.bar, 10);
1047///
1048/// // Modify the copied data
1049/// foo_struct.bar = 20;
1050/// assert_eq!(foo_struct.bar, 20);
1051/// }
1052///
1053/// // The contents of 'foo_array' should not have changed
1054/// assert_eq!(foo_array, [10]);
1055/// ```
1056#[inline]
1057#[must_use]
1058#[track_caller]
1059#[stable(feature = "rust1", since = "1.0.0")]
1060#[rustc_const_stable(feature = "const_transmute_copy", since = "1.74.0")]
1061pub const unsafe fn transmute_copy<Src, Dst>(src: &Src) -> Dst {
1062 assert!(
1063 size_of::<Src>() >= size_of::<Dst>(),
1064 "cannot transmute_copy if Dst is larger than Src"
1065 );
1066
1067 // If Dst has a higher alignment requirement, src might not be suitably aligned.
1068 if align_of::<Dst>() > align_of::<Src>() {
1069 // SAFETY: `src` is a reference which is guaranteed to be valid for reads.
1070 // The caller must guarantee that the actual transmutation is safe.
1071 unsafe { ptr::read_unaligned(src as *const Src as *const Dst) }
1072 } else {
1073 // SAFETY: `src` is a reference which is guaranteed to be valid for reads.
1074 // We just checked that `src as *const Dst` was properly aligned.
1075 // The caller must guarantee that the actual transmutation is safe.
1076 unsafe { ptr::read(src as *const Src as *const Dst) }
1077 }
1078}
1079
1080/// Opaque type representing the discriminant of an enum.
1081///
1082/// See the [`discriminant`] function in this module for more information.
1083#[stable(feature = "discriminant_value", since = "1.21.0")]
1084pub struct Discriminant<T>(<T as DiscriminantKind>::Discriminant);
1085
1086// N.B. These trait implementations cannot be derived because we don't want any bounds on T.
1087
1088#[stable(feature = "discriminant_value", since = "1.21.0")]
1089impl<T> Copy for Discriminant<T> {}
1090
1091#[stable(feature = "discriminant_value", since = "1.21.0")]
1092impl<T> clone::Clone for Discriminant<T> {
1093 fn clone(&self) -> Self {
1094 *self
1095 }
1096}
1097
1098#[stable(feature = "discriminant_value", since = "1.21.0")]
1099impl<T> cmp::PartialEq for Discriminant<T> {
1100 fn eq(&self, rhs: &Self) -> bool {
1101 self.0 == rhs.0
1102 }
1103}
1104
1105#[stable(feature = "discriminant_value", since = "1.21.0")]
1106impl<T> cmp::Eq for Discriminant<T> {}
1107
1108#[stable(feature = "discriminant_value", since = "1.21.0")]
1109impl<T> hash::Hash for Discriminant<T> {
1110 fn hash<H: hash::Hasher>(&self, state: &mut H) {
1111 self.0.hash(state);
1112 }
1113}
1114
1115#[stable(feature = "discriminant_value", since = "1.21.0")]
1116impl<T> fmt::Debug for Discriminant<T> {
1117 fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
1118 fmt.debug_tuple(name:"Discriminant").field(&self.0).finish()
1119 }
1120}
1121
1122/// Returns a value uniquely identifying the enum variant in `v`.
1123///
1124/// If `T` is not an enum, calling this function will not result in undefined behavior, but the
1125/// return value is unspecified.
1126///
1127/// # Stability
1128///
1129/// The discriminant of an enum variant may change if the enum definition changes. A discriminant
1130/// of some variant will not change between compilations with the same compiler. See the [Reference]
1131/// for more information.
1132///
1133/// [Reference]: ../../reference/items/enumerations.html#custom-discriminant-values-for-fieldless-enumerations
1134///
1135/// The value of a [`Discriminant<T>`] is independent of any *free lifetimes* in `T`. As such,
1136/// reading or writing a `Discriminant<Foo<'a>>` as a `Discriminant<Foo<'b>>` (whether via
1137/// [`transmute`] or otherwise) is always sound. Note that this is **not** true for other kinds
1138/// of generic parameters and for higher-ranked lifetimes; `Discriminant<Foo<A>>` and
1139/// `Discriminant<Foo<B>>` as well as `Discriminant<Bar<dyn for<'a> Trait<'a>>>` and
1140/// `Discriminant<Bar<dyn Trait<'static>>>` may be incompatible.
1141///
1142/// # Examples
1143///
1144/// This can be used to compare enums that carry data, while disregarding
1145/// the actual data:
1146///
1147/// ```
1148/// use std::mem;
1149///
1150/// enum Foo { A(&'static str), B(i32), C(i32) }
1151///
1152/// assert_eq!(mem::discriminant(&Foo::A("bar")), mem::discriminant(&Foo::A("baz")));
1153/// assert_eq!(mem::discriminant(&Foo::B(1)), mem::discriminant(&Foo::B(2)));
1154/// assert_ne!(mem::discriminant(&Foo::B(3)), mem::discriminant(&Foo::C(3)));
1155/// ```
1156///
1157/// ## Accessing the numeric value of the discriminant
1158///
1159/// Note that it is *undefined behavior* to [`transmute`] from [`Discriminant`] to a primitive!
1160///
1161/// If an enum has only unit variants, then the numeric value of the discriminant can be accessed
1162/// with an [`as`] cast:
1163///
1164/// ```
1165/// enum Enum {
1166/// Foo,
1167/// Bar,
1168/// Baz,
1169/// }
1170///
1171/// assert_eq!(0, Enum::Foo as isize);
1172/// assert_eq!(1, Enum::Bar as isize);
1173/// assert_eq!(2, Enum::Baz as isize);
1174/// ```
1175///
1176/// If an enum has opted-in to having a [primitive representation] for its discriminant,
1177/// then it's possible to use pointers to read the memory location storing the discriminant.
1178/// That **cannot** be done for enums using the [default representation], however, as it's
1179/// undefined what layout the discriminant has and where it's stored — it might not even be
1180/// stored at all!
1181///
1182/// [`as`]: ../../std/keyword.as.html
1183/// [primitive representation]: ../../reference/type-layout.html#primitive-representations
1184/// [default representation]: ../../reference/type-layout.html#the-default-representation
1185/// ```
1186/// #[repr(u8)]
1187/// enum Enum {
1188/// Unit,
1189/// Tuple(bool),
1190/// Struct { a: bool },
1191/// }
1192///
1193/// impl Enum {
1194/// fn discriminant(&self) -> u8 {
1195/// // SAFETY: Because `Self` is marked `repr(u8)`, its layout is a `repr(C)` `union`
1196/// // between `repr(C)` structs, each of which has the `u8` discriminant as its first
1197/// // field, so we can read the discriminant without offsetting the pointer.
1198/// unsafe { *<*const _>::from(self).cast::<u8>() }
1199/// }
1200/// }
1201///
1202/// let unit_like = Enum::Unit;
1203/// let tuple_like = Enum::Tuple(true);
1204/// let struct_like = Enum::Struct { a: false };
1205/// assert_eq!(0, unit_like.discriminant());
1206/// assert_eq!(1, tuple_like.discriminant());
1207/// assert_eq!(2, struct_like.discriminant());
1208///
1209/// // ⚠️ This is undefined behavior. Don't do this. ⚠️
1210/// // assert_eq!(0, unsafe { std::mem::transmute::<_, u8>(std::mem::discriminant(&unit_like)) });
1211/// ```
1212#[stable(feature = "discriminant_value", since = "1.21.0")]
1213#[rustc_const_stable(feature = "const_discriminant", since = "1.75.0")]
1214#[cfg_attr(not(test), rustc_diagnostic_item = "mem_discriminant")]
1215#[cfg_attr(miri, track_caller)] // even without panics, this helps for Miri backtraces
1216pub const fn discriminant<T>(v: &T) -> Discriminant<T> {
1217 Discriminant(intrinsics::discriminant_value(v))
1218}
1219
1220/// Returns the number of variants in the enum type `T`.
1221///
1222/// If `T` is not an enum, calling this function will not result in undefined behavior, but the
1223/// return value is unspecified. Equally, if `T` is an enum with more variants than `usize::MAX`
1224/// the return value is unspecified. Uninhabited variants will be counted.
1225///
1226/// Note that an enum may be expanded with additional variants in the future
1227/// as a non-breaking change, for example if it is marked `#[non_exhaustive]`,
1228/// which will change the result of this function.
1229///
1230/// # Examples
1231///
1232/// ```
1233/// # #![feature(never_type)]
1234/// # #![feature(variant_count)]
1235///
1236/// use std::mem;
1237///
1238/// enum Void {}
1239/// enum Foo { A(&'static str), B(i32), C(i32) }
1240///
1241/// assert_eq!(mem::variant_count::<Void>(), 0);
1242/// assert_eq!(mem::variant_count::<Foo>(), 3);
1243///
1244/// assert_eq!(mem::variant_count::<Option<!>>(), 2);
1245/// assert_eq!(mem::variant_count::<Result<!, !>>(), 2);
1246/// ```
1247#[inline(always)]
1248#[must_use]
1249#[unstable(feature = "variant_count", issue = "73662")]
1250#[rustc_const_unstable(feature = "variant_count", issue = "73662")]
1251#[rustc_diagnostic_item = "mem_variant_count"]
1252pub const fn variant_count<T>() -> usize {
1253 intrinsics::variant_count::<T>()
1254}
1255
1256/// Provides associated constants for various useful properties of types,
1257/// to give them a canonical form in our code and make them easier to read.
1258///
1259/// This is here only to simplify all the ZST checks we need in the library.
1260/// It's not on a stabilization track right now.
1261#[doc(hidden)]
1262#[unstable(feature = "sized_type_properties", issue = "none")]
1263pub trait SizedTypeProperties: Sized {
1264 /// `true` if this type requires no storage.
1265 /// `false` if its [size](size_of) is greater than zero.
1266 ///
1267 /// # Examples
1268 ///
1269 /// ```
1270 /// #![feature(sized_type_properties)]
1271 /// use core::mem::SizedTypeProperties;
1272 ///
1273 /// fn do_something_with<T>() {
1274 /// if T::IS_ZST {
1275 /// // ... special approach ...
1276 /// } else {
1277 /// // ... the normal thing ...
1278 /// }
1279 /// }
1280 ///
1281 /// struct MyUnit;
1282 /// assert!(MyUnit::IS_ZST);
1283 ///
1284 /// // For negative checks, consider using UFCS to emphasize the negation
1285 /// assert!(!<i32>::IS_ZST);
1286 /// // As it can sometimes hide in the type otherwise
1287 /// assert!(!String::IS_ZST);
1288 /// ```
1289 #[doc(hidden)]
1290 #[unstable(feature = "sized_type_properties", issue = "none")]
1291 const IS_ZST: bool = size_of::<Self>() == 0;
1292}
1293#[doc(hidden)]
1294#[unstable(feature = "sized_type_properties", issue = "none")]
1295impl<T> SizedTypeProperties for T {}
1296
1297/// Expands to the offset in bytes of a field from the beginning of the given type.
1298///
1299/// Structs, enums, unions and tuples are supported.
1300///
1301/// Nested field accesses may be used, but not array indexes.
1302///
1303/// Enum variants may be traversed as if they were fields. Variants themselves do
1304/// not have an offset.
1305///
1306/// However, on stable only a single field name is supported, which blocks the use of
1307/// enum support.
1308///
1309/// Visibility is respected - all types and fields must be visible to the call site:
1310///
1311/// ```
1312/// mod nested {
1313/// #[repr(C)]
1314/// pub struct Struct {
1315/// private: u8,
1316/// }
1317/// }
1318///
1319/// // assert_eq!(mem::offset_of!(nested::Struct, private), 0);
1320/// // ^^^ error[E0616]: field `private` of struct `Struct` is private
1321/// ```
1322///
1323/// Note that type layout is, in general, [subject to change and
1324/// platform-specific](https://doc.rust-lang.org/reference/type-layout.html). If
1325/// layout stability is required, consider using an [explicit `repr` attribute].
1326///
1327/// Rust guarantees that the offset of a given field within a given type will not
1328/// change over the lifetime of the program. However, two different compilations of
1329/// the same program may result in different layouts. Also, even within a single
1330/// program execution, no guarantees are made about types which are *similar* but
1331/// not *identical*, e.g.:
1332///
1333/// ```
1334/// struct Wrapper<T, U>(T, U);
1335///
1336/// type A = Wrapper<u8, u8>;
1337/// type B = Wrapper<u8, i8>;
1338///
1339/// // Not necessarily identical even though `u8` and `i8` have the same layout!
1340/// // assert!(mem::offset_of!(A, 1), mem::offset_of!(B, 1));
1341///
1342/// #[repr(transparent)]
1343/// struct U8(u8);
1344///
1345/// type C = Wrapper<u8, U8>;
1346///
1347/// // Not necessarily identical even though `u8` and `U8` have the same layout!
1348/// // assert!(mem::offset_of!(A, 1), mem::offset_of!(C, 1));
1349///
1350/// struct Empty<T>(core::marker::PhantomData<T>);
1351///
1352/// // Not necessarily identical even though `PhantomData` always has the same layout!
1353/// // assert!(mem::offset_of!(Empty<u8>, 0), mem::offset_of!(Empty<i8>, 0));
1354/// ```
1355///
1356/// [explicit `repr` attribute]: https://doc.rust-lang.org/reference/type-layout.html#representations
1357///
1358/// # Examples
1359///
1360/// ```
1361/// #![feature(offset_of_enum, offset_of_nested)]
1362///
1363/// use std::mem;
1364/// #[repr(C)]
1365/// struct FieldStruct {
1366/// first: u8,
1367/// second: u16,
1368/// third: u8
1369/// }
1370///
1371/// assert_eq!(mem::offset_of!(FieldStruct, first), 0);
1372/// assert_eq!(mem::offset_of!(FieldStruct, second), 2);
1373/// assert_eq!(mem::offset_of!(FieldStruct, third), 4);
1374///
1375/// #[repr(C)]
1376/// struct NestedA {
1377/// b: NestedB
1378/// }
1379///
1380/// #[repr(C)]
1381/// struct NestedB(u8);
1382///
1383/// assert_eq!(mem::offset_of!(NestedA, b.0), 0);
1384///
1385/// #[repr(u8)]
1386/// enum Enum {
1387/// A(u8, u16),
1388/// B { one: u8, two: u16 },
1389/// }
1390///
1391/// assert_eq!(mem::offset_of!(Enum, A.0), 1);
1392/// assert_eq!(mem::offset_of!(Enum, B.two), 2);
1393///
1394/// assert_eq!(mem::offset_of!(Option<&u8>, Some.0), 0);
1395/// ```
1396#[cfg(not(bootstrap))]
1397#[stable(feature = "offset_of", since = "1.77.0")]
1398#[allow_internal_unstable(builtin_syntax, hint_must_use)]
1399pub macro offset_of($Container:ty, $($fields:expr)+ $(,)?) {
1400 // The `{}` is for better error messages
1401 crate::hint::must_use({builtin # offset_of($Container, $($fields)+)})
1402}
1403
1404#[cfg(bootstrap)]
1405#[stable(feature = "offset_of", since = "1.77.0")]
1406#[allow_internal_unstable(builtin_syntax, hint_must_use)]
1407#[allow(missing_docs)]
1408pub macro offset_of($Container:ty, $($fields:tt).+ $(,)?) {
1409 // The `{}` is for better error messages
1410 crate::hint::must_use({builtin # offset_of($Container, $($fields).+)})
1411}
1412