1 | //! Basic functions for dealing with memory. |
2 | //! |
3 | //! This module contains functions for querying the size and alignment of |
4 | //! types, initializing and manipulating memory. |
5 | |
6 | #![stable (feature = "rust1" , since = "1.0.0" )] |
7 | |
8 | use crate::clone; |
9 | use crate::cmp; |
10 | use crate::fmt; |
11 | use crate::hash; |
12 | use crate::intrinsics; |
13 | use crate::marker::DiscriminantKind; |
14 | use crate::ptr; |
15 | |
16 | mod manually_drop; |
17 | #[stable (feature = "manually_drop" , since = "1.20.0" )] |
18 | pub use manually_drop::ManuallyDrop; |
19 | |
20 | mod maybe_uninit; |
21 | #[stable (feature = "maybe_uninit" , since = "1.36.0" )] |
22 | pub use maybe_uninit::MaybeUninit; |
23 | |
24 | mod transmutability; |
25 | #[unstable (feature = "transmutability" , issue = "99571" )] |
26 | pub use transmutability::{Assume, BikeshedIntrinsicFrom}; |
27 | |
28 | #[stable (feature = "rust1" , since = "1.0.0" )] |
29 | #[doc (inline)] |
30 | pub use crate::intrinsics::transmute; |
31 | |
32 | /// Takes ownership and "forgets" about the value **without running its destructor**. |
33 | /// |
34 | /// Any resources the value manages, such as heap memory or a file handle, will linger |
35 | /// forever in an unreachable state. However, it does not guarantee that pointers |
36 | /// to this memory will remain valid. |
37 | /// |
38 | /// * If you want to leak memory, see [`Box::leak`]. |
39 | /// * If you want to obtain a raw pointer to the memory, see [`Box::into_raw`]. |
40 | /// * If you want to dispose of a value properly, running its destructor, see |
41 | /// [`mem::drop`]. |
42 | /// |
43 | /// # Safety |
44 | /// |
45 | /// `forget` is not marked as `unsafe`, because Rust's safety guarantees |
46 | /// do not include a guarantee that destructors will always run. For example, |
47 | /// a program can create a reference cycle using [`Rc`][rc], or call |
48 | /// [`process::exit`][exit] to exit without running destructors. Thus, allowing |
49 | /// `mem::forget` from safe code does not fundamentally change Rust's safety |
50 | /// guarantees. |
51 | /// |
52 | /// That said, leaking resources such as memory or I/O objects is usually undesirable. |
53 | /// The need comes up in some specialized use cases for FFI or unsafe code, but even |
54 | /// then, [`ManuallyDrop`] is typically preferred. |
55 | /// |
56 | /// Because forgetting a value is allowed, any `unsafe` code you write must |
57 | /// allow for this possibility. You cannot return a value and expect that the |
58 | /// caller will necessarily run the value's destructor. |
59 | /// |
60 | /// [rc]: ../../std/rc/struct.Rc.html |
61 | /// [exit]: ../../std/process/fn.exit.html |
62 | /// |
63 | /// # Examples |
64 | /// |
65 | /// The canonical safe use of `mem::forget` is to circumvent a value's destructor |
66 | /// implemented by the `Drop` trait. For example, this will leak a `File`, i.e. reclaim |
67 | /// the space taken by the variable but never close the underlying system resource: |
68 | /// |
69 | /// ```no_run |
70 | /// use std::mem; |
71 | /// use std::fs::File; |
72 | /// |
73 | /// let file = File::open("foo.txt" ).unwrap(); |
74 | /// mem::forget(file); |
75 | /// ``` |
76 | /// |
77 | /// This is useful when the ownership of the underlying resource was previously |
78 | /// transferred to code outside of Rust, for example by transmitting the raw |
79 | /// file descriptor to C code. |
80 | /// |
81 | /// # Relationship with `ManuallyDrop` |
82 | /// |
83 | /// While `mem::forget` can also be used to transfer *memory* ownership, doing so is error-prone. |
84 | /// [`ManuallyDrop`] should be used instead. Consider, for example, this code: |
85 | /// |
86 | /// ``` |
87 | /// use std::mem; |
88 | /// |
89 | /// let mut v = vec![65, 122]; |
90 | /// // Build a `String` using the contents of `v` |
91 | /// let s = unsafe { String::from_raw_parts(v.as_mut_ptr(), v.len(), v.capacity()) }; |
92 | /// // leak `v` because its memory is now managed by `s` |
93 | /// mem::forget(v); // ERROR - v is invalid and must not be passed to a function |
94 | /// assert_eq!(s, "Az" ); |
95 | /// // `s` is implicitly dropped and its memory deallocated. |
96 | /// ``` |
97 | /// |
98 | /// There are two issues with the above example: |
99 | /// |
100 | /// * If more code were added between the construction of `String` and the invocation of |
101 | /// `mem::forget()`, a panic within it would cause a double free because the same memory |
102 | /// is handled by both `v` and `s`. |
103 | /// * After calling `v.as_mut_ptr()` and transmitting the ownership of the data to `s`, |
104 | /// the `v` value is invalid. Even when a value is just moved to `mem::forget` (which won't |
105 | /// inspect it), some types have strict requirements on their values that |
106 | /// make them invalid when dangling or no longer owned. Using invalid values in any |
107 | /// way, including passing them to or returning them from functions, constitutes |
108 | /// undefined behavior and may break the assumptions made by the compiler. |
109 | /// |
110 | /// Switching to `ManuallyDrop` avoids both issues: |
111 | /// |
112 | /// ``` |
113 | /// use std::mem::ManuallyDrop; |
114 | /// |
115 | /// let v = vec![65, 122]; |
116 | /// // Before we disassemble `v` into its raw parts, make sure it |
117 | /// // does not get dropped! |
118 | /// let mut v = ManuallyDrop::new(v); |
119 | /// // Now disassemble `v`. These operations cannot panic, so there cannot be a leak. |
120 | /// let (ptr, len, cap) = (v.as_mut_ptr(), v.len(), v.capacity()); |
121 | /// // Finally, build a `String`. |
122 | /// let s = unsafe { String::from_raw_parts(ptr, len, cap) }; |
123 | /// assert_eq!(s, "Az" ); |
124 | /// // `s` is implicitly dropped and its memory deallocated. |
125 | /// ``` |
126 | /// |
127 | /// `ManuallyDrop` robustly prevents double-free because we disable `v`'s destructor |
128 | /// before doing anything else. `mem::forget()` doesn't allow this because it consumes its |
129 | /// argument, forcing us to call it only after extracting anything we need from `v`. Even |
130 | /// if a panic were introduced between construction of `ManuallyDrop` and building the |
131 | /// string (which cannot happen in the code as shown), it would result in a leak and not a |
132 | /// double free. In other words, `ManuallyDrop` errs on the side of leaking instead of |
133 | /// erring on the side of (double-)dropping. |
134 | /// |
135 | /// Also, `ManuallyDrop` prevents us from having to "touch" `v` after transferring the |
136 | /// ownership to `s` — the final step of interacting with `v` to dispose of it without |
137 | /// running its destructor is entirely avoided. |
138 | /// |
139 | /// [`Box`]: ../../std/boxed/struct.Box.html |
140 | /// [`Box::leak`]: ../../std/boxed/struct.Box.html#method.leak |
141 | /// [`Box::into_raw`]: ../../std/boxed/struct.Box.html#method.into_raw |
142 | /// [`mem::drop`]: drop |
143 | /// [ub]: ../../reference/behavior-considered-undefined.html |
144 | #[inline ] |
145 | #[rustc_const_stable (feature = "const_forget" , since = "1.46.0" )] |
146 | #[stable (feature = "rust1" , since = "1.0.0" )] |
147 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_forget" )] |
148 | pub const fn forget<T>(t: T) { |
149 | let _ = ManuallyDrop::new(t); |
150 | } |
151 | |
152 | /// Like [`forget`], but also accepts unsized values. |
153 | /// |
154 | /// This function is just a shim intended to be removed when the `unsized_locals` feature gets |
155 | /// stabilized. |
156 | #[inline ] |
157 | #[unstable (feature = "forget_unsized" , issue = "none" )] |
158 | pub fn forget_unsized<T: ?Sized>(t: T) { |
159 | intrinsics::forget(t) |
160 | } |
161 | |
162 | /// Returns the size of a type in bytes. |
163 | /// |
164 | /// More specifically, this is the offset in bytes between successive elements |
165 | /// in an array with that item type including alignment padding. Thus, for any |
166 | /// type `T` and length `n`, `[T; n]` has a size of `n * size_of::<T>()`. |
167 | /// |
168 | /// In general, the size of a type is not stable across compilations, but |
169 | /// specific types such as primitives are. |
170 | /// |
171 | /// The following table gives the size for primitives. |
172 | /// |
173 | /// Type | `size_of::<Type>()` |
174 | /// ---- | --------------- |
175 | /// () | 0 |
176 | /// bool | 1 |
177 | /// u8 | 1 |
178 | /// u16 | 2 |
179 | /// u32 | 4 |
180 | /// u64 | 8 |
181 | /// u128 | 16 |
182 | /// i8 | 1 |
183 | /// i16 | 2 |
184 | /// i32 | 4 |
185 | /// i64 | 8 |
186 | /// i128 | 16 |
187 | /// f32 | 4 |
188 | /// f64 | 8 |
189 | /// char | 4 |
190 | /// |
191 | /// Furthermore, `usize` and `isize` have the same size. |
192 | /// |
193 | /// The types [`*const T`], `&T`, [`Box<T>`], [`Option<&T>`], and `Option<Box<T>>` all have |
194 | /// the same size. If `T` is `Sized`, all of those types have the same size as `usize`. |
195 | /// |
196 | /// The mutability of a pointer does not change its size. As such, `&T` and `&mut T` |
197 | /// have the same size. Likewise for `*const T` and `*mut T`. |
198 | /// |
199 | /// # Size of `#[repr(C)]` items |
200 | /// |
201 | /// The `C` representation for items has a defined layout. With this layout, |
202 | /// the size of items is also stable as long as all fields have a stable size. |
203 | /// |
204 | /// ## Size of Structs |
205 | /// |
206 | /// For `struct`s, the size is determined by the following algorithm. |
207 | /// |
208 | /// For each field in the struct ordered by declaration order: |
209 | /// |
210 | /// 1. Add the size of the field. |
211 | /// 2. Round up the current size to the nearest multiple of the next field's [alignment]. |
212 | /// |
213 | /// Finally, round the size of the struct to the nearest multiple of its [alignment]. |
214 | /// The alignment of the struct is usually the largest alignment of all its |
215 | /// fields; this can be changed with the use of `repr(align(N))`. |
216 | /// |
217 | /// Unlike `C`, zero sized structs are not rounded up to one byte in size. |
218 | /// |
219 | /// ## Size of Enums |
220 | /// |
221 | /// Enums that carry no data other than the discriminant have the same size as C enums |
222 | /// on the platform they are compiled for. |
223 | /// |
224 | /// ## Size of Unions |
225 | /// |
226 | /// The size of a union is the size of its largest field. |
227 | /// |
228 | /// Unlike `C`, zero sized unions are not rounded up to one byte in size. |
229 | /// |
230 | /// # Examples |
231 | /// |
232 | /// ``` |
233 | /// use std::mem; |
234 | /// |
235 | /// // Some primitives |
236 | /// assert_eq!(4, mem::size_of::<i32>()); |
237 | /// assert_eq!(8, mem::size_of::<f64>()); |
238 | /// assert_eq!(0, mem::size_of::<()>()); |
239 | /// |
240 | /// // Some arrays |
241 | /// assert_eq!(8, mem::size_of::<[i32; 2]>()); |
242 | /// assert_eq!(12, mem::size_of::<[i32; 3]>()); |
243 | /// assert_eq!(0, mem::size_of::<[i32; 0]>()); |
244 | /// |
245 | /// |
246 | /// // Pointer size equality |
247 | /// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<*const i32>()); |
248 | /// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<Box<i32>>()); |
249 | /// assert_eq!(mem::size_of::<&i32>(), mem::size_of::<Option<&i32>>()); |
250 | /// assert_eq!(mem::size_of::<Box<i32>>(), mem::size_of::<Option<Box<i32>>>()); |
251 | /// ``` |
252 | /// |
253 | /// Using `#[repr(C)]`. |
254 | /// |
255 | /// ``` |
256 | /// use std::mem; |
257 | /// |
258 | /// #[repr(C)] |
259 | /// struct FieldStruct { |
260 | /// first: u8, |
261 | /// second: u16, |
262 | /// third: u8 |
263 | /// } |
264 | /// |
265 | /// // The size of the first field is 1, so add 1 to the size. Size is 1. |
266 | /// // The alignment of the second field is 2, so add 1 to the size for padding. Size is 2. |
267 | /// // The size of the second field is 2, so add 2 to the size. Size is 4. |
268 | /// // The alignment of the third field is 1, so add 0 to the size for padding. Size is 4. |
269 | /// // The size of the third field is 1, so add 1 to the size. Size is 5. |
270 | /// // Finally, the alignment of the struct is 2 (because the largest alignment amongst its |
271 | /// // fields is 2), so add 1 to the size for padding. Size is 6. |
272 | /// assert_eq!(6, mem::size_of::<FieldStruct>()); |
273 | /// |
274 | /// #[repr(C)] |
275 | /// struct TupleStruct(u8, u16, u8); |
276 | /// |
277 | /// // Tuple structs follow the same rules. |
278 | /// assert_eq!(6, mem::size_of::<TupleStruct>()); |
279 | /// |
280 | /// // Note that reordering the fields can lower the size. We can remove both padding bytes |
281 | /// // by putting `third` before `second`. |
282 | /// #[repr(C)] |
283 | /// struct FieldStructOptimized { |
284 | /// first: u8, |
285 | /// third: u8, |
286 | /// second: u16 |
287 | /// } |
288 | /// |
289 | /// assert_eq!(4, mem::size_of::<FieldStructOptimized>()); |
290 | /// |
291 | /// // Union size is the size of the largest field. |
292 | /// #[repr(C)] |
293 | /// union ExampleUnion { |
294 | /// smaller: u8, |
295 | /// larger: u16 |
296 | /// } |
297 | /// |
298 | /// assert_eq!(2, mem::size_of::<ExampleUnion>()); |
299 | /// ``` |
300 | /// |
301 | /// [alignment]: align_of |
302 | /// [`*const T`]: primitive@pointer |
303 | /// [`Box<T>`]: ../../std/boxed/struct.Box.html |
304 | /// [`Option<&T>`]: crate::option::Option |
305 | /// |
306 | #[inline (always)] |
307 | #[must_use ] |
308 | #[stable (feature = "rust1" , since = "1.0.0" )] |
309 | #[rustc_promotable ] |
310 | #[rustc_const_stable (feature = "const_mem_size_of" , since = "1.24.0" )] |
311 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_size_of" )] |
312 | pub const fn size_of<T>() -> usize { |
313 | intrinsics::size_of::<T>() |
314 | } |
315 | |
316 | /// Returns the size of the pointed-to value in bytes. |
317 | /// |
318 | /// This is usually the same as [`size_of::<T>()`]. However, when `T` *has* no |
319 | /// statically-known size, e.g., a slice [`[T]`][slice] or a [trait object], |
320 | /// then `size_of_val` can be used to get the dynamically-known size. |
321 | /// |
322 | /// [trait object]: ../../book/ch17-02-trait-objects.html |
323 | /// |
324 | /// # Examples |
325 | /// |
326 | /// ``` |
327 | /// use std::mem; |
328 | /// |
329 | /// assert_eq!(4, mem::size_of_val(&5i32)); |
330 | /// |
331 | /// let x: [u8; 13] = [0; 13]; |
332 | /// let y: &[u8] = &x; |
333 | /// assert_eq!(13, mem::size_of_val(y)); |
334 | /// ``` |
335 | /// |
336 | /// [`size_of::<T>()`]: size_of |
337 | #[inline ] |
338 | #[must_use ] |
339 | #[stable (feature = "rust1" , since = "1.0.0" )] |
340 | #[rustc_const_unstable (feature = "const_size_of_val" , issue = "46571" )] |
341 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_size_of_val" )] |
342 | pub const fn size_of_val<T: ?Sized>(val: &T) -> usize { |
343 | // SAFETY: `val` is a reference, so it's a valid raw pointer |
344 | unsafe { intrinsics::size_of_val(val) } |
345 | } |
346 | |
347 | /// Returns the size of the pointed-to value in bytes. |
348 | /// |
349 | /// This is usually the same as [`size_of::<T>()`]. However, when `T` *has* no |
350 | /// statically-known size, e.g., a slice [`[T]`][slice] or a [trait object], |
351 | /// then `size_of_val_raw` can be used to get the dynamically-known size. |
352 | /// |
353 | /// # Safety |
354 | /// |
355 | /// This function is only safe to call if the following conditions hold: |
356 | /// |
357 | /// - If `T` is `Sized`, this function is always safe to call. |
358 | /// - If the unsized tail of `T` is: |
359 | /// - a [slice], then the length of the slice tail must be an initialized |
360 | /// integer, and the size of the *entire value* |
361 | /// (dynamic tail length + statically sized prefix) must fit in `isize`. |
362 | /// - a [trait object], then the vtable part of the pointer must point |
363 | /// to a valid vtable acquired by an unsizing coercion, and the size |
364 | /// of the *entire value* (dynamic tail length + statically sized prefix) |
365 | /// must fit in `isize`. |
366 | /// - an (unstable) [extern type], then this function is always safe to |
367 | /// call, but may panic or otherwise return the wrong value, as the |
368 | /// extern type's layout is not known. This is the same behavior as |
369 | /// [`size_of_val`] on a reference to a type with an extern type tail. |
370 | /// - otherwise, it is conservatively not allowed to call this function. |
371 | /// |
372 | /// [`size_of::<T>()`]: size_of |
373 | /// [trait object]: ../../book/ch17-02-trait-objects.html |
374 | /// [extern type]: ../../unstable-book/language-features/extern-types.html |
375 | /// |
376 | /// # Examples |
377 | /// |
378 | /// ``` |
379 | /// #![feature(layout_for_ptr)] |
380 | /// use std::mem; |
381 | /// |
382 | /// assert_eq!(4, mem::size_of_val(&5i32)); |
383 | /// |
384 | /// let x: [u8; 13] = [0; 13]; |
385 | /// let y: &[u8] = &x; |
386 | /// assert_eq!(13, unsafe { mem::size_of_val_raw(y) }); |
387 | /// ``` |
388 | #[inline ] |
389 | #[must_use ] |
390 | #[unstable (feature = "layout_for_ptr" , issue = "69835" )] |
391 | #[rustc_const_unstable (feature = "const_size_of_val_raw" , issue = "46571" )] |
392 | pub const unsafe fn size_of_val_raw<T: ?Sized>(val: *const T) -> usize { |
393 | // SAFETY: the caller must provide a valid raw pointer |
394 | unsafe { intrinsics::size_of_val(val) } |
395 | } |
396 | |
397 | /// Returns the [ABI]-required minimum alignment of a type in bytes. |
398 | /// |
399 | /// Every reference to a value of the type `T` must be a multiple of this number. |
400 | /// |
401 | /// This is the alignment used for struct fields. It may be smaller than the preferred alignment. |
402 | /// |
403 | /// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface |
404 | /// |
405 | /// # Examples |
406 | /// |
407 | /// ``` |
408 | /// # #![allow (deprecated)] |
409 | /// use std::mem; |
410 | /// |
411 | /// assert_eq!(4, mem::min_align_of::<i32>()); |
412 | /// ``` |
413 | #[inline ] |
414 | #[must_use ] |
415 | #[stable (feature = "rust1" , since = "1.0.0" )] |
416 | #[deprecated (note = "use `align_of` instead" , since = "1.2.0" , suggestion = "align_of" )] |
417 | pub fn min_align_of<T>() -> usize { |
418 | intrinsics::min_align_of::<T>() |
419 | } |
420 | |
421 | /// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in |
422 | /// bytes. |
423 | /// |
424 | /// Every reference to a value of the type `T` must be a multiple of this number. |
425 | /// |
426 | /// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface |
427 | /// |
428 | /// # Examples |
429 | /// |
430 | /// ``` |
431 | /// # #![allow (deprecated)] |
432 | /// use std::mem; |
433 | /// |
434 | /// assert_eq!(4, mem::min_align_of_val(&5i32)); |
435 | /// ``` |
436 | #[inline ] |
437 | #[must_use ] |
438 | #[stable (feature = "rust1" , since = "1.0.0" )] |
439 | #[deprecated (note = "use `align_of_val` instead" , since = "1.2.0" , suggestion = "align_of_val" )] |
440 | pub fn min_align_of_val<T: ?Sized>(val: &T) -> usize { |
441 | // SAFETY: val is a reference, so it's a valid raw pointer |
442 | unsafe { intrinsics::min_align_of_val(val) } |
443 | } |
444 | |
445 | /// Returns the [ABI]-required minimum alignment of a type in bytes. |
446 | /// |
447 | /// Every reference to a value of the type `T` must be a multiple of this number. |
448 | /// |
449 | /// This is the alignment used for struct fields. It may be smaller than the preferred alignment. |
450 | /// |
451 | /// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface |
452 | /// |
453 | /// # Examples |
454 | /// |
455 | /// ``` |
456 | /// use std::mem; |
457 | /// |
458 | /// assert_eq!(4, mem::align_of::<i32>()); |
459 | /// ``` |
460 | #[inline (always)] |
461 | #[must_use ] |
462 | #[stable (feature = "rust1" , since = "1.0.0" )] |
463 | #[rustc_promotable ] |
464 | #[rustc_const_stable (feature = "const_align_of" , since = "1.24.0" )] |
465 | pub const fn align_of<T>() -> usize { |
466 | intrinsics::min_align_of::<T>() |
467 | } |
468 | |
469 | /// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in |
470 | /// bytes. |
471 | /// |
472 | /// Every reference to a value of the type `T` must be a multiple of this number. |
473 | /// |
474 | /// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface |
475 | /// |
476 | /// # Examples |
477 | /// |
478 | /// ``` |
479 | /// use std::mem; |
480 | /// |
481 | /// assert_eq!(4, mem::align_of_val(&5i32)); |
482 | /// ``` |
483 | #[inline ] |
484 | #[must_use ] |
485 | #[stable (feature = "rust1" , since = "1.0.0" )] |
486 | #[rustc_const_unstable (feature = "const_align_of_val" , issue = "46571" )] |
487 | #[allow (deprecated)] |
488 | pub const fn align_of_val<T: ?Sized>(val: &T) -> usize { |
489 | // SAFETY: val is a reference, so it's a valid raw pointer |
490 | unsafe { intrinsics::min_align_of_val(val) } |
491 | } |
492 | |
493 | /// Returns the [ABI]-required minimum alignment of the type of the value that `val` points to in |
494 | /// bytes. |
495 | /// |
496 | /// Every reference to a value of the type `T` must be a multiple of this number. |
497 | /// |
498 | /// [ABI]: https://en.wikipedia.org/wiki/Application_binary_interface |
499 | /// |
500 | /// # Safety |
501 | /// |
502 | /// This function is only safe to call if the following conditions hold: |
503 | /// |
504 | /// - If `T` is `Sized`, this function is always safe to call. |
505 | /// - If the unsized tail of `T` is: |
506 | /// - a [slice], then the length of the slice tail must be an initialized |
507 | /// integer, and the size of the *entire value* |
508 | /// (dynamic tail length + statically sized prefix) must fit in `isize`. |
509 | /// - a [trait object], then the vtable part of the pointer must point |
510 | /// to a valid vtable acquired by an unsizing coercion, and the size |
511 | /// of the *entire value* (dynamic tail length + statically sized prefix) |
512 | /// must fit in `isize`. |
513 | /// - an (unstable) [extern type], then this function is always safe to |
514 | /// call, but may panic or otherwise return the wrong value, as the |
515 | /// extern type's layout is not known. This is the same behavior as |
516 | /// [`align_of_val`] on a reference to a type with an extern type tail. |
517 | /// - otherwise, it is conservatively not allowed to call this function. |
518 | /// |
519 | /// [trait object]: ../../book/ch17-02-trait-objects.html |
520 | /// [extern type]: ../../unstable-book/language-features/extern-types.html |
521 | /// |
522 | /// # Examples |
523 | /// |
524 | /// ``` |
525 | /// #![feature(layout_for_ptr)] |
526 | /// use std::mem; |
527 | /// |
528 | /// assert_eq!(4, unsafe { mem::align_of_val_raw(&5i32) }); |
529 | /// ``` |
530 | #[inline ] |
531 | #[must_use ] |
532 | #[unstable (feature = "layout_for_ptr" , issue = "69835" )] |
533 | #[rustc_const_unstable (feature = "const_align_of_val_raw" , issue = "46571" )] |
534 | pub const unsafe fn align_of_val_raw<T: ?Sized>(val: *const T) -> usize { |
535 | // SAFETY: the caller must provide a valid raw pointer |
536 | unsafe { intrinsics::min_align_of_val(val) } |
537 | } |
538 | |
539 | /// Returns `true` if dropping values of type `T` matters. |
540 | /// |
541 | /// This is purely an optimization hint, and may be implemented conservatively: |
542 | /// it may return `true` for types that don't actually need to be dropped. |
543 | /// As such always returning `true` would be a valid implementation of |
544 | /// this function. However if this function actually returns `false`, then you |
545 | /// can be certain dropping `T` has no side effect. |
546 | /// |
547 | /// Low level implementations of things like collections, which need to manually |
548 | /// drop their data, should use this function to avoid unnecessarily |
549 | /// trying to drop all their contents when they are destroyed. This might not |
550 | /// make a difference in release builds (where a loop that has no side-effects |
551 | /// is easily detected and eliminated), but is often a big win for debug builds. |
552 | /// |
553 | /// Note that [`drop_in_place`] already performs this check, so if your workload |
554 | /// can be reduced to some small number of [`drop_in_place`] calls, using this is |
555 | /// unnecessary. In particular note that you can [`drop_in_place`] a slice, and that |
556 | /// will do a single needs_drop check for all the values. |
557 | /// |
558 | /// Types like Vec therefore just `drop_in_place(&mut self[..])` without using |
559 | /// `needs_drop` explicitly. Types like [`HashMap`], on the other hand, have to drop |
560 | /// values one at a time and should use this API. |
561 | /// |
562 | /// [`drop_in_place`]: crate::ptr::drop_in_place |
563 | /// [`HashMap`]: ../../std/collections/struct.HashMap.html |
564 | /// |
565 | /// # Examples |
566 | /// |
567 | /// Here's an example of how a collection might make use of `needs_drop`: |
568 | /// |
569 | /// ``` |
570 | /// use std::{mem, ptr}; |
571 | /// |
572 | /// pub struct MyCollection<T> { |
573 | /// # data: [T; 1], |
574 | /// /* ... */ |
575 | /// } |
576 | /// # impl<T> MyCollection<T> { |
577 | /// # fn iter_mut(&mut self) -> &mut [T] { &mut self.data } |
578 | /// # fn free_buffer(&mut self) {} |
579 | /// # } |
580 | /// |
581 | /// impl<T> Drop for MyCollection<T> { |
582 | /// fn drop(&mut self) { |
583 | /// unsafe { |
584 | /// // drop the data |
585 | /// if mem::needs_drop::<T>() { |
586 | /// for x in self.iter_mut() { |
587 | /// ptr::drop_in_place(x); |
588 | /// } |
589 | /// } |
590 | /// self.free_buffer(); |
591 | /// } |
592 | /// } |
593 | /// } |
594 | /// ``` |
595 | #[inline ] |
596 | #[must_use ] |
597 | #[stable (feature = "needs_drop" , since = "1.21.0" )] |
598 | #[rustc_const_stable (feature = "const_mem_needs_drop" , since = "1.36.0" )] |
599 | #[rustc_diagnostic_item = "needs_drop" ] |
600 | pub const fn needs_drop<T: ?Sized>() -> bool { |
601 | intrinsics::needs_drop::<T>() |
602 | } |
603 | |
604 | /// Returns the value of type `T` represented by the all-zero byte-pattern. |
605 | /// |
606 | /// This means that, for example, the padding byte in `(u8, u16)` is not |
607 | /// necessarily zeroed. |
608 | /// |
609 | /// There is no guarantee that an all-zero byte-pattern represents a valid value |
610 | /// of some type `T`. For example, the all-zero byte-pattern is not a valid value |
611 | /// for reference types (`&T`, `&mut T`) and functions pointers. Using `zeroed` |
612 | /// on such types causes immediate [undefined behavior][ub] because [the Rust |
613 | /// compiler assumes][inv] that there always is a valid value in a variable it |
614 | /// considers initialized. |
615 | /// |
616 | /// This has the same effect as [`MaybeUninit::zeroed().assume_init()`][zeroed]. |
617 | /// It is useful for FFI sometimes, but should generally be avoided. |
618 | /// |
619 | /// [zeroed]: MaybeUninit::zeroed |
620 | /// [ub]: ../../reference/behavior-considered-undefined.html |
621 | /// [inv]: MaybeUninit#initialization-invariant |
622 | /// |
623 | /// # Examples |
624 | /// |
625 | /// Correct usage of this function: initializing an integer with zero. |
626 | /// |
627 | /// ``` |
628 | /// use std::mem; |
629 | /// |
630 | /// let x: i32 = unsafe { mem::zeroed() }; |
631 | /// assert_eq!(0, x); |
632 | /// ``` |
633 | /// |
634 | /// *Incorrect* usage of this function: initializing a reference with zero. |
635 | /// |
636 | /// ```rust,no_run |
637 | /// # #![allow(invalid_value)] |
638 | /// use std::mem; |
639 | /// |
640 | /// let _x: &i32 = unsafe { mem::zeroed() }; // Undefined behavior! |
641 | /// let _y: fn() = unsafe { mem::zeroed() }; // And again! |
642 | /// ``` |
643 | #[inline (always)] |
644 | #[must_use ] |
645 | #[stable (feature = "rust1" , since = "1.0.0" )] |
646 | #[allow (deprecated_in_future)] |
647 | #[allow (deprecated)] |
648 | #[rustc_diagnostic_item = "mem_zeroed" ] |
649 | #[track_caller ] |
650 | #[rustc_const_stable (feature = "const_mem_zeroed" , since = "1.75.0" )] |
651 | pub const unsafe fn zeroed<T>() -> T { |
652 | // SAFETY: the caller must guarantee that an all-zero value is valid for `T`. |
653 | unsafe { |
654 | intrinsics::assert_zero_valid::<T>(); |
655 | MaybeUninit::zeroed().assume_init() |
656 | } |
657 | } |
658 | |
659 | /// Bypasses Rust's normal memory-initialization checks by pretending to |
660 | /// produce a value of type `T`, while doing nothing at all. |
661 | /// |
662 | /// **This function is deprecated.** Use [`MaybeUninit<T>`] instead. |
663 | /// It also might be slower than using `MaybeUninit<T>` due to mitigations that were put in place to |
664 | /// limit the potential harm caused by incorrect use of this function in legacy code. |
665 | /// |
666 | /// The reason for deprecation is that the function basically cannot be used |
667 | /// correctly: it has the same effect as [`MaybeUninit::uninit().assume_init()`][uninit]. |
668 | /// As the [`assume_init` documentation][assume_init] explains, |
669 | /// [the Rust compiler assumes][inv] that values are properly initialized. |
670 | /// |
671 | /// Truly uninitialized memory like what gets returned here |
672 | /// is special in that the compiler knows that it does not have a fixed value. |
673 | /// This makes it undefined behavior to have uninitialized data in a variable even |
674 | /// if that variable has an integer type. |
675 | /// |
676 | /// Therefore, it is immediate undefined behavior to call this function on nearly all types, |
677 | /// including integer types and arrays of integer types, and even if the result is unused. |
678 | /// |
679 | /// [uninit]: MaybeUninit::uninit |
680 | /// [assume_init]: MaybeUninit::assume_init |
681 | /// [inv]: MaybeUninit#initialization-invariant |
682 | #[inline (always)] |
683 | #[must_use ] |
684 | #[deprecated (since = "1.39.0" , note = "use `mem::MaybeUninit` instead" )] |
685 | #[stable (feature = "rust1" , since = "1.0.0" )] |
686 | #[allow (deprecated_in_future)] |
687 | #[allow (deprecated)] |
688 | #[rustc_diagnostic_item = "mem_uninitialized" ] |
689 | #[track_caller ] |
690 | pub unsafe fn uninitialized<T>() -> T { |
691 | // SAFETY: the caller must guarantee that an uninitialized value is valid for `T`. |
692 | unsafe { |
693 | intrinsics::assert_mem_uninitialized_valid::<T>(); |
694 | let mut val: MaybeUninit = MaybeUninit::<T>::uninit(); |
695 | |
696 | // Fill memory with 0x01, as an imperfect mitigation for old code that uses this function on |
697 | // bool, nonnull, and noundef types. But don't do this if we actively want to detect UB. |
698 | if !cfg!(any(miri, sanitize = "memory" )) { |
699 | val.as_mut_ptr().write_bytes(val:0x01, count:1); |
700 | } |
701 | |
702 | val.assume_init() |
703 | } |
704 | } |
705 | |
706 | /// Swaps the values at two mutable locations, without deinitializing either one. |
707 | /// |
708 | /// * If you want to swap with a default or dummy value, see [`take`]. |
709 | /// * If you want to swap with a passed value, returning the old value, see [`replace`]. |
710 | /// |
711 | /// # Examples |
712 | /// |
713 | /// ``` |
714 | /// use std::mem; |
715 | /// |
716 | /// let mut x = 5; |
717 | /// let mut y = 42; |
718 | /// |
719 | /// mem::swap(&mut x, &mut y); |
720 | /// |
721 | /// assert_eq!(42, x); |
722 | /// assert_eq!(5, y); |
723 | /// ``` |
724 | #[inline ] |
725 | #[stable (feature = "rust1" , since = "1.0.0" )] |
726 | #[rustc_const_unstable (feature = "const_swap" , issue = "83163" )] |
727 | #[rustc_diagnostic_item = "mem_swap" ] |
728 | pub const fn swap<T>(x: &mut T, y: &mut T) { |
729 | // NOTE(eddyb) SPIR-V's Logical addressing model doesn't allow for arbitrary |
730 | // reinterpretation of values as (chunkable) byte arrays, and the loop in the |
731 | // block optimization in `swap_slice` is hard to rewrite back |
732 | // into the (unoptimized) direct swapping implementation, so we disable it. |
733 | #[cfg (not(any(target_arch = "spirv" )))] |
734 | { |
735 | // For types that are larger multiples of their alignment, the simple way |
736 | // tends to copy the whole thing to stack rather than doing it one part |
737 | // at a time, so instead treat them as one-element slices and piggy-back |
738 | // the slice optimizations that will split up the swaps. |
739 | if const { size_of::<T>() / align_of::<T>() > 2 } { |
740 | // SAFETY: exclusive references always point to one non-overlapping |
741 | // element and are non-null and properly aligned. |
742 | return unsafe { ptr::swap_nonoverlapping(x, y, 1) }; |
743 | } |
744 | } |
745 | |
746 | // If a scalar consists of just a small number of alignment units, let |
747 | // the codegen just swap those pieces directly, as it's likely just a |
748 | // few instructions and anything else is probably overcomplicated. |
749 | // |
750 | // Most importantly, this covers primitives and simd types that tend to |
751 | // have size=align where doing anything else can be a pessimization. |
752 | // (This will also be used for ZSTs, though any solution works for them.) |
753 | swap_simple(x, y); |
754 | } |
755 | |
756 | /// Same as [`swap`] semantically, but always uses the simple implementation. |
757 | /// |
758 | /// Used elsewhere in `mem` and `ptr` at the bottom layer of calls. |
759 | #[rustc_const_unstable (feature = "const_swap" , issue = "83163" )] |
760 | #[inline ] |
761 | pub(crate) const fn swap_simple<T>(x: &mut T, y: &mut T) { |
762 | // We arrange for this to typically be called with small types, |
763 | // so this reads-and-writes approach is actually better than using |
764 | // copy_nonoverlapping as it easily puts things in LLVM registers |
765 | // directly and doesn't end up inlining allocas. |
766 | // And LLVM actually optimizes it to 3×memcpy if called with |
767 | // a type larger than it's willing to keep in a register. |
768 | // Having typed reads and writes in MIR here is also good as |
769 | // it lets Miri and CTFE understand them better, including things |
770 | // like enforcing type validity for them. |
771 | // Importantly, read+copy_nonoverlapping+write introduces confusing |
772 | // asymmetry to the behaviour where one value went through read+write |
773 | // whereas the other was copied over by the intrinsic (see #94371). |
774 | // Furthermore, using only read+write here benefits limited backends |
775 | // such as SPIR-V that work on an underlying *typed* view of memory, |
776 | // and thus have trouble with Rust's untyped memory operations. |
777 | |
778 | // SAFETY: exclusive references are always valid to read/write, |
779 | // including being aligned, and nothing here panics so it's drop-safe. |
780 | unsafe { |
781 | let a = ptr::read(x); |
782 | let b = ptr::read(y); |
783 | ptr::write(x, b); |
784 | ptr::write(y, a); |
785 | } |
786 | } |
787 | |
788 | /// Replaces `dest` with the default value of `T`, returning the previous `dest` value. |
789 | /// |
790 | /// * If you want to replace the values of two variables, see [`swap`]. |
791 | /// * If you want to replace with a passed value instead of the default value, see [`replace`]. |
792 | /// |
793 | /// # Examples |
794 | /// |
795 | /// A simple example: |
796 | /// |
797 | /// ``` |
798 | /// use std::mem; |
799 | /// |
800 | /// let mut v: Vec<i32> = vec![1, 2]; |
801 | /// |
802 | /// let old_v = mem::take(&mut v); |
803 | /// assert_eq!(vec![1, 2], old_v); |
804 | /// assert!(v.is_empty()); |
805 | /// ``` |
806 | /// |
807 | /// `take` allows taking ownership of a struct field by replacing it with an "empty" value. |
808 | /// Without `take` you can run into issues like these: |
809 | /// |
810 | /// ```compile_fail,E0507 |
811 | /// struct Buffer<T> { buf: Vec<T> } |
812 | /// |
813 | /// impl<T> Buffer<T> { |
814 | /// fn get_and_reset(&mut self) -> Vec<T> { |
815 | /// // error: cannot move out of dereference of `&mut`-pointer |
816 | /// let buf = self.buf; |
817 | /// self.buf = Vec::new(); |
818 | /// buf |
819 | /// } |
820 | /// } |
821 | /// ``` |
822 | /// |
823 | /// Note that `T` does not necessarily implement [`Clone`], so it can't even clone and reset |
824 | /// `self.buf`. But `take` can be used to disassociate the original value of `self.buf` from |
825 | /// `self`, allowing it to be returned: |
826 | /// |
827 | /// ``` |
828 | /// use std::mem; |
829 | /// |
830 | /// # struct Buffer<T> { buf: Vec<T> } |
831 | /// impl<T> Buffer<T> { |
832 | /// fn get_and_reset(&mut self) -> Vec<T> { |
833 | /// mem::take(&mut self.buf) |
834 | /// } |
835 | /// } |
836 | /// |
837 | /// let mut buffer = Buffer { buf: vec![0, 1] }; |
838 | /// assert_eq!(buffer.buf.len(), 2); |
839 | /// |
840 | /// assert_eq!(buffer.get_and_reset(), vec![0, 1]); |
841 | /// assert_eq!(buffer.buf.len(), 0); |
842 | /// ``` |
843 | #[inline ] |
844 | #[stable (feature = "mem_take" , since = "1.40.0" )] |
845 | pub fn take<T: Default>(dest: &mut T) -> T { |
846 | replace(dest, T::default()) |
847 | } |
848 | |
849 | /// Moves `src` into the referenced `dest`, returning the previous `dest` value. |
850 | /// |
851 | /// Neither value is dropped. |
852 | /// |
853 | /// * If you want to replace the values of two variables, see [`swap`]. |
854 | /// * If you want to replace with a default value, see [`take`]. |
855 | /// |
856 | /// # Examples |
857 | /// |
858 | /// A simple example: |
859 | /// |
860 | /// ``` |
861 | /// use std::mem; |
862 | /// |
863 | /// let mut v: Vec<i32> = vec![1, 2]; |
864 | /// |
865 | /// let old_v = mem::replace(&mut v, vec![3, 4, 5]); |
866 | /// assert_eq!(vec![1, 2], old_v); |
867 | /// assert_eq!(vec![3, 4, 5], v); |
868 | /// ``` |
869 | /// |
870 | /// `replace` allows consumption of a struct field by replacing it with another value. |
871 | /// Without `replace` you can run into issues like these: |
872 | /// |
873 | /// ```compile_fail,E0507 |
874 | /// struct Buffer<T> { buf: Vec<T> } |
875 | /// |
876 | /// impl<T> Buffer<T> { |
877 | /// fn replace_index(&mut self, i: usize, v: T) -> T { |
878 | /// // error: cannot move out of dereference of `&mut`-pointer |
879 | /// let t = self.buf[i]; |
880 | /// self.buf[i] = v; |
881 | /// t |
882 | /// } |
883 | /// } |
884 | /// ``` |
885 | /// |
886 | /// Note that `T` does not necessarily implement [`Clone`], so we can't even clone `self.buf[i]` to |
887 | /// avoid the move. But `replace` can be used to disassociate the original value at that index from |
888 | /// `self`, allowing it to be returned: |
889 | /// |
890 | /// ``` |
891 | /// # #![allow(dead_code)] |
892 | /// use std::mem; |
893 | /// |
894 | /// # struct Buffer<T> { buf: Vec<T> } |
895 | /// impl<T> Buffer<T> { |
896 | /// fn replace_index(&mut self, i: usize, v: T) -> T { |
897 | /// mem::replace(&mut self.buf[i], v) |
898 | /// } |
899 | /// } |
900 | /// |
901 | /// let mut buffer = Buffer { buf: vec![0, 1] }; |
902 | /// assert_eq!(buffer.buf[0], 0); |
903 | /// |
904 | /// assert_eq!(buffer.replace_index(0, 2), 0); |
905 | /// assert_eq!(buffer.buf[0], 2); |
906 | /// ``` |
907 | #[inline ] |
908 | #[stable (feature = "rust1" , since = "1.0.0" )] |
909 | #[must_use = "if you don't need the old value, you can just assign the new value directly" ] |
910 | #[rustc_const_unstable (feature = "const_replace" , issue = "83164" )] |
911 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_replace" )] |
912 | pub const fn replace<T>(dest: &mut T, src: T) -> T { |
913 | // It may be tempting to use `swap` to avoid `unsafe` here. Don't! |
914 | // The compiler optimizes the implementation below to two `memcpy`s |
915 | // while `swap` would require at least three. See PR#83022 for details. |
916 | |
917 | // SAFETY: We read from `dest` but directly write `src` into it afterwards, |
918 | // such that the old value is not duplicated. Nothing is dropped and |
919 | // nothing here can panic. |
920 | unsafe { |
921 | let result: T = ptr::read(src:dest); |
922 | ptr::write(dst:dest, src); |
923 | result |
924 | } |
925 | } |
926 | |
927 | /// Disposes of a value. |
928 | /// |
929 | /// This does so by calling the argument's implementation of [`Drop`][drop]. |
930 | /// |
931 | /// This effectively does nothing for types which implement `Copy`, e.g. |
932 | /// integers. Such values are copied and _then_ moved into the function, so the |
933 | /// value persists after this function call. |
934 | /// |
935 | /// This function is not magic; it is literally defined as |
936 | /// |
937 | /// ``` |
938 | /// pub fn drop<T>(_x: T) {} |
939 | /// ``` |
940 | /// |
941 | /// Because `_x` is moved into the function, it is automatically dropped before |
942 | /// the function returns. |
943 | /// |
944 | /// [drop]: Drop |
945 | /// |
946 | /// # Examples |
947 | /// |
948 | /// Basic usage: |
949 | /// |
950 | /// ``` |
951 | /// let v = vec![1, 2, 3]; |
952 | /// |
953 | /// drop(v); // explicitly drop the vector |
954 | /// ``` |
955 | /// |
956 | /// Since [`RefCell`] enforces the borrow rules at runtime, `drop` can |
957 | /// release a [`RefCell`] borrow: |
958 | /// |
959 | /// ``` |
960 | /// use std::cell::RefCell; |
961 | /// |
962 | /// let x = RefCell::new(1); |
963 | /// |
964 | /// let mut mutable_borrow = x.borrow_mut(); |
965 | /// *mutable_borrow = 1; |
966 | /// |
967 | /// drop(mutable_borrow); // relinquish the mutable borrow on this slot |
968 | /// |
969 | /// let borrow = x.borrow(); |
970 | /// println!("{}" , *borrow); |
971 | /// ``` |
972 | /// |
973 | /// Integers and other types implementing [`Copy`] are unaffected by `drop`. |
974 | /// |
975 | /// ``` |
976 | /// # #![allow(dropping_copy_types)] |
977 | /// #[derive(Copy, Clone)] |
978 | /// struct Foo(u8); |
979 | /// |
980 | /// let x = 1; |
981 | /// let y = Foo(2); |
982 | /// drop(x); // a copy of `x` is moved and dropped |
983 | /// drop(y); // a copy of `y` is moved and dropped |
984 | /// |
985 | /// println!("x: {}, y: {}" , x, y.0); // still available |
986 | /// ``` |
987 | /// |
988 | /// [`RefCell`]: crate::cell::RefCell |
989 | #[inline ] |
990 | #[stable (feature = "rust1" , since = "1.0.0" )] |
991 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_drop" )] |
992 | pub fn drop<T>(_x: T) {} |
993 | |
994 | /// Bitwise-copies a value. |
995 | /// |
996 | /// This function is not magic; it is literally defined as |
997 | /// ``` |
998 | /// pub fn copy<T: Copy>(x: &T) -> T { *x } |
999 | /// ``` |
1000 | /// |
1001 | /// It is useful when you want to pass a function pointer to a combinator, rather than defining a new closure. |
1002 | /// |
1003 | /// Example: |
1004 | /// ``` |
1005 | /// #![feature(mem_copy_fn)] |
1006 | /// use core::mem::copy; |
1007 | /// let result_from_ffi_function: Result<(), &i32> = Err(&1); |
1008 | /// let result_copied: Result<(), i32> = result_from_ffi_function.map_err(copy); |
1009 | /// ``` |
1010 | #[inline ] |
1011 | #[unstable (feature = "mem_copy_fn" , issue = "98262" )] |
1012 | pub const fn copy<T: Copy>(x: &T) -> T { |
1013 | *x |
1014 | } |
1015 | |
1016 | /// Interprets `src` as having type `&Dst`, and then reads `src` without moving |
1017 | /// the contained value. |
1018 | /// |
1019 | /// This function will unsafely assume the pointer `src` is valid for [`size_of::<Dst>`][size_of] |
1020 | /// bytes by transmuting `&Src` to `&Dst` and then reading the `&Dst` (except that this is done |
1021 | /// in a way that is correct even when `&Dst` has stricter alignment requirements than `&Src`). |
1022 | /// It will also unsafely create a copy of the contained value instead of moving out of `src`. |
1023 | /// |
1024 | /// It is not a compile-time error if `Src` and `Dst` have different sizes, but it |
1025 | /// is highly encouraged to only invoke this function where `Src` and `Dst` have the |
1026 | /// same size. This function triggers [undefined behavior][ub] if `Dst` is larger than |
1027 | /// `Src`. |
1028 | /// |
1029 | /// [ub]: ../../reference/behavior-considered-undefined.html |
1030 | /// |
1031 | /// # Examples |
1032 | /// |
1033 | /// ``` |
1034 | /// use std::mem; |
1035 | /// |
1036 | /// #[repr(packed)] |
1037 | /// struct Foo { |
1038 | /// bar: u8, |
1039 | /// } |
1040 | /// |
1041 | /// let foo_array = [10u8]; |
1042 | /// |
1043 | /// unsafe { |
1044 | /// // Copy the data from 'foo_array' and treat it as a 'Foo' |
1045 | /// let mut foo_struct: Foo = mem::transmute_copy(&foo_array); |
1046 | /// assert_eq!(foo_struct.bar, 10); |
1047 | /// |
1048 | /// // Modify the copied data |
1049 | /// foo_struct.bar = 20; |
1050 | /// assert_eq!(foo_struct.bar, 20); |
1051 | /// } |
1052 | /// |
1053 | /// // The contents of 'foo_array' should not have changed |
1054 | /// assert_eq!(foo_array, [10]); |
1055 | /// ``` |
1056 | #[inline ] |
1057 | #[must_use ] |
1058 | #[track_caller ] |
1059 | #[stable (feature = "rust1" , since = "1.0.0" )] |
1060 | #[rustc_const_stable (feature = "const_transmute_copy" , since = "1.74.0" )] |
1061 | pub const unsafe fn transmute_copy<Src, Dst>(src: &Src) -> Dst { |
1062 | assert!( |
1063 | size_of::<Src>() >= size_of::<Dst>(), |
1064 | "cannot transmute_copy if Dst is larger than Src" |
1065 | ); |
1066 | |
1067 | // If Dst has a higher alignment requirement, src might not be suitably aligned. |
1068 | if align_of::<Dst>() > align_of::<Src>() { |
1069 | // SAFETY: `src` is a reference which is guaranteed to be valid for reads. |
1070 | // The caller must guarantee that the actual transmutation is safe. |
1071 | unsafe { ptr::read_unaligned(src as *const Src as *const Dst) } |
1072 | } else { |
1073 | // SAFETY: `src` is a reference which is guaranteed to be valid for reads. |
1074 | // We just checked that `src as *const Dst` was properly aligned. |
1075 | // The caller must guarantee that the actual transmutation is safe. |
1076 | unsafe { ptr::read(src as *const Src as *const Dst) } |
1077 | } |
1078 | } |
1079 | |
1080 | /// Opaque type representing the discriminant of an enum. |
1081 | /// |
1082 | /// See the [`discriminant`] function in this module for more information. |
1083 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1084 | pub struct Discriminant<T>(<T as DiscriminantKind>::Discriminant); |
1085 | |
1086 | // N.B. These trait implementations cannot be derived because we don't want any bounds on T. |
1087 | |
1088 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1089 | impl<T> Copy for Discriminant<T> {} |
1090 | |
1091 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1092 | impl<T> clone::Clone for Discriminant<T> { |
1093 | fn clone(&self) -> Self { |
1094 | *self |
1095 | } |
1096 | } |
1097 | |
1098 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1099 | impl<T> cmp::PartialEq for Discriminant<T> { |
1100 | fn eq(&self, rhs: &Self) -> bool { |
1101 | self.0 == rhs.0 |
1102 | } |
1103 | } |
1104 | |
1105 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1106 | impl<T> cmp::Eq for Discriminant<T> {} |
1107 | |
1108 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1109 | impl<T> hash::Hash for Discriminant<T> { |
1110 | fn hash<H: hash::Hasher>(&self, state: &mut H) { |
1111 | self.0.hash(state); |
1112 | } |
1113 | } |
1114 | |
1115 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1116 | impl<T> fmt::Debug for Discriminant<T> { |
1117 | fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { |
1118 | fmt.debug_tuple(name:"Discriminant" ).field(&self.0).finish() |
1119 | } |
1120 | } |
1121 | |
1122 | /// Returns a value uniquely identifying the enum variant in `v`. |
1123 | /// |
1124 | /// If `T` is not an enum, calling this function will not result in undefined behavior, but the |
1125 | /// return value is unspecified. |
1126 | /// |
1127 | /// # Stability |
1128 | /// |
1129 | /// The discriminant of an enum variant may change if the enum definition changes. A discriminant |
1130 | /// of some variant will not change between compilations with the same compiler. See the [Reference] |
1131 | /// for more information. |
1132 | /// |
1133 | /// [Reference]: ../../reference/items/enumerations.html#custom-discriminant-values-for-fieldless-enumerations |
1134 | /// |
1135 | /// The value of a [`Discriminant<T>`] is independent of any *free lifetimes* in `T`. As such, |
1136 | /// reading or writing a `Discriminant<Foo<'a>>` as a `Discriminant<Foo<'b>>` (whether via |
1137 | /// [`transmute`] or otherwise) is always sound. Note that this is **not** true for other kinds |
1138 | /// of generic parameters and for higher-ranked lifetimes; `Discriminant<Foo<A>>` and |
1139 | /// `Discriminant<Foo<B>>` as well as `Discriminant<Bar<dyn for<'a> Trait<'a>>>` and |
1140 | /// `Discriminant<Bar<dyn Trait<'static>>>` may be incompatible. |
1141 | /// |
1142 | /// # Examples |
1143 | /// |
1144 | /// This can be used to compare enums that carry data, while disregarding |
1145 | /// the actual data: |
1146 | /// |
1147 | /// ``` |
1148 | /// use std::mem; |
1149 | /// |
1150 | /// enum Foo { A(&'static str), B(i32), C(i32) } |
1151 | /// |
1152 | /// assert_eq!(mem::discriminant(&Foo::A("bar" )), mem::discriminant(&Foo::A("baz" ))); |
1153 | /// assert_eq!(mem::discriminant(&Foo::B(1)), mem::discriminant(&Foo::B(2))); |
1154 | /// assert_ne!(mem::discriminant(&Foo::B(3)), mem::discriminant(&Foo::C(3))); |
1155 | /// ``` |
1156 | /// |
1157 | /// ## Accessing the numeric value of the discriminant |
1158 | /// |
1159 | /// Note that it is *undefined behavior* to [`transmute`] from [`Discriminant`] to a primitive! |
1160 | /// |
1161 | /// If an enum has only unit variants, then the numeric value of the discriminant can be accessed |
1162 | /// with an [`as`] cast: |
1163 | /// |
1164 | /// ``` |
1165 | /// enum Enum { |
1166 | /// Foo, |
1167 | /// Bar, |
1168 | /// Baz, |
1169 | /// } |
1170 | /// |
1171 | /// assert_eq!(0, Enum::Foo as isize); |
1172 | /// assert_eq!(1, Enum::Bar as isize); |
1173 | /// assert_eq!(2, Enum::Baz as isize); |
1174 | /// ``` |
1175 | /// |
1176 | /// If an enum has opted-in to having a [primitive representation] for its discriminant, |
1177 | /// then it's possible to use pointers to read the memory location storing the discriminant. |
1178 | /// That **cannot** be done for enums using the [default representation], however, as it's |
1179 | /// undefined what layout the discriminant has and where it's stored — it might not even be |
1180 | /// stored at all! |
1181 | /// |
1182 | /// [`as`]: ../../std/keyword.as.html |
1183 | /// [primitive representation]: ../../reference/type-layout.html#primitive-representations |
1184 | /// [default representation]: ../../reference/type-layout.html#the-default-representation |
1185 | /// ``` |
1186 | /// #[repr(u8)] |
1187 | /// enum Enum { |
1188 | /// Unit, |
1189 | /// Tuple(bool), |
1190 | /// Struct { a: bool }, |
1191 | /// } |
1192 | /// |
1193 | /// impl Enum { |
1194 | /// fn discriminant(&self) -> u8 { |
1195 | /// // SAFETY: Because `Self` is marked `repr(u8)`, its layout is a `repr(C)` `union` |
1196 | /// // between `repr(C)` structs, each of which has the `u8` discriminant as its first |
1197 | /// // field, so we can read the discriminant without offsetting the pointer. |
1198 | /// unsafe { *<*const _>::from(self).cast::<u8>() } |
1199 | /// } |
1200 | /// } |
1201 | /// |
1202 | /// let unit_like = Enum::Unit; |
1203 | /// let tuple_like = Enum::Tuple(true); |
1204 | /// let struct_like = Enum::Struct { a: false }; |
1205 | /// assert_eq!(0, unit_like.discriminant()); |
1206 | /// assert_eq!(1, tuple_like.discriminant()); |
1207 | /// assert_eq!(2, struct_like.discriminant()); |
1208 | /// |
1209 | /// // ⚠️ This is undefined behavior. Don't do this. ⚠️ |
1210 | /// // assert_eq!(0, unsafe { std::mem::transmute::<_, u8>(std::mem::discriminant(&unit_like)) }); |
1211 | /// ``` |
1212 | #[stable (feature = "discriminant_value" , since = "1.21.0" )] |
1213 | #[rustc_const_stable (feature = "const_discriminant" , since = "1.75.0" )] |
1214 | #[cfg_attr (not(test), rustc_diagnostic_item = "mem_discriminant" )] |
1215 | #[cfg_attr (miri, track_caller)] // even without panics, this helps for Miri backtraces |
1216 | pub const fn discriminant<T>(v: &T) -> Discriminant<T> { |
1217 | Discriminant(intrinsics::discriminant_value(v)) |
1218 | } |
1219 | |
1220 | /// Returns the number of variants in the enum type `T`. |
1221 | /// |
1222 | /// If `T` is not an enum, calling this function will not result in undefined behavior, but the |
1223 | /// return value is unspecified. Equally, if `T` is an enum with more variants than `usize::MAX` |
1224 | /// the return value is unspecified. Uninhabited variants will be counted. |
1225 | /// |
1226 | /// Note that an enum may be expanded with additional variants in the future |
1227 | /// as a non-breaking change, for example if it is marked `#[non_exhaustive]`, |
1228 | /// which will change the result of this function. |
1229 | /// |
1230 | /// # Examples |
1231 | /// |
1232 | /// ``` |
1233 | /// # #![feature (never_type)] |
1234 | /// # #![feature (variant_count)] |
1235 | /// |
1236 | /// use std::mem; |
1237 | /// |
1238 | /// enum Void {} |
1239 | /// enum Foo { A(&'static str), B(i32), C(i32) } |
1240 | /// |
1241 | /// assert_eq!(mem::variant_count::<Void>(), 0); |
1242 | /// assert_eq!(mem::variant_count::<Foo>(), 3); |
1243 | /// |
1244 | /// assert_eq!(mem::variant_count::<Option<!>>(), 2); |
1245 | /// assert_eq!(mem::variant_count::<Result<!, !>>(), 2); |
1246 | /// ``` |
1247 | #[inline (always)] |
1248 | #[must_use ] |
1249 | #[unstable (feature = "variant_count" , issue = "73662" )] |
1250 | #[rustc_const_unstable (feature = "variant_count" , issue = "73662" )] |
1251 | #[rustc_diagnostic_item = "mem_variant_count" ] |
1252 | pub const fn variant_count<T>() -> usize { |
1253 | intrinsics::variant_count::<T>() |
1254 | } |
1255 | |
1256 | /// Provides associated constants for various useful properties of types, |
1257 | /// to give them a canonical form in our code and make them easier to read. |
1258 | /// |
1259 | /// This is here only to simplify all the ZST checks we need in the library. |
1260 | /// It's not on a stabilization track right now. |
1261 | #[doc (hidden)] |
1262 | #[unstable (feature = "sized_type_properties" , issue = "none" )] |
1263 | pub trait SizedTypeProperties: Sized { |
1264 | /// `true` if this type requires no storage. |
1265 | /// `false` if its [size](size_of) is greater than zero. |
1266 | /// |
1267 | /// # Examples |
1268 | /// |
1269 | /// ``` |
1270 | /// #![feature(sized_type_properties)] |
1271 | /// use core::mem::SizedTypeProperties; |
1272 | /// |
1273 | /// fn do_something_with<T>() { |
1274 | /// if T::IS_ZST { |
1275 | /// // ... special approach ... |
1276 | /// } else { |
1277 | /// // ... the normal thing ... |
1278 | /// } |
1279 | /// } |
1280 | /// |
1281 | /// struct MyUnit; |
1282 | /// assert!(MyUnit::IS_ZST); |
1283 | /// |
1284 | /// // For negative checks, consider using UFCS to emphasize the negation |
1285 | /// assert!(!<i32>::IS_ZST); |
1286 | /// // As it can sometimes hide in the type otherwise |
1287 | /// assert!(!String::IS_ZST); |
1288 | /// ``` |
1289 | #[doc (hidden)] |
1290 | #[unstable (feature = "sized_type_properties" , issue = "none" )] |
1291 | const IS_ZST: bool = size_of::<Self>() == 0; |
1292 | } |
1293 | #[doc (hidden)] |
1294 | #[unstable (feature = "sized_type_properties" , issue = "none" )] |
1295 | impl<T> SizedTypeProperties for T {} |
1296 | |
1297 | /// Expands to the offset in bytes of a field from the beginning of the given type. |
1298 | /// |
1299 | /// Structs, enums, unions and tuples are supported. |
1300 | /// |
1301 | /// Nested field accesses may be used, but not array indexes. |
1302 | /// |
1303 | /// Enum variants may be traversed as if they were fields. Variants themselves do |
1304 | /// not have an offset. |
1305 | /// |
1306 | /// However, on stable only a single field name is supported, which blocks the use of |
1307 | /// enum support. |
1308 | /// |
1309 | /// Visibility is respected - all types and fields must be visible to the call site: |
1310 | /// |
1311 | /// ``` |
1312 | /// mod nested { |
1313 | /// #[repr (C)] |
1314 | /// pub struct Struct { |
1315 | /// private: u8, |
1316 | /// } |
1317 | /// } |
1318 | /// |
1319 | /// // assert_eq!(mem::offset_of!(nested::Struct, private), 0); |
1320 | /// // ^^^ error[E0616]: field `private` of struct `Struct` is private |
1321 | /// ``` |
1322 | /// |
1323 | /// Note that type layout is, in general, [subject to change and |
1324 | /// platform-specific](https://doc.rust-lang.org/reference/type-layout.html). If |
1325 | /// layout stability is required, consider using an [explicit `repr` attribute]. |
1326 | /// |
1327 | /// Rust guarantees that the offset of a given field within a given type will not |
1328 | /// change over the lifetime of the program. However, two different compilations of |
1329 | /// the same program may result in different layouts. Also, even within a single |
1330 | /// program execution, no guarantees are made about types which are *similar* but |
1331 | /// not *identical*, e.g.: |
1332 | /// |
1333 | /// ``` |
1334 | /// struct Wrapper<T, U>(T, U); |
1335 | /// |
1336 | /// type A = Wrapper<u8, u8>; |
1337 | /// type B = Wrapper<u8, i8>; |
1338 | /// |
1339 | /// // Not necessarily identical even though `u8` and `i8` have the same layout! |
1340 | /// // assert!(mem::offset_of!(A, 1), mem::offset_of!(B, 1)); |
1341 | /// |
1342 | /// #[repr(transparent)] |
1343 | /// struct U8(u8); |
1344 | /// |
1345 | /// type C = Wrapper<u8, U8>; |
1346 | /// |
1347 | /// // Not necessarily identical even though `u8` and `U8` have the same layout! |
1348 | /// // assert!(mem::offset_of!(A, 1), mem::offset_of!(C, 1)); |
1349 | /// |
1350 | /// struct Empty<T>(core::marker::PhantomData<T>); |
1351 | /// |
1352 | /// // Not necessarily identical even though `PhantomData` always has the same layout! |
1353 | /// // assert!(mem::offset_of!(Empty<u8>, 0), mem::offset_of!(Empty<i8>, 0)); |
1354 | /// ``` |
1355 | /// |
1356 | /// [explicit `repr` attribute]: https://doc.rust-lang.org/reference/type-layout.html#representations |
1357 | /// |
1358 | /// # Examples |
1359 | /// |
1360 | /// ``` |
1361 | /// #![feature(offset_of_enum, offset_of_nested)] |
1362 | /// |
1363 | /// use std::mem; |
1364 | /// #[repr(C)] |
1365 | /// struct FieldStruct { |
1366 | /// first: u8, |
1367 | /// second: u16, |
1368 | /// third: u8 |
1369 | /// } |
1370 | /// |
1371 | /// assert_eq!(mem::offset_of!(FieldStruct, first), 0); |
1372 | /// assert_eq!(mem::offset_of!(FieldStruct, second), 2); |
1373 | /// assert_eq!(mem::offset_of!(FieldStruct, third), 4); |
1374 | /// |
1375 | /// #[repr(C)] |
1376 | /// struct NestedA { |
1377 | /// b: NestedB |
1378 | /// } |
1379 | /// |
1380 | /// #[repr(C)] |
1381 | /// struct NestedB(u8); |
1382 | /// |
1383 | /// assert_eq!(mem::offset_of!(NestedA, b.0), 0); |
1384 | /// |
1385 | /// #[repr(u8)] |
1386 | /// enum Enum { |
1387 | /// A(u8, u16), |
1388 | /// B { one: u8, two: u16 }, |
1389 | /// } |
1390 | /// |
1391 | /// assert_eq!(mem::offset_of!(Enum, A.0), 1); |
1392 | /// assert_eq!(mem::offset_of!(Enum, B.two), 2); |
1393 | /// |
1394 | /// assert_eq!(mem::offset_of!(Option<&u8>, Some.0), 0); |
1395 | /// ``` |
1396 | #[cfg (not(bootstrap))] |
1397 | #[stable (feature = "offset_of" , since = "1.77.0" )] |
1398 | #[allow_internal_unstable (builtin_syntax, hint_must_use)] |
1399 | pub macro offset_of($Container:ty, $($fields:expr)+ $(,)?) { |
1400 | // The `{}` is for better error messages |
1401 | crate::hint::must_use({builtin # offset_of($Container, $($fields)+)}) |
1402 | } |
1403 | |
1404 | #[cfg (bootstrap)] |
1405 | #[stable (feature = "offset_of" , since = "1.77.0" )] |
1406 | #[allow_internal_unstable (builtin_syntax, hint_must_use)] |
1407 | #[allow (missing_docs)] |
1408 | pub macro offset_of($Container:ty, $($fields:tt).+ $(,)?) { |
1409 | // The `{}` is for better error messages |
1410 | crate::hint::must_use({builtin # offset_of($Container, $($fields).+)}) |
1411 | } |
1412 | |