1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175
use std::mem;
use std::ptr;
use std::rc::Rc;
use std::sync::Arc;
/// A trait describing smart reference counted pointers.
///
/// Note that in a way [`Option<Arc<T>>`][Option] is also a smart reference counted pointer, just
/// one that can hold NULL.
///
/// The trait is unsafe, because a wrong implementation will break the [ArcSwapAny]
/// implementation and lead to UB.
///
/// This is not actually expected for downstream crate to implement, this is just means to reuse
/// code for [Arc] and [`Option<Arc>`][Option] variants. However, it is theoretically possible (if
/// you have your own [Arc] implementation).
///
/// It is also implemented for [Rc], but that is not considered very useful (because the
/// [ArcSwapAny] is not `Send` or `Sync`, therefore there's very little advantage for it to be
/// atomic).
///
/// # Safety
///
/// Aside from the obvious properties (like that incrementing and decrementing a reference count
/// cancel each out and that having less references tracked than how many things actually point to
/// the value is fine as long as the count doesn't drop to 0), it also must satisfy that if two
/// pointers have the same value, they point to the same object. This is specifically not true for
/// ZSTs, but it is true for `Arc`s of ZSTs, because they have the reference counts just after the
/// value. It would be fine to point to a type-erased version of the same object, though (if one
/// could use this trait with unsized types in the first place).
///
/// Furthermore, the type should be Pin (eg. if the type is cloned or moved, it should still
/// point/deref to the same place in memory).
///
/// [Arc]: std::sync::Arc
/// [Rc]: std::rc::Rc
/// [ArcSwapAny]: crate::ArcSwapAny
pub unsafe trait RefCnt: Clone {
/// The base type the pointer points to.
type Base;
/// Converts the smart pointer into a raw pointer, without affecting the reference count.
///
/// This can be seen as kind of freezing the pointer ‒ it'll be later converted back using
/// [`from_ptr`](#method.from_ptr).
///
/// The pointer must point to the value stored (and the value must be the same as one returned
/// by [`as_ptr`](#method.as_ptr).
fn into_ptr(me: Self) -> *mut Self::Base;
/// Provides a view into the smart pointer as a raw pointer.
///
/// This must not affect the reference count ‒ the pointer is only borrowed.
fn as_ptr(me: &Self) -> *mut Self::Base;
/// Converts a raw pointer back into the smart pointer, without affecting the reference count.
///
/// This is only called on values previously returned by [`into_ptr`](#method.into_ptr).
/// However, it is not guaranteed to be 1:1 relation ‒ `from_ptr` may be called more times than
/// `into_ptr` temporarily provided the reference count never drops under 1 during that time
/// (the implementation sometimes owes a reference). These extra pointers will either be
/// converted back using `into_ptr` or forgotten.
///
/// # Safety
///
/// This must not be called by code outside of this crate.
unsafe fn from_ptr(ptr: *const Self::Base) -> Self;
/// Increments the reference count by one.
///
/// Return the pointer to the inner thing as a side effect.
fn inc(me: &Self) -> *mut Self::Base {
Self::into_ptr(Self::clone(me))
}
/// Decrements the reference count by one.
///
/// Note this is called on a raw pointer (one previously returned by
/// [`into_ptr`](#method.into_ptr). This may lead to dropping of the reference count to 0 and
/// destruction of the internal pointer.
///
/// # Safety
///
/// This must not be called by code outside of this crate.
unsafe fn dec(ptr: *const Self::Base) {
drop(Self::from_ptr(ptr));
}
}
unsafe impl<T> RefCnt for Arc<T> {
type Base = T;
fn into_ptr(me: Arc<T>) -> *mut T {
Arc::into_raw(me) as *mut T
}
fn as_ptr(me: &Arc<T>) -> *mut T {
// Slightly convoluted way to do this, but this avoids stacked borrows violations. The same
// intention as
//
// me as &T as *const T as *mut T
//
// We first create a "shallow copy" of me - one that doesn't really own its ref count
// (that's OK, me _does_ own it, so it can't be destroyed in the meantime).
// Then we can use into_raw (which preserves not having the ref count).
//
// We need to "revert" the changes we did. In current std implementation, the combination
// of from_raw and forget is no-op. But formally, into_raw shall be paired with from_raw
// and that read shall be paired with forget to properly "close the brackets". In future
// versions of STD, these may become something else that's not really no-op (unlikely, but
// possible), so we future-proof it a bit.
// SAFETY: &T cast to *const T will always be aligned, initialised and valid for reads
let ptr = Arc::into_raw(unsafe { std::ptr::read(me) });
let ptr = ptr as *mut T;
// SAFETY: We got the pointer from into_raw just above
mem::forget(unsafe { Arc::from_raw(ptr) });
ptr
}
unsafe fn from_ptr(ptr: *const T) -> Arc<T> {
Arc::from_raw(ptr)
}
}
unsafe impl<T> RefCnt for Rc<T> {
type Base = T;
fn into_ptr(me: Rc<T>) -> *mut T {
Rc::into_raw(me) as *mut T
}
fn as_ptr(me: &Rc<T>) -> *mut T {
// Slightly convoluted way to do this, but this avoids stacked borrows violations. The same
// intention as
//
// me as &T as *const T as *mut T
//
// We first create a "shallow copy" of me - one that doesn't really own its ref count
// (that's OK, me _does_ own it, so it can't be destroyed in the meantime).
// Then we can use into_raw (which preserves not having the ref count).
//
// We need to "revert" the changes we did. In current std implementation, the combination
// of from_raw and forget is no-op. But formally, into_raw shall be paired with from_raw
// and that read shall be paired with forget to properly "close the brackets". In future
// versions of STD, these may become something else that's not really no-op (unlikely, but
// possible), so we future-proof it a bit.
// SAFETY: &T cast to *const T will always be aligned, initialised and valid for reads
let ptr = Rc::into_raw(unsafe { std::ptr::read(me) });
let ptr = ptr as *mut T;
// SAFETY: We got the pointer from into_raw just above
mem::forget(unsafe { Rc::from_raw(ptr) });
ptr
}
unsafe fn from_ptr(ptr: *const T) -> Rc<T> {
Rc::from_raw(ptr)
}
}
unsafe impl<T: RefCnt> RefCnt for Option<T> {
type Base = T::Base;
fn into_ptr(me: Option<T>) -> *mut T::Base {
me.map(T::into_ptr).unwrap_or_else(ptr::null_mut)
}
fn as_ptr(me: &Option<T>) -> *mut T::Base {
me.as_ref().map(T::as_ptr).unwrap_or_else(ptr::null_mut)
}
unsafe fn from_ptr(ptr: *const T::Base) -> Option<T> {
if ptr.is_null() {
None
} else {
Some(T::from_ptr(ptr))
}
}
}