xref: /linux/rust/pin-init/src/__internal.rs (revision fea304ec875454360a3be106e0baad96032bf9fe) 
1 // SPDX-License-Identifier: Apache-2.0 OR MIT
2 
3 //! This module contains library internal items.
4 //!
5 //! These items must not be used outside of this crate and the pin-init-internal crate located at
6 //! `../internal`.
7 
8 use super::*;
9 
10 /// Zero-sized type used to mark a type as invariant.
11 ///
12 /// This is a polyfill for the [unstable type] in the standard library of the same name.
13 ///
14 /// See the [nomicon] for what subtyping is. See also [this table].
15 ///
16 /// [unstable type]: https://doc.rust-lang.org/nightly/std/marker/struct.PhantomInvariant.html
17 /// [nomicon]: https://doc.rust-lang.org/nomicon/subtyping.html
18 /// [this table]: https://doc.rust-lang.org/nomicon/phantom-data.html#table-of-phantomdata-patterns
19 #[repr(transparent)]
20 pub struct PhantomInvariant<T: ?Sized>(PhantomData<fn(T) -> T>);
21 
22 impl<T: ?Sized> Clone for PhantomInvariant<T> {
23     #[inline(always)]
24     fn clone(&self) -> Self {
25         *self
26     }
27 }
28 
29 impl<T: ?Sized> Copy for PhantomInvariant<T> {}
30 
31 impl<T: ?Sized> Default for PhantomInvariant<T> {
32     #[inline(always)]
33     fn default() -> Self {
34         Self::new()
35     }
36 }
37 
38 impl<T: ?Sized> PhantomInvariant<T> {
39     #[inline(always)]
40     pub const fn new() -> Self {
41         Self(PhantomData)
42     }
43 }
44 
45 /// Zero-sized type used to mark a lifetime as invariant.
46 ///
47 /// This is a polyfill for the [unstable type] in the standard library of the same name.
48 ///
49 /// [unstable type]: https://doc.rust-lang.org/nightly/std/marker/struct.PhantomInvariantLifetime.html
50 #[repr(transparent)]
51 #[derive(Clone, Copy, Default)]
52 pub struct PhantomInvariantLifetime<'a>(PhantomInvariant<&'a ()>);
53 
54 impl PhantomInvariantLifetime<'_> {
55     #[inline(always)]
56     pub const fn new() -> Self {
57         Self(PhantomInvariant::new())
58     }
59 }
60 
61 /// Module-internal type implementing `PinInit` and `Init`.
62 ///
63 /// It is unsafe to create this type, since the closure needs to fulfill the same safety
64 /// requirement as the `__pinned_init`/`__init` functions.
65 pub(crate) struct InitClosure<F, T: ?Sized, E>(pub(crate) F, pub(crate) PhantomInvariant<(E, T)>);
66 
67 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
68 // `__init` invariants.
69 unsafe impl<T: ?Sized, F, E> Init<T, E> for InitClosure<F, T, E>
70 where
71     F: FnOnce(*mut T) -> Result<(), E>,
72 {
73     #[inline]
74     unsafe fn __init(self, slot: *mut T) -> Result<(), E> {
75         (self.0)(slot)
76     }
77 }
78 
79 // SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
80 // `__pinned_init` invariants.
81 unsafe impl<T: ?Sized, F, E> PinInit<T, E> for InitClosure<F, T, E>
82 where
83     F: FnOnce(*mut T) -> Result<(), E>,
84 {
85     #[inline]
86     unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
87         (self.0)(slot)
88     }
89 }
90 
91 /// Token type to signify successful initialization.
92 ///
93 /// Can only be constructed via the unsafe [`Self::new`] function. The initializer macros use this
94 /// token type to prevent returning `Ok` from an initializer without initializing all fields.
95 pub struct InitOk(());
96 
97 impl InitOk {
98     /// Creates a new token.
99     ///
100     /// # Safety
101     ///
102     /// This function may only be called from the `init!` macro in `../internal/src/init.rs`.
103     #[inline(always)]
104     pub unsafe fn new() -> Self {
105         Self(())
106     }
107 }
108 
109 /// This trait is only implemented via the `#[pin_data]` proc-macro. It is used to facilitate
110 /// the pin projections within the initializers.
111 ///
112 /// # Safety
113 ///
114 /// Only the `init` module is allowed to use this trait.
115 pub unsafe trait HasPinData {
116     type PinData: PinData;
117 
118     #[expect(clippy::missing_safety_doc)]
119     unsafe fn __pin_data() -> Self::PinData;
120 }
121 
122 /// Marker trait for pinning data of structs.
123 ///
124 /// # Safety
125 ///
126 /// Only the `init` module is allowed to use this trait.
127 pub unsafe trait PinData: Copy {
128     type Datee: ?Sized + HasPinData;
129 
130     /// Type inference helper function.
131     #[inline(always)]
132     fn make_closure<F, E>(self, f: F) -> F
133     where
134         F: FnOnce(*mut Self::Datee) -> Result<InitOk, E>,
135     {
136         f
137     }
138 }
139 
140 /// This trait is automatically implemented for every type. It aims to provide the same type
141 /// inference help as `HasPinData`.
142 ///
143 /// # Safety
144 ///
145 /// Only the `init` module is allowed to use this trait.
146 pub unsafe trait HasInitData {
147     type InitData: InitData;
148 
149     #[expect(clippy::missing_safety_doc)]
150     unsafe fn __init_data() -> Self::InitData;
151 }
152 
153 /// Same function as `PinData`, but for arbitrary data.
154 ///
155 /// # Safety
156 ///
157 /// Only the `init` module is allowed to use this trait.
158 pub unsafe trait InitData: Copy {
159     type Datee: ?Sized + HasInitData;
160 
161     /// Type inference helper function.
162     #[inline(always)]
163     fn make_closure<F, E>(self, f: F) -> F
164     where
165         F: FnOnce(*mut Self::Datee) -> Result<InitOk, E>,
166     {
167         f
168     }
169 }
170 
171 pub struct AllData<T: ?Sized>(PhantomInvariant<T>);
172 
173 impl<T: ?Sized> Clone for AllData<T> {
174     fn clone(&self) -> Self {
175         *self
176     }
177 }
178 
179 impl<T: ?Sized> Copy for AllData<T> {}
180 
181 // SAFETY: TODO.
182 unsafe impl<T: ?Sized> InitData for AllData<T> {
183     type Datee = T;
184 }
185 
186 // SAFETY: TODO.
187 unsafe impl<T: ?Sized> HasInitData for T {
188     type InitData = AllData<T>;
189 
190     unsafe fn __init_data() -> Self::InitData {
191         AllData(PhantomInvariant::new())
192     }
193 }
194 
195 /// Stack initializer helper type. Use [`stack_pin_init`] instead of this primitive.
196 ///
197 /// # Invariants
198 ///
199 /// If `self.is_init` is true, then `self.value` is initialized.
200 ///
201 /// [`stack_pin_init`]: crate::stack_pin_init
202 pub struct StackInit<T> {
203     value: MaybeUninit<T>,
204     is_init: bool,
205 }
206 
207 impl<T> Drop for StackInit<T> {
208     #[inline]
209     fn drop(&mut self) {
210         if self.is_init {
211             // SAFETY: As we are being dropped, we only call this once. And since `self.is_init` is
212             // true, `self.value` is initialized.
213             unsafe { self.value.assume_init_drop() };
214         }
215     }
216 }
217 
218 impl<T> StackInit<T> {
219     /// Creates a new [`StackInit<T>`] that is uninitialized. Use [`stack_pin_init`] instead of this
220     /// primitive.
221     ///
222     /// [`stack_pin_init`]: crate::stack_pin_init
223     #[inline]
224     pub fn uninit() -> Self {
225         Self {
226             value: MaybeUninit::uninit(),
227             is_init: false,
228         }
229     }
230 
231     /// Initializes the contents and returns the result.
232     #[inline]
233     pub fn init<E>(self: Pin<&mut Self>, init: impl PinInit<T, E>) -> Result<Pin<&mut T>, E> {
234         // SAFETY: We never move out of `this`.
235         let this = unsafe { Pin::into_inner_unchecked(self) };
236         // The value is currently initialized, so it needs to be dropped before we can reuse
237         // the memory (this is a safety guarantee of `Pin`).
238         if this.is_init {
239             this.is_init = false;
240             // SAFETY: `this.is_init` was true and therefore `this.value` is initialized.
241             unsafe { this.value.assume_init_drop() };
242         }
243         // SAFETY: The memory slot is valid and this type ensures that it will stay pinned.
244         unsafe { init.__pinned_init(this.value.as_mut_ptr())? };
245         // INVARIANT: `this.value` is initialized above.
246         this.is_init = true;
247         // SAFETY: The slot is now pinned, since we will never give access to `&mut T`.
248         Ok(unsafe { Pin::new_unchecked(this.value.assume_init_mut()) })
249     }
250 }
251 
252 #[test]
253 #[cfg(feature = "std")]
254 fn stack_init_reuse() {
255     use ::std::{borrow::ToOwned, println, string::String};
256     use core::pin::pin;
257 
258     #[derive(Debug)]
259     struct Foo {
260         a: usize,
261         b: String,
262     }
263     let mut slot: Pin<&mut StackInit<Foo>> = pin!(StackInit::uninit());
264     let value: Result<Pin<&mut Foo>, core::convert::Infallible> =
265         slot.as_mut().init(crate::init!(Foo {
266             a: 42,
267             b: "Hello".to_owned(),
268         }));
269     let value = value.unwrap();
270     println!("{value:?}");
271     let value: Result<Pin<&mut Foo>, core::convert::Infallible> =
272         slot.as_mut().init(crate::init!(Foo {
273             a: 24,
274             b: "world!".to_owned(),
275         }));
276     let value = value.unwrap();
277     println!("{value:?}");
278 }
279 
280 /// When a value of this type is dropped, it drops a `T`.
281 ///
282 /// Can be forgotten to prevent the drop.
283 ///
284 /// # Invariants
285 ///
286 /// - `ptr` is valid and properly aligned.
287 /// - `*ptr` is initialized and owned by this guard.
288 pub struct DropGuard<T: ?Sized> {
289     ptr: *mut T,
290 }
291 
292 impl<T: ?Sized> DropGuard<T> {
293     /// Creates a drop guard and transfer the ownership of the pointer content.
294     ///
295     /// The ownership is only relinguished if the guard is forgotten via [`core::mem::forget`].
296     ///
297     /// # Safety
298     ///
299     /// - `ptr` is valid and properly aligned.
300     /// - `*ptr` is initialized, and the ownership is transferred to this guard.
301     #[inline]
302     pub unsafe fn new(ptr: *mut T) -> Self {
303         // INVARIANT: By safety requirement.
304         Self { ptr }
305     }
306 
307     /// Create a let binding for accessor use.
308     #[inline]
309     pub fn let_binding(&mut self) -> &mut T {
310         // SAFETY: Per type invariant.
311         unsafe { &mut *self.ptr }
312     }
313 }
314 
315 impl<T: ?Sized> Drop for DropGuard<T> {
316     #[inline]
317     fn drop(&mut self) {
318         // SAFETY: `self.ptr` is valid, properly aligned and `*self.ptr` is owned by this guard.
319         unsafe { ptr::drop_in_place(self.ptr) }
320     }
321 }
322 
323 /// Token used by `PinnedDrop` to prevent calling the function without creating this unsafely
324 /// created struct. This is needed, because the `drop` function is safe, but should not be called
325 /// manually.
326 pub struct OnlyCallFromDrop(());
327 
328 impl OnlyCallFromDrop {
329     /// # Safety
330     ///
331     /// This function should only be called from the [`Drop::drop`] function and only be used to
332     /// delegate the destruction to the pinned destructor [`PinnedDrop::drop`] of the same type.
333     pub unsafe fn new() -> Self {
334         Self(())
335     }
336 }
337 
338 /// Initializer that always fails.
339 ///
340 /// Used by [`assert_pinned!`].
341 ///
342 /// [`assert_pinned!`]: crate::assert_pinned
343 pub struct AlwaysFail<T: ?Sized> {
344     _t: PhantomData<T>,
345 }
346 
347 impl<T: ?Sized> AlwaysFail<T> {
348     /// Creates a new initializer that always fails.
349     pub fn new() -> Self {
350         Self { _t: PhantomData }
351     }
352 }
353 
354 impl<T: ?Sized> Default for AlwaysFail<T> {
355     fn default() -> Self {
356         Self::new()
357     }
358 }
359 
360 // SAFETY: `__pinned_init` always fails, which is always okay.
361 unsafe impl<T: ?Sized> PinInit<T, ()> for AlwaysFail<T> {
362     unsafe fn __pinned_init(self, _slot: *mut T) -> Result<(), ()> {
363         Err(())
364     }
365 }
366