atomic-lend-cell 0.1.0

A Rust library for lending immutable references across threads with explicit owner-borrower semantics, offering both atomic reference counting and lightweight flag-based implementations.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242

// Allow dead code when the flag-based feature is not enabled
#![cfg_attr(not(feature = "flag-based"), allow(dead_code))]

//! # Atomic Lend Cell
//! 
//! A thread-safe container that allows lending references to data across threads
//! using epoch-based reclamation for safety verification without per-object reference counting.
//! 
//! This module provides two main types:
//! - `AtomicLendCell<T>`: The owner that contains the data and can lend it out
//! - `AtomicBorrowCell<T>`: A lightweight borrow of data that can be freely sent between threads
//!
//! Unlike atomic reference counting, this implementation uses a single boolean flag
//! to track the owner's lifetime, reducing synchronization overhead while still
//! ensuring safety.

use std::{ops::Deref, sync::atomic::{AtomicBool, Ordering}};

/// A container that allows thread-safe lending of its contained value using epoch-based reclamation
///
/// `AtomicLendCell<T>` owns a value of type `T` and maintains an atomic boolean
/// to track its lifetime. It ensures that the value isn't accessed after being dropped,
/// with validation occurring in debug builds.
pub struct AtomicLendCell<T> {
    data: T,
    is_alive: AtomicBool
}

impl<T> AtomicLendCell<T> {
    /// Returns a reference to the contained value
    ///
    /// This method provides direct access to the value inside the cell without
    /// creating a borrowing relationship.
    pub fn as_ref(&self) -> &T {
        &self.data
    }
}

impl<T> Deref for AtomicLendCell<T> {
    type Target = T;
    /// Dereferences to the contained value
    ///
    /// This provides convenient access to the contained value through the dereference operator (*).
    fn deref(&self) -> &Self::Target {
        self.as_ref()
    }
}

impl<T> Drop for AtomicLendCell<T> {
    /// Marks the cell as no longer alive when it's dropped
    ///
    /// This allows borrows to detect if they're being used after the owner was dropped.
    fn drop(&mut self) {
        // Mark as no longer alive
        self.is_alive.store(false, Ordering::Release);
        
        // Optional: Give in-flight operations a chance to complete
        #[cfg(debug_assertions)]
        std::thread::yield_now();
    }
}

/// A thread-safe reference to data contained in an `AtomicLendCell`
///
/// `AtomicBorrowCell<T>` holds a pointer to data in an `AtomicLendCell<T>` and
/// checks the lender's liveness in debug builds. It can be safely sent between threads.
pub struct AtomicBorrowCell<T> {
    data_ptr: *const T,
    owner_alive_ptr: *const AtomicBool
}

impl<T> AtomicBorrowCell<T> {
    /// Returns a reference to the borrowed value
    ///
    /// This method provides access to the value inside the original `AtomicLendCell`.
    /// In debug builds, it verifies that the owner is still alive.
    pub fn as_ref(&self) -> &T {
        #[cfg(debug_assertions)]
        {
            let is_alive = unsafe { self.owner_alive_ptr.as_ref().unwrap() }
                .load(Ordering::Acquire);
            if !is_alive {
                panic!("Attempting to access AtomicBorrowCell after owner was dropped");
            }
        }
        
        unsafe { self.data_ptr.as_ref().unwrap() }
    }
}

impl<T> Deref for AtomicBorrowCell<T> {
    type Target = T;
    /// Dereferences to the borrowed value
    ///
    /// This provides convenient access to the borrowed value through the dereference operator (*).
    fn deref(&self) -> &Self::Target {
        self.as_ref()
    }
}

impl<T> Drop for AtomicBorrowCell<T> {
    /// Checks if the owner is still alive when this borrow is dropped
    ///
    /// In debug builds, this will panic if the borrow is dropped after the owner,
    /// helping to detect potential use-after-free bugs.
    fn drop(&mut self) {
        #[cfg(debug_assertions)]
        {
            let is_alive = unsafe { self.owner_alive_ptr.as_ref().unwrap() }
                .load(Ordering::Acquire);
            if !is_alive {
                // We were dropped after owner - this shouldn't happen in correct code
                panic!("AtomicBorrowCell dropped after its owner was dropped");
            }
        }
    }
}

// These trait implementations make `AtomicBorrowCell` safe to send between threads
unsafe impl<T: Sync> Send for AtomicBorrowCell<T> {}
unsafe impl<T: Sync> Sync for AtomicBorrowCell<T> {}

impl<T> AtomicLendCell<T> {
    /// Creates a new `AtomicLendCell` containing the given value
    ///
    /// # Examples
    ///
    /// ```
    /// use atomic_lend_cell::AtomicLendCell;
    ///
    /// let cell = AtomicLendCell::new(42);
    /// ```
    pub fn new(data: T) -> Self {
        Self { data, is_alive: AtomicBool::new(true) }
    }

    /// Creates a new `AtomicBorrowCell` for the contained value
    ///
    /// This returns a borrow that can be sent to other threads. The borrow will
    /// verify the owner's liveness in debug builds.
    ///
    /// # Examples
    ///
    /// ```
    /// use atomic_lend_cell::AtomicLendCell;
    ///
    /// let cell = AtomicLendCell::new(42);
    /// let borrow = cell.borrow();
    ///
    /// assert_eq!(*borrow, 42);
    /// ```
    pub fn borrow(&self) -> AtomicBorrowCell<T> {
        AtomicBorrowCell {
            data_ptr: (&self.data) as *const T,
            owner_alive_ptr: &self.is_alive as *const AtomicBool
        }
    }
    
}

impl<'a, T> AtomicLendCell<&'a T> {
    /// Creates a new `AtomicBorrowCell` that borrows the referenced value directly
    ///
    /// This is useful when the `AtomicLendCell` contains a reference, and you want to
    /// borrow the underlying value rather than the reference itself.
    pub fn borrow_deref(&'a self) -> AtomicBorrowCell<T> {
        AtomicBorrowCell {
            data_ptr: self.data as *const T,
            owner_alive_ptr: &self.is_alive as *const AtomicBool
        }
    }
}

impl<T> Clone for AtomicBorrowCell<T> {
    /// Creates a new `AtomicBorrowCell` that borrows the same value
    ///
    /// Unlike reference counting, this doesn't need to increment any counters,
    /// making it more efficient.
    fn clone(&self) -> Self {
        // Simply create a new borrow pointing to the same data and liveness flag
        AtomicBorrowCell {
            data_ptr: self.data_ptr,
            owner_alive_ptr: self.owner_alive_ptr
        }
    }
}

#[test]
/// Tests that borrowing works across threads
fn test_epoch_borrow() {
    let x = AtomicLendCell::new(4);
    let xr = x.borrow();
    let t1 = std::thread::spawn(move || {
        let y = xr.as_ref();
        println!("{:?}", y);
    });
    let xr = x.borrow();
    let t2 = std::thread::spawn(move || {
        let y = xr.as_ref();
        println!("{:?}", y);
    });
    t1.join().unwrap();
    t2.join().unwrap();
}

#[test]
/// Tests the safety checks for owner outliving borrows
fn test_epoch_safety() {
    use std::sync::Arc;
    
    // This test will only panic in debug builds
    let data = Arc::new(42);
    let data_clone = Arc::clone(&data);
    
    let x_opt = Some(AtomicLendCell::new(data));
    let borrow = x_opt.as_ref().unwrap().borrow();
    
    // Use the borrow before dropping owner
    assert_eq!(**borrow, 42);
    
    // Simulate work in another thread
    let handle = std::thread::spawn(move || {
        // Just hold onto data_clone to ensure it doesn't drop
        assert_eq!(*data_clone, 42);
        std::thread::sleep(std::time::Duration::from_millis(50));
    });
    
    // Drop the owner while borrow still exists
    drop(x_opt);
    
    // In debug builds, this would panic when checking borrow's liveness
    #[cfg(not(debug_assertions))]
    {
        // This should only run in release builds
        std::thread::sleep(std::time::Duration::from_millis(10));
        
        // This will cause undefined behavior in release mode if safety is violated
        let _value = *borrow;
    }
    
    handle.join().unwrap();
}