#![allow(unsafe_op_in_unsafe_fn, reason = "see module doc: inner unsafe blocks in unsafe fn add noise here")]
#![allow(clippy::unnecessary_safety_comment, reason = "safety rationale documented at function level")]
use core::sync::atomic::{AtomicPtr, Ordering};
use core::{mem, ptr};
pub(crate) type DropFn = unsafe fn(*mut u8, usize);
const PAD_TARGET: usize = mem::align_of::<DropFn>();
#[cfg_attr(coverage_nightly, coverage(off))]
#[cfg_attr(test, mutants::skip)] const fn raw_used() -> usize {
mem::size_of::<DropFn>() + mem::size_of::<u16>() + mem::size_of::<u16>()
}
#[cfg_attr(coverage_nightly, coverage(off))]
const fn pad_bytes() -> usize {
let raw = raw_used();
if raw.is_multiple_of(PAD_TARGET) {
0
} else {
PAD_TARGET - (raw % PAD_TARGET)
}
}
const PAD_BYTES: usize = pad_bytes();
#[repr(C)]
pub(crate) struct DropEntry {
drop_fn: AtomicPtr<()>,
value_offset: u16,
len: u16,
_pad: [u8; PAD_BYTES],
}
impl DropEntry {
#[inline]
pub(crate) const fn placeholder(value_offset: u16, len: u16) -> Self {
Self {
drop_fn: AtomicPtr::new(ptr::null_mut()),
value_offset,
len,
_pad: [0; PAD_BYTES],
}
}
#[inline]
pub(crate) fn commit_drop_fn(&self, drop_fn: DropFn) {
#[allow(
clippy::fn_to_numeric_cast_any,
reason = "intentional: bit-cast a function pointer for atomic storage; provenance preserved via `*mut ()`"
)]
let raw = drop_fn as *mut ();
self.drop_fn.store(raw, Ordering::Release);
}
#[inline]
pub(crate) fn drop_fn(&self) -> Option<DropFn> {
let raw = self.drop_fn.load(Ordering::Acquire);
if raw.is_null() {
None
} else {
Some(unsafe { mem::transmute::<*mut (), DropFn>(raw) })
}
}
#[inline]
pub(crate) fn value_offset(&self) -> u16 {
self.value_offset
}
#[inline]
pub(crate) fn len(&self) -> u16 {
self.len
}
}
#[allow(
clippy::cast_ptr_alignment,
reason = "caller guarantees entries are naturally aligned within the payload; see DropEntry layout"
)]
pub(crate) unsafe fn commit_placeholder_drop_fn(
payload: *mut u8,
payload_len: usize,
drop_entry_count: usize,
value_offset: usize,
len: usize,
drop_fn: DropFn,
) -> bool {
let entry_size = mem::size_of::<DropEntry>();
let entry_align = mem::align_of::<DropEntry>();
let aligned_len = payload_len & !(entry_align - 1);
for i in 0..drop_entry_count {
let entry_off = aligned_len - (i + 1) * entry_size;
let entry = &*(payload.add(entry_off).cast::<DropEntry>());
if entry.value_offset() as usize != value_offset || entry.len() as usize != len {
continue;
}
entry.commit_drop_fn(drop_fn);
return true;
}
false
}
pub(crate) unsafe fn drop_shim<T>(ptr: *mut u8, count: usize) {
let slice = ptr::slice_from_raw_parts_mut(ptr.cast::<T>(), count);
ptr::drop_in_place(slice);
}
#[allow(
clippy::cast_ptr_alignment,
reason = "caller guarantees entries are naturally aligned within the payload; see DropEntry layout"
)]
pub(crate) unsafe fn replay_drops(payload: *mut u8, payload_len: usize, drop_entry_count: usize) {
if drop_entry_count == 0 {
return;
}
let entry_size = mem::size_of::<DropEntry>();
let entry_align = mem::align_of::<DropEntry>();
let aligned_len = payload_len & !(entry_align - 1);
for i in 0..drop_entry_count {
let entry_off = aligned_len - (i + 1) * entry_size;
let entry = &*(payload.add(entry_off).cast::<DropEntry>());
if let Some(shim) = entry.drop_fn() {
let value_off = entry.value_offset() as usize;
let count = entry.len() as usize;
shim(payload.add(value_off), count);
}
}
}
#[cfg(test)]
#[allow(clippy::cast_ptr_alignment, reason = "test buffer is manually aligned")]
mod tests {
use super::*;
#[test]
fn commit_placeholder_drop_fn_returns_false_when_count_is_zero() {
let mut buf = [0u8; 64];
let shim_fn = drop_shim::<u8> as DropFn;
let result = unsafe { commit_placeholder_drop_fn(buf.as_mut_ptr(), buf.len(), 0, 0, 1, shim_fn) };
assert!(!result);
}
#[test]
fn commit_placeholder_drop_fn_skips_non_matching_then_commits_match() {
let entry_size = mem::size_of::<DropEntry>();
let entry_align = mem::align_of::<DropEntry>();
let buf_size = entry_size * 4;
let mut buf = std::vec![0u8; buf_size + entry_align];
let base_addr = buf.as_mut_ptr() as usize;
let aligned_base = (base_addr + entry_align - 1) & !(entry_align - 1);
let payload_offset = aligned_base - base_addr;
let payload_ptr = unsafe { buf.as_mut_ptr().add(payload_offset) };
let payload_len = buf_size;
let aligned_len = payload_len & !(entry_align - 1);
let shim_fn = drop_shim::<u8> as DropFn;
let value_offset: u16 = 0;
let len: u16 = 1;
let top_off = aligned_len - entry_size;
let next_off = aligned_len - 2 * entry_size;
unsafe {
let top_ptr = payload_ptr.add(top_off).cast::<DropEntry>();
ptr::write(top_ptr, DropEntry::placeholder(99, 1));
let next_ptr = payload_ptr.add(next_off).cast::<DropEntry>();
ptr::write(next_ptr, DropEntry::placeholder(value_offset, len));
}
let result = unsafe { commit_placeholder_drop_fn(payload_ptr, payload_len, 2, value_offset as usize, len as usize, shim_fn) };
assert!(result);
let next_ptr = unsafe { payload_ptr.add(next_off).cast::<DropEntry>() };
let installed = unsafe { (*next_ptr).drop_fn() };
assert!(installed.is_some());
}
#[test]
fn raw_used_is_sum_of_field_sizes() {
let expected = mem::size_of::<DropFn>() + mem::size_of::<u16>() + mem::size_of::<u16>();
assert_eq!(raw_used(), expected);
#[cfg(target_pointer_width = "64")]
assert_eq!(raw_used(), 12);
}
#[test]
fn pad_bytes_aligns_to_pad_target() {
let pad = pad_bytes();
let total = raw_used() + pad;
assert_eq!(total % PAD_TARGET, 0, "raw + pad must be multiple of PAD_TARGET");
assert!(pad < PAD_TARGET);
assert_eq!(PAD_BYTES, pad);
}
}