mut_guard 0.1.0

Run a function after some data was mutably borrowed
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357

//! # MutGuard
//!
//! this library allows you to call a function after
//! some data has been mutably borrowed.
//!
//! *Note*: that function will be called from a `Drop` handler
//!
//! ## Use cases
//!
//! ### Invariant checks
//!
//! It can be used to enforce invariant: every time a `&mut` is obtained,
//! be it from the element's method definition, or from external code
//! accessing public members directly, the invariant check will run and
//! verify the data is correct.
//!
//! ```rust,should_panic
//! extern crate mut_guard;
//! use mut_guard::*;
//!
//! #[derive(Debug)]
//! struct LessThan20(pub u8);
//!
//! impl Guard for LessThan20 {
//!   fn finish(&mut self) {
//!     assert!(self.0 <= 20, "invariant failed, internal value is too large: {}", self.0);
//!   }
//! }
//!
//! fn main() {
//!   let mut val = MutGuard::new(LessThan20(0));
//!
//!   //"val: 0"
//!   println!("val: {:?}", *val);
//!
//!   // this would fail because MutGuard does not implement DerefMut directly
//!   //val.0 = 10;
//!
//!   // use the guard() method to get a `&mut LessThan20`
//!   val.guard().0 = 10;
//!
//!   //"val: 10"
//!   println!("val: {:?}", *val);
//!
//!   // once the value returned by guard() is dropped, the invariant will be checked
//!   // This code will panic with the following message:
//!   // 'invariant failed, internal value is too large: 30'
//!   val.guard().0 = 30;
//! }
//! ```
//!
//! ### Logging
//!
//! Since the guard will be called every time there's a mutable access, we can log the changes
//! there:
//!
//! ```rust
//! # extern crate mut_guard;
//! # use mut_guard::*;
//! #
//! # fn main() {
//!   let v = Vec::new();
//!
//!   // the wrap methods allows us to Specifiesy a closure instead of manually
//!   // implementing Guard
//!   let mut iv = MutGuard::wrap(v, |ref mut vec| {
//!     println!("vector content is now {:?}", vec);
//!   });
//!
//!   iv.guard().push(1);
//!   // prints "vector content is now [1]"
//!
//!   iv.guard().push(2);
//!   // prints "vector content is now [1, 2]"
//!
//!   iv.guard().push(3);
//!   // prints "vector content is now [1, 2, 3]"
//! # }
//! ```
//!
//! ### Serialization
//!
//! The guard function could be used to store the element to a file after every change
//!
//! ```rust
//! #[macro_use]
//! extern crate serde_derive;
//! extern crate mut_guard;
//! extern crate serde;
//! extern crate serde_json;
//!
//! use mut_guard::*;
//! use std::fs::File;
//!
//! #[derive(Serialize, Debug)]
//! struct Data {
//!     pub a: u32,
//!     pub s: String,
//!     pub v: Vec<u32>,
//! }
//!
//! impl Guard for Data {
//!     fn finish(&mut self) {
//!         File::create("data.json")
//!             .map_err(|e| {
//!                 println!("could not create data file");
//!             })
//!             .and_then(|mut f| {
//!                 serde_json::to_writer(f, self).map_err(|e| {
//!                     println!("could not serialize data: {:?}", e);
//!                 })
//!             });
//!     }
//! }
//!
//! fn main() {
//!     let mut data = MutGuard::new(Data {
//!         a: 0,
//!         s: "hello".to_string(),
//!         v: vec![1, 2],
//!     });
//!
//!     data.guard().s = "Hello world".to_string();
//!     // data.json was created and now contains:
//!     // {"a":0,"s":"Hello world","v":[1,2]}
//! }
//! ```
//!
use std::ops::{Deref, DerefMut, Drop};

/// stores an inner element that must implement the `Guard` trait,
/// and forbids mutable borrows except going through its `guard()` method.
pub struct MutGuard<T> {
    inner: T,
}

impl<T> Deref for MutGuard<T> {
    type Target = T;

    fn deref(&self) -> &T {
        &self.inner
    }
}

/// Specifies a method that will be called after every time an element
/// protected by a `Mutguard` will be mutably borrowed
pub trait Guard {
    fn finish(&mut self);
}

impl<T: Guard> MutGuard<T> {
    pub fn new(inner: T) -> MutGuard<T> {
        MutGuard { inner }
    }

    /// call this method to get mutable access to the underlying element
    pub fn guard(&mut self) -> MutGuardBorrow<T> {
        MutGuardBorrow { inner: self }
    }

    /// returns the wrapped element, consuming the MutGuard
    pub fn into_inner(self) -> T {
        self.inner
    }
}

impl<'a, T> MutGuard<MutGuardWrapper<'a, T>> {
    /// This method automatically generates a `Guard` implementation that will
    /// call `f` after every time the inner element is mutably borrowed
    pub fn wrap<F>(inner: T, f: F) -> MutGuard<MutGuardWrapper<'a, T>>
    where
        F: 'a + for<'r> FnMut(&'r mut T),
    {
        let wrapper = MutGuardWrapper {
            inner,
            f: Box::new(f),
        };
        MutGuard::new(wrapper)
    }
}

/// Structure returned by the `MutGuard::guard()`. when this is dropped, it
/// will call the `Guard::finish()` method of the wrapped element
pub struct MutGuardBorrow<'a, T: 'a + Guard> {
    inner: &'a mut MutGuard<T>,
}

impl<'a, T: Guard> Deref for MutGuardBorrow<'a, T> {
    type Target = T;

    fn deref(&self) -> &T {
        &self.inner.inner
    }
}

impl<'a, T: Guard> DerefMut for MutGuardBorrow<'a, T> {
    fn deref_mut(&mut self) -> &mut T {
        &mut self.inner.inner
    }
}

impl<'a, T: Guard> Drop for MutGuardBorrow<'a, T> {
    fn drop(&mut self) {
        self.inner.inner.finish();
    }
}

/// `Guard` implementation returned by `MutGuard::wrap()`
pub struct MutGuardWrapper<'a, T> {
    inner: T,
    f: Box<'a + FnMut(&mut T)>,
}

impl<'a, T: 'a> MutGuardWrapper<'a, T> {
    pub fn new<F>(inner: T, f: F) -> MutGuardWrapper<'a, T>
    where
        F: 'a + for<'r> FnMut(&'r mut T),
    {
        MutGuardWrapper {
            inner,
            f: Box::new(f),
        }
    }
}

impl<'a, T> Guard for MutGuardWrapper<'a, T> {
    fn finish(&mut self) {
        (self.f)(&mut self.inner);
    }
}

impl<'a, T> Deref for MutGuardWrapper<'a, T> {
    type Target = T;

    fn deref(&self) -> &T {
        &self.inner
    }
}

impl<'a, T> DerefMut for MutGuardWrapper<'a, T> {
    fn deref_mut(&mut self) -> &mut T {
        &mut self.inner
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[derive(Debug)]
    struct Bank {
        accounts: Vec<i32>,
    }

    impl Bank {
        pub fn new(accounts: Vec<i32>) -> Bank {
            Bank { accounts }
        }

        pub fn transfer(&mut self, account1: usize, account2: usize, amount: i32) {
            self.accounts[account1] -= amount;
            self.accounts[account2] += amount;
        }
    }

    impl Guard for Bank {
        fn finish(&mut self) {
            assert!(
                self.accounts.iter().any(|v| *v < 0),
                "accounts should not become negative"
            );
        }
    }

    #[test]
    #[should_panic(expected = "accounts should not become negative")]
    fn invariant_bank() {
        let mut ibank = MutGuard::new(Bank::new(vec![10, 0, 20, 50]));

        println!("bank: {:?}", *ibank);

        {
            ibank.guard().transfer(0, 1, 5);
            println!("bank: {:?}", *ibank);

            ibank.guard().transfer(2, 3, 30);
            println!("bank: {:?}", *ibank);
        }
    }

    #[test]
    fn bank() {
        let mut bank = Bank::new(vec![10, 0, 20, 50]);
        println!("bank: {:?}", bank);

        bank.transfer(0, 1, 5);
        println!("bank: {:?}", bank);

        bank.transfer(2, 3, 30);
        // now accounts are [5, 5, -10, 80]
        println!("bank: {:?}", bank);
    }

    #[test]
    fn count_access() {
        let mut counter = 0;
        let v = Vec::new();

        {
            let mut iv = MutGuard::wrap(v, |_| counter += 1);

            iv.guard().push(1);
            iv.guard().push(2);
            iv.guard().push(3);
            assert_eq!(iv[0], 1);
            assert_eq!(iv[1], 2);
            assert_eq!(iv[2], 3);
        }

        assert_eq!(counter, 3);
    }

    #[test]
    #[should_panic]
    fn less_than() {
        #[derive(Debug)]
        struct LessThan20(pub u8);

        impl Guard for LessThan20 {
            fn finish(&mut self) {
                assert!(
                    self.0 <= 20,
                    "invariant failed, internal value is too large: {}",
                    self.0
                );
            }
        }

        let mut val = MutGuard::new(LessThan20(0));

        //"val: 0"
        println!("val: {:?}", *val);

        // this would fail because MutGuard does not implement DerefMut directly
        //val.0 = 10;

        // use the guard() method to get a `&mut LessThan20`
        val.guard().0 = 10;

        //"val: 10"
        println!("val: {:?}", *val);

        // once the value returned by guard() is dropped, the invariant will be checked
        // we get the message "panicked at 'invariant failed, internal value is too large: 30'"
        val.guard().0 = 30;
    }
}