1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

//! This module contains trait implementations from the core library for [Deferred].

use core::ops::{Deref, DerefMut, Index, IndexMut};

use crate::{Deferred, Reference, SliceLike, SlicePointerIndex};

// if a reference may be copied, then so may the corresponding [Deferred].
impl<T: Copy + Reference> Copy for Deferred<T> {}

// if a reference may be cloned, then so may the corresponding [Deferred].
impl<T: Clone + Copy + Reference> Clone for Deferred<T> {
    fn clone(&self) -> Self {
        *self
    }
}

// SAFETY: this is safe, because we merely inherit the Sync trait bounds from the Rust reference types.
unsafe impl<T: Sync + Reference> Sync for Deferred<T> {}

// SAFETY: this is safe, because we merely inherit the Send trait bounds from the Rust reference types.
unsafe impl<T: Send + Reference> Send for Deferred<T> {}

impl<T: Reference> Deref for Deferred<T> {
    type Target = T::Target;
    
    fn deref(&self) -> &Self::Target {
        // SAFETY: the pointer is valid, non-null and aligned, so this is safe.
        // SAFETY: the caller is still responsible for not giving out any
        // SAFETY: mutable references to the same place before calling deref(),
        // SAFETY: however, creating such mutable references would have to happen
        // SAFETY: through an `unsafe` block where the caller is responsible for
        // SAFETY: the guarantees that no mutable reference can co-exist when
        // SAFETY: deref() is called! hence, this is again safe.
        unsafe {
            &*self.as_ptr()
        }
    }
}

impl<T: ?Sized> DerefMut for Deferred<&mut T> {
    fn deref_mut(&mut self) -> &mut T {
        // SAFETY: the pointer is valid, non-null and aligned, so this is safe.
        // SAFETY: the caller is still responsible for not giving out any mutable
        // SAFETY: or immutable references to the same place before calling deref_mut(),
        // SAFETY: however, creating such references would have to happen
        // SAFETY: through an `unsafe` block where the caller is responsible for
        // SAFETY: the guarantees that no references can co-exist when
        // SAFETY: deref_mut() is called! hence, this is again safe.
        unsafe {
            &mut *self.as_mut_ptr()
        }
    }
}

impl<T: ?Sized> core::fmt::Pointer for Deferred<&T> {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        <*const T>::fmt(&self.as_ptr(), f)
    }
}
impl<T: ?Sized> core::fmt::Pointer for Deferred<&mut T> {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        <*mut T>::fmt(&self.as_mut_ptr(), f)
    }
}

// requires #![feature(coerce_unsized)]:
// this doesn't work, compiler panicks: error: internal compiler error: compiler/rustc_mir/src/monomorphize/collector.rs:884:22: unexpected unsized tail: [u8; 1024]
// impl<T, const N: usize> CoerceUnsized<Deferred<&[T]>> for Deferred<&[T; N]> {}
// impl<T, const N: usize> CoerceUnsized<Deferred<&[T]>> for Deferred<&mut [T; N]> {}
// impl<T, const N: usize> CoerceUnsized<Deferred<&mut [T]>> for Deferred<&mut [T; N]> {}
// requires additional #![feature(unsize)]:
// impl<T, U> CoerceUnsized<Deferred<U>> for Deferred<T>
// where
//     T: Reference,
//     T::Target: Unsize<U::Target>,
//     U: Reference,
// {}

impl<I, T> Index<I> for Deferred<T>
where
    T: Reference,
    T::Target: SliceLike,
    I: SlicePointerIndex<T::Target>,
{
    type Output = I::Output;

    fn index(&self, index: I) -> &Self::Output {
        // SAFETY: `Deferred` guarantees that the pointer is valid and safe to dereference
        unsafe {
            &*index.index(self.as_ptr())
        }
    }
}

impl<I, T> IndexMut<I> for Deferred<&mut T>
where
    T: SliceLike + ?Sized,
    I: SlicePointerIndex<T>,
{
    fn index_mut(&mut self, index: I) -> &mut Self::Output {
        // SAFETY: `Deferred` guarantees that the pointer is valid and safe to dereference
        unsafe {
            &mut *index.index_mut(self.as_mut_ptr())
        }
    }
}

impl<'a, T: ?Sized> From<Deferred<&'a mut T>> for Deferred<&'a T> {
    fn from(deferred: Deferred<&mut T>) -> Self {
        // SAFETY: downgrading from a (deferred) mutable reference
        // SAFETY: to a (deferred) immutable reference is always safe
        unsafe {
            Deferred::from_raw(deferred.as_ptr())
        }
    }
}

impl<'a, T: ?Sized> From<&'a T> for Deferred<&'a T> {
    fn from(reference: &T) -> Self {
        // SAFETY: an actual immutable reference gives us all the guarantees
        // SAFETY: demanded by the invariant of `Deferred`, so this is safe
        unsafe {
            Deferred::from_raw(reference)
        }
    }
}

impl<'a, T: ?Sized> From<&'a mut T> for Deferred<&'a mut T> {
    fn from(reference: &mut T) -> Self {
        // SAFETY: an actual mutable reference gives us all the guarantees
        // SAFETY: demanded by the invariant of `Deferred`, so this is safe
        unsafe {
            Deferred::from_raw_mut(reference)
        }
    }
}

impl<'a, T, const N: usize> From<Deferred<&'a [T; N]>> for Deferred<&'a [T]> {
    fn from(deferred: Deferred<&[T; N]>) -> Self {
        // SAFETY: we exchange one `Deferred` for another, so this is safe
        unsafe {
            Deferred::from_raw(core::ptr::slice_from_raw_parts(deferred.as_ptr() as *const T, N))
        }
    }
}

impl<'a, T, const N: usize> From<Deferred<&'a mut [T; N]>> for Deferred<&'a mut [T]> {
    fn from(deferred: Deferred<&mut [T; N]>) -> Self {
        // SAFETY: we exchange one `Deferred` for another, so this is safe
        unsafe {
            Deferred::from_raw_mut(core::ptr::slice_from_raw_parts_mut(deferred.as_mut_ptr() as *mut T, N))
        }
    }
}

impl<'a, T, const N: usize> From<Deferred<&'a mut [T; N]>> for Deferred<&'a [T]> {
    fn from(deferred: Deferred<&mut [T; N]>) -> Self {
        // SAFETY: we exchange one `Deferred` for another, so this is safe
        unsafe {
            Deferred::from_raw(core::ptr::slice_from_raw_parts(deferred.as_ptr() as *const T, N))
        }
    }
}

#[cfg(test)]
mod tests {
    use crate::{Defer, DeferMut, Deferred};
    use core::cell::UnsafeCell;

    /// tests for `Index` and `IndexMut` traits
    mod index {
        use super::*;

        #[test]
        fn array() {
            let mut buffer = [0u8; 1024];
            let deferred = Deferred::from(&mut buffer);
            assert_eq!(1024, (&deferred[..]).len());
            // canary triggers miri if something is wrong with the Index trait implementation
            let canary = unsafe { &mut deferred.clone_unchecked()[1000] };
            assert_eq!(23, (&deferred[1001..]).len());
            assert_eq!(&0, &deferred[0]);
            assert_eq!(5, (&deferred[5..10]).len());
            assert_eq!(10, (&deferred[..10]).len());
            assert_eq!(11, (&deferred[..=10]).len());
            assert_eq!(6, (&deferred[5..=10]).len());
            assert_eq!(0, (&deferred[0..0]).len());
            assert_eq!(1, (&deferred[0..1]).len());
            assert_eq!(&mut 0, canary);
        }
        #[test]
        fn array_mut() {
            let mut buffer = [0u8; 1024];
            let mut deferred = Deferred::from(&mut buffer);
            assert_eq!(1024, (&mut deferred[..]).len());
            // canary triggers miri if something is wrong with the IndexMut trait implementation
            let canary = unsafe { &mut deferred.clone_unchecked()[1000] };
            assert_eq!(23, (&mut deferred[1001..]).len());
            assert_eq!(&mut 0, &mut deferred[0]);
            assert_eq!(5, (&mut deferred[5..10]).len());
            assert_eq!(10, (&mut deferred[..10]).len());
            assert_eq!(11, (&mut deferred[..=10]).len());
            assert_eq!(6, (&mut deferred[5..=10]).len());
            assert_eq!(0, (&mut deferred[0..0]).len());
            assert_eq!(1, (&mut deferred[0..1]).len());
            assert_eq!(&mut 0, canary);
        }
        #[test]
        fn slice() {
            let mut buffer = [0u8; 1024];
            let deferred = Deferred::from(&mut buffer[..]);
            let _x = &deferred[..];
            // canary triggers miri if something is wrong with the Index trait implementation
            // this triggers miri on stable rust for now, until the `slice_ptr_len` feature lands.
            // see <https://github.com/rust-lang/rust/issues/71146>.
            #[cfg(feature = "slice_ptr_len")]
            let canary = unsafe { &mut deferred.clone_unchecked()[1000] };
            assert_eq!(23, (&deferred[1001..]).len());
            assert_eq!(&0, &deferred[0]);
            assert_eq!(5, (&deferred[5..10]).len());
            assert_eq!(10, (&deferred[..10]).len());
            assert_eq!(11, (&deferred[..=10]).len());
            assert_eq!(6, (&deferred[5..=10]).len());
            assert_eq!(0, (&deferred[0..0]).len());
            assert_eq!(1, (&deferred[0..1]).len());
            #[cfg(feature = "slice_ptr_len")]
            assert_eq!(&mut 0, canary);
        }
        #[test]
        fn slice_mut() {
            let mut buffer = [0u8; 1024];
            let mut deferred = Deferred::from(&mut buffer[..]);
            let _x = &mut deferred[..];
            // canary triggers miri if something is wrong with the IndexMut trait implementation
            // this triggers miri on stable rust for now, until the `slice_ptr_len` feature lands.
            // see <https://github.com/rust-lang/rust/issues/71146>.
            #[cfg(feature = "slice_ptr_len")]
            let canary = unsafe { &mut deferred.clone_unchecked()[1000] };
            assert_eq!(23, (&mut deferred[1001..]).len());
            assert_eq!(&mut 0, &mut deferred[0]);
            assert_eq!(5, (&mut deferred[5..10]).len());
            assert_eq!(10, (&mut deferred[..10]).len());
            assert_eq!(11, (&mut deferred[..=10]).len());
            assert_eq!(6, (&mut deferred[5..=10]).len());
            assert_eq!(0, (&mut deferred[0..0]).len());
            assert_eq!(1, (&mut deferred[0..1]).len());
            #[cfg(feature = "slice_ptr_len")]
            assert_eq!(&mut 0, canary);
        }
    }

    /// tests for the `From` trait
    mod from  {
        use super::*;
        #[test]
        fn from_ref() {
            let buffer = [0u8; 1024];
            let _deferred = Deferred::from(&buffer);
            let _deferred: Deferred<&[u8]> = Deferred::from(&buffer[..]);
        }
        #[test]
        fn from_mut() {
            let mut buffer = [0u8; 1024];
            let _deferred = Deferred::from(&mut buffer);
            let _deferred: Deferred<&mut [u8]> = Deferred::from(&mut buffer[..]);
        }
        #[test]
        fn ref_array_to_slice() {
            let buffer = UnsafeCell::new([0u8; 1024]);
            let deferred = buffer.defer();
            let _deferred_slice: Deferred<&[u8]> = deferred.into();
            let _deferred_slice: Deferred<&[u8]> = Deferred::from(deferred);
        }
        #[test]
        fn mut_array_to_slice() {
            let buffer = UnsafeCell::new([0u8; 1024]);
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&mut [u8]> = deferred.into();
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&mut [u8]> = Deferred::from(deferred);
        }
        #[test]
        fn mut_array_to_ref_slice() {
            let buffer = UnsafeCell::new([0u8; 1024]);
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&[u8]> = deferred.into();
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&[u8]> = Deferred::from(deferred);
        }
        #[test]
        fn mut_to_ref() {
            let buffer = UnsafeCell::new([0u8; 1024]);
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&[u8; 1024]> = deferred.into();
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_slice: Deferred<&[u8; 1024]> = Deferred::from(deferred);
            let buffer = UnsafeCell::new(1u32);
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_u32: Deferred<&u32> = deferred.into();
            let deferred = unsafe { buffer.defer_mut() };
            let _deferred_u32: Deferred<&u32> = Deferred::from(deferred);
        }
    }
}