infinity_pool/handles/

blind_local_mut.rs

use std::any::type_name;
use std::borrow::{Borrow, BorrowMut};
use std::cell::RefCell;
use std::ops::{Deref, DerefMut};
use std::pin::Pin;
use std::ptr::NonNull;
use std::{fmt, mem, ptr};

use crate::{LayoutKey, LocalBlindPoolCore, LocalBlindPooled, RawPooledMut};

/// A unique single-threaded reference-counting handle for a pooled object.
#[doc = include_str!("../../doc/snippets/ref_counted_handle_implications.md")]
#[doc = include_str!("../../doc/snippets/unique_handle_implications.md")]
///
/// # Thread safety
///
/// This type is single-threaded.
pub struct LocalBlindPooledMut<T: ?Sized> {
    inner: RawPooledMut<T>,
    key: LayoutKey,

    // This gives us our thread-safety characteristics (single-threaded),
    // overriding those of `RawPooledMut<T>`. This is expected because we align
    // with the stricter constraints of the pool itself, even if the underlying
    // slab storage allows for more flexibility.
    core: LocalBlindPoolCore,
}

impl<T: ?Sized> LocalBlindPooledMut<T> {
    #[must_use]
    pub(crate) fn new(inner: RawPooledMut<T>, key: LayoutKey, core: LocalBlindPoolCore) -> Self {
        Self { inner, key, core }
    }

    #[doc = include_str!("../../doc/snippets/handle_ptr.md")]
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    pub fn ptr(&self) -> NonNull<T> {
        self.inner.ptr()
    }

    #[doc = include_str!("../../doc/snippets/handle_into_shared.md")]
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    pub fn into_shared(self) -> LocalBlindPooled<T> {
        let (inner, layout, core) = self.into_parts();

        LocalBlindPooled::new(inner, layout, core)
    }

    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    fn into_parts(self) -> (RawPooledMut<T>, LayoutKey, LocalBlindPoolCore) {
        // We transfer these fields to the caller, so we do not want the current handle
        // to be dropped. Hence we perform raw reads to extract the fields directly.

        // SAFETY: The target is valid for reads.
        let inner = unsafe { ptr::read(&raw const self.inner) };
        // SAFETY: The target is valid for reads.
        let key = unsafe { ptr::read(&raw const self.key) };
        // SAFETY: The target is valid for reads.
        let core = unsafe { ptr::read(&raw const self.core) };

        // We are just "destructuring with Drop" here.
        mem::forget(self);

        (inner, key, core)
    }

    #[doc = include_str!("../../doc/snippets/ref_counted_as_pin.md")]
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    pub fn as_pin(&self) -> Pin<&T> {
        // SAFETY: LocalBlindPooled items are always pinned.
        unsafe { Pin::new_unchecked(self) }
    }

    #[doc = include_str!("../../doc/snippets/ref_counted_as_pin_mut.md")]
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    pub fn as_pin_mut(&mut self) -> Pin<&mut T> {
        // SAFETY: This is a unique handle, so we guarantee borrow safety
        // of the target object by borrowing the handle itself.
        let as_mut = unsafe { self.ptr().as_mut() };

        // SAFETY: LocalBlindPooled items are always pinned.
        unsafe { Pin::new_unchecked(as_mut) }
    }

    /// Casts this handle to reference the target as a trait object.
    ///
    /// This method is only intended for use by the [`define_pooled_dyn_cast!`] macro
    /// for type-safe casting operations.
    ///
    /// # Safety
    ///
    /// The caller must guarantee that the provided closure's input and output references
    /// point to the same object.
    #[doc(hidden)]
    #[must_use]
    #[inline]
    pub unsafe fn __private_cast_dyn_with_fn<U: ?Sized, F>(
        self,
        cast_fn: F,
    ) -> LocalBlindPooledMut<U>
    where
        F: FnOnce(&mut T) -> &mut U,
    {
        let (inner, key, core) = self.into_parts();

        // SAFETY: Forwarding callback safety guarantees from the caller.
        // We are an exclusive handle, so we always have the right to create
        // exclusive references to the target of the handle, satisfying that requirement.
        let new_inner = unsafe { inner.__private_cast_dyn_with_fn(cast_fn) };

        LocalBlindPooledMut {
            inner: new_inner,
            key,
            core,
        }
    }

    /// Erase the type information from this handle, converting it to `LocalBlindPooledMut<()>`.
    ///
    /// This is useful for extending the lifetime of an object in the pool without retaining
    /// type information. The type-erased handle prevents access to the object but ensures
    /// it remains in the pool.
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // All mutations unviable - save some time.
    pub fn erase(self) -> LocalBlindPooledMut<()> {
        let (inner, key, core) = self.into_parts();

        // SAFETY: This handle is single-threaded, no cross-thread access even if `T: Send`.
        let slab_handle_erased = unsafe { inner.slab_handle().erase() };

        let inner_erased = RawPooledMut::new(inner.slab_index(), slab_handle_erased);

        LocalBlindPooledMut {
            inner: inner_erased,
            key,
            core,
        }
    }
}

impl<T> LocalBlindPooledMut<T>
where
    T: Unpin,
{
    #[doc = include_str!("../../doc/snippets/ref_counted_into_inner.md")]
    #[must_use]
    #[inline]
    #[cfg_attr(test, mutants::skip)] // cargo-mutants tries many unviable mutations, wasting precious build minutes.
    pub fn into_inner(self) -> T {
        let (inner, key, core) = self.into_parts();

        let mut core = RefCell::borrow_mut(&core);

        let pool = core
            .get_mut(&key)
            .expect("if the handle still exists, the inner pool must still exist");

        // SAFETY: We are a managed unique handle, so we are the only one who is allowed to remove
        // the object from the pool - as long as we exist, the object exists in the pool. We keep
        // the pool alive for as long as any handle to it exists, so the pool must still exist.
        unsafe { pool.remove_unpin(inner) }
    }
}

#[cfg_attr(coverage_nightly, coverage(off))] // No API contract to test.
impl<T: ?Sized> fmt::Debug for LocalBlindPooledMut<T> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct(type_name::<Self>())
            .field("inner", &self.inner)
            .field("key", &self.key)
            .field("core", &self.core)
            .finish()
    }
}

impl<T: ?Sized> Deref for LocalBlindPooledMut<T> {
    type Target = T;

    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn deref(&self) -> &Self::Target {
        // SAFETY: This is a unique handle, so we guarantee borrow safety
        // of the target object by borrowing the handle itself.
        // We guarantee liveness by being a reference counted handle.
        unsafe { self.ptr().as_ref() }
    }
}

impl<T> DerefMut for LocalBlindPooledMut<T>
where
    T: ?Sized + Unpin,
{
    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn deref_mut(&mut self) -> &mut Self::Target {
        // SAFETY: This is a unique handle, so we guarantee borrow safety
        // of the target object by borrowing the handle itself.
        // We guarantee liveness by being a reference counted handle.
        unsafe { self.ptr().as_mut() }
    }
}

impl<T: ?Sized> Borrow<T> for LocalBlindPooledMut<T> {
    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn borrow(&self) -> &T {
        self
    }
}

impl<T> BorrowMut<T> for LocalBlindPooledMut<T>
where
    T: ?Sized + Unpin,
{
    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn borrow_mut(&mut self) -> &mut T {
        self
    }
}

impl<T: ?Sized> AsRef<T> for LocalBlindPooledMut<T> {
    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn as_ref(&self) -> &T {
        self
    }
}

impl<T> AsMut<T> for LocalBlindPooledMut<T>
where
    T: ?Sized + Unpin,
{
    #[inline]
    #[cfg_attr(test, mutants::skip)] // Cargo-mutants does not understand this signature - every mutation is unviable waste of time.
    fn as_mut(&mut self) -> &mut T {
        self
    }
}

impl<T: ?Sized> Drop for LocalBlindPooledMut<T> {
    fn drop(&mut self) {
        // While `RawLocalBlindPooledMut` is technically not Copy, we use our insider knowledge
        // that actually it is in reality just a fat pointer, so we can actually copy it.
        // The only reason it is not Copy is to ensure uniqueness, which we do not care
        // about here because the copy in `self` is going away. We just do not want to
        // insert an Option that we have to check in every method.
        //
        // SAFETY: The target is valid for reads.
        let inner = unsafe { ptr::read(&raw const self.inner) };

        let mut core = RefCell::borrow_mut(&self.core);

        let pool = core
            .get_mut(&self.key)
            .expect("if the handle still exists, the inner pool must still exist");

        // SAFETY: We are a managed unique handle, so we are the only one who is allowed to remove
        // the object from the pool - as long as we exist, the object exists in the pool. We keep
        // the pool alive for as long as any handle to it exists, so the pool must still exist.
        unsafe {
            pool.remove(inner);
        }
    }
}

#[cfg(test)]
#[cfg_attr(coverage_nightly, coverage(off))]
mod tests {
    use std::borrow::{Borrow, BorrowMut};

    use static_assertions::assert_not_impl_any;

    use super::*;
    use crate::{LocalBlindPool, NotSendNotSync, NotSendSync, SendAndSync, SendNotSync};

    assert_not_impl_any!(LocalBlindPooledMut<SendAndSync>: Send, Sync);
    assert_not_impl_any!(LocalBlindPooledMut<SendNotSync>: Send, Sync);
    assert_not_impl_any!(LocalBlindPooledMut<NotSendNotSync>: Send, Sync);
    assert_not_impl_any!(LocalBlindPooledMut<NotSendSync>: Send, Sync);

    // This is a unique handle, must not be cloneable/copyable.
    assert_not_impl_any!(LocalBlindPooledMut<SendAndSync>: Clone, Copy);

    // We expect no destructor because we treat it as `Copy` in our own Drop::drop().
    assert_not_impl_any!(RawPooledMut<()>: Drop);

    #[test]
    fn as_pin_returns_pinned_reference() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let pinned = handle.as_pin();
        assert_eq!(*pinned.get_ref(), 42);
    }

    #[test]
    fn as_pin_mut_returns_pinned_mutable_reference() {
        let pool = LocalBlindPool::new();
        let mut handle = pool.insert(42_u32);

        *handle.as_pin_mut().get_mut() = 99;
        assert_eq!(*handle, 99);
    }

    #[test]
    fn deref_returns_reference_to_value() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        assert_eq!(*handle, 42);
    }

    #[test]
    fn deref_mut_allows_mutation() {
        let pool = LocalBlindPool::new();
        let mut handle = pool.insert(42_u32);

        *handle = 99;
        assert_eq!(*handle, 99);
    }

    #[test]
    fn borrow_returns_reference() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let borrowed: &u32 = handle.borrow();
        assert_eq!(*borrowed, 42);
    }

    #[test]
    fn borrow_mut_returns_mutable_reference() {
        let pool = LocalBlindPool::new();
        let mut handle = pool.insert(42_u32);

        let borrowed: &mut u32 = handle.borrow_mut();
        *borrowed = 99;
        assert_eq!(*handle, 99);
    }

    #[test]
    fn as_ref_returns_reference() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let reference: &u32 = handle.as_ref();
        assert_eq!(*reference, 42);
    }

    #[test]
    fn as_mut_returns_mutable_reference() {
        let pool = LocalBlindPool::new();
        let mut handle = pool.insert(42_u32);

        let reference: &mut u32 = handle.as_mut();
        *reference = 99;
        assert_eq!(*handle, 99);
    }

    #[test]
    fn erase_extends_lifetime() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let erased = handle.erase();

        assert_eq!(pool.len(), 1);

        drop(erased);
        assert_eq!(pool.len(), 0);
    }

    #[test]
    fn into_inner_returns_value() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let value = handle.into_inner();
        assert_eq!(value, 42);
        assert_eq!(pool.len(), 0);
    }

    #[test]
    fn into_shared_converts_to_shared_handle() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let shared = handle.into_shared();
        assert_eq!(*shared, 42);
        assert_eq!(pool.len(), 1);
    }

    #[test]
    fn from_converts_mut_to_shared() {
        let pool = LocalBlindPool::new();
        let handle = pool.insert(42_u32);

        let shared: LocalBlindPooled<u32> = LocalBlindPooled::from(handle);
        assert_eq!(*shared, 42);
        assert_eq!(pool.len(), 1);
    }
}