[pointer] Support Box and Arc

gherrit-pr-id: I7fe90063e148d89e2f75b6fa63a960ad8b1dd432

Author: joshlf

src/impls.rs

@@ -648,7 +648,7 @@ unsafe impl<T: TryFromBytes + ?Sized> TryFromBytes for UnsafeCell<T> {
     }
 
     #[inline]
-    fn is_bit_valid<A: invariant::Reference>(candidate: Maybe<'_, Self, A>) -> bool {
+    fn is_bit_valid<A: invariant::ReadFoo>(candidate: Maybe<'_, Self, A>) -> bool {
         // The only way to implement this function is using an exclusive-aliased
         // pointer. `UnsafeCell`s cannot be read via shared-aliased pointers
         // (other than by using `unsafe` code, which we can't use since we can't
@@ -1124,15 +1124,15 @@ mod tests {
 
             pub(super) trait TestIsBitValidShared<T: ?Sized> {
                 #[allow(clippy::needless_lifetimes)]
-                fn test_is_bit_valid_shared<'ptr, A: invariant::Reference>(
+                fn test_is_bit_valid_shared<'ptr, A: invariant::ReadFoo>(
                     &self,
                     candidate: Maybe<'ptr, T, A>,
                 ) -> Option<bool>;
             }
 
             impl<T: TryFromBytes + Immutable + ?Sized> TestIsBitValidShared<T> for AutorefWrapper<T> {
                 #[allow(clippy::needless_lifetimes)]
-                fn test_is_bit_valid_shared<'ptr, A: invariant::Reference>(
+                fn test_is_bit_valid_shared<'ptr, A: invariant::ReadFoo>(
                     &self,
                     candidate: Maybe<'ptr, T, A>,
                 ) -> Option<bool> {
@@ -1222,7 +1222,7 @@ mod tests {
                 #[allow(unused, non_local_definitions)]
                 impl AutorefWrapper<$ty> {
                     #[allow(clippy::needless_lifetimes)]
-                    fn test_is_bit_valid_shared<'ptr, A: invariant::Reference>(
+                    fn test_is_bit_valid_shared<'ptr, A: invariant::ReadFoo>(
                         &mut self,
                         candidate: Maybe<'ptr, $ty, A>,
                     ) -> Option<bool> {

src/lib.rs

@@ -1320,7 +1320,7 @@ pub unsafe trait TryFromBytes {
     /// [`UnsafeCell`]: core::cell::UnsafeCell
     /// [`Shared`]: invariant::Shared
     #[doc(hidden)]
-    fn is_bit_valid<A: invariant::Reference>(candidate: Maybe<'_, Self, A>) -> bool;
+    fn is_bit_valid<A: invariant::ReadFoo>(candidate: Maybe<'_, Self, A>) -> bool;
 
     /// Attempts to interpret the given `source` as a `&Self`.
     ///
@@ -3458,10 +3458,22 @@ pub unsafe trait FromBytes: FromZeros {
     where
         Self: KnownLayout + Immutable,
     {
-        static_assert_dst_is_not_zst!(Self);
-        match Ptr::from_ref(source).try_cast_into_no_leftover::<_, BecauseImmutable>(None) {
-            Ok(ptr) => Ok(ptr.bikeshed_recall_valid().as_ref()),
-            Err(err) => Err(err.map_src(|src| src.as_ref())),
+        Self::from_bytes(source)
+    }
+
+    #[must_use = "has no side effects"]
+    #[inline]
+    fn from_bytes<'a, P: pointer::Pointer<'a, Self>, R>(
+        source: P::To<'a, [u8]>,
+    ) -> Result<P, CastError<P::To<'a, [u8]>, Self>>
+    where
+        Self: 'a + KnownLayout + invariant::Read<P::Aliasing, R>,
+    {
+        match Ptr::<'_, _, (P::Aliasing, _, _)>::from_pointer(source)
+            .try_cast_into_no_leftover::<_, R>(None)
+        {
+            Ok(ptr) => Ok(ptr.bikeshed_recall_valid().into_pointer()),
+            Err(err) => Err(err.map_src(|src| src.into_pointer())),
         }
     }
 
@@ -3694,11 +3706,7 @@ pub unsafe trait FromBytes: FromZeros {
     where
         Self: IntoBytes + KnownLayout,
     {
-        static_assert_dst_is_not_zst!(Self);
-        match Ptr::from_mut(source).try_cast_into_no_leftover::<_, BecauseExclusive>(None) {
-            Ok(ptr) => Ok(ptr.bikeshed_recall_valid().as_mut()),
-            Err(err) => Err(err.map_src(|src| src.as_mut())),
-        }
+        Self::from_bytes(source)
     }
 
     /// Interprets the prefix of the given `source` as a `&mut Self` without

src/pointer/inner.rs

@@ -25,7 +25,8 @@ mod _def {
     /// `Ptr<'a, T>` is [covariant] in `'a` and `T`.
     ///
     /// [covariant]: https://doc.rust-lang.org/reference/subtyping.html
-    pub(crate) struct PtrInner<'a, T>
+    #[allow(missing_debug_implementations)]
+    pub struct PtrInner<'a, T>
     where
         T: ?Sized,
     {

src/pointer/invariant.rs

@@ -13,8 +13,6 @@
 //! Invariants are encoded as ([`Aliasing`], [`Alignment`], [`Validity`])
 //! triples implementing the [`Invariants`] trait.
 
-use super::*;
-
 /// The invariants of a [`Ptr`][super::Ptr].
 pub trait Invariants: Sealed {
     type Aliasing: Aliasing;
@@ -82,6 +80,15 @@ pub trait Aliasing:
     /// Aliasing>::Variance<'a, T>` to inherit this variance.
     #[doc(hidden)]
     type Variance<'a, T: 'a + ?Sized>;
+
+    // #[doc(hidden)]
+    // type Applied<'a, T: 'a + ?Sized>;
+
+    // #[doc(hidden)]
+    // fn into_ptr<'a, T: 'a + ?Sized>(ptr: Self::Applied<'a, T>) -> PtrInner<'a, T>;
+
+    // #[doc(hidden)]
+    // unsafe fn from_ptr<'a, T: 'a + ?Sized>(ptr: PtrInner<'a, T>) -> Self::Applied<'a, T>;
 }
 
 #[doc(hidden)]
@@ -136,14 +143,7 @@ impl<
 ///
 /// Given `A: Reference`, callers may assume that either `A = Shared` or `A =
 /// Exclusive`.
-pub trait Reference: Aliasing + Sealed {
-    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, shared: S, exclusive: E) -> O
-    where
-        T: 'a + ?Sized,
-        I: Invariants<Aliasing = Self>,
-        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
-        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O;
-}
+pub trait Reference: ReadFoo + Sealed {}
 
 /// It is unknown whether any invariant holds.
 pub enum Unknown {}
@@ -171,18 +171,7 @@ impl Aliasing for Shared {
     const IS_EXCLUSIVE: bool = false;
     type Variance<'a, T: 'a + ?Sized> = &'a T;
 }
-impl Reference for Shared {
-    #[inline(always)]
-    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, shared: S, _exclusive: E) -> O
-    where
-        T: 'a + ?Sized,
-        I: Invariants<Aliasing = Shared>,
-        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
-        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O,
-    {
-        shared(ptr.unify_invariants())
-    }
-}
+impl Reference for Shared {}
 
 /// The `Ptr<'a, T>` adheres to the aliasing rules of a `&'a mut T`.
 ///
@@ -197,16 +186,41 @@ impl Aliasing for Exclusive {
     const IS_EXCLUSIVE: bool = true;
     type Variance<'a, T: 'a + ?Sized> = &'a mut T;
 }
-impl Reference for Exclusive {
-    #[inline(always)]
-    fn with<'a, T, I, S, E, O>(ptr: Ptr<'a, T, I>, _shared: S, exclusive: E) -> O
-    where
-        T: 'a + ?Sized,
-        I: Invariants<Aliasing = Exclusive>,
-        S: FnOnce(Ptr<'a, T, I::WithAliasing<Shared>>) -> O,
-        E: FnOnce(Ptr<'a, T, I::WithAliasing<Exclusive>>) -> O,
-    {
-        exclusive(ptr.unify_invariants())
+impl Reference for Exclusive {}
+
+#[cfg(feature = "alloc")]
+pub use _alloc::*;
+#[cfg(feature = "alloc")]
+mod _alloc {
+    use alloc::boxed::Box as Bx;
+
+    use super::*;
+
+    pub enum Box {}
+    impl AliasingInner for Box {
+        // type MappedTo<M: AliasingMapping> = M::FromBox;
+    }
+    impl Aliasing for Box {
+        const IS_EXCLUSIVE: bool = true;
+        type Variance<'a, T: 'a + ?Sized> = Bx<T>;
+    }
+}
+
+#[cfg(feature = "std")]
+pub use _std::*;
+#[cfg(feature = "std")]
+mod _std {
+    use std::sync::Arc as Ac;
+
+    use super::*;
+
+    pub enum Arc {}
+    impl AliasingInner for Arc {
+        // type MappedTo<M: AliasingMapping> = M::FromArc;
+    }
+    impl Aliasing for Arc {
+        const IS_EXCLUSIVE: bool = true;
+        type Variance<'a, T: 'a + ?Sized> = Ac<T>;
     }
 }
 
@@ -261,6 +275,27 @@ impl ValidityInner for Valid {
     type MappedTo<M: ValidityMapping> = M::FromValid;
 }
 
+// Aliasing modes that permit reading at all (ie, everything but Inaccessible).
+pub trait ReadFoo: Aliasing {}
+impl ReadFoo for Shared {}
+impl ReadFoo for Exclusive {}
+#[cfg(feature = "alloc")]
+impl ReadFoo for Box {}
+#[cfg(feature = "std")]
+impl ReadFoo for Arc {}
+
+// Shared, Arc, etc
+pub trait SharedFoo: Aliasing {}
+impl SharedFoo for Shared {}
+#[cfg(feature = "std")]
+impl SharedFoo for Arc {}
+
+// Exclusive, Box, etc
+pub trait ExclusiveFoo: Aliasing {}
+impl ExclusiveFoo for Exclusive {}
+#[cfg(feature = "alloc")]
+impl ExclusiveFoo for Box {}
+
 /// [`Ptr`](crate::Ptr) referents that permit unsynchronized read operations.
 ///
 /// `T: Read<A, R>` implies that a pointer to `T` with aliasing `A` permits
@@ -285,8 +320,7 @@ define_because!(
     #[doc(hidden)]
     pub BecauseExclusive
 );
-// SAFETY: The aliasing parameter is `Exclusive`.
-unsafe impl<T: ?Sized> Read<Exclusive, BecauseExclusive> for T {}
+unsafe impl<A: ExclusiveFoo, T: ?Sized> Read<A, BecauseExclusive> for T {}
 
 define_because!(
     /// Unsynchronized reads are permitted because no live [`Ptr`](crate::Ptr)s
@@ -295,7 +329,7 @@ define_because!(
     pub BecauseImmutable
 );
 // SAFETY: `T: Immutable`.
-unsafe impl<A: Reference, T: ?Sized + crate::Immutable> Read<A, BecauseImmutable> for T {}
+unsafe impl<A: ReadFoo, T: ?Sized + crate::Immutable> Read<A, BecauseImmutable> for T {}
 
 use sealed::Sealed;
 mod sealed {
@@ -308,6 +342,10 @@ mod sealed {
     // impl Sealed for Inaccessible {}
     impl Sealed for Shared {}
     impl Sealed for Exclusive {}
+    #[cfg(feature = "alloc")]
+    impl Sealed for Box {}
+    #[cfg(feature = "std")]
+    impl Sealed for Arc {}
 
     impl Sealed for Aligned {}
 

src/pointer/mod.rs

@@ -61,7 +61,7 @@ where
 impl<'a, T, Aliasing, Alignment> MaybeAligned<'a, T, Aliasing, Alignment>
 where
     T: 'a + ?Sized,
-    Aliasing: invariant::Reference,
+    Aliasing: invariant::ReadFoo,
     Alignment: invariant::Alignment,
 {
     /// Views the value as an aligned reference.
@@ -82,7 +82,96 @@ pub(crate) fn is_zeroed<T, I>(ptr: Ptr<'_, T, I>) -> bool
 where
     T: crate::Immutable + crate::KnownLayout,
     I: invariant::Invariants<Validity = invariant::Initialized>,
-    I::Aliasing: invariant::Reference,
+    I::Aliasing: invariant::ReadFoo,
 {
     ptr.as_bytes::<BecauseImmutable>().as_ref().iter().all(|&byte| byte == 0)
 }
+
+pub use _pointer::*;
+mod _pointer {
+    #[cfg(feature = "alloc")]
+    use alloc::boxed::Box;
+    #[cfg(feature = "std")]
+    use std::sync::Arc;
+
+    use super::{inner::PtrInner, invariant::*};
+
+    pub unsafe trait Pointer<'t, T: ?Sized> {
+        type To<'u, U: 'u + ?Sized>: Pointer<'u, U, Aliasing = Self::Aliasing>;
+
+        #[doc(hidden)]
+        type Aliasing: ReadFoo + Aliasing;
+
+        #[doc(hidden)]
+        fn into_ptr(self) -> PtrInner<'t, T>;
+
+        #[doc(hidden)]
+        unsafe fn from_ptr(ptr: PtrInner<'t, T>) -> Self;
+    }
+
+    unsafe impl<'t, T: ?Sized> Pointer<'t, T> for &'t T {
+        type To<'u, U: 'u + ?Sized> = &'u U;
+
+        type Aliasing = Shared;
+
+        #[inline(always)]
+        fn into_ptr(self) -> PtrInner<'t, T> {
+            PtrInner::from_ref(self)
+        }
+
+        #[inline(always)]
+        unsafe fn from_ptr(ptr: PtrInner<'t, T>) -> Self {
+            unsafe { ptr.as_non_null().as_ref() }
+        }
+    }
+
+    unsafe impl<'t, T: ?Sized> Pointer<'t, T> for &'t mut T {
+        type To<'u, U: 'u + ?Sized> = &'u mut U;
+
+        type Aliasing = Exclusive;
+
+        #[inline(always)]
+        fn into_ptr(self) -> PtrInner<'t, T> {
+            PtrInner::from_ref(self)
+        }
+
+        #[inline(always)]
+        unsafe fn from_ptr(ptr: PtrInner<'t, T>) -> Self {
+            unsafe { ptr.as_non_null().as_mut() }
+        }
+    }
+
+    #[cfg(feature = "alloc")]
+    unsafe impl<'t, T: ?Sized> Pointer<'t, T> for Box<T> {
+        type To<'u, U: 'u + ?Sized> = Box<U>;
+
+        type Aliasing = super::invariant::Box;
+
+        #[inline(always)]
+        fn into_ptr(self) -> PtrInner<'t, T> {
+            PtrInner::from_box(self)
+        }
+
+        #[inline(always)]
+        unsafe fn from_ptr(ptr: PtrInner<'t, T>) -> Box<T> {
+            unsafe { Box::from_raw(ptr.as_non_null().as_ptr()) }
+        }
+    }
+
+    #[cfg(feature = "std")]
+    unsafe impl<'t, T: ?Sized> Pointer<'t, T> for Arc<T> {
+        type To<'u, U: 'u + ?Sized> = Arc<U>;
+
+        type Aliasing = super::invariant::Arc;
+
+        #[inline(always)]
+        fn into_ptr(self) -> PtrInner<'t, T> {
+            PtrInner::from_arc(self)
+        }
+
+        #[inline(always)]
+        unsafe fn from_ptr(ptr: PtrInner<'t, T>) -> Arc<T> {
+            unsafe { Arc::from_raw(ptr.as_non_null().as_ptr()) }
+        }
+    }
+}