1c8cfa8d0SDanilo Krummrich // SPDX-License-Identifier: GPL-2.0 2c8cfa8d0SDanilo Krummrich 3c8cfa8d0SDanilo Krummrich //! Implementation of [`Box`]. 4c8cfa8d0SDanilo Krummrich 5c8cfa8d0SDanilo Krummrich #[allow(unused_imports)] // Used in doc comments. 6c8cfa8d0SDanilo Krummrich use super::allocator::{KVmalloc, Kmalloc, Vmalloc}; 7c8cfa8d0SDanilo Krummrich use super::{AllocError, Allocator, Flags}; 8c8cfa8d0SDanilo Krummrich use core::alloc::Layout; 9c8cfa8d0SDanilo Krummrich use core::fmt; 10c8cfa8d0SDanilo Krummrich use core::marker::PhantomData; 11c8cfa8d0SDanilo Krummrich use core::mem::ManuallyDrop; 12c8cfa8d0SDanilo Krummrich use core::mem::MaybeUninit; 13c8cfa8d0SDanilo Krummrich use core::ops::{Deref, DerefMut}; 14c8cfa8d0SDanilo Krummrich use core::pin::Pin; 15c8cfa8d0SDanilo Krummrich use core::ptr::NonNull; 16c8cfa8d0SDanilo Krummrich use core::result::Result; 17c8cfa8d0SDanilo Krummrich 18c8cfa8d0SDanilo Krummrich use crate::init::InPlaceInit; 19c8cfa8d0SDanilo Krummrich use crate::types::ForeignOwnable; 20c8cfa8d0SDanilo Krummrich use pin_init::{InPlaceWrite, Init, PinInit, ZeroableOption}; 21c8cfa8d0SDanilo Krummrich 22c8cfa8d0SDanilo Krummrich /// The kernel's [`Box`] type -- a heap allocation for a single value of type `T`. 23c8cfa8d0SDanilo Krummrich /// 24c8cfa8d0SDanilo Krummrich /// This is the kernel's version of the Rust stdlib's `Box`. There are several differences, 25c8cfa8d0SDanilo Krummrich /// for example no `noalias` attribute is emitted and partially moving out of a `Box` is not 26c8cfa8d0SDanilo Krummrich /// supported. There are also several API differences, e.g. `Box` always requires an [`Allocator`] 27c8cfa8d0SDanilo Krummrich /// implementation to be passed as generic, page [`Flags`] when allocating memory and all functions 28c8cfa8d0SDanilo Krummrich /// that may allocate memory are fallible. 29c8cfa8d0SDanilo Krummrich /// 30c8cfa8d0SDanilo Krummrich /// `Box` works with any of the kernel's allocators, e.g. [`Kmalloc`], [`Vmalloc`] or [`KVmalloc`]. 31c8cfa8d0SDanilo Krummrich /// There are aliases for `Box` with these allocators ([`KBox`], [`VBox`], [`KVBox`]). 32c8cfa8d0SDanilo Krummrich /// 33c8cfa8d0SDanilo Krummrich /// When dropping a [`Box`], the value is also dropped and the heap memory is automatically freed. 34c8cfa8d0SDanilo Krummrich /// 35c8cfa8d0SDanilo Krummrich /// # Examples 36c8cfa8d0SDanilo Krummrich /// 37c8cfa8d0SDanilo Krummrich /// ``` 38c8cfa8d0SDanilo Krummrich /// let b = KBox::<u64>::new(24_u64, GFP_KERNEL)?; 39c8cfa8d0SDanilo Krummrich /// 40c8cfa8d0SDanilo Krummrich /// assert_eq!(*b, 24_u64); 41c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 42c8cfa8d0SDanilo Krummrich /// ``` 43c8cfa8d0SDanilo Krummrich /// 44c8cfa8d0SDanilo Krummrich /// ``` 45c8cfa8d0SDanilo Krummrich /// # use kernel::bindings; 46c8cfa8d0SDanilo Krummrich /// const SIZE: usize = bindings::KMALLOC_MAX_SIZE as usize + 1; 47c8cfa8d0SDanilo Krummrich /// struct Huge([u8; SIZE]); 48c8cfa8d0SDanilo Krummrich /// 49c8cfa8d0SDanilo Krummrich /// assert!(KBox::<Huge>::new_uninit(GFP_KERNEL | __GFP_NOWARN).is_err()); 50c8cfa8d0SDanilo Krummrich /// ``` 51c8cfa8d0SDanilo Krummrich /// 52c8cfa8d0SDanilo Krummrich /// ``` 53c8cfa8d0SDanilo Krummrich /// # use kernel::bindings; 54c8cfa8d0SDanilo Krummrich /// const SIZE: usize = bindings::KMALLOC_MAX_SIZE as usize + 1; 55c8cfa8d0SDanilo Krummrich /// struct Huge([u8; SIZE]); 56c8cfa8d0SDanilo Krummrich /// 57c8cfa8d0SDanilo Krummrich /// assert!(KVBox::<Huge>::new_uninit(GFP_KERNEL).is_ok()); 58c8cfa8d0SDanilo Krummrich /// ``` 59c8cfa8d0SDanilo Krummrich /// 60c8cfa8d0SDanilo Krummrich /// # Invariants 61c8cfa8d0SDanilo Krummrich /// 62c8cfa8d0SDanilo Krummrich /// `self.0` is always properly aligned and either points to memory allocated with `A` or, for 63c8cfa8d0SDanilo Krummrich /// zero-sized types, is a dangling, well aligned pointer. 64c8cfa8d0SDanilo Krummrich #[repr(transparent)] 65c8cfa8d0SDanilo Krummrich pub struct Box<T: ?Sized, A: Allocator>(NonNull<T>, PhantomData<A>); 66c8cfa8d0SDanilo Krummrich 67c8cfa8d0SDanilo Krummrich /// Type alias for [`Box`] with a [`Kmalloc`] allocator. 68c8cfa8d0SDanilo Krummrich /// 69c8cfa8d0SDanilo Krummrich /// # Examples 70c8cfa8d0SDanilo Krummrich /// 71c8cfa8d0SDanilo Krummrich /// ``` 72c8cfa8d0SDanilo Krummrich /// let b = KBox::new(24_u64, GFP_KERNEL)?; 73c8cfa8d0SDanilo Krummrich /// 74c8cfa8d0SDanilo Krummrich /// assert_eq!(*b, 24_u64); 75c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 76c8cfa8d0SDanilo Krummrich /// ``` 77c8cfa8d0SDanilo Krummrich pub type KBox<T> = Box<T, super::allocator::Kmalloc>; 78c8cfa8d0SDanilo Krummrich 79c8cfa8d0SDanilo Krummrich /// Type alias for [`Box`] with a [`Vmalloc`] allocator. 80c8cfa8d0SDanilo Krummrich /// 81c8cfa8d0SDanilo Krummrich /// # Examples 82c8cfa8d0SDanilo Krummrich /// 83c8cfa8d0SDanilo Krummrich /// ``` 84c8cfa8d0SDanilo Krummrich /// let b = VBox::new(24_u64, GFP_KERNEL)?; 85c8cfa8d0SDanilo Krummrich /// 86c8cfa8d0SDanilo Krummrich /// assert_eq!(*b, 24_u64); 87c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 88c8cfa8d0SDanilo Krummrich /// ``` 89c8cfa8d0SDanilo Krummrich pub type VBox<T> = Box<T, super::allocator::Vmalloc>; 90c8cfa8d0SDanilo Krummrich 91c8cfa8d0SDanilo Krummrich /// Type alias for [`Box`] with a [`KVmalloc`] allocator. 92c8cfa8d0SDanilo Krummrich /// 93c8cfa8d0SDanilo Krummrich /// # Examples 94c8cfa8d0SDanilo Krummrich /// 95c8cfa8d0SDanilo Krummrich /// ``` 96c8cfa8d0SDanilo Krummrich /// let b = KVBox::new(24_u64, GFP_KERNEL)?; 97c8cfa8d0SDanilo Krummrich /// 98c8cfa8d0SDanilo Krummrich /// assert_eq!(*b, 24_u64); 99c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 100c8cfa8d0SDanilo Krummrich /// ``` 101c8cfa8d0SDanilo Krummrich pub type KVBox<T> = Box<T, super::allocator::KVmalloc>; 102c8cfa8d0SDanilo Krummrich 103c8cfa8d0SDanilo Krummrich // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee: 104c8cfa8d0SDanilo Krummrich // https://doc.rust-lang.org/stable/std/option/index.html#representation). 105c8cfa8d0SDanilo Krummrich unsafe impl<T, A: Allocator> ZeroableOption for Box<T, A> {} 106c8cfa8d0SDanilo Krummrich 107c8cfa8d0SDanilo Krummrich // SAFETY: `Box` is `Send` if `T` is `Send` because the `Box` owns a `T`. 108c8cfa8d0SDanilo Krummrich unsafe impl<T, A> Send for Box<T, A> 109c8cfa8d0SDanilo Krummrich where 110c8cfa8d0SDanilo Krummrich T: Send + ?Sized, 111c8cfa8d0SDanilo Krummrich A: Allocator, 112c8cfa8d0SDanilo Krummrich { 113c8cfa8d0SDanilo Krummrich } 114c8cfa8d0SDanilo Krummrich 115c8cfa8d0SDanilo Krummrich // SAFETY: `Box` is `Sync` if `T` is `Sync` because the `Box` owns a `T`. 116c8cfa8d0SDanilo Krummrich unsafe impl<T, A> Sync for Box<T, A> 117c8cfa8d0SDanilo Krummrich where 118c8cfa8d0SDanilo Krummrich T: Sync + ?Sized, 119c8cfa8d0SDanilo Krummrich A: Allocator, 120c8cfa8d0SDanilo Krummrich { 121c8cfa8d0SDanilo Krummrich } 122c8cfa8d0SDanilo Krummrich 123c8cfa8d0SDanilo Krummrich impl<T, A> Box<T, A> 124c8cfa8d0SDanilo Krummrich where 125c8cfa8d0SDanilo Krummrich T: ?Sized, 126c8cfa8d0SDanilo Krummrich A: Allocator, 127c8cfa8d0SDanilo Krummrich { 128c8cfa8d0SDanilo Krummrich /// Creates a new `Box<T, A>` from a raw pointer. 129c8cfa8d0SDanilo Krummrich /// 130c8cfa8d0SDanilo Krummrich /// # Safety 131c8cfa8d0SDanilo Krummrich /// 132c8cfa8d0SDanilo Krummrich /// For non-ZSTs, `raw` must point at an allocation allocated with `A` that is sufficiently 133c8cfa8d0SDanilo Krummrich /// aligned for and holds a valid `T`. The caller passes ownership of the allocation to the 134c8cfa8d0SDanilo Krummrich /// `Box`. 135c8cfa8d0SDanilo Krummrich /// 136c8cfa8d0SDanilo Krummrich /// For ZSTs, `raw` must be a dangling, well aligned pointer. 137c8cfa8d0SDanilo Krummrich #[inline] from_raw(raw: *mut T) -> Self138c8cfa8d0SDanilo Krummrich pub const unsafe fn from_raw(raw: *mut T) -> Self { 139c8cfa8d0SDanilo Krummrich // INVARIANT: Validity of `raw` is guaranteed by the safety preconditions of this function. 140c8cfa8d0SDanilo Krummrich // SAFETY: By the safety preconditions of this function, `raw` is not a NULL pointer. 141c8cfa8d0SDanilo Krummrich Self(unsafe { NonNull::new_unchecked(raw) }, PhantomData) 142c8cfa8d0SDanilo Krummrich } 143c8cfa8d0SDanilo Krummrich 144c8cfa8d0SDanilo Krummrich /// Consumes the `Box<T, A>` and returns a raw pointer. 145c8cfa8d0SDanilo Krummrich /// 146c8cfa8d0SDanilo Krummrich /// This will not run the destructor of `T` and for non-ZSTs the allocation will stay alive 147c8cfa8d0SDanilo Krummrich /// indefinitely. Use [`Box::from_raw`] to recover the [`Box`], drop the value and free the 148c8cfa8d0SDanilo Krummrich /// allocation, if any. 149c8cfa8d0SDanilo Krummrich /// 150c8cfa8d0SDanilo Krummrich /// # Examples 151c8cfa8d0SDanilo Krummrich /// 152c8cfa8d0SDanilo Krummrich /// ``` 153c8cfa8d0SDanilo Krummrich /// let x = KBox::new(24, GFP_KERNEL)?; 154c8cfa8d0SDanilo Krummrich /// let ptr = KBox::into_raw(x); 155c8cfa8d0SDanilo Krummrich /// // SAFETY: `ptr` comes from a previous call to `KBox::into_raw`. 156c8cfa8d0SDanilo Krummrich /// let x = unsafe { KBox::from_raw(ptr) }; 157c8cfa8d0SDanilo Krummrich /// 158c8cfa8d0SDanilo Krummrich /// assert_eq!(*x, 24); 159c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 160c8cfa8d0SDanilo Krummrich /// ``` 161c8cfa8d0SDanilo Krummrich #[inline] into_raw(b: Self) -> *mut T162c8cfa8d0SDanilo Krummrich pub fn into_raw(b: Self) -> *mut T { 163c8cfa8d0SDanilo Krummrich ManuallyDrop::new(b).0.as_ptr() 164c8cfa8d0SDanilo Krummrich } 165c8cfa8d0SDanilo Krummrich 166c8cfa8d0SDanilo Krummrich /// Consumes and leaks the `Box<T, A>` and returns a mutable reference. 167c8cfa8d0SDanilo Krummrich /// 168c8cfa8d0SDanilo Krummrich /// See [`Box::into_raw`] for more details. 169c8cfa8d0SDanilo Krummrich #[inline] leak<'a>(b: Self) -> &'a mut T170c8cfa8d0SDanilo Krummrich pub fn leak<'a>(b: Self) -> &'a mut T { 171c8cfa8d0SDanilo Krummrich // SAFETY: `Box::into_raw` always returns a properly aligned and dereferenceable pointer 172c8cfa8d0SDanilo Krummrich // which points to an initialized instance of `T`. 173c8cfa8d0SDanilo Krummrich unsafe { &mut *Box::into_raw(b) } 174c8cfa8d0SDanilo Krummrich } 175c8cfa8d0SDanilo Krummrich } 176c8cfa8d0SDanilo Krummrich 177c8cfa8d0SDanilo Krummrich impl<T, A> Box<MaybeUninit<T>, A> 178c8cfa8d0SDanilo Krummrich where 179c8cfa8d0SDanilo Krummrich A: Allocator, 180c8cfa8d0SDanilo Krummrich { 181c8cfa8d0SDanilo Krummrich /// Converts a `Box<MaybeUninit<T>, A>` to a `Box<T, A>`. 182c8cfa8d0SDanilo Krummrich /// 183c8cfa8d0SDanilo Krummrich /// It is undefined behavior to call this function while the value inside of `b` is not yet 184c8cfa8d0SDanilo Krummrich /// fully initialized. 185c8cfa8d0SDanilo Krummrich /// 186c8cfa8d0SDanilo Krummrich /// # Safety 187c8cfa8d0SDanilo Krummrich /// 188c8cfa8d0SDanilo Krummrich /// Callers must ensure that the value inside of `b` is in an initialized state. assume_init(self) -> Box<T, A>189c8cfa8d0SDanilo Krummrich pub unsafe fn assume_init(self) -> Box<T, A> { 190c8cfa8d0SDanilo Krummrich let raw = Self::into_raw(self); 191c8cfa8d0SDanilo Krummrich 192c8cfa8d0SDanilo Krummrich // SAFETY: `raw` comes from a previous call to `Box::into_raw`. By the safety requirements 193c8cfa8d0SDanilo Krummrich // of this function, the value inside the `Box` is in an initialized state. Hence, it is 194c8cfa8d0SDanilo Krummrich // safe to reconstruct the `Box` as `Box<T, A>`. 195c8cfa8d0SDanilo Krummrich unsafe { Box::from_raw(raw.cast()) } 196c8cfa8d0SDanilo Krummrich } 197c8cfa8d0SDanilo Krummrich 198c8cfa8d0SDanilo Krummrich /// Writes the value and converts to `Box<T, A>`. write(mut self, value: T) -> Box<T, A>199c8cfa8d0SDanilo Krummrich pub fn write(mut self, value: T) -> Box<T, A> { 200c8cfa8d0SDanilo Krummrich (*self).write(value); 201c8cfa8d0SDanilo Krummrich 202c8cfa8d0SDanilo Krummrich // SAFETY: We've just initialized `b`'s value. 203c8cfa8d0SDanilo Krummrich unsafe { self.assume_init() } 204c8cfa8d0SDanilo Krummrich } 205c8cfa8d0SDanilo Krummrich } 206c8cfa8d0SDanilo Krummrich 207c8cfa8d0SDanilo Krummrich impl<T, A> Box<T, A> 208c8cfa8d0SDanilo Krummrich where 209c8cfa8d0SDanilo Krummrich A: Allocator, 210c8cfa8d0SDanilo Krummrich { 211c8cfa8d0SDanilo Krummrich /// Creates a new `Box<T, A>` and initializes its contents with `x`. 212c8cfa8d0SDanilo Krummrich /// 213c8cfa8d0SDanilo Krummrich /// New memory is allocated with `A`. The allocation may fail, in which case an error is 214c8cfa8d0SDanilo Krummrich /// returned. For ZSTs no memory is allocated. new(x: T, flags: Flags) -> Result<Self, AllocError>215c8cfa8d0SDanilo Krummrich pub fn new(x: T, flags: Flags) -> Result<Self, AllocError> { 216c8cfa8d0SDanilo Krummrich let b = Self::new_uninit(flags)?; 217c8cfa8d0SDanilo Krummrich Ok(Box::write(b, x)) 218c8cfa8d0SDanilo Krummrich } 219c8cfa8d0SDanilo Krummrich 220c8cfa8d0SDanilo Krummrich /// Creates a new `Box<T, A>` with uninitialized contents. 221c8cfa8d0SDanilo Krummrich /// 222c8cfa8d0SDanilo Krummrich /// New memory is allocated with `A`. The allocation may fail, in which case an error is 223c8cfa8d0SDanilo Krummrich /// returned. For ZSTs no memory is allocated. 224c8cfa8d0SDanilo Krummrich /// 225c8cfa8d0SDanilo Krummrich /// # Examples 226c8cfa8d0SDanilo Krummrich /// 227c8cfa8d0SDanilo Krummrich /// ``` 228c8cfa8d0SDanilo Krummrich /// let b = KBox::<u64>::new_uninit(GFP_KERNEL)?; 229c8cfa8d0SDanilo Krummrich /// let b = KBox::write(b, 24); 230c8cfa8d0SDanilo Krummrich /// 231c8cfa8d0SDanilo Krummrich /// assert_eq!(*b, 24_u64); 232c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 233c8cfa8d0SDanilo Krummrich /// ``` new_uninit(flags: Flags) -> Result<Box<MaybeUninit<T>, A>, AllocError>234c8cfa8d0SDanilo Krummrich pub fn new_uninit(flags: Flags) -> Result<Box<MaybeUninit<T>, A>, AllocError> { 235c8cfa8d0SDanilo Krummrich let layout = Layout::new::<MaybeUninit<T>>(); 236c8cfa8d0SDanilo Krummrich let ptr = A::alloc(layout, flags)?; 237c8cfa8d0SDanilo Krummrich 238c8cfa8d0SDanilo Krummrich // INVARIANT: `ptr` is either a dangling pointer or points to memory allocated with `A`, 239c8cfa8d0SDanilo Krummrich // which is sufficient in size and alignment for storing a `T`. 240c8cfa8d0SDanilo Krummrich Ok(Box(ptr.cast(), PhantomData)) 241c8cfa8d0SDanilo Krummrich } 242c8cfa8d0SDanilo Krummrich 243c8cfa8d0SDanilo Krummrich /// Constructs a new `Pin<Box<T, A>>`. If `T` does not implement [`Unpin`], then `x` will be 244c8cfa8d0SDanilo Krummrich /// pinned in memory and can't be moved. 245c8cfa8d0SDanilo Krummrich #[inline] pin(x: T, flags: Flags) -> Result<Pin<Box<T, A>>, AllocError> where A: 'static,246c8cfa8d0SDanilo Krummrich pub fn pin(x: T, flags: Flags) -> Result<Pin<Box<T, A>>, AllocError> 247c8cfa8d0SDanilo Krummrich where 248*b4fecceeSAndreas Hindborg A: 'static, 249*b4fecceeSAndreas Hindborg { 250*b4fecceeSAndreas Hindborg Ok(Self::new(x, flags)?.into()) 251*b4fecceeSAndreas Hindborg } 252*b4fecceeSAndreas Hindborg 253*b4fecceeSAndreas Hindborg /// Convert a [`Box<T,A>`] to a [`Pin<Box<T,A>>`]. If `T` does not implement 254c8cfa8d0SDanilo Krummrich /// [`Unpin`], then `x` will be pinned in memory and can't be moved. into_pin(this: Self) -> Pin<Self>255c8cfa8d0SDanilo Krummrich pub fn into_pin(this: Self) -> Pin<Self> { 256c8cfa8d0SDanilo Krummrich this.into() 257c8cfa8d0SDanilo Krummrich } 258c8cfa8d0SDanilo Krummrich 259c8cfa8d0SDanilo Krummrich /// Forgets the contents (does not run the destructor), but keeps the allocation. forget_contents(this: Self) -> Box<MaybeUninit<T>, A>260c8cfa8d0SDanilo Krummrich fn forget_contents(this: Self) -> Box<MaybeUninit<T>, A> { 261c8cfa8d0SDanilo Krummrich let ptr = Self::into_raw(this); 262c8cfa8d0SDanilo Krummrich 263c8cfa8d0SDanilo Krummrich // SAFETY: `ptr` is valid, because it came from `Box::into_raw`. 264c8cfa8d0SDanilo Krummrich unsafe { Box::from_raw(ptr.cast()) } 265c8cfa8d0SDanilo Krummrich } 266c8cfa8d0SDanilo Krummrich 267c8cfa8d0SDanilo Krummrich /// Drops the contents, but keeps the allocation. 268c8cfa8d0SDanilo Krummrich /// 269c8cfa8d0SDanilo Krummrich /// # Examples 270c8cfa8d0SDanilo Krummrich /// 271c8cfa8d0SDanilo Krummrich /// ``` 272c8cfa8d0SDanilo Krummrich /// let value = KBox::new([0; 32], GFP_KERNEL)?; 273c8cfa8d0SDanilo Krummrich /// assert_eq!(*value, [0; 32]); 274c8cfa8d0SDanilo Krummrich /// let value = KBox::drop_contents(value); 275c8cfa8d0SDanilo Krummrich /// // Now we can re-use `value`: 276c8cfa8d0SDanilo Krummrich /// let value = KBox::write(value, [1; 32]); 277c8cfa8d0SDanilo Krummrich /// assert_eq!(*value, [1; 32]); 278c8cfa8d0SDanilo Krummrich /// # Ok::<(), Error>(()) 279c8cfa8d0SDanilo Krummrich /// ``` drop_contents(this: Self) -> Box<MaybeUninit<T>, A>280c8cfa8d0SDanilo Krummrich pub fn drop_contents(this: Self) -> Box<MaybeUninit<T>, A> { 281c8cfa8d0SDanilo Krummrich let ptr = this.0.as_ptr(); 282c8cfa8d0SDanilo Krummrich 283c8cfa8d0SDanilo Krummrich // SAFETY: `ptr` is valid, because it came from `this`. After this call we never access the 284c8cfa8d0SDanilo Krummrich // value stored in `this` again. 285c8cfa8d0SDanilo Krummrich unsafe { core::ptr::drop_in_place(ptr) }; 286c8cfa8d0SDanilo Krummrich 287c8cfa8d0SDanilo Krummrich Self::forget_contents(this) 288c8cfa8d0SDanilo Krummrich } 289c8cfa8d0SDanilo Krummrich 290c8cfa8d0SDanilo Krummrich /// Moves the `Box`'s value out of the `Box` and consumes the `Box`. into_inner(b: Self) -> T291c8cfa8d0SDanilo Krummrich pub fn into_inner(b: Self) -> T { 292c8cfa8d0SDanilo Krummrich // SAFETY: By the type invariant `&*b` is valid for `read`. 293c8cfa8d0SDanilo Krummrich let value = unsafe { core::ptr::read(&*b) }; 294c8cfa8d0SDanilo Krummrich let _ = Self::forget_contents(b); 295c8cfa8d0SDanilo Krummrich value 296c8cfa8d0SDanilo Krummrich } 297c8cfa8d0SDanilo Krummrich } 298c8cfa8d0SDanilo Krummrich 299c8cfa8d0SDanilo Krummrich impl<T, A> From<Box<T, A>> for Pin<Box<T, A>> 300c8cfa8d0SDanilo Krummrich where 301c8cfa8d0SDanilo Krummrich T: ?Sized, 302c8cfa8d0SDanilo Krummrich A: Allocator, 303c8cfa8d0SDanilo Krummrich { 304c8cfa8d0SDanilo Krummrich /// Converts a `Box<T, A>` into a `Pin<Box<T, A>>`. If `T` does not implement [`Unpin`], then 305c8cfa8d0SDanilo Krummrich /// `*b` will be pinned in memory and can't be moved. 306c8cfa8d0SDanilo Krummrich /// 307c8cfa8d0SDanilo Krummrich /// This moves `b` into `Pin` without moving `*b` or allocating and copying any memory. from(b: Box<T, A>) -> Self308c8cfa8d0SDanilo Krummrich fn from(b: Box<T, A>) -> Self { 309c8cfa8d0SDanilo Krummrich // SAFETY: The value wrapped inside a `Pin<Box<T, A>>` cannot be moved or replaced as long 310c8cfa8d0SDanilo Krummrich // as `T` does not implement `Unpin`. 311c8cfa8d0SDanilo Krummrich unsafe { Pin::new_unchecked(b) } 312c8cfa8d0SDanilo Krummrich } 313c8cfa8d0SDanilo Krummrich } 314c8cfa8d0SDanilo Krummrich 315c8cfa8d0SDanilo Krummrich impl<T, A> InPlaceWrite<T> for Box<MaybeUninit<T>, A> 316c8cfa8d0SDanilo Krummrich where 317c8cfa8d0SDanilo Krummrich A: Allocator + 'static, 318c8cfa8d0SDanilo Krummrich { 319c8cfa8d0SDanilo Krummrich type Initialized = Box<T, A>; 320c8cfa8d0SDanilo Krummrich write_init<E>(mut self, init: impl Init<T, E>) -> Result<Self::Initialized, E>321c8cfa8d0SDanilo Krummrich fn write_init<E>(mut self, init: impl Init<T, E>) -> Result<Self::Initialized, E> { 322c8cfa8d0SDanilo Krummrich let slot = self.as_mut_ptr(); 323c8cfa8d0SDanilo Krummrich // SAFETY: When init errors/panics, slot will get deallocated but not dropped, 324c8cfa8d0SDanilo Krummrich // slot is valid. 325c8cfa8d0SDanilo Krummrich unsafe { init.__init(slot)? }; 326c8cfa8d0SDanilo Krummrich // SAFETY: All fields have been initialized. 327c8cfa8d0SDanilo Krummrich Ok(unsafe { Box::assume_init(self) }) 328c8cfa8d0SDanilo Krummrich } 329c8cfa8d0SDanilo Krummrich write_pin_init<E>(mut self, init: impl PinInit<T, E>) -> Result<Pin<Self::Initialized>, E>330c8cfa8d0SDanilo Krummrich fn write_pin_init<E>(mut self, init: impl PinInit<T, E>) -> Result<Pin<Self::Initialized>, E> { 331c8cfa8d0SDanilo Krummrich let slot = self.as_mut_ptr(); 332c8cfa8d0SDanilo Krummrich // SAFETY: When init errors/panics, slot will get deallocated but not dropped, 333c8cfa8d0SDanilo Krummrich // slot is valid and will not be moved, because we pin it later. 334c8cfa8d0SDanilo Krummrich unsafe { init.__pinned_init(slot)? }; 335c8cfa8d0SDanilo Krummrich // SAFETY: All fields have been initialized. 336c8cfa8d0SDanilo Krummrich Ok(unsafe { Box::assume_init(self) }.into()) 337c8cfa8d0SDanilo Krummrich } 338c8cfa8d0SDanilo Krummrich } 339c8cfa8d0SDanilo Krummrich 340c8cfa8d0SDanilo Krummrich impl<T, A> InPlaceInit<T> for Box<T, A> 341c8cfa8d0SDanilo Krummrich where 342c8cfa8d0SDanilo Krummrich A: Allocator + 'static, 343c8cfa8d0SDanilo Krummrich { 344c8cfa8d0SDanilo Krummrich type PinnedSelf = Pin<Self>; 345c8cfa8d0SDanilo Krummrich 346c8cfa8d0SDanilo Krummrich #[inline] try_pin_init<E>(init: impl PinInit<T, E>, flags: Flags) -> Result<Pin<Self>, E> where E: From<AllocError>,347c8cfa8d0SDanilo Krummrich fn try_pin_init<E>(init: impl PinInit<T, E>, flags: Flags) -> Result<Pin<Self>, E> 348c8cfa8d0SDanilo Krummrich where 349c8cfa8d0SDanilo Krummrich E: From<AllocError>, 350c8cfa8d0SDanilo Krummrich { 351c8cfa8d0SDanilo Krummrich Box::<_, A>::new_uninit(flags)?.write_pin_init(init) 352c8cfa8d0SDanilo Krummrich } 353c8cfa8d0SDanilo Krummrich 354c8cfa8d0SDanilo Krummrich #[inline] try_init<E>(init: impl Init<T, E>, flags: Flags) -> Result<Self, E> where E: From<AllocError>,355c8cfa8d0SDanilo Krummrich fn try_init<E>(init: impl Init<T, E>, flags: Flags) -> Result<Self, E> 356c8cfa8d0SDanilo Krummrich where 357c8cfa8d0SDanilo Krummrich E: From<AllocError>, 358c8cfa8d0SDanilo Krummrich { 359c8cfa8d0SDanilo Krummrich Box::<_, A>::new_uninit(flags)?.write_init(init) 360c8cfa8d0SDanilo Krummrich } 361c8cfa8d0SDanilo Krummrich } 362c8cfa8d0SDanilo Krummrich 363c27e705cSAlice Ryhl impl<T: 'static, A> ForeignOwnable for Box<T, A> 364c8cfa8d0SDanilo Krummrich where 36514686571STamir Duberstein A: Allocator, 366aa991a2aSTamir Duberstein { 367c8cfa8d0SDanilo Krummrich type Borrowed<'a> = &'a T; 368c8cfa8d0SDanilo Krummrich type BorrowedMut<'a> = &'a mut T; 36914686571STamir Duberstein into_foreign(self) -> *mut crate::ffi::c_void370c8cfa8d0SDanilo Krummrich fn into_foreign(self) -> *mut crate::ffi::c_void { 371c8cfa8d0SDanilo Krummrich Box::into_raw(self).cast() 37214686571STamir Duberstein } 373c8cfa8d0SDanilo Krummrich from_foreign(ptr: *mut crate::ffi::c_void) -> Self374c8cfa8d0SDanilo Krummrich unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { 37514686571STamir Duberstein // SAFETY: The safety requirements of this function ensure that `ptr` comes from a previous 376c8cfa8d0SDanilo Krummrich // call to `Self::into_foreign`. 377c8cfa8d0SDanilo Krummrich unsafe { Box::from_raw(ptr.cast()) } 378c8cfa8d0SDanilo Krummrich } 379c8cfa8d0SDanilo Krummrich borrow<'a>(ptr: *mut crate::ffi::c_void) -> &'a T380c27e705cSAlice Ryhl unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> &'a T { 381c27e705cSAlice Ryhl // SAFETY: The safety requirements of this method ensure that the object remains alive and 382c27e705cSAlice Ryhl // immutable for the duration of 'a. 383c27e705cSAlice Ryhl unsafe { &*ptr.cast() } 384c27e705cSAlice Ryhl } 385c27e705cSAlice Ryhl borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> &'a mut T386c27e705cSAlice Ryhl unsafe fn borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> &'a mut T { 387c8cfa8d0SDanilo Krummrich let ptr = ptr.cast(); 388c8cfa8d0SDanilo Krummrich // SAFETY: The safety requirements of this method ensure that the pointer is valid and that 389c8cfa8d0SDanilo Krummrich // nothing else will access the value for the duration of 'a. 390c8cfa8d0SDanilo Krummrich unsafe { &mut *ptr } 391c8cfa8d0SDanilo Krummrich } 392c8cfa8d0SDanilo Krummrich } 393c8cfa8d0SDanilo Krummrich 394c27e705cSAlice Ryhl impl<T: 'static, A> ForeignOwnable for Pin<Box<T, A>> 395c8cfa8d0SDanilo Krummrich where 39614686571STamir Duberstein A: Allocator, 397c8cfa8d0SDanilo Krummrich { 398aa991a2aSTamir Duberstein type Borrowed<'a> = Pin<&'a T>; 399c8cfa8d0SDanilo Krummrich type BorrowedMut<'a> = Pin<&'a mut T>; 400c8cfa8d0SDanilo Krummrich into_foreign(self) -> *mut crate::ffi::c_void40114686571STamir Duberstein fn into_foreign(self) -> *mut crate::ffi::c_void { 402c8cfa8d0SDanilo Krummrich // SAFETY: We are still treating the box as pinned. 403c8cfa8d0SDanilo Krummrich Box::into_raw(unsafe { Pin::into_inner_unchecked(self) }).cast() 40414686571STamir Duberstein } 405c8cfa8d0SDanilo Krummrich from_foreign(ptr: *mut crate::ffi::c_void) -> Self406c8cfa8d0SDanilo Krummrich unsafe fn from_foreign(ptr: *mut crate::ffi::c_void) -> Self { 40714686571STamir Duberstein // SAFETY: The safety requirements of this function ensure that `ptr` comes from a previous 408c8cfa8d0SDanilo Krummrich // call to `Self::into_foreign`. 409c8cfa8d0SDanilo Krummrich unsafe { Pin::new_unchecked(Box::from_raw(ptr.cast())) } 410c8cfa8d0SDanilo Krummrich } 411c8cfa8d0SDanilo Krummrich borrow<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a T>412c8cfa8d0SDanilo Krummrich unsafe fn borrow<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a T> { 413c8cfa8d0SDanilo Krummrich // SAFETY: The safety requirements for this function ensure that the object is still alive, 414c8cfa8d0SDanilo Krummrich // so it is safe to dereference the raw pointer. 415c8cfa8d0SDanilo Krummrich // The safety requirements of `from_foreign` also ensure that the object remains alive for 416c8cfa8d0SDanilo Krummrich // the lifetime of the returned value. 417c27e705cSAlice Ryhl let r = unsafe { &*ptr.cast() }; 418c27e705cSAlice Ryhl 419c27e705cSAlice Ryhl // SAFETY: This pointer originates from a `Pin<Box<T>>`. 420c27e705cSAlice Ryhl unsafe { Pin::new_unchecked(r) } 421c27e705cSAlice Ryhl } 422c27e705cSAlice Ryhl borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a mut T>423c27e705cSAlice Ryhl unsafe fn borrow_mut<'a>(ptr: *mut crate::ffi::c_void) -> Pin<&'a mut T> { 424c27e705cSAlice Ryhl let ptr = ptr.cast(); 425c27e705cSAlice Ryhl // SAFETY: The safety requirements for this function ensure that the object is still alive, 426c27e705cSAlice Ryhl // so it is safe to dereference the raw pointer. 427c27e705cSAlice Ryhl // The safety requirements of `from_foreign` also ensure that the object remains alive for 428c27e705cSAlice Ryhl // the lifetime of the returned value. 429c8cfa8d0SDanilo Krummrich let r = unsafe { &mut *ptr }; 430c8cfa8d0SDanilo Krummrich 431c8cfa8d0SDanilo Krummrich // SAFETY: This pointer originates from a `Pin<Box<T>>`. 432c8cfa8d0SDanilo Krummrich unsafe { Pin::new_unchecked(r) } 433c8cfa8d0SDanilo Krummrich } 434c8cfa8d0SDanilo Krummrich } 435c8cfa8d0SDanilo Krummrich 436c8cfa8d0SDanilo Krummrich impl<T, A> Deref for Box<T, A> 437c8cfa8d0SDanilo Krummrich where 438c8cfa8d0SDanilo Krummrich T: ?Sized, 439c8cfa8d0SDanilo Krummrich A: Allocator, 440c8cfa8d0SDanilo Krummrich { 441c8cfa8d0SDanilo Krummrich type Target = T; 442c8cfa8d0SDanilo Krummrich deref(&self) -> &T443c8cfa8d0SDanilo Krummrich fn deref(&self) -> &T { 444c8cfa8d0SDanilo Krummrich // SAFETY: `self.0` is always properly aligned, dereferenceable and points to an initialized 445c8cfa8d0SDanilo Krummrich // instance of `T`. 446c8cfa8d0SDanilo Krummrich unsafe { self.0.as_ref() } 447c8cfa8d0SDanilo Krummrich } 448c8cfa8d0SDanilo Krummrich } 449c8cfa8d0SDanilo Krummrich 450c8cfa8d0SDanilo Krummrich impl<T, A> DerefMut for Box<T, A> 451c8cfa8d0SDanilo Krummrich where 452c8cfa8d0SDanilo Krummrich T: ?Sized, 453c8cfa8d0SDanilo Krummrich A: Allocator, 454c8cfa8d0SDanilo Krummrich { deref_mut(&mut self) -> &mut T455c8cfa8d0SDanilo Krummrich fn deref_mut(&mut self) -> &mut T { 456c8cfa8d0SDanilo Krummrich // SAFETY: `self.0` is always properly aligned, dereferenceable and points to an initialized 45721e08aa5SGuangbo Cui // instance of `T`. 45821e08aa5SGuangbo Cui unsafe { self.0.as_mut() } 45921e08aa5SGuangbo Cui } 46021e08aa5SGuangbo Cui } 46121e08aa5SGuangbo Cui 46221e08aa5SGuangbo Cui impl<T, A> fmt::Display for Box<T, A> 46321e08aa5SGuangbo Cui where 46421e08aa5SGuangbo Cui T: ?Sized + fmt::Display, 46521e08aa5SGuangbo Cui A: Allocator, 46621e08aa5SGuangbo Cui { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result467c8cfa8d0SDanilo Krummrich fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 468c8cfa8d0SDanilo Krummrich <T as fmt::Display>::fmt(&**self, f) 469c8cfa8d0SDanilo Krummrich } 470c8cfa8d0SDanilo Krummrich } 471c8cfa8d0SDanilo Krummrich 472c8cfa8d0SDanilo Krummrich impl<T, A> fmt::Debug for Box<T, A> 473517743c4SGuangbo Cui where 474c8cfa8d0SDanilo Krummrich T: ?Sized + fmt::Debug, 475c8cfa8d0SDanilo Krummrich A: Allocator, 476c8cfa8d0SDanilo Krummrich { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result477c8cfa8d0SDanilo Krummrich fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 478c8cfa8d0SDanilo Krummrich <T as fmt::Debug>::fmt(&**self, f) 479c8cfa8d0SDanilo Krummrich } 480c8cfa8d0SDanilo Krummrich } 481c8cfa8d0SDanilo Krummrich 482c8cfa8d0SDanilo Krummrich impl<T, A> Drop for Box<T, A> 483c8cfa8d0SDanilo Krummrich where 484c8cfa8d0SDanilo Krummrich T: ?Sized, 485c8cfa8d0SDanilo Krummrich A: Allocator, 486c8cfa8d0SDanilo Krummrich { drop(&mut self)487c8cfa8d0SDanilo Krummrich fn drop(&mut self) { 488c8cfa8d0SDanilo Krummrich let layout = Layout::for_value::<T>(self); 489c8cfa8d0SDanilo Krummrich 490c8cfa8d0SDanilo Krummrich // SAFETY: The pointer in `self.0` is guaranteed to be valid by the type invariant. 491c8cfa8d0SDanilo Krummrich unsafe { core::ptr::drop_in_place::<T>(self.deref_mut()) }; 492c8cfa8d0SDanilo Krummrich 493c8cfa8d0SDanilo Krummrich // SAFETY: 494 // - `self.0` was previously allocated with `A`. 495 // - `layout` is equal to the `Layout´ `self.0` was allocated with. 496 unsafe { A::free(self.0.cast(), layout) }; 497 } 498 } 499