Move PhantomData<T> from Shared<T> to users of both Shared and #[may_dangle]

After discussing [1] today with @pnkfelix and @Gankro, we concluded that it’s ok for drop checking not to be much smarter than the current `#[may_dangle]` design which requires an explicit unsafe opt-in. [1] https://github.com/rust-lang/rust/issues/27730#issuecomment-316432083

Move PhantomData<T> from Shared<T> to users of both Shared and #[may_dangle]
After discussing [1] today with @pnkfelix and @Gankro, we concluded that it’s ok for drop checking not to be much smarter than the current `#[may_dangle]` design which requires an explicit unsafe opt-in. [1] https://github.com/rust-lang/rust/issues/27730#issuecomment-316432083
60dc1049 · Simon Sapin · 5a0dc2d0 · 60dc1049 · 60dc1049 · 60dc1049
Showing with 34 addition and 36 deletion

src/liballoc/arc.rs src/liballoc/arc.rs +9 -7

src/liballoc/rc.rs src/liballoc/rc.rs +10 -6

src/liballoc/vec.rs src/liballoc/vec.rs +3 -0

src/libcore/ptr.rs src/libcore/ptr.rs +12 -23

未找到文件。
--- a/src/liballoc/arc.rs
+++ b/src/liballoc/arc.rs
@@ -26,7 +26,7 @@
 use core::ops::Deref;
 use core::ops::CoerceUnsized;
 use core::ptr::{self, Shared};
-use core::marker::Unsize;
+use core::marker::{Unsize, PhantomData};
 use core::hash::{Hash, Hasher};
 use core::{isize, usize};
 use core::convert::From;
@@ -198,6 +198,7 @@
 #[stable(feature = "rust1", since = "1.0.0")]
 pub struct Arc<T: ?Sized> {
    ptr: Shared<ArcInner<T>>,
+    phantom: PhantomData<T>,
 }

 #[stable(feature = "rust1", since = "1.0.0")]
@@ -285,7 +286,7 @@ pub fn new(data: T) -> Arc<T> {
            weak: atomic::AtomicUsize::new(1),
            data,
        };
-        Arc { ptr: Shared::from(Box::into_unique(x)) }
+        Arc { ptr: Shared::from(Box::into_unique(x)), phantom: PhantomData }
    }

    /// Returns the contained value, if the `Arc` has exactly one strong reference.
@@ -397,6 +398,7 @@ pub unsafe fn from_raw(ptr: *const T) -> Self {

        Arc {
            ptr: Shared::new_unchecked(arc_ptr),
+            phantom: PhantomData,
        }
    }

@@ -580,7 +582,7 @@ fn from_box(v: Box<T>) -> Arc<T> {
            // Free the allocation without dropping its contents
            box_free(bptr);

-            Arc { ptr: Shared::new_unchecked(ptr) }
+            Arc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
        }
    }
 }
@@ -607,7 +609,7 @@ unsafe fn copy_from_slice(v: &[T]) -> Arc<[T]> {
            &mut (*ptr).data as *mut [T] as *mut T,
            v.len());

-        Arc { ptr: Shared::new_unchecked(ptr) }
+        Arc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
    }
 }

@@ -667,7 +669,7 @@ fn drop(&mut self) {
            // All clear. Forget the guard so it doesn't free the new ArcInner.
            mem::forget(guard);

-            Arc { ptr: Shared::new_unchecked(ptr) }
+            Arc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
        }
    }
 }
@@ -725,7 +727,7 @@ fn clone(&self) -> Arc<T> {
            }
        }

-        Arc { ptr: self.ptr }
+        Arc { ptr: self.ptr, phantom: PhantomData }
    }
 }

@@ -1052,7 +1054,7 @@ pub fn upgrade(&self) -> Option<Arc<T>> {

            // Relaxed is valid for the same reason it is on Arc's Clone impl
            match inner.strong.compare_exchange_weak(n, n + 1, Relaxed, Relaxed) {
-                Ok(_) => return Some(Arc { ptr: self.ptr }),
+                Ok(_) => return Some(Arc { ptr: self.ptr, phantom: PhantomData }),
                Err(old) => n = old,
            }
        }

--- a/src/liballoc/rc.rs
+++ b/src/liballoc/rc.rs
@@ -252,7 +252,7 @@
 use core::hash::{Hash, Hasher};
 use core::intrinsics::abort;
 use core::marker;
-use core::marker::Unsize;
+use core::marker::{Unsize, PhantomData};
 use core::mem::{self, align_of_val, forget, size_of_val, uninitialized};
 use core::ops::Deref;
 use core::ops::CoerceUnsized;
@@ -283,6 +283,7 @@ struct RcBox<T: ?Sized> {
 #[stable(feature = "rust1", since = "1.0.0")]
 pub struct Rc<T: ?Sized> {
    ptr: Shared<RcBox<T>>,
+    phantom: PhantomData<T>,
 }

 #[stable(feature = "rust1", since = "1.0.0")]
@@ -315,6 +316,7 @@ pub fn new(value: T) -> Rc<T> {
                weak: Cell::new(1),
                value,
            })),
+            phantom: PhantomData,
        }
    }

@@ -427,6 +429,7 @@ pub unsafe fn from_raw(ptr: *const T) -> Self {

        Rc {
            ptr: Shared::new_unchecked(rc_ptr),
+            phantom: PhantomData,
        }
    }

@@ -647,6 +650,7 @@ pub fn downcast<T: Any>(self) -> Result<Rc<T>, Rc<Any>> {
                forget(self);
                Ok(Rc {
                    ptr: Shared::new_unchecked(raw as *const RcBox<T> as *mut _),
+                    phantom: PhantomData,
                })
            }
        } else {
@@ -691,7 +695,7 @@ fn from_box(v: Box<T>) -> Rc<T> {
            // Free the allocation without dropping its contents
            box_free(bptr);

-            Rc { ptr: Shared::new_unchecked(ptr) }
+            Rc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
        }
    }
 }
@@ -718,7 +722,7 @@ unsafe fn copy_from_slice(v: &[T]) -> Rc<[T]> {
            &mut (*ptr).value as *mut [T] as *mut T,
            v.len());

-        Rc { ptr: Shared::new_unchecked(ptr) }
+        Rc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
    }
 }

@@ -777,7 +781,7 @@ fn drop(&mut self) {
            // All clear. Forget the guard so it doesn't free the new RcBox.
            forget(guard);

-            Rc { ptr: Shared::new_unchecked(ptr) }
+            Rc { ptr: Shared::new_unchecked(ptr), phantom: PhantomData }
        }
    }
 }
@@ -868,7 +872,7 @@ impl<T: ?Sized> Clone for Rc<T> {
    #[inline]
    fn clone(&self) -> Rc<T> {
        self.inc_strong();
-        Rc { ptr: self.ptr }
+        Rc { ptr: self.ptr, phantom: PhantomData }
    }
 }

@@ -1228,7 +1232,7 @@ pub fn upgrade(&self) -> Option<Rc<T>> {
            None
        } else {
            self.inc_strong();
-            Some(Rc { ptr: self.ptr })
+            Some(Rc { ptr: self.ptr, phantom: PhantomData })
        }
    }
 }

--- a/src/liballoc/vec.rs
+++ b/src/liballoc/vec.rs
@@ -71,6 +71,7 @@
 use core::hash::{self, Hash};
 use core::intrinsics::{arith_offset, assume};
 use core::iter::{FromIterator, FusedIterator, TrustedLen};
+use core::marker::PhantomData;
 use core::mem;
 #[cfg(not(test))]
 use core::num::Float;
@@ -1743,6 +1744,7 @@ fn into_iter(mut self) -> IntoIter<T> {
            mem::forget(self);
            IntoIter {
                buf: Shared::new_unchecked(begin),
+                phantom: PhantomData,
                cap,
                ptr: begin,
                end,
@@ -2264,6 +2266,7 @@ fn from_iter<I: IntoIterator<Item = T>>(it: I) -> Cow<'a, [T]> {
 #[stable(feature = "rust1", since = "1.0.0")]
 pub struct IntoIter<T> {
    buf: Shared<T>,
+    phantom: PhantomData<T>,
    cap: usize,
    ptr: *const T,
    end: *const T,

--- a/src/libcore/ptr.rs
+++ b/src/libcore/ptr.rs
@@ -2450,16 +2450,11 @@ fn from(reference: &'a T) -> Self {
    }
 }

-/// A wrapper around a raw `*mut T` that indicates that the possessor
-/// of this wrapper has shared ownership of the referent. Useful for
-/// building abstractions like `Rc<T>`, `Arc<T>`, or doubly-linked lists, which
-/// internally use aliased raw pointers to manage the memory that they own.
+/// `*mut T` but non-zero and covariant.
 ///
-/// This is similar to `Unique`, except that it doesn't make any aliasing
-/// guarantees, and doesn't derive Send and Sync. Note that unlike `&T`,
-/// Shared has no special mutability requirements. Shared may mutate data
-/// aliased by other Shared pointers. More precise rules require Rust to
-/// develop an actual aliasing model.
+/// This is often the correct thing to use when building data structures using
+/// raw pointers, but is ultimately more dangerous to use because of its additional
+/// properties. If you're not sure if you should use `Shared<T>`, just use `*mut T`!
 ///
 /// Unlike `*mut T`, the pointer must always be non-null, even if the pointer
 /// is never dereferenced. This is so that enums may use this forbidden value
@@ -2469,20 +2464,14 @@ fn from(reference: &'a T) -> Self {
 /// Unlike `*mut T`, `Shared<T>` is covariant over `T`. If this is incorrect
 /// for your use case, you should include some PhantomData in your type to
 /// provide invariance, such as `PhantomData<Cell<T>>` or `PhantomData<&'a mut T>`.
-/// Usually this won't be necessary; covariance is correct for Rc, Arc, and LinkedList
-/// because they provide a public API that follows the normal shared XOR mutable
-/// rules of Rust.
+/// Usually this won't be necessary; covariance is correct for most safe abstractions,
+/// such as Box, Rc, Arc, Vec, and LinkedList. This is the case because they
+/// provide a public API that follows the normal shared XOR mutable rules of Rust.
 #[allow(missing_debug_implementations)]
 #[unstable(feature = "shared", reason = "needs an RFC to flesh out design",
           issue = "27730")]
 pub struct Shared<T: ?Sized> {
    pointer: NonZero<*const T>,
-    // NOTE: this marker has no consequences for variance, but is necessary
-    // for dropck to understand that we logically own a `T`.
-    //
-    // For details, see:
-    // https://github.com/rust-lang/rfcs/blob/master/text/0769-sound-generic-drop.md#phantom-data
-    _marker: PhantomData<T>,
 }

 /// `Shared` pointers are not `Send` because the data they reference may be aliased.
@@ -2518,12 +2507,12 @@ impl<T: ?Sized> Shared<T> {
    /// `ptr` must be non-null.
    #[unstable(feature = "shared", issue = "27730")]
    pub const unsafe fn new_unchecked(ptr: *mut T) -> Self {
-        Shared { pointer: NonZero::new_unchecked(ptr), _marker: PhantomData }
+        Shared { pointer: NonZero::new_unchecked(ptr) }
    }

    /// Creates a new `Shared` if `ptr` is non-null.
    pub fn new(ptr: *mut T) -> Option<Self> {
-        NonZero::new(ptr as *const T).map(|nz| Shared { pointer: nz, _marker: PhantomData })
+        NonZero::new(ptr as *const T).map(|nz| Shared { pointer: nz })
    }

    /// Acquires the underlying `*mut` pointer.
@@ -2580,20 +2569,20 @@ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
 #[unstable(feature = "shared", issue = "27730")]
 impl<T: ?Sized> From<Unique<T>> for Shared<T> {
    fn from(unique: Unique<T>) -> Self {
-        Shared { pointer: unique.pointer, _marker: PhantomData }
+        Shared { pointer: unique.pointer }
    }
 }

 #[unstable(feature = "shared", issue = "27730")]
 impl<'a, T: ?Sized> From<&'a mut T> for Shared<T> {
    fn from(reference: &'a mut T) -> Self {
-        Shared { pointer: NonZero::from(reference), _marker: PhantomData }
+        Shared { pointer: NonZero::from(reference) }
    }
 }

 #[unstable(feature = "shared", issue = "27730")]
 impl<'a, T: ?Sized> From<&'a T> for Shared<T> {
    fn from(reference: &'a T) -> Self {
-        Shared { pointer: NonZero::from(reference), _marker: PhantomData }
+        Shared { pointer: NonZero::from(reference) }
    }
 }