2022-04-30 17:01:31 +00:00
|
|
|
//! The `Box<T>` type for heap allocation.
|
2015-01-22 17:07:23 +00:00
|
|
|
//!
|
2019-07-02 15:04:25 +00:00
|
|
|
//! [`Box<T>`], casually referred to as a 'box', provides the simplest form of
|
2015-06-09 18:18:03 +00:00
|
|
|
//! heap allocation in Rust. Boxes provide ownership for this allocation, and
|
2020-01-31 19:41:07 +00:00
|
|
|
//! drop their contents when they go out of scope. Boxes also ensure that they
|
|
|
|
|
//! never allocate more than `isize::MAX` bytes.
|
2015-01-22 17:07:23 +00:00
|
|
|
//!
|
|
|
|
|
//! # Examples
|
|
|
|
|
//!
|
2018-09-25 01:55:54 +00:00
|
|
|
//! Move a value from the stack to the heap by creating a [`Box`]:
|
2015-01-22 17:07:23 +00:00
|
|
|
//!
|
|
|
|
|
//! ```
|
2018-09-25 01:55:54 +00:00
|
|
|
//! let val: u8 = 5;
|
|
|
|
|
//! let boxed: Box<u8> = Box::new(val);
|
|
|
|
|
//! ```
|
|
|
|
|
//!
|
|
|
|
|
//! Move a value from a [`Box`] back to the stack by [dereferencing]:
|
|
|
|
|
//!
|
|
|
|
|
//! ```
|
|
|
|
|
//! let boxed: Box<u8> = Box::new(5);
|
|
|
|
|
//! let val: u8 = *boxed;
|
2015-01-22 17:07:23 +00:00
|
|
|
//! ```
|
|
|
|
|
//!
|
|
|
|
|
//! Creating a recursive data structure:
|
|
|
|
|
//!
|
|
|
|
|
//! ```
|
2015-01-28 13:34:18 +00:00
|
|
|
//! #[derive(Debug)]
|
2015-01-22 17:07:23 +00:00
|
|
|
//! enum List<T> {
|
|
|
|
|
//! Cons(T, Box<List<T>>),
|
|
|
|
|
//! Nil,
|
|
|
|
|
//! }
|
|
|
|
|
//!
|
2019-10-01 11:55:46 +00:00
|
|
|
//! let list: List<i32> = List::Cons(1, Box::new(List::Cons(2, Box::new(List::Nil))));
|
2022-02-12 19:16:17 +00:00
|
|
|
//! println!("{list:?}");
|
2015-01-22 17:07:23 +00:00
|
|
|
//! ```
|
|
|
|
|
//!
|
2015-05-05 21:19:23 +00:00
|
|
|
//! This will print `Cons(1, Cons(2, Nil))`.
|
2015-04-20 14:05:57 +00:00
|
|
|
//!
|
2015-06-09 18:18:03 +00:00
|
|
|
//! Recursive structures must be boxed, because if the definition of `Cons`
|
|
|
|
|
//! looked like this:
|
2015-04-20 14:05:57 +00:00
|
|
|
//!
|
2017-06-20 07:15:16 +00:00
|
|
|
//! ```compile_fail,E0072
|
|
|
|
|
//! # enum List<T> {
|
2015-04-20 14:05:57 +00:00
|
|
|
//! Cons(T, List<T>),
|
2017-06-20 07:15:16 +00:00
|
|
|
//! # }
|
2015-04-20 14:05:57 +00:00
|
|
|
//! ```
|
|
|
|
|
//!
|
2015-06-09 18:18:03 +00:00
|
|
|
//! It wouldn't work. This is because the size of a `List` depends on how many
|
|
|
|
|
//! elements are in the list, and so we don't know how much memory to allocate
|
2019-07-02 15:04:25 +00:00
|
|
|
//! for a `Cons`. By introducing a [`Box<T>`], which has a defined size, we know how
|
2015-06-09 18:18:03 +00:00
|
|
|
//! big `Cons` needs to be.
|
2018-09-25 01:55:54 +00:00
|
|
|
//!
|
2019-05-21 03:03:40 +00:00
|
|
|
//! # Memory layout
|
|
|
|
|
//!
|
|
|
|
|
//! For non-zero-sized values, a [`Box`] will use the [`Global`] allocator for
|
|
|
|
|
//! its allocation. It is valid to convert both ways between a [`Box`] and a
|
|
|
|
|
//! raw pointer allocated with the [`Global`] allocator, given that the
|
|
|
|
|
//! [`Layout`] used with the allocator is correct for the type. More precisely,
|
|
|
|
|
//! a `value: *mut T` that has been allocated with the [`Global`] allocator
|
|
|
|
|
//! with `Layout::for_value(&*value)` may be converted into a box using
|
2019-07-02 15:04:25 +00:00
|
|
|
//! [`Box::<T>::from_raw(value)`]. Conversely, the memory backing a `value: *mut
|
|
|
|
|
//! T` obtained from [`Box::<T>::into_raw`] may be deallocated using the
|
|
|
|
|
//! [`Global`] allocator with [`Layout::for_value(&*value)`].
|
2019-05-21 03:03:40 +00:00
|
|
|
//!
|
2020-11-20 09:25:59 +00:00
|
|
|
//! For zero-sized values, the `Box` pointer still has to be [valid] for reads
|
|
|
|
|
//! and writes and sufficiently aligned. In particular, casting any aligned
|
|
|
|
|
//! non-zero integer literal to a raw pointer produces a valid pointer, but a
|
|
|
|
|
//! pointer pointing into previously allocated memory that since got freed is
|
|
|
|
|
//! not valid. The recommended way to build a Box to a ZST if `Box::new` cannot
|
|
|
|
|
//! be used is to use [`ptr::NonNull::dangling`].
|
2020-10-12 08:08:25 +00:00
|
|
|
//!
|
2019-12-11 15:32:11 +00:00
|
|
|
//! So long as `T: Sized`, a `Box<T>` is guaranteed to be represented
|
|
|
|
|
//! as a single pointer and is also ABI-compatible with C pointers
|
|
|
|
|
//! (i.e. the C type `T*`). This means that if you have extern "C"
|
|
|
|
|
//! Rust functions that will be called from C, you can define those
|
|
|
|
|
//! Rust functions using `Box<T>` types, and use `T*` as corresponding
|
|
|
|
|
//! type on the C side. As an example, consider this C header which
|
|
|
|
|
//! declares functions that create and destroy some kind of `Foo`
|
|
|
|
|
//! value:
|
2019-07-09 04:34:36 +00:00
|
|
|
//!
|
|
|
|
|
//! ```c
|
|
|
|
|
//! /* C header */
|
2019-12-10 08:00:25 +00:00
|
|
|
//!
|
2019-12-10 06:56:37 +00:00
|
|
|
//! /* Returns ownership to the caller */
|
|
|
|
|
//! struct Foo* foo_new(void);
|
2019-12-10 08:00:25 +00:00
|
|
|
//!
|
2021-05-02 21:55:22 +00:00
|
|
|
//! /* Takes ownership from the caller; no-op when invoked with null */
|
2019-12-10 06:56:37 +00:00
|
|
|
//! void foo_delete(struct Foo*);
|
2019-07-09 04:34:36 +00:00
|
|
|
//! ```
|
2019-12-10 08:00:25 +00:00
|
|
|
//!
|
2019-12-10 06:49:59 +00:00
|
|
|
//! These two functions might be implemented in Rust as follows. Here, the
|
|
|
|
|
//! `struct Foo*` type from C is translated to `Box<Foo>`, which captures
|
|
|
|
|
//! the ownership constraints. Note also that the nullable argument to
|
|
|
|
|
//! `foo_delete` is represented in Rust as `Option<Box<Foo>>`, since `Box<Foo>`
|
|
|
|
|
//! cannot be null.
|
2019-07-09 04:34:36 +00:00
|
|
|
//!
|
|
|
|
|
//! ```
|
|
|
|
|
//! #[repr(C)]
|
|
|
|
|
//! pub struct Foo;
|
|
|
|
|
//!
|
|
|
|
|
//! #[no_mangle]
|
2019-10-30 16:43:04 +00:00
|
|
|
//! pub extern "C" fn foo_new() -> Box<Foo> {
|
2019-07-09 04:34:36 +00:00
|
|
|
//! Box::new(Foo)
|
|
|
|
|
//! }
|
|
|
|
|
//!
|
|
|
|
|
//! #[no_mangle]
|
2019-10-30 16:43:04 +00:00
|
|
|
//! pub extern "C" fn foo_delete(_: Option<Box<Foo>>) {}
|
2019-07-09 04:34:36 +00:00
|
|
|
//! ```
|
2019-05-21 03:03:40 +00:00
|
|
|
//!
|
2019-12-10 06:49:59 +00:00
|
|
|
//! Even though `Box<T>` has the same representation and C ABI as a C pointer,
|
|
|
|
|
//! this does not mean that you can convert an arbitrary `T*` into a `Box<T>`
|
|
|
|
|
//! and expect things to work. `Box<T>` values will always be fully aligned,
|
|
|
|
|
//! non-null pointers. Moreover, the destructor for `Box<T>` will attempt to
|
|
|
|
|
//! free the value with the global allocator. In general, the best practice
|
|
|
|
|
//! is to only use `Box<T>` for pointers that originated from the global
|
|
|
|
|
//! allocator.
|
2019-05-21 03:03:40 +00:00
|
|
|
//!
|
2019-12-11 15:32:11 +00:00
|
|
|
//! **Important.** At least at present, you should avoid using
|
|
|
|
|
//! `Box<T>` types for functions that are defined in C but invoked
|
|
|
|
|
//! from Rust. In those cases, you should directly mirror the C types
|
|
|
|
|
//! as closely as possible. Using types like `Box<T>` where the C
|
|
|
|
|
//! definition is just using `T*` can lead to undefined behavior, as
|
|
|
|
|
//! described in [rust-lang/unsafe-code-guidelines#198][ucg#198].
|
|
|
|
|
//!
|
2022-05-20 18:48:29 +00:00
|
|
|
//! # Considerations for unsafe code
|
|
|
|
|
//!
|
|
|
|
|
//! **Warning: This section is not normative and is subject to change, possibly
|
|
|
|
|
//! being relaxed in the future! It is a simplified summary of the rules
|
|
|
|
|
//! currently implemented in the compiler.**
|
|
|
|
|
//!
|
|
|
|
|
//! The aliasing rules for `Box<T>` are the same as for `&mut T`. `Box<T>`
|
2022-05-30 23:49:28 +00:00
|
|
|
//! asserts uniqueness over its content. Using raw pointers derived from a box
|
2022-05-20 18:48:29 +00:00
|
|
|
//! after that box has been mutated through, moved or borrowed as `&mut T`
|
|
|
|
|
//! is not allowed. For more guidance on working with box from unsafe code, see
|
|
|
|
|
//! [rust-lang/unsafe-code-guidelines#326][ucg#326].
|
|
|
|
|
//!
|
|
|
|
|
//!
|
2019-12-11 15:32:11 +00:00
|
|
|
//! [ucg#198]: https://github.com/rust-lang/unsafe-code-guidelines/issues/198
|
2022-05-20 18:48:29 +00:00
|
|
|
//! [ucg#326]: https://github.com/rust-lang/unsafe-code-guidelines/issues/326
|
2020-08-20 21:43:46 +00:00
|
|
|
//! [dereferencing]: core::ops::Deref
|
|
|
|
|
//! [`Box::<T>::from_raw(value)`]: Box::from_raw
|
|
|
|
|
//! [`Global`]: crate::alloc::Global
|
|
|
|
|
//! [`Layout`]: crate::alloc::Layout
|
|
|
|
|
//! [`Layout::for_value(&*value)`]: crate::alloc::Layout::for_value
|
2020-10-12 08:08:25 +00:00
|
|
|
//! [valid]: ptr#safety
|
2014-05-13 21:58:29 +00:00
|
|
|
|
2015-01-24 05:48:20 +00:00
|
|
|
#![stable(feature = "rust1", since = "1.0.0")]
|
2015-01-02 06:24:06 +00:00
|
|
|
|
2019-02-03 07:27:44 +00:00
|
|
|
use core::any::Any;
|
2022-02-03 09:56:10 +00:00
|
|
|
use core::async_iter::AsyncIterator;
|
2019-02-03 07:27:44 +00:00
|
|
|
use core::borrow;
|
|
|
|
|
use core::cmp::Ordering;
|
2022-07-29 18:54:47 +00:00
|
|
|
use core::error::Error;
|
2019-02-03 07:27:44 +00:00
|
|
|
use core::fmt;
|
|
|
|
|
use core::future::Future;
|
|
|
|
|
use core::hash::{Hash, Hasher};
|
2022-08-09 00:14:43 +00:00
|
|
|
use core::iter::FusedIterator;
|
2022-07-30 01:53:53 +00:00
|
|
|
use core::marker::Tuple;
|
2022-08-09 00:14:43 +00:00
|
|
|
use core::marker::Unsize;
|
2023-06-27 22:33:44 +00:00
|
|
|
use core::mem::{self, SizedTypeProperties};
|
2019-02-03 07:27:44 +00:00
|
|
|
use core::ops::{
|
2019-12-22 22:42:04 +00:00
|
|
|
CoerceUnsized, Deref, DerefMut, DispatchFromDyn, Generator, GeneratorState, Receiver,
|
Stabilize `Rc`, `Arc` and `Pin` as method receivers
This lets you write methods using `self: Rc<Self>`, `self: Arc<Self>`, `self: Pin<&mut Self>`, `self: Pin<Box<Self>`, and other combinations involving `Pin` and another stdlib receiver type, without needing the `arbitrary_self_types`. Other user-created receiver types can be used, but they still require the feature flag to use.
This is implemented by introducing a new trait, `Receiver`, which the method receiver's type must implement if the `arbitrary_self_types` feature is not enabled. To keep composed receiver types such as `&Arc<Self>` unstable, the receiver type is also required to implement `Deref<Target=Self>` when the feature flag is not enabled.
This lets you use `self: Rc<Self>` and `self: Arc<Self>` in stable Rust, which was not allowed previously. It was agreed that they would be stabilized in #55786. `self: Pin<&Self>` and other pinned receiver types do not require the `arbitrary_self_types` feature, but they cannot be used on stable because `Pin` still requires the `pin` feature.
2018-11-20 16:50:50 +00:00
|
|
|
};
|
2019-12-22 22:42:04 +00:00
|
|
|
use core::pin::Pin;
|
2023-06-27 22:33:44 +00:00
|
|
|
use core::ptr::{self, NonNull, Unique};
|
2019-03-11 23:56:00 +00:00
|
|
|
use core::task::{Context, Poll};
|
2018-04-13 23:13:28 +00:00
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
use crate::alloc::{handle_alloc_error, WriteCloneIntoRaw};
|
|
|
|
|
use crate::alloc::{AllocError, Allocator, Global, Layout};
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-04-22 20:03:05 +00:00
|
|
|
use crate::borrow::Cow;
|
2019-02-03 07:27:44 +00:00
|
|
|
use crate::raw_vec::RawVec;
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2019-02-03 07:27:44 +00:00
|
|
|
use crate::str::from_boxed_utf8_unchecked;
|
2022-07-29 18:54:47 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
use crate::string::String;
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2019-12-22 22:42:04 +00:00
|
|
|
use crate::vec::Vec;
|
2014-05-13 21:58:29 +00:00
|
|
|
|
2021-10-19 22:23:19 +00:00
|
|
|
#[unstable(feature = "thin_box", issue = "92791")]
|
|
|
|
|
pub use thin::ThinBox;
|
|
|
|
|
|
|
|
|
|
mod thin;
|
|
|
|
|
|
2022-11-21 23:28:41 +00:00
|
|
|
/// A pointer type that uniquely owns a heap allocation of type `T`.
|
2015-01-22 17:07:23 +00:00
|
|
|
///
|
|
|
|
|
/// See the [module-level documentation](../../std/boxed/index.html) for more.
|
2014-07-10 21:19:17 +00:00
|
|
|
#[lang = "owned_box"]
|
2017-01-21 14:40:31 +00:00
|
|
|
#[fundamental]
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2021-11-09 12:13:53 +00:00
|
|
|
// The declaration of the `Box` struct must be kept in sync with the
|
|
|
|
|
// `alloc::alloc::box_free` function or ICEs will happen. See the comment
|
|
|
|
|
// on `box_free` for more details.
|
2020-10-06 14:37:23 +00:00
|
|
|
pub struct Box<
|
|
|
|
|
T: ?Sized,
|
2020-12-04 13:47:15 +00:00
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,
|
2020-10-06 14:37:23 +00:00
|
|
|
>(Unique<T>, A);
|
2015-01-27 00:22:12 +00:00
|
|
|
|
2015-01-07 00:10:50 +00:00
|
|
|
impl<T> Box<T> {
|
2016-01-14 18:52:51 +00:00
|
|
|
/// Allocates memory on the heap and then places `x` into it.
|
2015-01-22 17:07:23 +00:00
|
|
|
///
|
2017-03-09 02:53:28 +00:00
|
|
|
/// This doesn't actually allocate if `T` is zero-sized.
|
|
|
|
|
///
|
2015-01-22 17:07:23 +00:00
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
2016-01-14 18:54:49 +00:00
|
|
|
/// let five = Box::new(5);
|
2015-01-22 17:07:23 +00:00
|
|
|
/// ```
|
2022-07-01 13:48:23 +00:00
|
|
|
#[cfg(all(not(no_global_oom_handling)))]
|
2022-05-28 14:37:52 +00:00
|
|
|
#[inline(always)]
|
|
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
|
|
|
|
#[must_use]
|
2022-11-13 13:55:04 +00:00
|
|
|
#[rustc_diagnostic_item = "box_new"]
|
2022-05-28 14:37:52 +00:00
|
|
|
pub fn new(x: T) -> Self {
|
|
|
|
|
#[rustc_box]
|
|
|
|
|
Box::new(x)
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-17 13:15:17 +00:00
|
|
|
/// Constructs a new box with uninitialized contents.
|
2019-07-06 15:19:58 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let mut five = Box::<u32>::new_uninit();
|
|
|
|
|
///
|
|
|
|
|
/// let five = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// five.as_mut_ptr().write(5);
|
|
|
|
|
///
|
2019-07-06 19:27:55 +00:00
|
|
|
/// five.assume_init()
|
2019-07-06 15:19:58 +00:00
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*five, 5)
|
|
|
|
|
/// ```
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2019-08-05 15:45:30 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline]
|
2019-07-06 15:19:58 +00:00
|
|
|
pub fn new_uninit() -> Box<mem::MaybeUninit<T>> {
|
2020-10-06 14:37:23 +00:00
|
|
|
Self::new_uninit_in(Global)
|
2019-07-06 15:19:58 +00:00
|
|
|
}
|
|
|
|
|
|
2019-11-05 18:27:42 +00:00
|
|
|
/// Constructs a new `Box` with uninitialized contents, with the memory
|
|
|
|
|
/// being filled with `0` bytes.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let zero = Box::<u32>::new_zeroed();
|
|
|
|
|
/// let zero = unsafe { zero.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*zero, 0)
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
2020-09-02 03:54:17 +00:00
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline]
|
2020-11-20 14:25:43 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2019-11-05 18:27:42 +00:00
|
|
|
pub fn new_zeroed() -> Box<mem::MaybeUninit<T>> {
|
2020-10-06 14:37:23 +00:00
|
|
|
Self::new_zeroed_in(Global)
|
2019-11-05 18:27:42 +00:00
|
|
|
}
|
|
|
|
|
|
2022-06-02 10:36:11 +00:00
|
|
|
/// Constructs a new `Pin<Box<T>>`. If `T` does not implement [`Unpin`], then
|
2019-07-06 19:52:15 +00:00
|
|
|
/// `x` will be pinned in memory and unable to be moved.
|
2022-06-02 10:36:11 +00:00
|
|
|
///
|
|
|
|
|
/// Constructing and pinning of the `Box` can also be done in two steps: `Box::pin(x)`
|
|
|
|
|
/// does the same as <code>[Box::into_pin]\([Box::new]\(x))</code>. Consider using
|
|
|
|
|
/// [`into_pin`](Box::into_pin) if you already have a `Box<T>`, or if you want to
|
|
|
|
|
/// construct a (pinned) `Box` in a different way than with [`Box::new`].
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2019-07-06 19:52:15 +00:00
|
|
|
#[stable(feature = "pin", since = "1.33.0")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2019-07-06 19:52:15 +00:00
|
|
|
#[inline(always)]
|
|
|
|
|
pub fn pin(x: T) -> Pin<Box<T>> {
|
2023-02-26 01:05:27 +00:00
|
|
|
Box::new(x).into()
|
2019-07-06 19:52:15 +00:00
|
|
|
}
|
2020-12-31 06:40:17 +00:00
|
|
|
|
|
|
|
|
/// Allocates memory on the heap then places `x` into it,
|
|
|
|
|
/// returning an error if the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// This doesn't actually allocate if `T` is zero-sized.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
|
|
|
|
/// let five = Box::try_new(5)?;
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
#[inline]
|
|
|
|
|
pub fn try_new(x: T) -> Result<Self, AllocError> {
|
|
|
|
|
Self::try_new_in(x, Global)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Constructs a new box with uninitialized contents on the heap,
|
|
|
|
|
/// returning an error if the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let mut five = Box::<u32>::try_new_uninit()?;
|
|
|
|
|
///
|
|
|
|
|
/// let five = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// five.as_mut_ptr().write(5);
|
|
|
|
|
///
|
|
|
|
|
/// five.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*five, 5);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2020-12-31 16:48:51 +00:00
|
|
|
#[inline]
|
2020-12-31 06:40:17 +00:00
|
|
|
pub fn try_new_uninit() -> Result<Box<mem::MaybeUninit<T>>, AllocError> {
|
|
|
|
|
Box::try_new_uninit_in(Global)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Constructs a new `Box` with uninitialized contents, with the memory
|
|
|
|
|
/// being filled with `0` bytes on the heap
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let zero = Box::<u32>::try_new_zeroed()?;
|
|
|
|
|
/// let zero = unsafe { zero.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*zero, 0);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2020-12-31 16:48:51 +00:00
|
|
|
#[inline]
|
2020-12-31 06:40:17 +00:00
|
|
|
pub fn try_new_zeroed() -> Result<Box<mem::MaybeUninit<T>>, AllocError> {
|
|
|
|
|
Box::try_new_zeroed_in(Global)
|
|
|
|
|
}
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T, A: Allocator> Box<T, A> {
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Allocates memory in the given allocator then places `x` into it.
|
|
|
|
|
///
|
|
|
|
|
/// This doesn't actually allocate if `T` is zero-sized.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let five = Box::new_in(5, System);
|
|
|
|
|
/// ```
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn new_in(x: T, alloc: A) -> Self
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2020-10-06 14:37:23 +00:00
|
|
|
let mut boxed = Self::new_uninit_in(alloc);
|
|
|
|
|
unsafe {
|
|
|
|
|
boxed.as_mut_ptr().write(x);
|
|
|
|
|
boxed.assume_init()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-22 20:10:18 +00:00
|
|
|
/// Allocates memory in the given allocator then places `x` into it,
|
|
|
|
|
/// returning an error if the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// This doesn't actually allocate if `T` is zero-sized.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let five = Box::try_new_in(5, System)?;
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
#[inline]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn try_new_in(x: T, alloc: A) -> Result<Self, AllocError>
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2020-12-22 20:10:18 +00:00
|
|
|
let mut boxed = Self::try_new_uninit_in(alloc)?;
|
|
|
|
|
unsafe {
|
|
|
|
|
boxed.as_mut_ptr().write(x);
|
|
|
|
|
Ok(boxed.assume_init())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Constructs a new box with uninitialized contents in the provided allocator.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let mut five = Box::<u32, _>::new_uninit_in(System);
|
|
|
|
|
///
|
|
|
|
|
/// let five = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// five.as_mut_ptr().write(5);
|
|
|
|
|
///
|
|
|
|
|
/// five.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*five, 5)
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn new_uninit_in(alloc: A) -> Box<mem::MaybeUninit<T>, A>
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2020-10-06 14:37:23 +00:00
|
|
|
let layout = Layout::new::<mem::MaybeUninit<T>>();
|
2021-02-06 13:33:29 +00:00
|
|
|
// NOTE: Prefer match over unwrap_or_else since closure sometimes not inlineable.
|
|
|
|
|
// That would make code size bigger.
|
|
|
|
|
match Box::try_new_uninit_in(alloc) {
|
|
|
|
|
Ok(m) => m,
|
|
|
|
|
Err(_) => handle_alloc_error(layout),
|
|
|
|
|
}
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-22 20:10:18 +00:00
|
|
|
/// Constructs a new box with uninitialized contents in the provided allocator,
|
|
|
|
|
/// returning an error if the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let mut five = Box::<u32, _>::try_new_uninit_in(System)?;
|
|
|
|
|
///
|
|
|
|
|
/// let five = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// five.as_mut_ptr().write(5);
|
|
|
|
|
///
|
|
|
|
|
/// five.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*five, 5);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn try_new_uninit_in(alloc: A) -> Result<Box<mem::MaybeUninit<T>, A>, AllocError>
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2023-06-27 22:33:44 +00:00
|
|
|
let ptr = if T::IS_ZST {
|
|
|
|
|
NonNull::dangling()
|
|
|
|
|
} else {
|
|
|
|
|
let layout = Layout::new::<mem::MaybeUninit<T>>();
|
|
|
|
|
alloc.allocate(layout)?.cast()
|
|
|
|
|
};
|
2020-12-22 20:10:18 +00:00
|
|
|
unsafe { Ok(Box::from_raw_in(ptr.as_ptr(), alloc)) }
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Constructs a new `Box` with uninitialized contents, with the memory
|
|
|
|
|
/// being filled with `0` bytes in the provided allocator.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let zero = Box::<u32, _>::new_zeroed_in(System);
|
|
|
|
|
/// let zero = unsafe { zero.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*zero, 0)
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn new_zeroed_in(alloc: A) -> Box<mem::MaybeUninit<T>, A>
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2020-10-06 14:37:23 +00:00
|
|
|
let layout = Layout::new::<mem::MaybeUninit<T>>();
|
2021-02-06 13:33:29 +00:00
|
|
|
// NOTE: Prefer match over unwrap_or_else since closure sometimes not inlineable.
|
|
|
|
|
// That would make code size bigger.
|
|
|
|
|
match Box::try_new_zeroed_in(alloc) {
|
|
|
|
|
Ok(m) => m,
|
|
|
|
|
Err(_) => handle_alloc_error(layout),
|
|
|
|
|
}
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-22 20:10:18 +00:00
|
|
|
/// Constructs a new `Box` with uninitialized contents, with the memory
|
2020-12-31 06:40:17 +00:00
|
|
|
/// being filled with `0` bytes in the provided allocator,
|
|
|
|
|
/// returning an error if the allocation fails,
|
2020-12-22 20:10:18 +00:00
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let zero = Box::<u32, _>::try_new_zeroed_in(System)?;
|
|
|
|
|
/// let zero = unsafe { zero.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*zero, 0);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn try_new_zeroed_in(alloc: A) -> Result<Box<mem::MaybeUninit<T>, A>, AllocError>
|
2021-12-23 13:03:12 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: Allocator,
|
2021-12-23 13:03:12 +00:00
|
|
|
{
|
2023-06-27 22:33:44 +00:00
|
|
|
let ptr = if T::IS_ZST {
|
|
|
|
|
NonNull::dangling()
|
|
|
|
|
} else {
|
|
|
|
|
let layout = Layout::new::<mem::MaybeUninit<T>>();
|
|
|
|
|
alloc.allocate_zeroed(layout)?.cast()
|
|
|
|
|
};
|
2020-12-22 20:10:18 +00:00
|
|
|
unsafe { Ok(Box::from_raw_in(ptr.as_ptr(), alloc)) }
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-02 10:36:11 +00:00
|
|
|
/// Constructs a new `Pin<Box<T, A>>`. If `T` does not implement [`Unpin`], then
|
2020-10-06 14:37:23 +00:00
|
|
|
/// `x` will be pinned in memory and unable to be moved.
|
2022-06-02 10:36:11 +00:00
|
|
|
///
|
|
|
|
|
/// Constructing and pinning of the `Box` can also be done in two steps: `Box::pin_in(x, alloc)`
|
|
|
|
|
/// does the same as <code>[Box::into_pin]\([Box::new_in]\(x, alloc))</code>. Consider using
|
|
|
|
|
/// [`into_pin`](Box::into_pin) if you already have a `Box<T, A>`, or if you want to
|
|
|
|
|
/// construct a (pinned) `Box` in a different way than with [`Box::new_in`].
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline(always)]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn pin_in(x: T, alloc: A) -> Pin<Self>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
2023-03-28 10:25:30 +00:00
|
|
|
A: 'static + Allocator,
|
2020-11-28 14:24:30 +00:00
|
|
|
{
|
2021-12-23 13:03:12 +00:00
|
|
|
Self::into_pin(Self::new_in(x, alloc))
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
2020-04-22 09:39:29 +00:00
|
|
|
|
|
|
|
|
/// Converts a `Box<T>` into a `Box<[T]>`
|
|
|
|
|
///
|
|
|
|
|
/// This conversion does not allocate on the heap and happens in place.
|
|
|
|
|
#[unstable(feature = "box_into_boxed_slice", issue = "71582")]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub fn into_boxed_slice(boxed: Self) -> Box<[T], A> {
|
2020-12-04 13:47:15 +00:00
|
|
|
let (raw, alloc) = Box::into_raw_with_allocator(boxed);
|
2020-10-06 14:37:23 +00:00
|
|
|
unsafe { Box::from_raw_in(raw as *mut [T; 1], alloc) }
|
2020-04-22 09:39:29 +00:00
|
|
|
}
|
2020-12-28 12:47:19 +00:00
|
|
|
|
|
|
|
|
/// Consumes the `Box`, returning the wrapped value.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(box_into_inner)]
|
|
|
|
|
///
|
|
|
|
|
/// let c = Box::new(5);
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(Box::into_inner(c), 5);
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "box_into_inner", issue = "80437")]
|
|
|
|
|
#[inline]
|
2023-03-28 10:25:30 +00:00
|
|
|
pub fn into_inner(boxed: Self) -> T {
|
2020-12-28 12:47:19 +00:00
|
|
|
*boxed
|
|
|
|
|
}
|
2019-07-06 19:52:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl<T> Box<[T]> {
|
2019-08-17 13:15:17 +00:00
|
|
|
/// Constructs a new boxed slice with uninitialized contents.
|
2019-07-06 19:27:55 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
2019-07-06 19:52:15 +00:00
|
|
|
/// let mut values = Box::<[u32]>::new_uninit_slice(3);
|
2019-07-06 19:27:55 +00:00
|
|
|
///
|
|
|
|
|
/// let values = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// values[0].as_mut_ptr().write(1);
|
|
|
|
|
/// values[1].as_mut_ptr().write(2);
|
|
|
|
|
/// values[2].as_mut_ptr().write(3);
|
|
|
|
|
///
|
|
|
|
|
/// values.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [1, 2, 3])
|
|
|
|
|
/// ```
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2019-08-05 15:45:30 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2019-07-06 19:27:55 +00:00
|
|
|
pub fn new_uninit_slice(len: usize) -> Box<[mem::MaybeUninit<T>]> {
|
2020-03-26 16:11:47 +00:00
|
|
|
unsafe { RawVec::with_capacity(len).into_box(len) }
|
2019-07-06 19:27:55 +00:00
|
|
|
}
|
2020-08-05 00:54:59 +00:00
|
|
|
|
|
|
|
|
/// Constructs a new boxed slice with uninitialized contents, with the memory
|
|
|
|
|
/// being filled with `0` bytes.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let values = Box::<[u32]>::new_zeroed_slice(3);
|
|
|
|
|
/// let values = unsafe { values.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [0, 0, 0])
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
2020-09-02 03:54:17 +00:00
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-08-05 00:54:59 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-08-05 00:54:59 +00:00
|
|
|
pub fn new_zeroed_slice(len: usize) -> Box<[mem::MaybeUninit<T>]> {
|
|
|
|
|
unsafe { RawVec::with_capacity_zeroed(len).into_box(len) }
|
|
|
|
|
}
|
2021-08-04 22:23:19 +00:00
|
|
|
|
2021-08-05 19:21:52 +00:00
|
|
|
/// Constructs a new boxed slice with uninitialized contents. Returns an error if
|
|
|
|
|
/// the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let mut values = Box::<[u32]>::try_new_uninit_slice(3)?;
|
|
|
|
|
/// let values = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// values[0].as_mut_ptr().write(1);
|
|
|
|
|
/// values[1].as_mut_ptr().write(2);
|
|
|
|
|
/// values[2].as_mut_ptr().write(3);
|
|
|
|
|
/// values.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [1, 2, 3]);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
#[inline]
|
|
|
|
|
pub fn try_new_uninit_slice(len: usize) -> Result<Box<[mem::MaybeUninit<T>]>, AllocError> {
|
2023-06-27 22:33:44 +00:00
|
|
|
let ptr = if T::IS_ZST || len == 0 {
|
|
|
|
|
NonNull::dangling()
|
|
|
|
|
} else {
|
2021-08-05 19:21:52 +00:00
|
|
|
let layout = match Layout::array::<mem::MaybeUninit<T>>(len) {
|
|
|
|
|
Ok(l) => l,
|
|
|
|
|
Err(_) => return Err(AllocError),
|
|
|
|
|
};
|
2023-06-27 22:33:44 +00:00
|
|
|
Global.allocate(layout)?.cast()
|
|
|
|
|
};
|
|
|
|
|
unsafe { Ok(RawVec::from_raw_parts_in(ptr.as_ptr(), len, Global).into_box(len)) }
|
2021-08-05 19:21:52 +00:00
|
|
|
}
|
|
|
|
|
|
2021-08-04 22:23:19 +00:00
|
|
|
/// Constructs a new boxed slice with uninitialized contents, with the memory
|
|
|
|
|
/// being filled with `0` bytes. Returns an error if the allocation fails
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let values = Box::<[u32]>::try_new_zeroed_slice(3)?;
|
|
|
|
|
/// let values = unsafe { values.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [0, 0, 0]);
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
#[inline]
|
|
|
|
|
pub fn try_new_zeroed_slice(len: usize) -> Result<Box<[mem::MaybeUninit<T>]>, AllocError> {
|
2023-06-27 22:33:44 +00:00
|
|
|
let ptr = if T::IS_ZST || len == 0 {
|
|
|
|
|
NonNull::dangling()
|
|
|
|
|
} else {
|
2021-08-04 22:23:19 +00:00
|
|
|
let layout = match Layout::array::<mem::MaybeUninit<T>>(len) {
|
|
|
|
|
Ok(l) => l,
|
|
|
|
|
Err(_) => return Err(AllocError),
|
|
|
|
|
};
|
2023-06-27 22:33:44 +00:00
|
|
|
Global.allocate_zeroed(layout)?.cast()
|
|
|
|
|
};
|
|
|
|
|
unsafe { Ok(RawVec::from_raw_parts_in(ptr.as_ptr(), len, Global).into_box(len)) }
|
2021-08-04 22:23:19 +00:00
|
|
|
}
|
2015-01-07 00:10:50 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T, A: Allocator> Box<[T], A> {
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Constructs a new boxed slice with uninitialized contents in the provided allocator.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let mut values = Box::<[u32], _>::new_uninit_slice_in(3, System);
|
|
|
|
|
///
|
|
|
|
|
/// let values = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// values[0].as_mut_ptr().write(1);
|
|
|
|
|
/// values[1].as_mut_ptr().write(2);
|
|
|
|
|
/// values[2].as_mut_ptr().write(3);
|
|
|
|
|
///
|
|
|
|
|
/// values.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [1, 2, 3])
|
|
|
|
|
/// ```
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub fn new_uninit_slice_in(len: usize, alloc: A) -> Box<[mem::MaybeUninit<T>], A> {
|
|
|
|
|
unsafe { RawVec::with_capacity_in(len, alloc).into_box(len) }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Constructs a new boxed slice with uninitialized contents in the provided allocator,
|
|
|
|
|
/// with the memory being filled with `0` bytes.
|
|
|
|
|
///
|
|
|
|
|
/// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
|
|
|
|
|
/// of this method.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let values = Box::<[u32], _>::new_zeroed_slice_in(3, System);
|
|
|
|
|
/// let values = unsafe { values.assume_init() };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [0, 0, 0])
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [zeroed]: mem::MaybeUninit::zeroed
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
// #[unstable(feature = "new_uninit", issue = "63291")]
|
2021-10-10 05:50:06 +00:00
|
|
|
#[must_use]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub fn new_zeroed_slice_in(len: usize, alloc: A) -> Box<[mem::MaybeUninit<T>], A> {
|
|
|
|
|
unsafe { RawVec::with_capacity_zeroed_in(len, alloc).into_box(len) }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T, A: Allocator> Box<mem::MaybeUninit<T>, A> {
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Converts to `Box<T, A>`.
|
2019-07-06 15:19:58 +00:00
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// As with [`MaybeUninit::assume_init`],
|
|
|
|
|
/// it is up to the caller to guarantee that the value
|
|
|
|
|
/// really is in an initialized state.
|
|
|
|
|
/// Calling this when the content is not yet fully initialized
|
|
|
|
|
/// causes immediate undefined behavior.
|
|
|
|
|
///
|
2020-09-02 03:54:17 +00:00
|
|
|
/// [`MaybeUninit::assume_init`]: mem::MaybeUninit::assume_init
|
2019-07-06 21:30:32 +00:00
|
|
|
///
|
2019-07-06 15:19:58 +00:00
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let mut five = Box::<u32>::new_uninit();
|
|
|
|
|
///
|
|
|
|
|
/// let five: Box<u32> = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// five.as_mut_ptr().write(5);
|
|
|
|
|
///
|
2019-07-06 19:27:55 +00:00
|
|
|
/// five.assume_init()
|
2019-07-06 15:19:58 +00:00
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*five, 5)
|
|
|
|
|
/// ```
|
2019-08-05 15:45:30 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2019-07-06 15:19:58 +00:00
|
|
|
#[inline]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub unsafe fn assume_init(self) -> Box<T, A> {
|
2020-12-04 13:47:15 +00:00
|
|
|
let (raw, alloc) = Box::into_raw_with_allocator(self);
|
2020-10-06 14:37:23 +00:00
|
|
|
unsafe { Box::from_raw_in(raw as *mut T, alloc) }
|
2019-07-06 19:27:55 +00:00
|
|
|
}
|
2021-09-13 13:44:27 +00:00
|
|
|
|
|
|
|
|
/// Writes the value and converts to `Box<T, A>`.
|
|
|
|
|
///
|
|
|
|
|
/// This method converts the box similarly to [`Box::assume_init`] but
|
|
|
|
|
/// writes `value` into it before conversion thus guaranteeing safety.
|
|
|
|
|
/// In some scenarios use of this method may improve performance because
|
|
|
|
|
/// the compiler may be able to optimize copying from stack.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
|
|
|
|
/// let big_box = Box::<[usize; 1024]>::new_uninit();
|
|
|
|
|
///
|
|
|
|
|
/// let mut array = [0; 1024];
|
|
|
|
|
/// for (i, place) in array.iter_mut().enumerate() {
|
|
|
|
|
/// *place = i;
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// // The optimizer may be able to elide this copy, so previous code writes
|
|
|
|
|
/// // to heap directly.
|
|
|
|
|
/// let big_box = Box::write(big_box, array);
|
|
|
|
|
///
|
|
|
|
|
/// for (i, x) in big_box.iter().enumerate() {
|
|
|
|
|
/// assert_eq!(*x, i);
|
|
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
|
|
|
|
#[inline]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub fn write(mut boxed: Self, value: T) -> Box<T, A> {
|
2021-09-13 13:44:27 +00:00
|
|
|
unsafe {
|
|
|
|
|
(*boxed).write(value);
|
|
|
|
|
boxed.assume_init()
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-07-06 19:27:55 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T, A: Allocator> Box<[mem::MaybeUninit<T>], A> {
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Converts to `Box<[T], A>`.
|
2019-07-06 19:27:55 +00:00
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// As with [`MaybeUninit::assume_init`],
|
|
|
|
|
/// it is up to the caller to guarantee that the values
|
|
|
|
|
/// really are in an initialized state.
|
|
|
|
|
/// Calling this when the content is not yet fully initialized
|
|
|
|
|
/// causes immediate undefined behavior.
|
|
|
|
|
///
|
2020-09-02 03:54:17 +00:00
|
|
|
/// [`MaybeUninit::assume_init`]: mem::MaybeUninit::assume_init
|
2019-07-06 21:30:32 +00:00
|
|
|
///
|
2019-07-06 19:27:55 +00:00
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(new_uninit)]
|
|
|
|
|
///
|
2019-07-06 19:52:15 +00:00
|
|
|
/// let mut values = Box::<[u32]>::new_uninit_slice(3);
|
2019-07-06 19:27:55 +00:00
|
|
|
///
|
|
|
|
|
/// let values = unsafe {
|
|
|
|
|
/// // Deferred initialization:
|
|
|
|
|
/// values[0].as_mut_ptr().write(1);
|
|
|
|
|
/// values[1].as_mut_ptr().write(2);
|
|
|
|
|
/// values[2].as_mut_ptr().write(3);
|
|
|
|
|
///
|
|
|
|
|
/// values.assume_init()
|
|
|
|
|
/// };
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(*values, [1, 2, 3])
|
|
|
|
|
/// ```
|
2019-08-05 15:45:30 +00:00
|
|
|
#[unstable(feature = "new_uninit", issue = "63291")]
|
2019-07-06 19:27:55 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub unsafe fn assume_init(self) -> Box<[T], A> {
|
2020-12-04 13:47:15 +00:00
|
|
|
let (raw, alloc) = Box::into_raw_with_allocator(self);
|
2020-10-06 14:37:23 +00:00
|
|
|
unsafe { Box::from_raw_in(raw as *mut [T], alloc) }
|
2019-07-06 15:19:58 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-23 02:32:40 +00:00
|
|
|
impl<T: ?Sized> Box<T> {
|
2016-01-14 02:23:07 +00:00
|
|
|
/// Constructs a box from a raw pointer.
|
2015-02-01 17:15:44 +00:00
|
|
|
///
|
2016-01-14 02:23:07 +00:00
|
|
|
/// After calling this function, the raw pointer is owned by the
|
|
|
|
|
/// resulting `Box`. Specifically, the `Box` destructor will call
|
2019-05-19 15:21:03 +00:00
|
|
|
/// the destructor of `T` and free the allocated memory. For this
|
2019-05-21 03:03:40 +00:00
|
|
|
/// to be safe, the memory must have been allocated in accordance
|
|
|
|
|
/// with the [memory layout] used by `Box` .
|
2019-05-19 15:21:03 +00:00
|
|
|
///
|
|
|
|
|
/// # Safety
|
2015-02-01 17:15:44 +00:00
|
|
|
///
|
2016-01-14 02:23:07 +00:00
|
|
|
/// This function is unsafe because improper use may lead to
|
|
|
|
|
/// memory problems. For example, a double-free may occur if the
|
2015-02-01 17:15:44 +00:00
|
|
|
/// function is called twice on the same raw pointer.
|
2016-07-09 17:57:08 +00:00
|
|
|
///
|
2020-10-12 08:08:25 +00:00
|
|
|
/// The safety conditions are described in the [memory layout] section.
|
|
|
|
|
///
|
2016-07-09 17:57:08 +00:00
|
|
|
/// # Examples
|
2020-10-12 08:08:25 +00:00
|
|
|
///
|
2019-05-21 03:03:40 +00:00
|
|
|
/// Recreate a `Box` which was previously converted to a raw pointer
|
|
|
|
|
/// using [`Box::into_raw`]:
|
2016-07-09 17:57:08 +00:00
|
|
|
/// ```
|
|
|
|
|
/// let x = Box::new(5);
|
|
|
|
|
/// let ptr = Box::into_raw(x);
|
|
|
|
|
/// let x = unsafe { Box::from_raw(ptr) };
|
|
|
|
|
/// ```
|
2019-05-19 15:21:03 +00:00
|
|
|
/// Manually create a `Box` from scratch by using the global allocator:
|
|
|
|
|
/// ```
|
2019-05-21 03:03:40 +00:00
|
|
|
/// use std::alloc::{alloc, Layout};
|
2019-05-19 15:21:03 +00:00
|
|
|
///
|
2019-05-21 03:03:40 +00:00
|
|
|
/// unsafe {
|
|
|
|
|
/// let ptr = alloc(Layout::new::<i32>()) as *mut i32;
|
2020-06-24 02:42:35 +00:00
|
|
|
/// // In general .write is required to avoid attempting to destruct
|
|
|
|
|
/// // the (uninitialized) previous contents of `ptr`, though for this
|
|
|
|
|
/// // simple example `*ptr = 5` would have worked as well.
|
|
|
|
|
/// ptr.write(5);
|
2019-05-21 03:03:40 +00:00
|
|
|
/// let x = Box::from_raw(ptr);
|
|
|
|
|
/// }
|
2019-05-19 15:21:03 +00:00
|
|
|
/// ```
|
|
|
|
|
///
|
2020-08-20 21:43:46 +00:00
|
|
|
/// [memory layout]: self#memory-layout
|
|
|
|
|
/// [`Layout`]: crate::Layout
|
2015-09-10 20:26:44 +00:00
|
|
|
#[stable(feature = "box_raw", since = "1.4.0")]
|
2015-02-22 23:58:54 +00:00
|
|
|
#[inline]
|
2022-11-05 20:52:18 +00:00
|
|
|
#[must_use = "call `drop(Box::from_raw(ptr))` if you intend to drop the `Box`"]
|
2015-02-01 17:15:44 +00:00
|
|
|
pub unsafe fn from_raw(raw: *mut T) -> Self {
|
2020-10-06 14:37:23 +00:00
|
|
|
unsafe { Self::from_raw_in(raw, Global) }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> Box<T, A> {
|
2020-10-06 14:37:23 +00:00
|
|
|
/// Constructs a box from a raw pointer in the given allocator.
|
|
|
|
|
///
|
|
|
|
|
/// After calling this function, the raw pointer is owned by the
|
|
|
|
|
/// resulting `Box`. Specifically, the `Box` destructor will call
|
|
|
|
|
/// the destructor of `T` and free the allocated memory. For this
|
|
|
|
|
/// to be safe, the memory must have been allocated in accordance
|
|
|
|
|
/// with the [memory layout] used by `Box` .
|
|
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// This function is unsafe because improper use may lead to
|
|
|
|
|
/// memory problems. For example, a double-free may occur if the
|
|
|
|
|
/// function is called twice on the same raw pointer.
|
|
|
|
|
///
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// Recreate a `Box` which was previously converted to a raw pointer
|
2020-12-04 13:47:15 +00:00
|
|
|
/// using [`Box::into_raw_with_allocator`]:
|
2020-10-06 14:37:23 +00:00
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let x = Box::new_in(5, System);
|
2020-12-04 13:47:15 +00:00
|
|
|
/// let (ptr, alloc) = Box::into_raw_with_allocator(x);
|
2020-10-06 14:37:23 +00:00
|
|
|
/// let x = unsafe { Box::from_raw_in(ptr, alloc) };
|
|
|
|
|
/// ```
|
|
|
|
|
/// Manually create a `Box` from scratch by using the system allocator:
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api, slice_ptr_get)]
|
|
|
|
|
///
|
2020-12-04 13:47:15 +00:00
|
|
|
/// use std::alloc::{Allocator, Layout, System};
|
2020-10-06 14:37:23 +00:00
|
|
|
///
|
|
|
|
|
/// unsafe {
|
2021-04-10 10:24:08 +00:00
|
|
|
/// let ptr = System.allocate(Layout::new::<i32>())?.as_mut_ptr() as *mut i32;
|
2020-10-06 14:37:23 +00:00
|
|
|
/// // In general .write is required to avoid attempting to destruct
|
|
|
|
|
/// // the (uninitialized) previous contents of `ptr`, though for this
|
|
|
|
|
/// // simple example `*ptr = 5` would have worked as well.
|
|
|
|
|
/// ptr.write(5);
|
|
|
|
|
/// let x = Box::from_raw_in(ptr, System);
|
|
|
|
|
/// }
|
|
|
|
|
/// # Ok::<(), std::alloc::AllocError>(())
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [memory layout]: self#memory-layout
|
|
|
|
|
/// [`Layout`]: crate::Layout
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
2022-01-03 15:35:53 +00:00
|
|
|
#[rustc_const_unstable(feature = "const_box", issue = "92521")]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline]
|
2021-12-23 13:03:12 +00:00
|
|
|
pub const unsafe fn from_raw_in(raw: *mut T, alloc: A) -> Self {
|
2020-10-06 14:37:23 +00:00
|
|
|
Box(unsafe { Unique::new_unchecked(raw) }, alloc)
|
2017-10-06 21:29:49 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-18 03:21:00 +00:00
|
|
|
/// Consumes the `Box`, returning a wrapped raw pointer.
|
|
|
|
|
///
|
|
|
|
|
/// The pointer will be properly aligned and non-null.
|
2015-06-11 02:14:35 +00:00
|
|
|
///
|
2016-01-14 02:23:07 +00:00
|
|
|
/// After calling this function, the caller is responsible for the
|
|
|
|
|
/// memory previously managed by the `Box`. In particular, the
|
2019-05-21 03:03:40 +00:00
|
|
|
/// caller should properly destroy `T` and release the memory, taking
|
|
|
|
|
/// into account the [memory layout] used by `Box`. The easiest way to
|
|
|
|
|
/// do this is to convert the raw pointer back into a `Box` with the
|
|
|
|
|
/// [`Box::from_raw`] function, allowing the `Box` destructor to perform
|
|
|
|
|
/// the cleanup.
|
2015-06-11 02:14:35 +00:00
|
|
|
///
|
2016-08-06 10:49:17 +00:00
|
|
|
/// Note: this is an associated function, which means that you have
|
|
|
|
|
/// to call it as `Box::into_raw(b)` instead of `b.into_raw()`. This
|
|
|
|
|
/// is so that there is no conflict with a method on the inner type.
|
|
|
|
|
///
|
2015-06-11 02:14:35 +00:00
|
|
|
/// # Examples
|
2019-05-19 23:47:18 +00:00
|
|
|
/// Converting the raw pointer back into a `Box` with [`Box::from_raw`]
|
2019-05-19 15:21:03 +00:00
|
|
|
/// for automatic cleanup:
|
2015-09-10 20:26:44 +00:00
|
|
|
/// ```
|
2019-05-19 15:21:03 +00:00
|
|
|
/// let x = Box::new(String::from("Hello"));
|
2016-07-09 17:57:08 +00:00
|
|
|
/// let ptr = Box::into_raw(x);
|
2019-05-21 03:03:40 +00:00
|
|
|
/// let x = unsafe { Box::from_raw(ptr) };
|
2019-05-19 15:21:03 +00:00
|
|
|
/// ```
|
2019-05-21 03:03:40 +00:00
|
|
|
/// Manual cleanup by explicitly running the destructor and deallocating
|
|
|
|
|
/// the memory:
|
2015-06-11 02:14:35 +00:00
|
|
|
/// ```
|
2019-05-21 03:03:40 +00:00
|
|
|
/// use std::alloc::{dealloc, Layout};
|
2019-05-19 15:21:03 +00:00
|
|
|
/// use std::ptr;
|
2019-05-19 23:47:18 +00:00
|
|
|
///
|
2019-05-19 15:21:03 +00:00
|
|
|
/// let x = Box::new(String::from("Hello"));
|
|
|
|
|
/// let p = Box::into_raw(x);
|
2019-05-21 03:03:40 +00:00
|
|
|
/// unsafe {
|
|
|
|
|
/// ptr::drop_in_place(p);
|
|
|
|
|
/// dealloc(p as *mut u8, Layout::new::<String>());
|
|
|
|
|
/// }
|
2019-05-19 15:21:03 +00:00
|
|
|
/// ```
|
|
|
|
|
///
|
2020-08-20 21:43:46 +00:00
|
|
|
/// [memory layout]: self#memory-layout
|
2015-09-10 20:26:44 +00:00
|
|
|
#[stable(feature = "box_raw", since = "1.4.0")]
|
2015-06-11 02:14:35 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub fn into_raw(b: Self) -> *mut T {
|
2020-12-04 13:47:15 +00:00
|
|
|
Self::into_raw_with_allocator(b).0
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Consumes the `Box`, returning a wrapped raw pointer and the allocator.
|
|
|
|
|
///
|
|
|
|
|
/// The pointer will be properly aligned and non-null.
|
|
|
|
|
///
|
|
|
|
|
/// After calling this function, the caller is responsible for the
|
|
|
|
|
/// memory previously managed by the `Box`. In particular, the
|
|
|
|
|
/// caller should properly destroy `T` and release the memory, taking
|
|
|
|
|
/// into account the [memory layout] used by `Box`. The easiest way to
|
|
|
|
|
/// do this is to convert the raw pointer back into a `Box` with the
|
|
|
|
|
/// [`Box::from_raw_in`] function, allowing the `Box` destructor to perform
|
|
|
|
|
/// the cleanup.
|
|
|
|
|
///
|
|
|
|
|
/// Note: this is an associated function, which means that you have
|
2020-12-04 13:47:15 +00:00
|
|
|
/// to call it as `Box::into_raw_with_allocator(b)` instead of `b.into_raw_with_allocator()`. This
|
2020-10-06 14:37:23 +00:00
|
|
|
/// is so that there is no conflict with a method on the inner type.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
/// Converting the raw pointer back into a `Box` with [`Box::from_raw_in`]
|
|
|
|
|
/// for automatic cleanup:
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::alloc::System;
|
|
|
|
|
///
|
|
|
|
|
/// let x = Box::new_in(String::from("Hello"), System);
|
2020-12-04 13:47:15 +00:00
|
|
|
/// let (ptr, alloc) = Box::into_raw_with_allocator(x);
|
2020-10-06 14:37:23 +00:00
|
|
|
/// let x = unsafe { Box::from_raw_in(ptr, alloc) };
|
|
|
|
|
/// ```
|
|
|
|
|
/// Manual cleanup by explicitly running the destructor and deallocating
|
|
|
|
|
/// the memory:
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(allocator_api)]
|
|
|
|
|
///
|
2020-12-04 13:47:15 +00:00
|
|
|
/// use std::alloc::{Allocator, Layout, System};
|
2020-10-06 14:37:23 +00:00
|
|
|
/// use std::ptr::{self, NonNull};
|
|
|
|
|
///
|
|
|
|
|
/// let x = Box::new_in(String::from("Hello"), System);
|
2020-12-04 13:47:15 +00:00
|
|
|
/// let (ptr, alloc) = Box::into_raw_with_allocator(x);
|
2020-10-06 14:37:23 +00:00
|
|
|
/// unsafe {
|
|
|
|
|
/// ptr::drop_in_place(ptr);
|
|
|
|
|
/// let non_null = NonNull::new_unchecked(ptr);
|
2020-12-04 13:47:15 +00:00
|
|
|
/// alloc.deallocate(non_null.cast(), Layout::new::<String>());
|
2020-10-06 14:37:23 +00:00
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// [memory layout]: self#memory-layout
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
|
|
|
|
#[inline]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub fn into_raw_with_allocator(b: Self) -> (*mut T, A) {
|
2020-10-06 14:37:23 +00:00
|
|
|
let (leaked, alloc) = Box::into_unique(b);
|
|
|
|
|
(leaked.as_ptr(), alloc)
|
2015-06-11 02:14:35 +00:00
|
|
|
}
|
2017-07-14 10:47:06 +00:00
|
|
|
|
2020-04-15 13:37:46 +00:00
|
|
|
#[unstable(
|
|
|
|
|
feature = "ptr_internals",
|
|
|
|
|
issue = "none",
|
2020-04-15 16:32:56 +00:00
|
|
|
reason = "use `Box::leak(b).into()` or `Unique::from(Box::leak(b))` instead"
|
2020-04-15 13:37:46 +00:00
|
|
|
)]
|
2017-12-22 18:24:07 +00:00
|
|
|
#[inline]
|
2018-04-11 09:24:47 +00:00
|
|
|
#[doc(hidden)]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub fn into_unique(b: Self) -> (Unique<T>, A) {
|
2020-04-15 16:38:22 +00:00
|
|
|
// Box is recognized as a "unique pointer" by Stacked Borrows, but internally it is a
|
|
|
|
|
// raw pointer for the type system. Turning it directly into a raw pointer would not be
|
|
|
|
|
// recognized as "releasing" the unique pointer to permit aliased raw accesses,
|
2020-10-27 16:02:42 +00:00
|
|
|
// so all raw pointer methods have to go through `Box::leak`. Turning *that* to a raw pointer
|
2020-10-06 14:37:23 +00:00
|
|
|
// behaves correctly.
|
|
|
|
|
let alloc = unsafe { ptr::read(&b.1) };
|
2020-10-27 16:02:42 +00:00
|
|
|
(Unique::from(Box::leak(b)), alloc)
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Returns a reference to the underlying allocator.
|
|
|
|
|
///
|
|
|
|
|
/// Note: this is an associated function, which means that you have
|
2020-12-04 13:47:15 +00:00
|
|
|
/// to call it as `Box::allocator(&b)` instead of `b.allocator()`. This
|
2020-10-06 14:37:23 +00:00
|
|
|
/// is so that there is no conflict with a method on the inner type.
|
|
|
|
|
#[unstable(feature = "allocator_api", issue = "32838")]
|
2022-01-03 15:35:53 +00:00
|
|
|
#[rustc_const_unstable(feature = "const_box", issue = "92521")]
|
2020-10-06 14:37:23 +00:00
|
|
|
#[inline]
|
2021-12-23 13:03:12 +00:00
|
|
|
pub const fn allocator(b: &Self) -> &A {
|
2020-10-06 14:37:23 +00:00
|
|
|
&b.1
|
2017-07-14 10:47:06 +00:00
|
|
|
}
|
2017-11-08 22:10:33 +00:00
|
|
|
|
2017-11-09 22:27:58 +00:00
|
|
|
/// Consumes and leaks the `Box`, returning a mutable reference,
|
2018-07-09 20:25:36 +00:00
|
|
|
/// `&'a mut T`. Note that the type `T` must outlive the chosen lifetime
|
|
|
|
|
/// `'a`. If the type has only static references, or none at all, then this
|
|
|
|
|
/// may be chosen to be `'static`.
|
2017-11-08 22:10:33 +00:00
|
|
|
///
|
|
|
|
|
/// This function is mainly useful for data that lives for the remainder of
|
2017-11-08 22:59:35 +00:00
|
|
|
/// the program's life. Dropping the returned reference will cause a memory
|
2017-11-08 22:10:33 +00:00
|
|
|
/// leak. If this is not acceptable, the reference should first be wrapped
|
2017-11-08 22:59:35 +00:00
|
|
|
/// with the [`Box::from_raw`] function producing a `Box`. This `Box` can
|
|
|
|
|
/// then be dropped which will properly destroy `T` and release the
|
|
|
|
|
/// allocated memory.
|
2017-11-08 22:10:33 +00:00
|
|
|
///
|
|
|
|
|
/// Note: this is an associated function, which means that you have
|
|
|
|
|
/// to call it as `Box::leak(b)` instead of `b.leak()`. This
|
|
|
|
|
/// is so that there is no conflict with a method on the inner type.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// Simple usage:
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
2019-10-01 11:55:46 +00:00
|
|
|
/// let x = Box::new(41);
|
|
|
|
|
/// let static_ref: &'static mut usize = Box::leak(x);
|
|
|
|
|
/// *static_ref += 1;
|
|
|
|
|
/// assert_eq!(*static_ref, 42);
|
2017-11-08 22:10:33 +00:00
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// Unsized data:
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
2019-10-01 11:55:46 +00:00
|
|
|
/// let x = vec![1, 2, 3].into_boxed_slice();
|
|
|
|
|
/// let static_ref = Box::leak(x);
|
|
|
|
|
/// static_ref[0] = 4;
|
|
|
|
|
/// assert_eq!(*static_ref, [4, 2, 3]);
|
2017-11-08 22:10:33 +00:00
|
|
|
/// ```
|
2018-02-10 00:26:19 +00:00
|
|
|
#[stable(feature = "box_leak", since = "1.26.0")]
|
2017-11-08 22:10:33 +00:00
|
|
|
#[inline]
|
2023-04-16 07:21:33 +00:00
|
|
|
pub fn leak<'a>(b: Self) -> &'a mut T
|
2017-11-09 22:39:18 +00:00
|
|
|
where
|
2020-10-06 14:37:23 +00:00
|
|
|
A: 'a,
|
2017-11-09 22:39:18 +00:00
|
|
|
{
|
2020-04-15 16:38:22 +00:00
|
|
|
unsafe { &mut *mem::ManuallyDrop::new(b).0.as_ptr() }
|
2017-11-08 22:10:33 +00:00
|
|
|
}
|
2019-01-03 20:04:35 +00:00
|
|
|
|
2022-06-02 10:36:11 +00:00
|
|
|
/// Converts a `Box<T>` into a `Pin<Box<T>>`. If `T` does not implement [`Unpin`], then
|
|
|
|
|
/// `*boxed` will be pinned in memory and unable to be moved.
|
2019-01-03 20:04:35 +00:00
|
|
|
///
|
|
|
|
|
/// This conversion does not allocate on the heap and happens in place.
|
|
|
|
|
///
|
|
|
|
|
/// This is also available via [`From`].
|
2022-05-25 12:45:35 +00:00
|
|
|
///
|
2022-06-02 10:36:11 +00:00
|
|
|
/// Constructing and pinning a `Box` with <code>Box::into_pin([Box::new]\(x))</code>
|
|
|
|
|
/// can also be written more concisely using <code>[Box::pin]\(x)</code>.
|
|
|
|
|
/// This `into_pin` method is useful if you already have a `Box<T>`, or you are
|
|
|
|
|
/// constructing a (pinned) `Box` in a different way than with [`Box::new`].
|
|
|
|
|
///
|
2022-05-25 12:45:35 +00:00
|
|
|
/// # Notes
|
|
|
|
|
///
|
|
|
|
|
/// It's not recommended that crates add an impl like `From<Box<T>> for Pin<T>`,
|
|
|
|
|
/// as it'll introduce an ambiguity when calling `Pin::from`.
|
|
|
|
|
/// A demonstration of such a poor impl is shown below.
|
|
|
|
|
///
|
|
|
|
|
/// ```compile_fail
|
|
|
|
|
/// # use std::pin::Pin;
|
|
|
|
|
/// struct Foo; // A type defined in this crate.
|
|
|
|
|
/// impl From<Box<()>> for Pin<Foo> {
|
|
|
|
|
/// fn from(_: Box<()>) -> Pin<Foo> {
|
|
|
|
|
/// Pin::new(Foo)
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// let foo = Box::new(());
|
|
|
|
|
/// let bar = Pin::from(foo);
|
|
|
|
|
/// ```
|
|
|
|
|
#[stable(feature = "box_into_pin", since = "1.63.0")]
|
2022-01-03 15:35:53 +00:00
|
|
|
#[rustc_const_unstable(feature = "const_box", issue = "92521")]
|
2021-12-23 13:03:12 +00:00
|
|
|
pub const fn into_pin(boxed: Self) -> Pin<Self>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
|
|
|
|
A: 'static,
|
|
|
|
|
{
|
2019-01-03 20:04:35 +00:00
|
|
|
// It's not possible to move or replace the insides of a `Pin<Box<T>>`
|
2022-05-25 12:45:35 +00:00
|
|
|
// when `T: !Unpin`, so it's safe to pin it directly without any
|
2019-01-03 20:04:35 +00:00
|
|
|
// additional requirements.
|
|
|
|
|
unsafe { Pin::new_unchecked(boxed) }
|
|
|
|
|
}
|
2015-02-01 17:15:44 +00:00
|
|
|
}
|
|
|
|
|
|
2017-01-21 19:44:44 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2022-03-10 14:28:28 +00:00
|
|
|
unsafe impl<#[may_dangle] T: ?Sized, A: Allocator> Drop for Box<T, A> {
|
2022-08-01 20:51:58 +00:00
|
|
|
#[inline]
|
2017-01-21 19:44:44 +00:00
|
|
|
fn drop(&mut self) {
|
2022-08-01 20:51:58 +00:00
|
|
|
// the T in the Box is dropped by the compiler before the destructor is run
|
|
|
|
|
|
|
|
|
|
let ptr = self.0;
|
|
|
|
|
|
|
|
|
|
unsafe {
|
|
|
|
|
let layout = Layout::for_value_raw(ptr.as_ptr());
|
2023-06-27 22:33:44 +00:00
|
|
|
if layout.size() != 0 {
|
|
|
|
|
self.1.deallocate(From::from(ptr.cast()), layout);
|
|
|
|
|
}
|
2022-08-01 20:51:58 +00:00
|
|
|
}
|
2017-01-21 19:44:44 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-17 02:52:14 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2014-05-13 21:58:29 +00:00
|
|
|
impl<T: Default> Default for Box<T> {
|
2016-09-11 11:30:09 +00:00
|
|
|
/// Creates a `Box<T>`, with the `Default` value for T.
|
2023-02-26 01:05:27 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn default() -> Self {
|
2022-05-28 14:37:52 +00:00
|
|
|
Box::new(T::default())
|
2015-09-23 22:00:54 +00:00
|
|
|
}
|
2014-05-13 21:58:29 +00:00
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2023-04-16 06:49:27 +00:00
|
|
|
impl<T> Default for Box<[T]> {
|
2023-02-26 01:05:27 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn default() -> Self {
|
2022-04-11 18:43:21 +00:00
|
|
|
let ptr: Unique<[T]> = Unique::<[T; 0]>::dangling();
|
|
|
|
|
Box(ptr, Global)
|
2015-09-23 22:00:54 +00:00
|
|
|
}
|
2014-11-06 17:52:45 +00:00
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2017-02-01 03:46:16 +00:00
|
|
|
#[stable(feature = "default_box_extra", since = "1.17.0")]
|
2023-04-16 06:49:27 +00:00
|
|
|
impl Default for Box<str> {
|
2023-02-26 01:05:27 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn default() -> Self {
|
2022-04-11 18:43:21 +00:00
|
|
|
// SAFETY: This is the same as `Unique::cast<U>` but with an unsized `U = str`.
|
|
|
|
|
let ptr: Unique<str> = unsafe {
|
|
|
|
|
let bytes: Unique<[u8]> = Unique::<[u8; 0]>::dangling();
|
|
|
|
|
Unique::new_unchecked(bytes.as_ptr() as *mut str)
|
|
|
|
|
};
|
|
|
|
|
Box(ptr, Global)
|
2017-02-01 03:46:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: Clone, A: Allocator + Clone> Clone for Box<T, A> {
|
2015-01-22 17:07:23 +00:00
|
|
|
/// Returns a new box with a `clone()` of this box's contents.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// let x = Box::new(5);
|
|
|
|
|
/// let y = x.clone();
|
2019-06-30 18:56:21 +00:00
|
|
|
///
|
|
|
|
|
/// // The value is the same
|
|
|
|
|
/// assert_eq!(x, y);
|
|
|
|
|
///
|
|
|
|
|
/// // But they are unique objects
|
|
|
|
|
/// assert_ne!(&*x as *const i32, &*y as *const i32);
|
2015-01-22 17:07:23 +00:00
|
|
|
/// ```
|
2014-05-13 21:58:29 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn clone(&self) -> Self {
|
2021-01-08 21:02:23 +00:00
|
|
|
// Pre-allocate memory to allow writing the cloned value directly.
|
|
|
|
|
let mut boxed = Self::new_uninit_in(self.1.clone());
|
|
|
|
|
unsafe {
|
|
|
|
|
(**self).write_clone_into_raw(boxed.as_mut_ptr());
|
|
|
|
|
boxed.assume_init()
|
|
|
|
|
}
|
2015-09-23 22:00:54 +00:00
|
|
|
}
|
2019-06-30 18:56:21 +00:00
|
|
|
|
2015-01-22 17:07:23 +00:00
|
|
|
/// Copies `source`'s contents into `self` without creating a new allocation.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// let x = Box::new(5);
|
|
|
|
|
/// let mut y = Box::new(10);
|
2019-06-30 18:56:21 +00:00
|
|
|
/// let yp: *const i32 = &*y;
|
2015-01-22 17:07:23 +00:00
|
|
|
///
|
|
|
|
|
/// y.clone_from(&x);
|
|
|
|
|
///
|
2019-06-30 18:56:21 +00:00
|
|
|
/// // The value is the same
|
|
|
|
|
/// assert_eq!(x, y);
|
|
|
|
|
///
|
|
|
|
|
/// // And no allocation occurred
|
|
|
|
|
/// assert_eq!(yp, &*y);
|
2015-01-22 17:07:23 +00:00
|
|
|
/// ```
|
2014-05-13 21:58:29 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn clone_from(&mut self, source: &Self) {
|
2014-05-13 21:58:29 +00:00
|
|
|
(**self).clone_from(&(**source));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-07-27 16:06:00 +00:00
|
|
|
#[stable(feature = "box_slice_clone", since = "1.3.0")]
|
|
|
|
|
impl Clone for Box<str> {
|
|
|
|
|
fn clone(&self) -> Self {
|
2019-05-27 19:42:50 +00:00
|
|
|
// this makes a copy of the data
|
2019-05-27 06:43:20 +00:00
|
|
|
let buf: Box<[u8]> = self.as_bytes().into();
|
2019-12-22 22:42:04 +00:00
|
|
|
unsafe { from_boxed_utf8_unchecked(buf) }
|
2015-07-27 16:06:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + PartialEq, A: Allocator> PartialEq for Box<T, A> {
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn eq(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialEq::eq(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn ne(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialEq::ne(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
}
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + PartialOrd, A: Allocator> PartialOrd for Box<T, A> {
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
|
2014-10-30 20:33:47 +00:00
|
|
|
PartialOrd::partial_cmp(&**self, &**other)
|
|
|
|
|
}
|
|
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn lt(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialOrd::lt(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn le(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialOrd::le(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn ge(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialOrd::ge(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn gt(&self, other: &Self) -> bool {
|
2015-09-23 22:00:54 +00:00
|
|
|
PartialOrd::gt(&**self, &**other)
|
|
|
|
|
}
|
2014-10-30 20:33:47 +00:00
|
|
|
}
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + Ord, A: Allocator> Ord for Box<T, A> {
|
2014-10-30 20:33:47 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn cmp(&self, other: &Self) -> Ordering {
|
2014-10-30 20:33:47 +00:00
|
|
|
Ord::cmp(&**self, &**other)
|
|
|
|
|
}
|
2015-01-07 20:37:07 +00:00
|
|
|
}
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + Eq, A: Allocator> Eq for Box<T, A> {}
|
2014-10-30 20:33:47 +00:00
|
|
|
|
2015-02-18 04:48:07 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + Hash, A: Allocator> Hash for Box<T, A> {
|
2018-03-29 02:51:52 +00:00
|
|
|
fn hash<H: Hasher>(&self, state: &mut H) {
|
2015-02-18 04:48:07 +00:00
|
|
|
(**self).hash(state);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-12-13 02:43:07 +00:00
|
|
|
|
2017-08-21 14:15:02 +00:00
|
|
|
#[stable(feature = "indirect_hasher_impl", since = "1.22.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + Hasher, A: Allocator> Hasher for Box<T, A> {
|
2017-08-21 14:15:02 +00:00
|
|
|
fn finish(&self) -> u64 {
|
|
|
|
|
(**self).finish()
|
|
|
|
|
}
|
|
|
|
|
fn write(&mut self, bytes: &[u8]) {
|
|
|
|
|
(**self).write(bytes)
|
|
|
|
|
}
|
|
|
|
|
fn write_u8(&mut self, i: u8) {
|
|
|
|
|
(**self).write_u8(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_u16(&mut self, i: u16) {
|
|
|
|
|
(**self).write_u16(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_u32(&mut self, i: u32) {
|
|
|
|
|
(**self).write_u32(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_u64(&mut self, i: u64) {
|
|
|
|
|
(**self).write_u64(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_u128(&mut self, i: u128) {
|
|
|
|
|
(**self).write_u128(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_usize(&mut self, i: usize) {
|
|
|
|
|
(**self).write_usize(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_i8(&mut self, i: i8) {
|
|
|
|
|
(**self).write_i8(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_i16(&mut self, i: i16) {
|
|
|
|
|
(**self).write_i16(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_i32(&mut self, i: i32) {
|
|
|
|
|
(**self).write_i32(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_i64(&mut self, i: i64) {
|
|
|
|
|
(**self).write_i64(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_i128(&mut self, i: i128) {
|
|
|
|
|
(**self).write_i128(i)
|
|
|
|
|
}
|
|
|
|
|
fn write_isize(&mut self, i: isize) {
|
|
|
|
|
(**self).write_isize(i)
|
|
|
|
|
}
|
2022-03-04 08:17:26 +00:00
|
|
|
fn write_length_prefix(&mut self, len: usize) {
|
|
|
|
|
(**self).write_length_prefix(len)
|
|
|
|
|
}
|
|
|
|
|
fn write_str(&mut self, s: &str) {
|
|
|
|
|
(**self).write_str(s)
|
|
|
|
|
}
|
2017-08-21 14:15:02 +00:00
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-11-16 08:04:17 +00:00
|
|
|
#[stable(feature = "from_for_ptrs", since = "1.6.0")]
|
2015-11-04 12:03:33 +00:00
|
|
|
impl<T> From<T> for Box<T> {
|
2021-06-11 20:11:48 +00:00
|
|
|
/// Converts a `T` into a `Box<T>`
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
|
|
|
|
/// The conversion allocates on the heap and moves `t`
|
|
|
|
|
/// from the stack into it.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
2021-10-08 08:40:25 +00:00
|
|
|
///
|
2018-10-29 11:15:22 +00:00
|
|
|
/// ```rust
|
|
|
|
|
/// let x = 5;
|
|
|
|
|
/// let boxed = Box::new(5);
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(Box::from(x), boxed);
|
|
|
|
|
/// ```
|
2015-11-04 12:03:33 +00:00
|
|
|
fn from(t: T) -> Self {
|
|
|
|
|
Box::new(t)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-18 02:14:07 +00:00
|
|
|
#[stable(feature = "pin", since = "1.33.0")]
|
2023-04-16 06:49:27 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> From<Box<T, A>> for Pin<Box<T, A>>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
|
|
|
|
A: 'static,
|
|
|
|
|
{
|
2022-06-02 10:36:11 +00:00
|
|
|
/// Converts a `Box<T>` into a `Pin<Box<T>>`. If `T` does not implement [`Unpin`], then
|
|
|
|
|
/// `*boxed` will be pinned in memory and unable to be moved.
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
|
|
|
|
/// This conversion does not allocate on the heap and happens in place.
|
2022-06-02 10:36:11 +00:00
|
|
|
///
|
|
|
|
|
/// This is also available via [`Box::into_pin`].
|
|
|
|
|
///
|
|
|
|
|
/// Constructing and pinning a `Box` with <code><Pin<Box\<T>>>::from([Box::new]\(x))</code>
|
|
|
|
|
/// can also be written more concisely using <code>[Box::pin]\(x)</code>.
|
|
|
|
|
/// This `From` implementation is useful if you already have a `Box<T>`, or you are
|
|
|
|
|
/// constructing a (pinned) `Box` in a different way than with [`Box::new`].
|
2020-10-06 14:37:23 +00:00
|
|
|
fn from(boxed: Box<T, A>) -> Self {
|
2019-01-03 20:04:35 +00:00
|
|
|
Box::into_pin(boxed)
|
2018-09-01 04:12:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-22 16:13:03 +00:00
|
|
|
/// Specialization trait used for `From<&[T]>`.
|
2023-04-29 22:10:10 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2022-10-22 16:13:03 +00:00
|
|
|
trait BoxFromSlice<T> {
|
|
|
|
|
fn from_slice(slice: &[T]) -> Self;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
impl<T: Clone> BoxFromSlice<T> for Box<[T]> {
|
|
|
|
|
#[inline]
|
|
|
|
|
default fn from_slice(slice: &[T]) -> Self {
|
|
|
|
|
slice.to_vec().into_boxed_slice()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
impl<T: Copy> BoxFromSlice<T> for Box<[T]> {
|
|
|
|
|
#[inline]
|
|
|
|
|
fn from_slice(slice: &[T]) -> Self {
|
|
|
|
|
let len = slice.len();
|
|
|
|
|
let buf = RawVec::with_capacity(len);
|
|
|
|
|
unsafe {
|
|
|
|
|
ptr::copy_nonoverlapping(slice.as_ptr(), buf.ptr(), len);
|
|
|
|
|
buf.into_box(slice.len()).assume_init()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2017-02-01 03:46:16 +00:00
|
|
|
#[stable(feature = "box_from_slice", since = "1.17.0")]
|
2022-10-22 16:13:03 +00:00
|
|
|
impl<T: Clone> From<&[T]> for Box<[T]> {
|
2018-10-29 11:15:22 +00:00
|
|
|
/// Converts a `&[T]` into a `Box<[T]>`
|
|
|
|
|
///
|
2018-10-29 11:37:58 +00:00
|
|
|
/// This conversion allocates on the heap
|
2022-07-21 17:15:29 +00:00
|
|
|
/// and performs a copy of `slice` and its contents.
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
/// ```rust
|
|
|
|
|
/// // create a &[u8] which will be used to create a Box<[u8]>
|
|
|
|
|
/// let slice: &[u8] = &[104, 101, 108, 108, 111];
|
2018-12-05 15:31:35 +00:00
|
|
|
/// let boxed_slice: Box<[u8]> = Box::from(slice);
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
2022-02-12 19:16:17 +00:00
|
|
|
/// println!("{boxed_slice:?}");
|
2018-10-29 11:15:22 +00:00
|
|
|
/// ```
|
2022-10-22 16:13:03 +00:00
|
|
|
#[inline]
|
2019-03-10 03:10:28 +00:00
|
|
|
fn from(slice: &[T]) -> Box<[T]> {
|
2022-10-22 16:13:03 +00:00
|
|
|
<Self as BoxFromSlice<T>>::from_slice(slice)
|
2017-02-01 03:46:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-04-22 20:03:05 +00:00
|
|
|
#[stable(feature = "box_from_cow", since = "1.45.0")]
|
2022-10-22 16:13:03 +00:00
|
|
|
impl<T: Clone> From<Cow<'_, [T]>> for Box<[T]> {
|
2021-10-08 08:40:25 +00:00
|
|
|
/// Converts a `Cow<'_, [T]>` into a `Box<[T]>`
|
|
|
|
|
///
|
|
|
|
|
/// When `cow` is the `Cow::Borrowed` variant, this
|
2021-10-09 07:51:36 +00:00
|
|
|
/// conversion allocates on the heap and copies the
|
|
|
|
|
/// underlying slice. Otherwise, it will try to reuse the owned
|
|
|
|
|
/// `Vec`'s allocation.
|
2020-04-22 20:03:05 +00:00
|
|
|
#[inline]
|
|
|
|
|
fn from(cow: Cow<'_, [T]>) -> Box<[T]> {
|
|
|
|
|
match cow {
|
|
|
|
|
Cow::Borrowed(slice) => Box::from(slice),
|
|
|
|
|
Cow::Owned(slice) => Box::from(slice),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2017-02-01 03:46:16 +00:00
|
|
|
#[stable(feature = "box_from_slice", since = "1.17.0")]
|
2019-03-10 03:10:28 +00:00
|
|
|
impl From<&str> for Box<str> {
|
2018-10-29 11:15:22 +00:00
|
|
|
/// Converts a `&str` into a `Box<str>`
|
|
|
|
|
///
|
2018-10-29 11:37:58 +00:00
|
|
|
/// This conversion allocates on the heap
|
|
|
|
|
/// and performs a copy of `s`.
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
2021-10-08 08:40:25 +00:00
|
|
|
///
|
2018-10-29 11:15:22 +00:00
|
|
|
/// ```rust
|
|
|
|
|
/// let boxed: Box<str> = Box::from("hello");
|
2022-02-12 19:16:17 +00:00
|
|
|
/// println!("{boxed}");
|
2018-10-29 11:15:22 +00:00
|
|
|
/// ```
|
2018-03-31 21:19:02 +00:00
|
|
|
#[inline]
|
2019-03-10 03:10:28 +00:00
|
|
|
fn from(s: &str) -> Box<str> {
|
2017-04-11 20:02:43 +00:00
|
|
|
unsafe { from_boxed_utf8_unchecked(Box::from(s.as_bytes())) }
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-04-22 20:03:05 +00:00
|
|
|
#[stable(feature = "box_from_cow", since = "1.45.0")]
|
|
|
|
|
impl From<Cow<'_, str>> for Box<str> {
|
2021-10-08 08:40:25 +00:00
|
|
|
/// Converts a `Cow<'_, str>` into a `Box<str>`
|
|
|
|
|
///
|
|
|
|
|
/// When `cow` is the `Cow::Borrowed` variant, this
|
2021-10-09 07:51:36 +00:00
|
|
|
/// conversion allocates on the heap and copies the
|
2021-10-09 08:44:07 +00:00
|
|
|
/// underlying `str`. Otherwise, it will try to reuse the owned
|
2021-10-08 08:40:25 +00:00
|
|
|
/// `String`'s allocation.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```rust
|
|
|
|
|
/// use std::borrow::Cow;
|
|
|
|
|
///
|
|
|
|
|
/// let unboxed = Cow::Borrowed("hello");
|
|
|
|
|
/// let boxed: Box<str> = Box::from(unboxed);
|
2022-02-12 19:16:17 +00:00
|
|
|
/// println!("{boxed}");
|
2021-10-08 08:40:25 +00:00
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// ```rust
|
|
|
|
|
/// # use std::borrow::Cow;
|
|
|
|
|
/// let unboxed = Cow::Owned("hello".to_string());
|
|
|
|
|
/// let boxed: Box<str> = Box::from(unboxed);
|
2022-02-12 19:16:17 +00:00
|
|
|
/// println!("{boxed}");
|
2021-10-08 08:40:25 +00:00
|
|
|
/// ```
|
2020-04-22 20:03:05 +00:00
|
|
|
#[inline]
|
|
|
|
|
fn from(cow: Cow<'_, str>) -> Box<str> {
|
|
|
|
|
match cow {
|
|
|
|
|
Cow::Borrowed(s) => Box::from(s),
|
|
|
|
|
Cow::Owned(s) => Box::from(s),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-20 07:38:39 +00:00
|
|
|
#[stable(feature = "boxed_str_conv", since = "1.19.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<A: Allocator> From<Box<str, A>> for Box<[u8], A> {
|
2020-10-15 14:57:19 +00:00
|
|
|
/// Converts a `Box<str>` into a `Box<[u8]>`
|
2018-10-29 11:15:22 +00:00
|
|
|
///
|
|
|
|
|
/// This conversion does not allocate on the heap and happens in place.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
/// ```rust
|
|
|
|
|
/// // create a Box<str> which will be used to create a Box<[u8]>
|
|
|
|
|
/// let boxed: Box<str> = Box::from("hello");
|
|
|
|
|
/// let boxed_str: Box<[u8]> = Box::from(boxed);
|
|
|
|
|
///
|
|
|
|
|
/// // create a &[u8] which will be used to create a Box<[u8]>
|
|
|
|
|
/// let slice: &[u8] = &[104, 101, 108, 108, 111];
|
|
|
|
|
/// let boxed_slice = Box::from(slice);
|
|
|
|
|
///
|
|
|
|
|
/// assert_eq!(boxed_slice, boxed_str);
|
|
|
|
|
/// ```
|
2018-03-31 21:19:02 +00:00
|
|
|
#[inline]
|
2020-10-06 14:37:23 +00:00
|
|
|
fn from(s: Box<str, A>) -> Self {
|
2020-12-04 13:47:15 +00:00
|
|
|
let (raw, alloc) = Box::into_raw_with_allocator(s);
|
2020-10-06 14:37:23 +00:00
|
|
|
unsafe { Box::from_raw_in(raw as *mut [u8], alloc) }
|
2017-02-01 03:46:16 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-17 02:52:14 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2020-04-13 13:41:45 +00:00
|
|
|
#[stable(feature = "box_from_array", since = "1.45.0")]
|
2020-07-05 12:02:01 +00:00
|
|
|
impl<T, const N: usize> From<[T; N]> for Box<[T]> {
|
2020-04-13 13:41:45 +00:00
|
|
|
/// Converts a `[T; N]` into a `Box<[T]>`
|
|
|
|
|
///
|
|
|
|
|
/// This conversion moves the array to newly heap-allocated memory.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
2021-10-08 08:40:25 +00:00
|
|
|
///
|
2020-04-13 13:41:45 +00:00
|
|
|
/// ```rust
|
|
|
|
|
/// let boxed: Box<[u8]> = Box::from([4, 2]);
|
2022-02-12 19:16:17 +00:00
|
|
|
/// println!("{boxed:?}");
|
2020-04-13 13:41:45 +00:00
|
|
|
/// ```
|
|
|
|
|
fn from(array: [T; N]) -> Box<[T]> {
|
2022-05-28 14:37:52 +00:00
|
|
|
Box::new(array)
|
2020-04-13 13:41:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-15 05:41:37 +00:00
|
|
|
/// Casts a boxed slice to a boxed array.
|
|
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// `boxed_slice.len()` must be exactly `N`.
|
|
|
|
|
unsafe fn boxed_slice_as_array_unchecked<T, A: Allocator, const N: usize>(
|
|
|
|
|
boxed_slice: Box<[T], A>,
|
|
|
|
|
) -> Box<[T; N], A> {
|
|
|
|
|
debug_assert_eq!(boxed_slice.len(), N);
|
|
|
|
|
|
|
|
|
|
let (ptr, alloc) = Box::into_raw_with_allocator(boxed_slice);
|
|
|
|
|
// SAFETY: Pointer and allocator came from an existing box,
|
|
|
|
|
// and our safety condition requires that the length is exactly `N`
|
|
|
|
|
unsafe { Box::from_raw_in(ptr as *mut [T; N], alloc) }
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-28 04:28:09 +00:00
|
|
|
#[stable(feature = "boxed_slice_try_from", since = "1.43.0")]
|
2020-07-05 12:02:01 +00:00
|
|
|
impl<T, const N: usize> TryFrom<Box<[T]>> for Box<[T; N]> {
|
2019-06-04 12:15:47 +00:00
|
|
|
type Error = Box<[T]>;
|
|
|
|
|
|
2021-10-08 08:40:25 +00:00
|
|
|
/// Attempts to convert a `Box<[T]>` into a `Box<[T; N]>`.
|
|
|
|
|
///
|
|
|
|
|
/// The conversion occurs in-place and does not require a
|
|
|
|
|
/// new memory allocation.
|
|
|
|
|
///
|
|
|
|
|
/// # Errors
|
|
|
|
|
///
|
|
|
|
|
/// Returns the old `Box<[T]>` in the `Err` variant if
|
|
|
|
|
/// `boxed_slice.len()` does not equal `N`.
|
2019-06-04 12:15:47 +00:00
|
|
|
fn try_from(boxed_slice: Box<[T]>) -> Result<Self, Self::Error> {
|
|
|
|
|
if boxed_slice.len() == N {
|
2022-09-15 05:41:37 +00:00
|
|
|
Ok(unsafe { boxed_slice_as_array_unchecked(boxed_slice) })
|
2019-06-04 12:15:47 +00:00
|
|
|
} else {
|
|
|
|
|
Err(boxed_slice)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-15 05:41:37 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2022-10-31 14:43:15 +00:00
|
|
|
#[stable(feature = "boxed_array_try_from_vec", since = "1.66.0")]
|
2022-09-15 05:41:37 +00:00
|
|
|
impl<T, const N: usize> TryFrom<Vec<T>> for Box<[T; N]> {
|
|
|
|
|
type Error = Vec<T>;
|
|
|
|
|
|
|
|
|
|
/// Attempts to convert a `Vec<T>` into a `Box<[T; N]>`.
|
|
|
|
|
///
|
|
|
|
|
/// Like [`Vec::into_boxed_slice`], this is in-place if `vec.capacity() == N`,
|
|
|
|
|
/// but will require a reallocation otherwise.
|
|
|
|
|
///
|
|
|
|
|
/// # Errors
|
|
|
|
|
///
|
|
|
|
|
/// Returns the original `Vec<T>` in the `Err` variant if
|
|
|
|
|
/// `boxed_slice.len()` does not equal `N`.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// This can be used with [`vec!`] to create an array on the heap:
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// let state: Box<[f32; 100]> = vec![1.0; 100].try_into().unwrap();
|
|
|
|
|
/// assert_eq!(state.len(), 100);
|
|
|
|
|
/// ```
|
|
|
|
|
fn try_from(vec: Vec<T>) -> Result<Self, Self::Error> {
|
|
|
|
|
if vec.len() == N {
|
|
|
|
|
let boxed_slice = vec.into_boxed_slice();
|
|
|
|
|
Ok(unsafe { boxed_slice_as_array_unchecked(boxed_slice) })
|
|
|
|
|
} else {
|
|
|
|
|
Err(vec)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<A: Allocator> Box<dyn Any, A> {
|
2015-04-24 21:34:57 +00:00
|
|
|
/// Attempt to downcast the box to a concrete type.
|
2016-07-09 17:57:08 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
2018-11-20 14:34:15 +00:00
|
|
|
/// fn print_if_string(value: Box<dyn Any>) {
|
2016-07-09 17:57:08 +00:00
|
|
|
/// if let Ok(string) = value.downcast::<String>() {
|
|
|
|
|
/// println!("String ({}): {}", string.len(), string);
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
2019-10-01 11:55:46 +00:00
|
|
|
/// let my_string = "Hello World".to_string();
|
|
|
|
|
/// print_if_string(Box::new(my_string));
|
|
|
|
|
/// print_if_string(Box::new(0i8));
|
2016-07-09 17:57:08 +00:00
|
|
|
/// ```
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
2021-12-03 21:06:13 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub fn downcast<T: Any>(self) -> Result<Box<T, A>, Self> {
|
2021-11-13 03:53:26 +00:00
|
|
|
if self.is::<T>() { unsafe { Ok(self.downcast_unchecked::<T>()) } } else { Err(self) }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Downcasts the box to a concrete type.
|
|
|
|
|
///
|
|
|
|
|
/// For a safe alternative see [`downcast`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(downcast_unchecked)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
|
|
|
|
/// let x: Box<dyn Any> = Box::new(1_usize);
|
|
|
|
|
///
|
|
|
|
|
/// unsafe {
|
|
|
|
|
/// assert_eq!(*x.downcast_unchecked::<usize>(), 1);
|
|
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// The contained value must be of type `T`. Calling this method
|
|
|
|
|
/// with the incorrect type is *undefined behavior*.
|
2021-11-20 23:21:52 +00:00
|
|
|
///
|
|
|
|
|
/// [`downcast`]: Self::downcast
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
2021-11-13 03:55:11 +00:00
|
|
|
#[unstable(feature = "downcast_unchecked", issue = "90850")]
|
2021-11-13 03:53:26 +00:00
|
|
|
pub unsafe fn downcast_unchecked<T: Any>(self) -> Box<T, A> {
|
|
|
|
|
debug_assert!(self.is::<T>());
|
|
|
|
|
unsafe {
|
|
|
|
|
let (raw, alloc): (*mut dyn Any, _) = Box::into_raw_with_allocator(self);
|
|
|
|
|
Box::from_raw_in(raw as *mut T, alloc)
|
2014-06-26 01:18:13 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<A: Allocator> Box<dyn Any + Send, A> {
|
2015-04-24 21:34:57 +00:00
|
|
|
/// Attempt to downcast the box to a concrete type.
|
2016-07-09 17:57:08 +00:00
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
2018-11-20 14:34:15 +00:00
|
|
|
/// fn print_if_string(value: Box<dyn Any + Send>) {
|
2016-07-09 17:57:08 +00:00
|
|
|
/// if let Ok(string) = value.downcast::<String>() {
|
|
|
|
|
/// println!("String ({}): {}", string.len(), string);
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
2019-10-01 11:55:46 +00:00
|
|
|
/// let my_string = "Hello World".to_string();
|
|
|
|
|
/// print_if_string(Box::new(my_string));
|
|
|
|
|
/// print_if_string(Box::new(0i8));
|
2016-07-09 17:57:08 +00:00
|
|
|
/// ```
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
2021-12-03 21:06:13 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-10-06 14:37:23 +00:00
|
|
|
pub fn downcast<T: Any>(self) -> Result<Box<T, A>, Self> {
|
2021-11-13 03:53:26 +00:00
|
|
|
if self.is::<T>() { unsafe { Ok(self.downcast_unchecked::<T>()) } } else { Err(self) }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Downcasts the box to a concrete type.
|
|
|
|
|
///
|
|
|
|
|
/// For a safe alternative see [`downcast`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(downcast_unchecked)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
|
|
|
|
/// let x: Box<dyn Any + Send> = Box::new(1_usize);
|
|
|
|
|
///
|
|
|
|
|
/// unsafe {
|
|
|
|
|
/// assert_eq!(*x.downcast_unchecked::<usize>(), 1);
|
|
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// The contained value must be of type `T`. Calling this method
|
|
|
|
|
/// with the incorrect type is *undefined behavior*.
|
2021-11-20 23:21:52 +00:00
|
|
|
///
|
|
|
|
|
/// [`downcast`]: Self::downcast
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
2021-11-13 03:55:11 +00:00
|
|
|
#[unstable(feature = "downcast_unchecked", issue = "90850")]
|
2021-11-13 03:53:26 +00:00
|
|
|
pub unsafe fn downcast_unchecked<T: Any>(self) -> Box<T, A> {
|
|
|
|
|
debug_assert!(self.is::<T>());
|
|
|
|
|
unsafe {
|
|
|
|
|
let (raw, alloc): (*mut (dyn Any + Send), _) = Box::into_raw_with_allocator(self);
|
|
|
|
|
Box::from_raw_in(raw as *mut T, alloc)
|
2020-10-06 14:37:23 +00:00
|
|
|
}
|
2015-02-17 10:17:19 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-12 14:03:29 +00:00
|
|
|
impl<A: Allocator> Box<dyn Any + Send + Sync, A> {
|
|
|
|
|
/// Attempt to downcast the box to a concrete type.
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
|
|
|
|
/// fn print_if_string(value: Box<dyn Any + Send + Sync>) {
|
|
|
|
|
/// if let Ok(string) = value.downcast::<String>() {
|
|
|
|
|
/// println!("String ({}): {}", string.len(), string);
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// let my_string = "Hello World".to_string();
|
|
|
|
|
/// print_if_string(Box::new(my_string));
|
|
|
|
|
/// print_if_string(Box::new(0i8));
|
|
|
|
|
/// ```
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
|
|
|
|
#[stable(feature = "box_send_sync_any_downcast", since = "1.51.0")]
|
2021-01-12 14:03:29 +00:00
|
|
|
pub fn downcast<T: Any>(self) -> Result<Box<T, A>, Self> {
|
2021-11-13 03:53:26 +00:00
|
|
|
if self.is::<T>() { unsafe { Ok(self.downcast_unchecked::<T>()) } } else { Err(self) }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Downcasts the box to a concrete type.
|
|
|
|
|
///
|
|
|
|
|
/// For a safe alternative see [`downcast`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// #![feature(downcast_unchecked)]
|
|
|
|
|
///
|
|
|
|
|
/// use std::any::Any;
|
|
|
|
|
///
|
|
|
|
|
/// let x: Box<dyn Any + Send + Sync> = Box::new(1_usize);
|
|
|
|
|
///
|
|
|
|
|
/// unsafe {
|
|
|
|
|
/// assert_eq!(*x.downcast_unchecked::<usize>(), 1);
|
|
|
|
|
/// }
|
|
|
|
|
/// ```
|
|
|
|
|
///
|
|
|
|
|
/// # Safety
|
|
|
|
|
///
|
|
|
|
|
/// The contained value must be of type `T`. Calling this method
|
|
|
|
|
/// with the incorrect type is *undefined behavior*.
|
2021-11-20 23:21:52 +00:00
|
|
|
///
|
|
|
|
|
/// [`downcast`]: Self::downcast
|
2021-11-13 03:53:26 +00:00
|
|
|
#[inline]
|
2021-11-13 03:55:11 +00:00
|
|
|
#[unstable(feature = "downcast_unchecked", issue = "90850")]
|
2021-11-13 03:53:26 +00:00
|
|
|
pub unsafe fn downcast_unchecked<T: Any>(self) -> Box<T, A> {
|
|
|
|
|
debug_assert!(self.is::<T>());
|
|
|
|
|
unsafe {
|
|
|
|
|
let (raw, alloc): (*mut (dyn Any + Send + Sync), _) =
|
|
|
|
|
Box::into_raw_with_allocator(self);
|
|
|
|
|
Box::from_raw_in(raw as *mut T, alloc)
|
2021-01-12 14:03:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-24 17:15:42 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: fmt::Display + ?Sized, A: Allocator> fmt::Display for Box<T, A> {
|
2019-02-02 11:48:12 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
2015-01-20 23:45:07 +00:00
|
|
|
fmt::Display::fmt(&**self, f)
|
2014-12-20 08:09:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: fmt::Debug + ?Sized, A: Allocator> fmt::Debug for Box<T, A> {
|
2019-02-02 11:48:12 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
2015-01-20 23:45:07 +00:00
|
|
|
fmt::Debug::fmt(&**self, f)
|
2014-05-11 18:14:14 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-07 07:40:22 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> fmt::Pointer for Box<T, A> {
|
2019-02-02 11:48:12 +00:00
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
2015-04-07 07:40:22 +00:00
|
|
|
// It's not possible to extract the inner Uniq directly from the Box,
|
|
|
|
|
// instead we cast it to a *const which aliases the Unique
|
|
|
|
|
let ptr: *const T = &**self;
|
|
|
|
|
fmt::Pointer::fmt(&ptr, f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2023-04-16 06:49:27 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> Deref for Box<T, A> {
|
2015-01-01 19:53:20 +00:00
|
|
|
type Target = T;
|
|
|
|
|
|
2015-09-23 22:00:54 +00:00
|
|
|
fn deref(&self) -> &T {
|
|
|
|
|
&**self
|
|
|
|
|
}
|
2014-12-19 22:44:21 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-24 05:48:20 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2023-04-16 06:49:27 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> DerefMut for Box<T, A> {
|
2015-09-23 22:00:54 +00:00
|
|
|
fn deref_mut(&mut self) -> &mut T {
|
|
|
|
|
&mut **self
|
|
|
|
|
}
|
2014-12-19 22:44:21 +00:00
|
|
|
}
|
|
|
|
|
|
2019-12-21 11:16:18 +00:00
|
|
|
#[unstable(feature = "receiver_trait", issue = "none")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> Receiver for Box<T, A> {}
|
Stabilize `Rc`, `Arc` and `Pin` as method receivers
This lets you write methods using `self: Rc<Self>`, `self: Arc<Self>`, `self: Pin<&mut Self>`, `self: Pin<Box<Self>`, and other combinations involving `Pin` and another stdlib receiver type, without needing the `arbitrary_self_types`. Other user-created receiver types can be used, but they still require the feature flag to use.
This is implemented by introducing a new trait, `Receiver`, which the method receiver's type must implement if the `arbitrary_self_types` feature is not enabled. To keep composed receiver types such as `&Arc<Self>` unstable, the receiver type is also required to implement `Deref<Target=Self>` when the feature flag is not enabled.
This lets you use `self: Rc<Self>` and `self: Arc<Self>` in stable Rust, which was not allowed previously. It was agreed that they would be stabilized in #55786. `self: Pin<&Self>` and other pinned receiver types do not require the `arbitrary_self_types` feature, but they cannot be used on stable because `Pin` still requires the `pin` feature.
2018-11-20 16:50:50 +00:00
|
|
|
|
2015-02-03 20:32:56 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: Iterator + ?Sized, A: Allocator> Iterator for Box<I, A> {
|
2015-02-03 20:32:56 +00:00
|
|
|
type Item = I::Item;
|
2015-09-23 22:00:54 +00:00
|
|
|
fn next(&mut self) -> Option<I::Item> {
|
|
|
|
|
(**self).next()
|
|
|
|
|
}
|
|
|
|
|
fn size_hint(&self) -> (usize, Option<usize>) {
|
|
|
|
|
(**self).size_hint()
|
|
|
|
|
}
|
2016-12-02 20:13:57 +00:00
|
|
|
fn nth(&mut self, n: usize) -> Option<I::Item> {
|
|
|
|
|
(**self).nth(n)
|
|
|
|
|
}
|
2019-09-18 21:41:57 +00:00
|
|
|
fn last(self) -> Option<I::Item> {
|
|
|
|
|
BoxIter::last(self)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
trait BoxIter {
|
|
|
|
|
type Item;
|
|
|
|
|
fn last(self) -> Option<Self::Item>;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: Iterator + ?Sized, A: Allocator> BoxIter for Box<I, A> {
|
2019-09-18 21:41:57 +00:00
|
|
|
type Item = I::Item;
|
2019-09-17 22:09:19 +00:00
|
|
|
default fn last(self) -> Option<I::Item> {
|
2019-09-18 21:41:57 +00:00
|
|
|
#[inline]
|
|
|
|
|
fn some<T>(_: Option<T>, x: T) -> Option<T> {
|
|
|
|
|
Some(x)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.fold(None, some)
|
2019-09-17 22:09:19 +00:00
|
|
|
}
|
2015-02-03 20:32:56 +00:00
|
|
|
}
|
When possible without changing semantics, implement Iterator::last in terms of DoubleEndedIterator::next_back for types in liballoc and libcore.
Provided that the iterator has finite length and does not trigger user-provided code, this is safe.
What follows is a full list of the DoubleEndedIterators in liballoc/libcore and whether this optimization is safe, and if not, why not.
src/liballoc/boxed.rs
Box: Pass through to avoid defeating optimization of the underlying DoubleIterator implementation. This has no correctness impact.
src/liballoc/collections/binary_heap.rs
Iter: Pass through to avoid defeating optimizations on slice::Iter
IntoIter: Not safe, changes Drop order
Drain: Not safe, changes Drop order
src/liballoc/collections/btree/map.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Keys: Safe to call next_back, invokes no user defined code.
Values: ditto
ValuesMut: ditto
Range: ditto
RangeMut: ditto
src/liballoc/collections/btree/set.rs
Iter: Safe to call next_back, invokes no user defined code.
IntoIter: Not safe, changes Drop order
Range: Safe to call next_back, invokes no user defined code.
src/liballoc/collections/linked_list.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
src/liballoc/collections/vec_deque.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Drain: ditto
src/liballoc/string.rs
Drain: Safe because return type is a primitive (char)
src/liballoc/vec.rs
IntoIter: Not safe, changes Drop order
Drain: ditto
Splice: ditto
src/libcore/ascii.rs
EscapeDefault: Safe because return type is a primitive (u8)
src/libcore/iter/adapters/chain.rs
Chain: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/adapters/flatten.rs
FlatMap: Not safe, invokes user defined code (Iterator impl)
Flatten: ditto
FlattenCompat: ditto
src/libcore/iter/adapters/mod.rs
Rev: Not safe, invokes user defined code (Iterator impl)
Copied: ditto
Cloned: Not safe, invokes user defined code (Iterator impl and T::clone)
Map: Not safe, invokes user defined code (Iterator impl + closure)
Filter: ditto
FilterMap: ditto
Enumerate: Not safe, invokes user defined code (Iterator impl)
Skip: ditto
Fuse: ditto
Inspect: ditto
src/libcore/iter/adapters/zip.rs
Zip: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/range.rs
ops::Range: Not safe, changes Drop order, but ALREADY HAS SPECIALIZATION
ops::RangeInclusive: ditto
src/libcore/iter/sources.rs
Repeat: Not safe, calling last should iloop.
Empty: No point, iterator is at most one item long.
Once: ditto
OnceWith: ditto
src/libcore/option.rs
Item: No point, iterator is at most one item long.
Iter: ditto
IterMut: ditto
IntoIter: ditto
src/libcore/result.rs
Iter: No point, iterator is at most one item long
IterMut: ditto
IntoIter: ditto
src/libcore/slice/mod.rs
Split: Not safe, invokes user defined closure
SplitMut: ditto
RSplit: ditto
RSplitMut: ditto
Windows: Safe, already has specialization
Chunks: ditto
ChunksMut: ditto
ChunksExact: ditto
ChunksExactMut: ditto
RChunks: ditto
RChunksMut: ditto
RChunksExact: ditto
RChunksExactMut: ditto
src/libcore/str/mod.rs
Chars: Safe, already has specialization
CharIndices: ditto
Bytes: ditto
Lines: Safe to call next_back, invokes no user defined code.
LinesAny: Deprecated
Everything that is generic over P: Pattern: Not safe because Pattern invokes user defined code.
SplitWhitespace: Safe to call next_back, invokes no user defined code.
SplitAsciiWhitespace: ditto
2019-07-02 20:45:29 +00:00
|
|
|
|
2019-09-18 21:41:57 +00:00
|
|
|
/// Specialization for sized `I`s that uses `I`s implementation of `last()`
|
|
|
|
|
/// instead of the default.
|
When possible without changing semantics, implement Iterator::last in terms of DoubleEndedIterator::next_back for types in liballoc and libcore.
Provided that the iterator has finite length and does not trigger user-provided code, this is safe.
What follows is a full list of the DoubleEndedIterators in liballoc/libcore and whether this optimization is safe, and if not, why not.
src/liballoc/boxed.rs
Box: Pass through to avoid defeating optimization of the underlying DoubleIterator implementation. This has no correctness impact.
src/liballoc/collections/binary_heap.rs
Iter: Pass through to avoid defeating optimizations on slice::Iter
IntoIter: Not safe, changes Drop order
Drain: Not safe, changes Drop order
src/liballoc/collections/btree/map.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Keys: Safe to call next_back, invokes no user defined code.
Values: ditto
ValuesMut: ditto
Range: ditto
RangeMut: ditto
src/liballoc/collections/btree/set.rs
Iter: Safe to call next_back, invokes no user defined code.
IntoIter: Not safe, changes Drop order
Range: Safe to call next_back, invokes no user defined code.
src/liballoc/collections/linked_list.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
src/liballoc/collections/vec_deque.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Drain: ditto
src/liballoc/string.rs
Drain: Safe because return type is a primitive (char)
src/liballoc/vec.rs
IntoIter: Not safe, changes Drop order
Drain: ditto
Splice: ditto
src/libcore/ascii.rs
EscapeDefault: Safe because return type is a primitive (u8)
src/libcore/iter/adapters/chain.rs
Chain: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/adapters/flatten.rs
FlatMap: Not safe, invokes user defined code (Iterator impl)
Flatten: ditto
FlattenCompat: ditto
src/libcore/iter/adapters/mod.rs
Rev: Not safe, invokes user defined code (Iterator impl)
Copied: ditto
Cloned: Not safe, invokes user defined code (Iterator impl and T::clone)
Map: Not safe, invokes user defined code (Iterator impl + closure)
Filter: ditto
FilterMap: ditto
Enumerate: Not safe, invokes user defined code (Iterator impl)
Skip: ditto
Fuse: ditto
Inspect: ditto
src/libcore/iter/adapters/zip.rs
Zip: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/range.rs
ops::Range: Not safe, changes Drop order, but ALREADY HAS SPECIALIZATION
ops::RangeInclusive: ditto
src/libcore/iter/sources.rs
Repeat: Not safe, calling last should iloop.
Empty: No point, iterator is at most one item long.
Once: ditto
OnceWith: ditto
src/libcore/option.rs
Item: No point, iterator is at most one item long.
Iter: ditto
IterMut: ditto
IntoIter: ditto
src/libcore/result.rs
Iter: No point, iterator is at most one item long
IterMut: ditto
IntoIter: ditto
src/libcore/slice/mod.rs
Split: Not safe, invokes user defined closure
SplitMut: ditto
RSplit: ditto
RSplitMut: ditto
Windows: Safe, already has specialization
Chunks: ditto
ChunksMut: ditto
ChunksExact: ditto
ChunksExactMut: ditto
RChunks: ditto
RChunksMut: ditto
RChunksExact: ditto
RChunksExactMut: ditto
src/libcore/str/mod.rs
Chars: Safe, already has specialization
CharIndices: ditto
Bytes: ditto
Lines: Safe to call next_back, invokes no user defined code.
LinesAny: Deprecated
Everything that is generic over P: Pattern: Not safe because Pattern invokes user defined code.
SplitWhitespace: Safe to call next_back, invokes no user defined code.
SplitAsciiWhitespace: ditto
2019-07-02 20:45:29 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: Iterator, A: Allocator> BoxIter for Box<I, A> {
|
2019-09-18 21:41:57 +00:00
|
|
|
fn last(self) -> Option<I::Item> {
|
When possible without changing semantics, implement Iterator::last in terms of DoubleEndedIterator::next_back for types in liballoc and libcore.
Provided that the iterator has finite length and does not trigger user-provided code, this is safe.
What follows is a full list of the DoubleEndedIterators in liballoc/libcore and whether this optimization is safe, and if not, why not.
src/liballoc/boxed.rs
Box: Pass through to avoid defeating optimization of the underlying DoubleIterator implementation. This has no correctness impact.
src/liballoc/collections/binary_heap.rs
Iter: Pass through to avoid defeating optimizations on slice::Iter
IntoIter: Not safe, changes Drop order
Drain: Not safe, changes Drop order
src/liballoc/collections/btree/map.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Keys: Safe to call next_back, invokes no user defined code.
Values: ditto
ValuesMut: ditto
Range: ditto
RangeMut: ditto
src/liballoc/collections/btree/set.rs
Iter: Safe to call next_back, invokes no user defined code.
IntoIter: Not safe, changes Drop order
Range: Safe to call next_back, invokes no user defined code.
src/liballoc/collections/linked_list.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
src/liballoc/collections/vec_deque.rs
Iter: Safe to call next_back, invokes no user defined code.
IterMut: ditto
IntoIter: Not safe, changes Drop order
Drain: ditto
src/liballoc/string.rs
Drain: Safe because return type is a primitive (char)
src/liballoc/vec.rs
IntoIter: Not safe, changes Drop order
Drain: ditto
Splice: ditto
src/libcore/ascii.rs
EscapeDefault: Safe because return type is a primitive (u8)
src/libcore/iter/adapters/chain.rs
Chain: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/adapters/flatten.rs
FlatMap: Not safe, invokes user defined code (Iterator impl)
Flatten: ditto
FlattenCompat: ditto
src/libcore/iter/adapters/mod.rs
Rev: Not safe, invokes user defined code (Iterator impl)
Copied: ditto
Cloned: Not safe, invokes user defined code (Iterator impl and T::clone)
Map: Not safe, invokes user defined code (Iterator impl + closure)
Filter: ditto
FilterMap: ditto
Enumerate: Not safe, invokes user defined code (Iterator impl)
Skip: ditto
Fuse: ditto
Inspect: ditto
src/libcore/iter/adapters/zip.rs
Zip: Not safe, invokes user defined code (Iterator impl)
src/libcore/iter/range.rs
ops::Range: Not safe, changes Drop order, but ALREADY HAS SPECIALIZATION
ops::RangeInclusive: ditto
src/libcore/iter/sources.rs
Repeat: Not safe, calling last should iloop.
Empty: No point, iterator is at most one item long.
Once: ditto
OnceWith: ditto
src/libcore/option.rs
Item: No point, iterator is at most one item long.
Iter: ditto
IterMut: ditto
IntoIter: ditto
src/libcore/result.rs
Iter: No point, iterator is at most one item long
IterMut: ditto
IntoIter: ditto
src/libcore/slice/mod.rs
Split: Not safe, invokes user defined closure
SplitMut: ditto
RSplit: ditto
RSplitMut: ditto
Windows: Safe, already has specialization
Chunks: ditto
ChunksMut: ditto
ChunksExact: ditto
ChunksExactMut: ditto
RChunks: ditto
RChunksMut: ditto
RChunksExact: ditto
RChunksExactMut: ditto
src/libcore/str/mod.rs
Chars: Safe, already has specialization
CharIndices: ditto
Bytes: ditto
Lines: Safe to call next_back, invokes no user defined code.
LinesAny: Deprecated
Everything that is generic over P: Pattern: Not safe because Pattern invokes user defined code.
SplitWhitespace: Safe to call next_back, invokes no user defined code.
SplitAsciiWhitespace: ditto
2019-07-02 20:45:29 +00:00
|
|
|
(*self).last()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-03 20:32:56 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: DoubleEndedIterator + ?Sized, A: Allocator> DoubleEndedIterator for Box<I, A> {
|
2015-09-23 22:00:54 +00:00
|
|
|
fn next_back(&mut self) -> Option<I::Item> {
|
|
|
|
|
(**self).next_back()
|
|
|
|
|
}
|
2019-02-16 21:34:28 +00:00
|
|
|
fn nth_back(&mut self, n: usize) -> Option<I::Item> {
|
|
|
|
|
(**self).nth_back(n)
|
|
|
|
|
}
|
2015-01-19 14:48:05 +00:00
|
|
|
}
|
2015-02-03 20:32:56 +00:00
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: ExactSizeIterator + ?Sized, A: Allocator> ExactSizeIterator for Box<I, A> {
|
2016-12-03 20:42:03 +00:00
|
|
|
fn len(&self) -> usize {
|
|
|
|
|
(**self).len()
|
|
|
|
|
}
|
|
|
|
|
fn is_empty(&self) -> bool {
|
|
|
|
|
(**self).is_empty()
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-12-19 22:44:21 +00:00
|
|
|
|
2018-03-03 13:15:28 +00:00
|
|
|
#[stable(feature = "fused", since = "1.26.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<I: FusedIterator + ?Sized, A: Allocator> FusedIterator for Box<I, A> {}
|
2016-08-13 18:42:36 +00:00
|
|
|
|
2022-07-30 01:53:53 +00:00
|
|
|
#[stable(feature = "boxed_closure_impls", since = "1.35.0")]
|
|
|
|
|
impl<Args: Tuple, F: FnOnce<Args> + ?Sized, A: Allocator> FnOnce<Args> for Box<F, A> {
|
|
|
|
|
type Output = <F as FnOnce<Args>>::Output;
|
|
|
|
|
|
|
|
|
|
extern "rust-call" fn call_once(self, args: Args) -> Self::Output {
|
|
|
|
|
<F as FnOnce<Args>>::call_once(*self, args)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[stable(feature = "boxed_closure_impls", since = "1.35.0")]
|
|
|
|
|
impl<Args: Tuple, F: FnMut<Args> + ?Sized, A: Allocator> FnMut<Args> for Box<F, A> {
|
|
|
|
|
extern "rust-call" fn call_mut(&mut self, args: Args) -> Self::Output {
|
|
|
|
|
<F as FnMut<Args>>::call_mut(self, args)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[stable(feature = "boxed_closure_impls", since = "1.35.0")]
|
|
|
|
|
impl<Args: Tuple, F: Fn<Args> + ?Sized, A: Allocator> Fn<Args> for Box<F, A> {
|
|
|
|
|
extern "rust-call" fn call(&self, args: Args) -> Self::Output {
|
|
|
|
|
<F as Fn<Args>>::call(self, args)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-20 07:08:38 +00:00
|
|
|
#[unstable(feature = "coerce_unsized", issue = "18598")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized + Unsize<U>, U: ?Sized, A: Allocator> CoerceUnsized<Box<U, A>> for Box<T, A> {}
|
2015-07-27 05:12:00 +00:00
|
|
|
|
2019-12-21 11:16:18 +00:00
|
|
|
#[unstable(feature = "dispatch_from_dyn", issue = "none")]
|
2020-10-06 14:37:23 +00:00
|
|
|
impl<T: ?Sized + Unsize<U>, U: ?Sized> DispatchFromDyn<Box<U>> for Box<T, Global> {}
|
2018-09-20 07:18:00 +00:00
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2018-11-11 09:45:16 +00:00
|
|
|
#[stable(feature = "boxed_slice_from_iter", since = "1.32.0")]
|
2020-10-06 14:37:23 +00:00
|
|
|
impl<I> FromIterator<I> for Box<[I]> {
|
|
|
|
|
fn from_iter<T: IntoIterator<Item = I>>(iter: T) -> Self {
|
2018-11-10 10:43:39 +00:00
|
|
|
iter.into_iter().collect::<Vec<_>>().into_boxed_slice()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
alloc: Add unstable Cfg feature `no-global_oom_handling`
For certain sorts of systems, programming, it's deemed essential that
all allocation failures be explicitly handled where they occur. For
example, see Linus Torvald's opinion in [1]. Merely not calling global
panic handlers, or always `try_reserving` first (for vectors), is not
deemed good enough, because the mere presence of the global OOM handlers
is burdens static analysis.
One option for these projects to use rust would just be to skip `alloc`,
rolling their own allocation abstractions. But this would, in my
opinion be a real shame. `alloc` has a few `try_*` methods already, and
we could easily have more. Features like custom allocator support also
demonstrate and existing to support diverse use-cases with the same
abstractions.
A natural way to add such a feature flag would a Cargo feature, but
there are currently uncertainties around how std library crate's Cargo
features may or not be stable, so to avoid any risk of stabilizing by
mistake we are going with a more low-level "raw cfg" token, which
cannot be interacted with via Cargo alone.
Note also that since there is no notion of "default cfg tokens" outside
of Cargo features, we have to invert the condition from
`global_oom_handling` to to `not(no_global_oom_handling)`. This breaks
the monotonicity that would be important for a Cargo feature (i.e.
turning on more features should never break compatibility), but it
doesn't matter for raw cfg tokens which are not intended to be
"constraint solved" by Cargo or anything else.
To support this use-case we create a new feature, "global-oom-handling",
on by default, and put the global OOM handler infra and everything else
it that depends on it behind it. By default, nothing is changed, but
users concerned about global handling can make sure it is disabled, and
be confident that all OOM handling is local and explicit.
For this first iteration, non-flat collections are outright disabled.
`Vec` and `String` don't yet have `try_*` allocation methods, but are
kept anyways since they can be oom-safely created "from parts", and we
hope to add those `try_` methods in the future.
[1]: https://lore.kernel.org/lkml/CAHk-=wh_sNLoz84AUUzuqXEsYH35u=8HV3vK-jbRbJ_B-JjGrg@mail.gmail.com/
2021-04-17 00:18:04 +00:00
|
|
|
#[cfg(not(no_global_oom_handling))]
|
2015-07-27 05:12:00 +00:00
|
|
|
#[stable(feature = "box_slice_clone", since = "1.3.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: Clone, A: Allocator + Clone> Clone for Box<[T], A> {
|
2015-07-27 05:12:00 +00:00
|
|
|
fn clone(&self) -> Self {
|
2020-12-04 13:47:15 +00:00
|
|
|
let alloc = Box::allocator(self).clone();
|
2020-11-18 16:23:41 +00:00
|
|
|
self.to_vec_in(alloc).into_boxed_slice()
|
2015-07-27 05:12:00 +00:00
|
|
|
}
|
2020-05-23 13:08:53 +00:00
|
|
|
|
|
|
|
|
fn clone_from(&mut self, other: &Self) {
|
|
|
|
|
if self.len() == other.len() {
|
|
|
|
|
self.clone_from_slice(&other);
|
|
|
|
|
} else {
|
|
|
|
|
*self = other.clone();
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-07-27 05:12:00 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-10 01:07:29 +00:00
|
|
|
#[stable(feature = "box_borrow", since = "1.1.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> borrow::Borrow<T> for Box<T, A> {
|
2015-09-23 22:00:54 +00:00
|
|
|
fn borrow(&self) -> &T {
|
|
|
|
|
&**self
|
|
|
|
|
}
|
2015-08-19 14:03:59 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-10 01:07:29 +00:00
|
|
|
#[stable(feature = "box_borrow", since = "1.1.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> borrow::BorrowMut<T> for Box<T, A> {
|
2015-09-23 22:00:54 +00:00
|
|
|
fn borrow_mut(&mut self) -> &mut T {
|
|
|
|
|
&mut **self
|
|
|
|
|
}
|
2015-08-19 14:03:59 +00:00
|
|
|
}
|
2015-09-17 06:17:39 +00:00
|
|
|
|
|
|
|
|
#[stable(since = "1.5.0", feature = "smart_ptr_as_ref")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> AsRef<T> for Box<T, A> {
|
2015-10-12 05:11:59 +00:00
|
|
|
fn as_ref(&self) -> &T {
|
|
|
|
|
&**self
|
|
|
|
|
}
|
2015-09-17 06:17:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[stable(since = "1.5.0", feature = "smart_ptr_as_ref")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> AsMut<T> for Box<T, A> {
|
2015-10-12 05:11:59 +00:00
|
|
|
fn as_mut(&mut self) -> &mut T {
|
|
|
|
|
&mut **self
|
|
|
|
|
}
|
2015-09-17 06:17:39 +00:00
|
|
|
}
|
2017-07-05 22:02:30 +00:00
|
|
|
|
2018-09-05 21:47:10 +00:00
|
|
|
/* Nota bene
|
|
|
|
|
*
|
2018-09-06 19:31:06 +00:00
|
|
|
* We could have chosen not to add this impl, and instead have written a
|
2018-09-05 21:47:10 +00:00
|
|
|
* function of Pin<Box<T>> to Pin<T>. Such a function would not be sound,
|
|
|
|
|
* because Box<T> implements Unpin even when T does not, as a result of
|
|
|
|
|
* this impl.
|
|
|
|
|
*
|
|
|
|
|
* We chose this API instead of the alternative for a few reasons:
|
|
|
|
|
* - Logically, it is helpful to understand pinning in regard to the
|
|
|
|
|
* memory region being pointed to. For this reason none of the
|
|
|
|
|
* standard library pointer types support projecting through a pin
|
|
|
|
|
* (Box<T> is the only pointer type in std for which this would be
|
|
|
|
|
* safe.)
|
2018-09-06 19:31:06 +00:00
|
|
|
* - It is in practice very useful to have Box<T> be unconditionally
|
2018-09-05 21:47:10 +00:00
|
|
|
* Unpin because of trait objects, for which the structural auto
|
2018-11-27 02:59:49 +00:00
|
|
|
* trait functionality does not apply (e.g., Box<dyn Foo> would
|
2018-09-05 21:47:10 +00:00
|
|
|
* otherwise not be Unpin).
|
|
|
|
|
*
|
|
|
|
|
* Another type with the same semantics as Box but only a conditional
|
|
|
|
|
* implementation of `Unpin` (where `T: Unpin`) would be valid/safe, and
|
|
|
|
|
* could have a method to project a Pin<T> from it.
|
|
|
|
|
*/
|
2018-12-18 02:14:07 +00:00
|
|
|
#[stable(feature = "pin", since = "1.33.0")]
|
2022-08-28 04:03:22 +00:00
|
|
|
impl<T: ?Sized, A: Allocator> Unpin for Box<T, A> where A: 'static {}
|
2018-08-31 23:54:59 +00:00
|
|
|
|
2020-01-25 19:03:10 +00:00
|
|
|
#[unstable(feature = "generator_trait", issue = "43122")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<G: ?Sized + Generator<R> + Unpin, R, A: Allocator> Generator<R> for Box<G, A>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
|
|
|
|
A: 'static,
|
|
|
|
|
{
|
2020-01-25 19:03:10 +00:00
|
|
|
type Yield = G::Yield;
|
|
|
|
|
type Return = G::Return;
|
|
|
|
|
|
|
|
|
|
fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> {
|
|
|
|
|
G::resume(Pin::new(&mut *self), arg)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[unstable(feature = "generator_trait", issue = "43122")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<G: ?Sized + Generator<R>, R, A: Allocator> Generator<R> for Pin<Box<G, A>>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
|
|
|
|
A: 'static,
|
|
|
|
|
{
|
2020-01-25 19:03:10 +00:00
|
|
|
type Yield = G::Yield;
|
|
|
|
|
type Return = G::Return;
|
|
|
|
|
|
|
|
|
|
fn resume(mut self: Pin<&mut Self>, arg: R) -> GeneratorState<Self::Yield, Self::Return> {
|
|
|
|
|
G::resume((*self).as_mut(), arg)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-05 21:14:19 +00:00
|
|
|
#[stable(feature = "futures_api", since = "1.36.0")]
|
2020-12-04 13:47:15 +00:00
|
|
|
impl<F: ?Sized + Future + Unpin, A: Allocator> Future for Box<F, A>
|
2020-11-28 14:24:30 +00:00
|
|
|
where
|
|
|
|
|
A: 'static,
|
|
|
|
|
{
|
2018-06-08 20:45:27 +00:00
|
|
|
type Output = F::Output;
|
|
|
|
|
|
2019-03-11 23:56:00 +00:00
|
|
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
|
|
|
|
F::poll(Pin::new(&mut *self), cx)
|
2018-08-10 07:10:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-11-13 17:24:26 +00:00
|
|
|
|
2022-02-03 09:56:10 +00:00
|
|
|
#[unstable(feature = "async_iterator", issue = "79024")]
|
|
|
|
|
impl<S: ?Sized + AsyncIterator + Unpin> AsyncIterator for Box<S> {
|
2020-11-13 17:24:26 +00:00
|
|
|
type Item = S::Item;
|
|
|
|
|
|
|
|
|
|
fn poll_next(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Option<Self::Item>> {
|
|
|
|
|
Pin::new(&mut **self).poll_next(cx)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn size_hint(&self) -> (usize, Option<usize>) {
|
|
|
|
|
(**self).size_hint()
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-29 18:54:47 +00:00
|
|
|
|
|
|
|
|
impl dyn Error {
|
|
|
|
|
#[inline]
|
|
|
|
|
#[stable(feature = "error_downcast", since = "1.3.0")]
|
|
|
|
|
#[rustc_allow_incoherent_impl]
|
|
|
|
|
/// Attempts to downcast the box to a concrete type.
|
|
|
|
|
pub fn downcast<T: Error + 'static>(self: Box<Self>) -> Result<Box<T>, Box<dyn Error>> {
|
|
|
|
|
if self.is::<T>() {
|
|
|
|
|
unsafe {
|
|
|
|
|
let raw: *mut dyn Error = Box::into_raw(self);
|
|
|
|
|
Ok(Box::from_raw(raw as *mut T))
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
Err(self)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl dyn Error + Send {
|
|
|
|
|
#[inline]
|
|
|
|
|
#[stable(feature = "error_downcast", since = "1.3.0")]
|
|
|
|
|
#[rustc_allow_incoherent_impl]
|
|
|
|
|
/// Attempts to downcast the box to a concrete type.
|
|
|
|
|
pub fn downcast<T: Error + 'static>(self: Box<Self>) -> Result<Box<T>, Box<dyn Error + Send>> {
|
|
|
|
|
let err: Box<dyn Error> = self;
|
|
|
|
|
<dyn Error>::downcast(err).map_err(|s| unsafe {
|
|
|
|
|
// Reapply the `Send` marker.
|
|
|
|
|
mem::transmute::<Box<dyn Error>, Box<dyn Error + Send>>(s)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl dyn Error + Send + Sync {
|
|
|
|
|
#[inline]
|
|
|
|
|
#[stable(feature = "error_downcast", since = "1.3.0")]
|
|
|
|
|
#[rustc_allow_incoherent_impl]
|
|
|
|
|
/// Attempts to downcast the box to a concrete type.
|
|
|
|
|
pub fn downcast<T: Error + 'static>(self: Box<Self>) -> Result<Box<T>, Box<Self>> {
|
|
|
|
|
let err: Box<dyn Error> = self;
|
|
|
|
|
<dyn Error>::downcast(err).map_err(|s| unsafe {
|
|
|
|
|
// Reapply the `Send + Sync` marker.
|
|
|
|
|
mem::transmute::<Box<dyn Error>, Box<dyn Error + Send + Sync>>(s)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
|
|
|
|
impl<'a, E: Error + 'a> From<E> for Box<dyn Error + 'a> {
|
|
|
|
|
/// Converts a type of [`Error`] into a box of dyn [`Error`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::fmt;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// #[derive(Debug)]
|
|
|
|
|
/// struct AnError;
|
|
|
|
|
///
|
|
|
|
|
/// impl fmt::Display for AnError {
|
|
|
|
|
/// fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
|
/// write!(f, "An error")
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// impl Error for AnError {}
|
|
|
|
|
///
|
|
|
|
|
/// let an_error = AnError;
|
|
|
|
|
/// assert!(0 == mem::size_of_val(&an_error));
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error>::from(an_error);
|
|
|
|
|
/// assert!(mem::size_of::<Box<dyn Error>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(err: E) -> Box<dyn Error + 'a> {
|
|
|
|
|
Box::new(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
|
|
|
|
impl<'a, E: Error + Send + Sync + 'a> From<E> for Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
/// Converts a type of [`Error`] + [`Send`] + [`Sync`] into a box of
|
|
|
|
|
/// dyn [`Error`] + [`Send`] + [`Sync`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::fmt;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// #[derive(Debug)]
|
|
|
|
|
/// struct AnError;
|
|
|
|
|
///
|
|
|
|
|
/// impl fmt::Display for AnError {
|
|
|
|
|
/// fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
|
/// write!(f, "An error")
|
|
|
|
|
/// }
|
|
|
|
|
/// }
|
|
|
|
|
///
|
|
|
|
|
/// impl Error for AnError {}
|
|
|
|
|
///
|
|
|
|
|
/// unsafe impl Send for AnError {}
|
|
|
|
|
///
|
|
|
|
|
/// unsafe impl Sync for AnError {}
|
|
|
|
|
///
|
|
|
|
|
/// let an_error = AnError;
|
|
|
|
|
/// assert!(0 == mem::size_of_val(&an_error));
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error + Send + Sync>::from(an_error);
|
|
|
|
|
/// assert!(
|
|
|
|
|
/// mem::size_of::<Box<dyn Error + Send + Sync>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(err: E) -> Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
Box::new(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
|
|
|
|
impl From<String> for Box<dyn Error + Send + Sync> {
|
|
|
|
|
/// Converts a [`String`] into a box of dyn [`Error`] + [`Send`] + [`Sync`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// let a_string_error = "a string error".to_string();
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error + Send + Sync>::from(a_string_error);
|
|
|
|
|
/// assert!(
|
|
|
|
|
/// mem::size_of::<Box<dyn Error + Send + Sync>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
#[inline]
|
|
|
|
|
fn from(err: String) -> Box<dyn Error + Send + Sync> {
|
|
|
|
|
struct StringError(String);
|
|
|
|
|
|
|
|
|
|
impl Error for StringError {
|
|
|
|
|
#[allow(deprecated)]
|
|
|
|
|
fn description(&self) -> &str {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl fmt::Display for StringError {
|
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
|
fmt::Display::fmt(&self.0, f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Purposefully skip printing "StringError(..)"
|
|
|
|
|
impl fmt::Debug for StringError {
|
|
|
|
|
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
|
|
|
|
fmt::Debug::fmt(&self.0, f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Box::new(StringError(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "string_box_error", since = "1.6.0")]
|
|
|
|
|
impl From<String> for Box<dyn Error> {
|
|
|
|
|
/// Converts a [`String`] into a box of dyn [`Error`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// let a_string_error = "a string error".to_string();
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error>::from(a_string_error);
|
|
|
|
|
/// assert!(mem::size_of::<Box<dyn Error>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(str_err: String) -> Box<dyn Error> {
|
|
|
|
|
let err1: Box<dyn Error + Send + Sync> = From::from(str_err);
|
|
|
|
|
let err2: Box<dyn Error> = err1;
|
|
|
|
|
err2
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "rust1", since = "1.0.0")]
|
|
|
|
|
impl<'a> From<&str> for Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
/// Converts a [`str`] into a box of dyn [`Error`] + [`Send`] + [`Sync`].
|
|
|
|
|
///
|
|
|
|
|
/// [`str`]: prim@str
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// let a_str_error = "a str error";
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error + Send + Sync>::from(a_str_error);
|
|
|
|
|
/// assert!(
|
|
|
|
|
/// mem::size_of::<Box<dyn Error + Send + Sync>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
#[inline]
|
|
|
|
|
fn from(err: &str) -> Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
From::from(String::from(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "string_box_error", since = "1.6.0")]
|
|
|
|
|
impl From<&str> for Box<dyn Error> {
|
|
|
|
|
/// Converts a [`str`] into a box of dyn [`Error`].
|
|
|
|
|
///
|
|
|
|
|
/// [`str`]: prim@str
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
///
|
|
|
|
|
/// let a_str_error = "a str error";
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error>::from(a_str_error);
|
|
|
|
|
/// assert!(mem::size_of::<Box<dyn Error>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(err: &str) -> Box<dyn Error> {
|
|
|
|
|
From::from(String::from(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "cow_box_error", since = "1.22.0")]
|
|
|
|
|
impl<'a, 'b> From<Cow<'b, str>> for Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
/// Converts a [`Cow`] into a box of dyn [`Error`] + [`Send`] + [`Sync`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
/// use std::borrow::Cow;
|
|
|
|
|
///
|
|
|
|
|
/// let a_cow_str_error = Cow::from("a str error");
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error + Send + Sync>::from(a_cow_str_error);
|
|
|
|
|
/// assert!(
|
|
|
|
|
/// mem::size_of::<Box<dyn Error + Send + Sync>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(err: Cow<'b, str>) -> Box<dyn Error + Send + Sync + 'a> {
|
|
|
|
|
From::from(String::from(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(no_global_oom_handling))]
|
|
|
|
|
#[stable(feature = "cow_box_error", since = "1.22.0")]
|
|
|
|
|
impl<'a> From<Cow<'a, str>> for Box<dyn Error> {
|
|
|
|
|
/// Converts a [`Cow`] into a box of dyn [`Error`].
|
|
|
|
|
///
|
|
|
|
|
/// # Examples
|
|
|
|
|
///
|
|
|
|
|
/// ```
|
|
|
|
|
/// use std::error::Error;
|
|
|
|
|
/// use std::mem;
|
|
|
|
|
/// use std::borrow::Cow;
|
|
|
|
|
///
|
|
|
|
|
/// let a_cow_str_error = Cow::from("a str error");
|
|
|
|
|
/// let a_boxed_error = Box::<dyn Error>::from(a_cow_str_error);
|
|
|
|
|
/// assert!(mem::size_of::<Box<dyn Error>>() == mem::size_of_val(&a_boxed_error))
|
|
|
|
|
/// ```
|
|
|
|
|
fn from(err: Cow<'a, str>) -> Box<dyn Error> {
|
|
|
|
|
From::from(String::from(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[stable(feature = "box_error", since = "1.8.0")]
|
|
|
|
|
impl<T: core::error::Error> core::error::Error for Box<T> {
|
|
|
|
|
#[allow(deprecated, deprecated_in_future)]
|
|
|
|
|
fn description(&self) -> &str {
|
|
|
|
|
core::error::Error::description(&**self)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[allow(deprecated)]
|
|
|
|
|
fn cause(&self) -> Option<&dyn core::error::Error> {
|
|
|
|
|
core::error::Error::cause(&**self)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn source(&self) -> Option<&(dyn core::error::Error + 'static)> {
|
|
|
|
|
core::error::Error::source(&**self)
|
|
|
|
|
}
|
|
|
|
|
}
|