libcore: Make it unsafe to create NonZero and impl Deref.

luqmana · luqmana · commit e6a3c6e1780f · 2014-12-08T02:31:01.000-05:00
diff --git a/src/liballoc/arc.rs b/src/liballoc/arc.rs
@@ -91,7 +91,7 @@ impl<T: Sync + Send> Arc<T> {
             weak: atomic::AtomicUint::new(1),
             data: data,
         };
-        Arc { _ptr: NonZero(unsafe { mem::transmute(x) }) }
+        Arc { _ptr: unsafe { NonZero::new(mem::transmute(x)) } }
     }
 
     /// Downgrades a strong pointer to a weak pointer.
@@ -115,8 +115,7 @@ impl<T> Arc<T> {
         // `ArcInner` structure itself is `Sync` because the inner data is
         // `Sync` as well, so we're ok loaning out an immutable pointer to
         // these contents.
-        let NonZero(ptr) = self._ptr;
-        unsafe { &*ptr }
+        unsafe { &**self._ptr }
     }
 }
 
@@ -184,8 +183,7 @@ impl<T: Send + Sync + Clone> Arc<T> {
         // reference count is guaranteed to be 1 at this point, and we required
         // the Arc itself to be `mut`, so we're returning the only possible
         // reference to the inner data.
-        let NonZero(ptr) = self._ptr;
-        let inner = unsafe { &mut *ptr };
+        let inner = unsafe { &mut **self._ptr };
         &mut inner.data
     }
 }
@@ -194,7 +192,7 @@ impl<T: Send + Sync + Clone> Arc<T> {
 #[experimental = "waiting on stability of Drop"]
 impl<T: Sync + Send> Drop for Arc<T> {
     fn drop(&mut self) {
-        let NonZero(ptr) = self._ptr;
+        let ptr = *self._ptr;
         // This structure has #[unsafe_no_drop_flag], so this drop glue may run
         // more than once (but it is guaranteed to be zeroed after the first if
         // it's run more than once)
@@ -258,8 +256,7 @@ impl<T: Sync + Send> Weak<T> {
     #[inline]
     fn inner(&self) -> &ArcInner<T> {
         // See comments above for why this is "safe"
-        let NonZero(ptr) = self._ptr;
-        unsafe { &*ptr }
+        unsafe { &**self._ptr }
     }
 }
 
@@ -277,7 +274,7 @@ impl<T: Sync + Send> Clone for Weak<T> {
 #[experimental = "Weak pointers may not belong in this module."]
 impl<T: Sync + Send> Drop for Weak<T> {
     fn drop(&mut self) {
-        let NonZero(ptr) = self._ptr;
+        let ptr = *self._ptr;
 
         // see comments above for why this check is here
         if ptr.is_null() { return }
diff --git a/src/liballoc/rc.rs b/src/liballoc/rc.rs
@@ -195,7 +195,7 @@ impl<T> Rc<T> {
                 // destructor never frees the allocation while the
                 // strong destructor is running, even if the weak
                 // pointer is stored inside the strong one.
-                _ptr: NonZero(transmute(box RcBox {
+                _ptr: NonZero::new(transmute(box RcBox {
                     value: value,
                     strong: Cell::new(1),
                     weak: Cell::new(1)
@@ -280,8 +280,7 @@ pub fn try_unwrap<T>(rc: Rc<T>) -> Result<T, Rc<T>> {
             let val = ptr::read(&*rc); // copy the contained object
             // destruct the box and skip our Drop
             // we can ignore the refcounts because we know we're unique
-            let NonZero(ptr) = rc._ptr;
-            deallocate(ptr as *mut u8, size_of::<RcBox<T>>(),
+            deallocate(*rc._ptr as *mut u8, size_of::<RcBox<T>>(),
                         min_align_of::<RcBox<T>>());
             forget(rc);
             Ok(val)
@@ -311,10 +310,7 @@ pub fn try_unwrap<T>(rc: Rc<T>) -> Result<T, Rc<T>> {
 #[experimental]
 pub fn get_mut<'a, T>(rc: &'a mut Rc<T>) -> Option<&'a mut T> {
     if is_unique(rc) {
-        let inner = unsafe {
-            let NonZero(ptr) = rc._ptr;
-            &mut *ptr
-        };
+        let inner = unsafe { &mut **rc._ptr };
         Some(&mut inner.value)
     } else {
         None
@@ -347,10 +343,7 @@ impl<T: Clone> Rc<T> {
         // reference count is guaranteed to be 1 at this point, and we required
         // the `Rc<T>` itself to be `mut`, so we're returning the only possible
         // reference to the inner value.
-        let inner = unsafe {
-            let NonZero(ptr) = self._ptr;
-            &mut *ptr
-        };
+        let inner = unsafe { &mut **self._ptr };
         &mut inner.value
     }
 }
@@ -392,7 +385,7 @@ impl<T> Drop for Rc<T> {
     /// ```
     fn drop(&mut self) {
         unsafe {
-            let NonZero(ptr) = self._ptr;
+            let ptr = *self._ptr;
             if !ptr.is_null() {
                 self.dec_strong();
                 if self.strong() == 0 {
@@ -675,7 +668,7 @@ impl<T> Drop for Weak<T> {
     /// ```
     fn drop(&mut self) {
         unsafe {
-            let NonZero(ptr) = self._ptr;
+            let ptr = *self._ptr;
             if !ptr.is_null() {
                 self.dec_weak();
                 // the weak count starts at 1, and will only go to
@@ -736,18 +729,12 @@ trait RcBoxPtr<T> {
 
 impl<T> RcBoxPtr<T> for Rc<T> {
     #[inline(always)]
-    fn inner(&self) -> &RcBox<T> {
-        let NonZero(ptr) = self._ptr;
-        unsafe { &(*ptr) }
-    }
+    fn inner(&self) -> &RcBox<T> { unsafe { &(**self._ptr) } }
 }
 
 impl<T> RcBoxPtr<T> for Weak<T> {
     #[inline(always)]
-    fn inner(&self) -> &RcBox<T> {
-        let NonZero(ptr) = self._ptr;
-        unsafe { &(*ptr) }
-    }
+    fn inner(&self) -> &RcBox<T> { unsafe { &(**self._ptr) } }
 }
 
 #[cfg(test)]
diff --git a/src/libcollections/vec.rs b/src/libcollections/vec.rs
@@ -147,7 +147,7 @@ impl<T> Vec<T> {
         // non-null value which is fine since we never call deallocate on the ptr
         // if cap is 0. The reason for this is because the pointer of a slice
         // being NULL would break the null pointer optimization for enums.
-        Vec { ptr: NonZero(EMPTY as *mut T), len: 0, cap: 0 }
+        Vec { ptr: unsafe { NonZero::new(EMPTY as *mut T) }, len: 0, cap: 0 }
     }
 
     /// Constructs a new, empty `Vec` with the specified capacity.
@@ -181,15 +181,15 @@ impl<T> Vec<T> {
     #[stable]
     pub fn with_capacity(capacity: uint) -> Vec<T> {
         if mem::size_of::<T>() == 0 {
-            Vec { ptr: NonZero(EMPTY as *mut T), len: 0, cap: uint::MAX }
+            Vec { ptr: unsafe { NonZero::new(EMPTY as *mut T) }, len: 0, cap: uint::MAX }
         } else if capacity == 0 {
             Vec::new()
         } else {
             let size = capacity.checked_mul(mem::size_of::<T>())
                                .expect("capacity overflow");
             let ptr = unsafe { allocate(size, mem::min_align_of::<T>()) };
             if ptr.is_null() { ::alloc::oom() }
-            Vec { ptr: NonZero(ptr as *mut T), len: 0, cap: capacity }
+            Vec { ptr: unsafe { NonZero::new(ptr as *mut T) }, len: 0, cap: capacity }
         }
     }
 
@@ -262,7 +262,7 @@ impl<T> Vec<T> {
     #[unstable = "needs finalization"]
     pub unsafe fn from_raw_parts(ptr: *mut T, length: uint,
                                  capacity: uint) -> Vec<T> {
-        Vec { ptr: NonZero(ptr), len: length, cap: capacity }
+        Vec { ptr: NonZero::new(ptr), len: length, cap: capacity }
     }
 
     /// Creates a vector by copying the elements from a raw pointer.
@@ -744,24 +744,23 @@ impl<T> Vec<T> {
     pub fn shrink_to_fit(&mut self) {
         if mem::size_of::<T>() == 0 { return }
 
-        let NonZero(ptr) = self.ptr;
         if self.len == 0 {
             if self.cap != 0 {
                 unsafe {
-                    dealloc(ptr, self.cap)
+                    dealloc(*self.ptr, self.cap)
                 }
                 self.cap = 0;
             }
         } else {
             unsafe {
                 // Overflow check is unnecessary as the vector is already at
                 // least this large.
-                let ptr = reallocate(ptr as *mut u8,
+                let ptr = reallocate(*self.ptr as *mut u8,
                                      self.cap * mem::size_of::<T>(),
                                      self.len * mem::size_of::<T>(),
                                      mem::min_align_of::<T>()) as *mut T;
                 if ptr.is_null() { ::alloc::oom() }
-                self.ptr = NonZero(ptr);
+                self.ptr = NonZero::new(ptr);
             }
             self.cap = self.len;
         }
@@ -819,10 +818,9 @@ impl<T> Vec<T> {
     #[inline]
     #[stable]
     pub fn as_mut_slice<'a>(&'a mut self) -> &'a mut [T] {
-        let NonZero(ptr) = self.ptr;
         unsafe {
             mem::transmute(RawSlice {
-                data: ptr as *const T,
+                data: *self.ptr as *const T,
                 len: self.len,
             })
         }
@@ -845,7 +843,7 @@ impl<T> Vec<T> {
     #[unstable = "matches collection reform specification, waiting for dust to settle"]
     pub fn into_iter(self) -> MoveItems<T> {
         unsafe {
-            let NonZero(ptr) = self.ptr;
+            let ptr = *self.ptr;
             let cap = self.cap;
             let begin = ptr as *const T;
             let end = if mem::size_of::<T>() == 0 {
@@ -1064,16 +1062,15 @@ impl<T> Vec<T> {
             let size = max(old_size, 2 * mem::size_of::<T>()) * 2;
             if old_size > size { panic!("capacity overflow") }
             unsafe {
-                let NonZero(ptr) = self.ptr;
-                let ptr = alloc_or_realloc(ptr, old_size, size);
+                let ptr = alloc_or_realloc(*self.ptr, old_size, size);
                 if ptr.is_null() { ::alloc::oom() }
-                self.ptr = NonZero(ptr);
+                self.ptr = NonZero::new(ptr);
             }
             self.cap = max(self.cap, 2) * 2;
         }
 
         unsafe {
-            let NonZero(end) = self.ptr.offset(self.len as int);
+            let end = *self.ptr.offset(self.len as int);
             ptr::write(&mut *end, value);
             self.len += 1;
         }
@@ -1153,10 +1150,9 @@ impl<T> Vec<T> {
             let size = capacity.checked_mul(mem::size_of::<T>())
                                .expect("capacity overflow");
             unsafe {
-                let NonZero(ptr) = self.ptr;
-                let ptr = alloc_or_realloc(ptr, self.cap * mem::size_of::<T>(), size);
+                let ptr = alloc_or_realloc(*self.ptr, self.cap * mem::size_of::<T>(), size);
                 if ptr.is_null() { ::alloc::oom() }
-                self.ptr = NonZero(ptr);
+                self.ptr = NonZero::new(ptr);
             }
             self.cap = capacity;
         }
@@ -1275,10 +1271,9 @@ impl<T> AsSlice<T> for Vec<T> {
     #[inline]
     #[stable]
     fn as_slice<'a>(&'a self) -> &'a [T] {
-        let NonZero(ptr) = self.ptr;
         unsafe {
             mem::transmute(RawSlice {
-                data: ptr as *const T,
+                data: *self.ptr as *const T,
                 len: self.len
             })
         }
@@ -1305,8 +1300,7 @@ impl<T> Drop for Vec<T> {
                 for x in self.iter() {
                     ptr::read(x);
                 }
-                let NonZero(ptr) = self.ptr;
-                dealloc(ptr, self.cap)
+                dealloc(*self.ptr, self.cap)
             }
         }
     }
@@ -1342,7 +1336,7 @@ impl<T> MoveItems<T> {
             for _x in self { }
             let MoveItems { allocation, cap, ptr: _ptr, end: _end } = self;
             mem::forget(self);
-            Vec { ptr: NonZero(allocation), cap: cap, len: 0 }
+            Vec { ptr: NonZero::new(allocation), cap: cap, len: 0 }
         }
     }
 
diff --git a/src/libcore/ptr.rs b/src/libcore/ptr.rs
@@ -92,6 +92,7 @@ use clone::Clone;
 use intrinsics;
 use option::Option;
 use option::Option::{Some, None};
+use ops::Deref;
 
 use cmp::{PartialEq, Eq, PartialOrd, Equiv};
 use cmp::Ordering;
@@ -106,7 +107,25 @@ pub use intrinsics::set_memory;
 /// NULL or 0 that might allow certain optimizations.
 #[lang="non_zero"]
 #[deriving(Clone, PartialEq, Eq, PartialOrd)]
-pub struct NonZero<T>(pub T);
+#[experimental]
+pub struct NonZero<T>(T);
+
+impl<T> NonZero<T> {
+    /// Create an instance of NonZero with the provided value.
+    /// You must indeed ensure that the value is actually "non-zero".
+    #[inline(always)]
+    pub unsafe fn new(inner: T) -> NonZero<T> {
+        NonZero(inner)
+    }
+}
+
+impl<T> Deref<T> for NonZero<T> {
+    #[inline]
+    fn deref<'a>(&'a self) -> &'a T {
+        let NonZero(ref inner) = *self;
+        inner
+    }
+}
 
 /// Create a null pointer.
 ///
