internal: project using full slot

Instead of projecting using pointer to a field project the full slot. This
further shifts the code generation from the initializer site to the struct
definition site, which means less code is generated overall.

It also makes the safety comment easier to justify, as now the projection
is done by the `#[pin_data]` macro which has full visibility of pinnedness
of fields.

The field alignment could also be checked on the `#[pin_data]` side;
however, since `init!()` macro works for other type of structs, we cannot
remove the alignment check from `init!`/`pin_init!` side anyway, so I opted
to still keep the alignment check in init.rs.

Signed-off-by: Gary Guo <gary@garyguo.net>

Author: nbdd0121

internal/src/init.rs

@@ -232,12 +232,11 @@ fn init_fields(
         let slot = if pinned {
             quote! {
                 // SAFETY:
-                // - `&raw mut (*slot).#ident` points to the `#ident` field of `slot`.
-                // - `&raw mut (*slot).#ident` is valid.
+                // - `slot` is valid and properly aligned.
                 // - `make_field_check` checks that `&raw mut (*slot).#ident` is properly aligned.
                 // - `make_field_check` prevents `#ident` from being used twice, therefore
                 //   `(*slot).#ident` is exclusively accessed and has not been initialized.
-                (unsafe { #data.#ident(&raw mut (*#slot).#ident) })
+                (unsafe { #data.#ident(#slot) })
             }
         } else {
             quote! {

internal/src/pin_data.rs

@@ -344,45 +344,46 @@ fn generate_the_pin_data(
     // type. If a field is structurally pinned, we create a `Slot` with `Pinned` which must be
     // initialized via `PinInit`; if it is not structurally pinned, then we create a `Slot` with
     // `Unpinned` which allows initialization via `Init`.
-    fn handle_field(
-        Field {
-            vis,
-            ident,
-            ty,
-            attrs,
-            ..
-        }: &Field,
-        pinned: bool,
-    ) -> TokenStream {
-        let ident = ident
-            .as_ref()
-            .expect("only structs with named fields are supported");
-        let pin_marker = if pinned {
-            quote!(Pinned)
-        } else {
-            quote!(Unpinned)
-        };
-        quote! {
-            /// # Safety
-            ///
-            /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-            /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
-            #(#attrs)*
-            #vis unsafe fn #ident(
-                self,
-                slot: *mut #ty,
-            ) -> ::pin_init::__internal::Slot<::pin_init::__internal::#pin_marker, #ty> {
-                // SAFETY:
-                // - If `#pin_marker` is `Pinned`, the corresponding field is structurally pinned.
-                // - Other safety requirements follows the safety requirement.
-                unsafe { ::pin_init::__internal::Slot::new(slot) }
-            }
-        }
-    }
-
     let field_accessors = fields
         .iter()
-        .map(|(pinned, field)| handle_field(field, *pinned))
+        .map(
+            |(
+                pinned,
+                Field {
+                    vis,
+                    ident: field_name,
+                    ty,
+                    attrs,
+                    ..
+                },
+            )| {
+                let field_name = field_name
+                    .as_ref()
+                    .expect("only structs with named fields are supported");
+                let pin_marker = if *pinned {
+                    quote!(Pinned)
+                } else {
+                    quote!(Unpinned)
+                };
+                quote! {
+                    /// # Safety
+                    ///
+                    /// - `slot` is valid and properly aligned.
+                    /// - `(*slot).#field_name` is properly aligned.
+                    /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
+                    #(#attrs)*
+                    #vis unsafe fn #field_name(
+                        self,
+                        slot: *mut #ident #ty_generics,
+                    ) -> ::pin_init::__internal::Slot<::pin_init::__internal::#pin_marker, #ty> {
+                        // SAFETY:
+                        // - If `#pin_marker` is `Pinned`, the corresponding field is structurally pinned.
+                        // - Other safety requirements follows the safety requirement.
+                        unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).#field_name) }
+                    }
+                }
+            },
+        )
         .collect::<TokenStream>();
     quote! {
         // We declare this struct which will host all of the projection function for our type. It

src/lib.rs

@@ -868,10 +868,13 @@ pub use pin_init_internal::init;
 macro_rules! assert_pinned {
     ($ty:ty, $field:ident, $field_ty:ty, inline) => {
         // SAFETY: This code is unreachable.
-        let _ = move |ptr: *mut $field_ty| unsafe {
+        let _ = move || unsafe {
             let data = <$ty as $crate::__internal::HasPinData>::__pin_data();
-            data.$field(ptr)
-                .init($crate::__internal::AlwaysFail::<$field_ty>::new());
+            data.__make_init(move |slot| {
+                data.$field(slot)
+                    .init($crate::__internal::AlwaysFail::<$field_ty>::new())?;
+                Err(())
+            })
         };
     };
 

tests/ui/expand/many_generics.expanded.rs

@@ -84,42 +84,45 @@ const _: () = {
     {
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn array(
             self,
-            slot: *mut [u8; 1024 * 1024],
+            slot: *mut Foo<'a, 'b, T, SIZE>,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Unpinned,
             [u8; 1024 * 1024],
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).array) }
         }
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn r(
             self,
-            slot: *mut &'b mut [&'a mut T; SIZE],
+            slot: *mut Foo<'a, 'b, T, SIZE>,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Unpinned,
             &'b mut [&'a mut T; SIZE],
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).r) }
         }
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn _pin(
             self,
-            slot: *mut PhantomPinned,
+            slot: *mut Foo<'a, 'b, T, SIZE>,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Pinned,
             PhantomPinned,
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot)._pin) }
         }
     }
     unsafe impl<

tests/ui/expand/pin-data.expanded.rs

@@ -48,29 +48,31 @@ const _: () = {
     impl __ThePinData {
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn array(
             self,
-            slot: *mut [u8; 1024 * 1024],
+            slot: *mut Foo,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Unpinned,
             [u8; 1024 * 1024],
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).array) }
         }
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn _pin(
             self,
-            slot: *mut PhantomPinned,
+            slot: *mut Foo,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Pinned,
             PhantomPinned,
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot)._pin) }
         }
     }
     unsafe impl ::pin_init::__internal::HasPinData for Foo {

tests/ui/expand/pinned_drop.expanded.rs

@@ -48,29 +48,31 @@ const _: () = {
     impl __ThePinData {
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn array(
             self,
-            slot: *mut [u8; 1024 * 1024],
+            slot: *mut Foo,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Unpinned,
             [u8; 1024 * 1024],
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot).array) }
         }
         /// # Safety
         ///
-        /// - `slot` points to a `#ident` field of a pinned struct that this `__ThePinData` describes.
-        /// - `slot` is a valid, properly aligned and points to uninitialized and exclusively memory.
+        /// - `slot` is valid and properly aligned.
+        /// - `(*slot).#field_name` is properly aligned.
+        /// - `(*slot).#field_name` points to uninitialized and exclusively accessed memory.
         unsafe fn _pin(
             self,
-            slot: *mut PhantomPinned,
+            slot: *mut Foo,
         ) -> ::pin_init::__internal::Slot<
             ::pin_init::__internal::Pinned,
             PhantomPinned,
         > {
-            unsafe { ::pin_init::__internal::Slot::new(slot) }
+            unsafe { ::pin_init::__internal::Slot::new(&raw mut (*slot)._pin) }
         }
     }
     unsafe impl ::pin_init::__internal::HasPinData for Foo {