Skip to content

Commit c7eb1a4

Browse files
committed
ty clar :3
1 parent f98c3bd commit c7eb1a4

6 files changed

Lines changed: 47 additions & 30 deletions

File tree

library/alloc/src/alloc.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ pub struct Global;
6262
unsafe impl core::alloc::AllocatorClone for Global {}
6363

6464
#[unstable(feature = "allocator_api", issue = "32838")]
65-
unsafe impl core::alloc::PinSafeAllocator for Global {}
65+
unsafe impl core::alloc::StaticAllocator for Global {}
6666

6767
#[unstable(feature = "allocator_api", issue = "32838")]
6868
unsafe impl core::alloc::NoaliasAllocator for Global {}

library/alloc/src/boxed.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ use core::task::{Context, Poll};
207207
#[cfg(not(no_global_oom_handling))]
208208
use crate::alloc::handle_alloc_error;
209209
use crate::alloc::{
210-
AllocError, Allocator, AllocatorClone, AllocatorEq, Global, Layout, PinSafeAllocator,
210+
AllocError, Allocator, AllocatorClone, AllocatorEq, Global, Layout, StaticAllocator,
211211
};
212212
use crate::raw_vec::RawVec;
213213
#[cfg(not(no_global_oom_handling))]
@@ -712,7 +712,7 @@ impl<T, A: Allocator> Box<T, A> {
712712
#[inline(always)]
713713
pub fn pin_in(x: T, alloc: A) -> Pin<Self>
714714
where
715-
A: PinSafeAllocator,
715+
A: StaticAllocator,
716716
{
717717
Self::into_pin(Self::new_in(x, alloc))
718718
}
@@ -1937,7 +1937,7 @@ impl<T: ?Sized, A: Allocator> Box<T, A> {
19371937
#[stable(feature = "box_into_pin", since = "1.63.0")]
19381938
pub fn into_pin(boxed: Self) -> Pin<Self>
19391939
where
1940-
A: PinSafeAllocator,
1940+
A: StaticAllocator,
19411941
{
19421942
// It's not possible to move or replace the insides of a `Pin<Box<T>>`
19431943
// when `T: !Unpin`, so it's safe to pin it directly without any

library/alloc/src/boxed/convert.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use core::fmt;
55
use core::mem;
66
use core::pin::Pin;
77

8-
use crate::alloc::{Allocator, PinSafeAllocator};
8+
use crate::alloc::{Allocator, StaticAllocator};
99
#[cfg(not(no_global_oom_handling))]
1010
use crate::borrow::Cow;
1111
use crate::boxed::Box;
@@ -38,7 +38,7 @@ impl<T> From<T> for Box<T> {
3838
#[stable(feature = "pin", since = "1.33.0")]
3939
impl<T: ?Sized, A: Allocator> From<Box<T, A>> for Pin<Box<T, A>>
4040
where
41-
A: PinSafeAllocator,
41+
A: StaticAllocator,
4242
{
4343
/// Converts a `Box<T>` into a `Pin<Box<T>>`. If `T` does not implement [`Unpin`], then
4444
/// `*boxed` will be pinned in memory and unable to be moved.

library/alloc/src/str.rs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -794,7 +794,12 @@ pub unsafe fn from_boxed_utf8_unchecked(v: Box<[u8]>) -> Box<str> {
794794
unsafe { Box::from_raw(Box::into_raw(v) as *mut str) }
795795
}
796796

797-
#[doc(hidden)]
797+
/// Converts a boxed slice of bytes to a boxed string slice without checking
798+
/// that the string contains valid UTF-8 generically over the box's allocator.
799+
///
800+
/// # Safety
801+
///
802+
/// * The provided bytes must contain a valid UTF-8 sequence.
798803
#[unstable(feature = "allocator_api", issue = "32838")]
799804
pub unsafe fn from_boxed_utf8_unchecked_in<A: crate::alloc::Allocator>(
800805
v: Box<[u8], A>,

library/core/src/alloc/mod.rs

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -96,9 +96,8 @@ impl fmt::Display for AllocError {
9696
/// - the memory block is deallocated,
9797
/// - the allocator is mutated through public API taking `&mut` access (notably,
9898
/// running the allocator's destructor is such a mutation), or
99-
/// - the allocator's type becomes invalid.
100-
/// (For example, the type `&'a T` becomes invalid when `'a` expires.
101-
/// More generally, a type becomes invalid when any of its lifetime parameters has expired.)
99+
/// - any lifetime parameter on the allocator's type expires, thus making the
100+
/// type invalid.
102101
///
103102
/// Copying, cloning, or moving the allocator must not invalidate memory blocks returned from it.
104103
/// A copied or cloned allocator must behave like the original allocator.
@@ -108,7 +107,9 @@ impl fmt::Display for AllocError {
108107
///
109108
/// Users of this trait must not rely on side effects of allocating or deallocating method calls
110109
/// on `Allocator` implementors being observable (i.e. it is sound for an allocation followed
111-
/// immediately by a deallocation to be optimised away).
110+
/// immediately by a deallocation to be optimised away). While it is possible to make
111+
/// such calls *unlikely* to be elided (e.g. for benchmarking), this cannot be relied upon
112+
/// for soundness.
112113
///
113114
/// Additionally, any memory block returned by the allocator must
114115
/// satisfy the allocation invariants described in `core::ptr`.
@@ -118,16 +119,17 @@ impl fmt::Display for AllocError {
118119
/// This ensures that pointer arithmetic within the allocation
119120
/// (for example, `ptr.add(len)`) cannot overflow the address space.
120121
///
121-
/// Additionally, the following requirements must be upheld by implementors, but are still
122-
/// considered experimental and thus downstream users cannot rely on them being upheld for
123-
/// correctness as they may be relaxed in the future:
124-
///
125-
/// Implementors of the trait must guarantee that none of the methods on this trait unwind.
122+
/// As an experimental requirement, implementors of the trait must guarantee that
123+
/// none of the methods herein unwind. Due to the bound being experimental, it may be
124+
/// removed in the future and so this cannot be relied upon by other unsafe code for
125+
/// proving soundness.
126126
///
127127
/// [*currently allocated*]: #currently-allocated-memory
128128
// NOTE: the above bound on allocating methods not unwinding, alongside the similar
129-
// bound on `AllocatorClone`, are currently load-bearing in std! see #156490 and #155746
130-
// and make sure those issues cannot be triggered before relaxing this.
129+
// bound on `AllocatorClone`, are currently load-bearing in std! see the below issues
130+
// and make sure they cannot be triggered before relaxing this:
131+
// https://rust.tf/156490
132+
// https://rust.tf/155746
131133
#[unstable(feature = "allocator_api", issue = "32838")]
132134
#[rustc_const_unstable(feature = "const_heap", issue = "79597")]
133135
#[rustc_dyn_incompatible_trait]
@@ -141,7 +143,8 @@ pub const unsafe trait Allocator {
141143
///
142144
/// The returned block of memory remains valid as long as it is [*currently allocated*] and
143145
/// the borrow-checker lifetime of the allocator type has not expired. Note that implementors
144-
/// which are also [`AllocatorClone`] must obey stricter semantics.
146+
/// which are also [`AllocatorClone`], [`AllocatorEq`], or [`StaticAllocator`] must obey
147+
/// stricter semantics.
145148
///
146149
/// [*currently allocated*]: #currently-allocated-memory
147150
///
@@ -189,10 +192,12 @@ pub const unsafe trait Allocator {
189192
/// * `ptr` must denote a block of memory [*currently allocated*] via this allocator, and
190193
/// * `layout` must [*fit*] that block of memory.
191194
///
192-
/// Note that it is UB for a deallocation or reallocation to invalidate any
193-
/// outstanding references, `Rc<_>`s, etc.; thus, notably, an allocator that has
194-
/// been moved into its own [*currently allocated*] memory must not be invalidated
195-
/// by a call to this method, as it would invalidate the `&self` reference used.
195+
/// Note that it is *immediate* language UB for a deallocation or reallocation to
196+
/// invalidate any outstanding references, smart pointers, etc.; thus, notably, an
197+
/// allocator that has been moved into its own [*currently allocated*] memory may
198+
/// not have its backing memory be freed, even if the allocator is never used again
199+
/// afterwards. This is due to the fact that such a deallocation would invalidate the
200+
/// `&self` reference passed to this method.
196201
///
197202
/// [*currently allocated*]: #currently-allocated-memory
198203
/// [*fit*]: #memory-fitting
@@ -394,7 +399,7 @@ pub const unsafe trait Allocator {
394399
///
395400
/// # Safety
396401
///
397-
/// See [`Allocator`].
402+
/// Same as [`Allocator`].
398403
#[unstable(feature = "allocator_api", issue = "32838")]
399404
pub impl(self) unsafe trait DynAllocator {
400405
#[doc(hidden)]
@@ -468,13 +473,18 @@ where
468473
{
469474
}
470475

471-
/// Marks that an allocator will not break [`Pin`] guarantees, even if subtyped with a
472-
/// shorter lifetime. This trivially applies to allocators that always maintain
473-
/// global state, e.g. `System` or `Global`.
476+
/// Marks that an allocator will behave as if it were `'static`, even if subtyped
477+
/// with a shorter lifetime. This trivially applies to allocators that always maintain
478+
/// global state, e.g. `System` or `Global`. Notably, the requirement means that
479+
/// downstream consumers may rely on this allocator not invalidating its currently
480+
/// allocated memory even if its lifetime has expired.
481+
///
482+
/// This is a necessity in conjunction with [`Pin`], as only `'static` allocators may
483+
/// be used to back a pinned pointer.
474484
///
475485
/// [`Pin`]: ../../core/pin/struct.Pin.html
476486
#[unstable(feature = "allocator_api", issue = "32838")]
477-
pub unsafe trait PinSafeAllocator: Allocator + 'static {}
487+
pub unsafe trait StaticAllocator: Allocator {}
478488

479489
#[unstable(feature = "allocator_api", issue = "32838")]
480490
#[rustc_const_unstable(feature = "const_heap", issue = "79597")]
@@ -628,7 +638,9 @@ unsafe impl<A: Allocator + ?Sized> DynAllocator for A {
628638
}
629639
}
630640

631-
// FIXME(nia-e): Make this all builtin
641+
// FIXME(nia-e): See if it's possible to make this built-in to the typesystem,
642+
// e.g. by making the impl work on arbitrary `dyn DynAlloc + Foo + Bar`. Otherwise,
643+
// just expand this macro with other trait combinations for now.
632644

633645
macro_rules! impl_dyn_allocator {
634646
($t:ty, $($n:ty),+) => {

library/std/src/alloc.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ pub struct System;
142142
unsafe impl core::alloc::AllocatorClone for System {}
143143

144144
#[unstable(feature = "allocator_api", issue = "32838")]
145-
unsafe impl core::alloc::PinSafeAllocator for System {}
145+
unsafe impl core::alloc::StaticAllocator for System {}
146146

147147
impl System {
148148
#[inline]

0 commit comments

Comments
 (0)