Skip to content

Commit

Permalink
[pointer][invariant] Remove AliasingMapping, Inaccessible
Browse files Browse the repository at this point in the history 
We previously used `AliasingMapping`s and `Inaccessible` to model
`UnsafeCell` agreement. This abuses the notion of a mapping since one
doesn't ever actually want to change the aliasing of a pointer (and
certainly not to `Inaccessible`) - really this was meant to model
pointer casts which should never be performed. In addition to being an
awkward fit, the presence of `Inaccessible` meant that code could not
assume that any `Aliasing` invariant permitted reading, and so we had to
add extra machinery to work around this.

Future commits will use a different, simpler model for denoting
`UnsafeCell` agreement or disagreement.

While we're here, make `Read` slightly more permissive, implemented for
`A: Aliasing, T: Immutable` rather than just `A: Reference, T:
Immutable`.

Makes progress on #1122, #1866

gherrit-pr-id: I1ac2ae177a235083e33b09fc848423220d3da042
  • Loading branch information
@joshlf
joshlf committed Oct 22, 2024
1 parent 244bef4 commit dbf871e
Showing 1 changed file with 4 additions and 52 deletions.
56 changes: 4 additions & 52 deletions src/pointer/invariant.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ impl<A: Aliasing, AA: Alignment, V: Validity> Invariants for (A, AA, V) {
}

/// The aliasing invariant of a [`Ptr`][super::Ptr].
///
/// All aliasing invariants must permit reading from the bytes of a pointer's
/// referent which are not covered by [`UnsafeCell`]s.
pub trait Aliasing: Sealed {
/// Is `Self` [`Exclusive`]?
#[doc(hidden)]
Expand All @@ -65,9 +68,6 @@ pub trait Aliasing: Sealed {
/// Aliasing>::Variance<'a, T>` to inherit this variance.
#[doc(hidden)]
type Variance<'a, T: 'a + ?Sized>;

#[doc(hidden)]
type MappedTo<M: AliasingMapping>: Aliasing;
}

/// The alignment invariant of a [`Ptr`][super::Ptr].
Expand Down Expand Up @@ -100,22 +100,6 @@ impl Validity for Unknown {
type MappedTo<M: ValidityMapping> = M::FromUnknown;
}

/// The `Ptr<'a, T>` does not permit any reads or writes from or to its referent.
pub enum Inaccessible {}

impl Aliasing for Inaccessible {
const IS_EXCLUSIVE: bool = false;

// SAFETY: Inaccessible `Ptr`s permit neither reads nor writes, and so it
// doesn't matter how long the referent actually lives. Thus, covariance is
// fine (and is chosen because it is maximally permissive). Shared
// references are covariant [1].
//
// [1] https://doc.rust-lang.org/1.81.0/reference/subtyping.html#variance
type Variance<'a, T: 'a + ?Sized> = &'a T;
type MappedTo<M: AliasingMapping> = M::FromInaccessible;
}

/// The `Ptr<'a, T>` adheres to the aliasing rules of a `&'a T`.
///
/// The referent of a shared-aliased `Ptr` may be concurrently referenced by any
Expand All @@ -128,7 +112,6 @@ pub enum Shared {}
impl Aliasing for Shared {
const IS_EXCLUSIVE: bool = false;
type Variance<'a, T: 'a + ?Sized> = &'a T;
type MappedTo<M: AliasingMapping> = M::FromShared;
}
impl Reference for Shared {}

Expand All @@ -141,7 +124,6 @@ pub enum Exclusive {}
impl Aliasing for Exclusive {
const IS_EXCLUSIVE: bool = true;
type Variance<'a, T: 'a + ?Sized> = &'a mut T;
type MappedTo<M: AliasingMapping> = M::FromExclusive;
}
impl Reference for Exclusive {}

Expand Down Expand Up @@ -230,7 +212,7 @@ define_because!(
pub BecauseImmutable
);
// SAFETY: `T: Immutable`.
unsafe impl<A: Reference, T: ?Sized + crate::Immutable> Read<A, BecauseImmutable> for T {}
unsafe impl<A: Aliasing, T: ?Sized + crate::Immutable> Read<A, BecauseImmutable> for T {}

use sealed::Sealed;
mod sealed {
Expand All @@ -240,7 +222,6 @@ mod sealed {

impl Sealed for Unknown {}

impl Sealed for Inaccessible {}
impl Sealed for Shared {}
impl Sealed for Exclusive {}

Expand All @@ -257,23 +238,6 @@ pub use mapping::*;
mod mapping {
use super::*;

/// A mapping from one [`Aliasing`] type to another.
///
/// An `AliasingMapping` is a type-level map which maps one `Aliasing` type
/// to another. It is always "total" in the sense of having a mapping for
/// any `A: Aliasing`.
///
/// Given `A: Aliasing` and `M: AliasingMapping`, `M` can be applied to `A`
/// as [`MappedAliasing<A, M>`](MappedAliasing).
///
/// Mappings are used by [`Ptr`](crate::Ptr) conversion methods to preserve
/// or modify invariants as required by each method's semantics.
pub trait AliasingMapping {
type FromInaccessible: Aliasing;
type FromShared: Aliasing;
type FromExclusive: Aliasing;
}

/// A mapping from one [`Alignment`] type to another.
///
/// An `AlignmentMapping` is a type-level map which maps one `Alignment`
Expand Down Expand Up @@ -308,10 +272,6 @@ mod mapping {
type FromValid: Validity;
}

/// The application of the [`AliasingMapping`] `M` to the [`Aliasing`] `A`.
#[allow(type_alias_bounds)]
pub type MappedAliasing<A: Aliasing, M: AliasingMapping> = A::MappedTo<M>;

/// The application of the [`AlignmentMapping`] `M` to the [`Alignment`] `A`.
#[allow(type_alias_bounds)]
pub type MappedAlignment<A: Alignment, M: AlignmentMapping> = A::MappedTo<M>;
Expand All @@ -320,14 +280,6 @@ mod mapping {
#[allow(type_alias_bounds)]
pub type MappedValidity<V: Validity, M: ValidityMapping> = V::MappedTo<M>;

impl<FromInaccessible: Aliasing, FromShared: Aliasing, FromExclusive: Aliasing> AliasingMapping
for ((Inaccessible, FromInaccessible), (Shared, FromShared), (Exclusive, FromExclusive))
{
type FromInaccessible = FromInaccessible;
type FromShared = FromShared;
type FromExclusive = FromExclusive;
}

impl<FromUnknown: Alignment, FromAligned: Alignment> AlignmentMapping
for ((Unknown, FromUnknown), (Shared, FromAligned))
{
Expand Down

0 comments on commit dbf871e

Please sign in to comment.