Rollup merge of rust-lang#96820 - r-raymond:master, r=cuviper

JohnTitor · web-flow · commit c7aa27083cac · 2022-06-22T12:00:34.000+09:00
Make RwLockReadGuard covariant Hi, first time contributor here, if anything is not as expected, please let me know. `RwLockReadGoard`'s type constructor is invariant. Since it behaves like a smart pointer to an immutable reference, there is no reason that it should not be covariant. Take e.g. ``` fn test_read_guard_covariance() { fn do_stuff<'a>(_: RwLockReadGuard<'_, &'a i32>, _: &'a i32) {} let j: i32 = 5; let lock = RwLock::new(&j); { let i = 6; do_stuff(lock.read().unwrap(), &i); } drop(lock); } ``` where the compiler complains that &i doesn't live long enough. If `RwLockReadGuard` is covariant, then the above code is accepted because the lifetime can be shorter than `'a`. In order for `RwLockReadGuard` to be covariant, it can't contain a full reference to the `RwLock`, which can never be covariant (because it exposes a mutable reference to the underlying data structure). By reducing the data structure to the required pieces of `RwLock`, the rest falls in place. If there is a better way to do a test that tests successful compilation, please let me know. Fixes rust-lang#80392
diff --git a/library/std/src/sync/rwlock.rs b/library/std/src/sync/rwlock.rs
@@ -4,6 +4,7 @@ mod tests;
 use crate::cell::UnsafeCell;
 use crate::fmt;
 use crate::ops::{Deref, DerefMut};
+use crate::ptr::NonNull;
 use crate::sync::{poison, LockResult, TryLockError, TryLockResult};
 use crate::sys_common::rwlock as sys;
 
@@ -101,7 +102,12 @@ unsafe impl<T: ?Sized + Send + Sync> Sync for RwLock<T> {}
 #[stable(feature = "rust1", since = "1.0.0")]
 #[clippy::has_significant_drop]
 pub struct RwLockReadGuard<'a, T: ?Sized + 'a> {
-    lock: &'a RwLock<T>,
+    // NB: we use a pointer instead of `&'a T` to avoid `noalias` violations, because a
+    // `Ref` argument doesn't hold immutability for its whole scope, only until it drops.
+    // `NonNull` is also covariant over `T`, just like we would have with `&T`. `NonNull`
+    // is preferable over `const* T` to allow for niche optimization.
+    data: NonNull<T>,
+    inner_lock: &'a sys::MovableRwLock,
 }
 
 #[stable(feature = "rust1", since = "1.0.0")]
@@ -511,12 +517,21 @@ impl<T> From<T> for RwLock<T> {
 }
 
 impl<'rwlock, T: ?Sized> RwLockReadGuard<'rwlock, T> {
+    /// Create a new instance of `RwLockReadGuard<T>` from a `RwLock<T>`.
+    // SAFETY: if and only if `lock.inner.read()` (or `lock.inner.try_read()`) has been
+    // successfully called from the same thread before instantiating this object.
     unsafe fn new(lock: &'rwlock RwLock<T>) -> LockResult<RwLockReadGuard<'rwlock, T>> {
-        poison::map_result(lock.poison.borrow(), |()| RwLockReadGuard { lock })
+        poison::map_result(lock.poison.borrow(), |()| RwLockReadGuard {
+            data: NonNull::new_unchecked(lock.data.get()),
+            inner_lock: &lock.inner,
+        })
     }
 }
 
 impl<'rwlock, T: ?Sized> RwLockWriteGuard<'rwlock, T> {
+    /// Create a new instance of `RwLockWriteGuard<T>` from a `RwLock<T>`.
+    // SAFETY: if and only if `lock.inner.write()` (or `lock.inner.try_write()`) has been
+    // successfully called from the same thread before instantiating this object.
     unsafe fn new(lock: &'rwlock RwLock<T>) -> LockResult<RwLockWriteGuard<'rwlock, T>> {
         poison::map_result(lock.poison.guard(), |guard| RwLockWriteGuard { lock, poison: guard })
     }
@@ -555,7 +570,8 @@ impl<T: ?Sized> Deref for RwLockReadGuard<'_, T> {
     type Target = T;
 
     fn deref(&self) -> &T {
-        unsafe { &*self.lock.data.get() }
+        // SAFETY: the conditions of `RwLockGuard::new` were satisfied when created.
+        unsafe { self.data.as_ref() }
     }
 }
 
@@ -564,22 +580,25 @@ impl<T: ?Sized> Deref for RwLockWriteGuard<'_, T> {
     type Target = T;
 
     fn deref(&self) -> &T {
+        // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
         unsafe { &*self.lock.data.get() }
     }
 }
 
 #[stable(feature = "rust1", since = "1.0.0")]
 impl<T: ?Sized> DerefMut for RwLockWriteGuard<'_, T> {
     fn deref_mut(&mut self) -> &mut T {
+        // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
         unsafe { &mut *self.lock.data.get() }
     }
 }
 
 #[stable(feature = "rust1", since = "1.0.0")]
 impl<T: ?Sized> Drop for RwLockReadGuard<'_, T> {
     fn drop(&mut self) {
+        // SAFETY: the conditions of `RwLockReadGuard::new` were satisfied when created.
         unsafe {
-            self.lock.inner.read_unlock();
+            self.inner_lock.read_unlock();
         }
     }
 }
@@ -588,6 +607,7 @@ impl<T: ?Sized> Drop for RwLockReadGuard<'_, T> {
 impl<T: ?Sized> Drop for RwLockWriteGuard<'_, T> {
     fn drop(&mut self) {
         self.lock.poison.done(&self.poison);
+        // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
         unsafe {
             self.lock.inner.write_unlock();
         }
diff --git a/library/std/src/sync/rwlock/tests.rs b/library/std/src/sync/rwlock/tests.rs
@@ -1,6 +1,6 @@
 use crate::sync::atomic::{AtomicUsize, Ordering};
 use crate::sync::mpsc::channel;
-use crate::sync::{Arc, RwLock, TryLockError};
+use crate::sync::{Arc, RwLock, RwLockReadGuard, TryLockError};
 use crate::thread;
 use rand::{self, Rng};
 
@@ -245,3 +245,15 @@ fn test_get_mut_poison() {
         Ok(x) => panic!("get_mut of poisoned RwLock is Ok: {x:?}"),
     }
 }
+
+#[test]
+fn test_read_guard_covariance() {
+    fn do_stuff<'a>(_: RwLockReadGuard<'_, &'a i32>, _: &'a i32) {}
+    let j: i32 = 5;
+    let lock = RwLock::new(&j);
+    {
+        let i = 6;
+        do_stuff(lock.read().unwrap(), &i);
+    }
+    drop(lock);
+}
diff --git a/src/test/codegen/noalias-rwlockreadguard.rs b/src/test/codegen/noalias-rwlockreadguard.rs
@@ -0,0 +1,14 @@
+// compile-flags: -O -C no-prepopulate-passes -Z mutable-noalias=yes
+
+#![crate_type = "lib"]
+
+use std::sync::{RwLock, RwLockReadGuard};
+
+// Make sure that `RwLockReadGuard` does not get a `noalias` attribute, because
+// the `RwLock` might alias writes after it is dropped.
+
+// CHECK-LABEL: @maybe_aliased(
+// CHECK-NOT: noalias
+// CHECK-SAME: %_data
+#[no_mangle]
+pub unsafe fn maybe_aliased(_: RwLockReadGuard<'_, i32>, _data: &RwLock<i32>) {}

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ mod tests;`
`4`	`4`	`use crate::cell::UnsafeCell;`
`5`	`5`	`use crate::fmt;`
`6`	`6`	`use crate::ops::{Deref, DerefMut};`
	`7`	`+use crate::ptr::NonNull;`
`7`	`8`	`use crate::sync::{poison, LockResult, TryLockError, TryLockResult};`
`8`	`9`	`use crate::sys_common::rwlock as sys;`
`9`	`10`
`@@ -101,7 +102,12 @@ unsafe impl<T: ?Sized + Send + Sync> Sync for RwLock<T> {}`
`101`	`102`	`#[stable(feature = "rust1", since = "1.0.0")]`
`102`	`103`	`#[clippy::has_significant_drop]`
`103`	`104`	`pub struct RwLockReadGuard<'a, T: ?Sized + 'a> {`
`104`		`- lock: &'a RwLock<T>,`
	`105`	+ // NB: we use a pointer instead of `&'a T` to avoid `noalias` violations, because a
	`106`	+ // `Ref` argument doesn't hold immutability for its whole scope, only until it drops.
	`107`	+ // `NonNull` is also covariant over `T`, just like we would have with `&T`. `NonNull`
	`108`	+ // is preferable over `const* T` to allow for niche optimization.
	`109`	`+ data: NonNull<T>,`
	`110`	`+ inner_lock: &'a sys::MovableRwLock,`
`105`	`111`	`}`
`106`	`112`
`107`	`113`	`#[stable(feature = "rust1", since = "1.0.0")]`
`@@ -511,12 +517,21 @@ impl<T> From<T> for RwLock<T> {`
`511`	`517`	`}`
`512`	`518`
`513`	`519`	`impl<'rwlock, T: ?Sized> RwLockReadGuard<'rwlock, T> {`
	`520`	+ /// Create a new instance of `RwLockReadGuard<T>` from a `RwLock<T>`.
	`521`	+ // SAFETY: if and only if `lock.inner.read()` (or `lock.inner.try_read()`) has been
	`522`	`+ // successfully called from the same thread before instantiating this object.`
`514`	`523`	`unsafe fn new(lock: &'rwlock RwLock<T>) -> LockResult<RwLockReadGuard<'rwlock, T>> {`
`515`		`- poison::map_result(lock.poison.borrow(), \|()\| RwLockReadGuard { lock })`
	`524`	`+ poison::map_result(lock.poison.borrow(), \|()\| RwLockReadGuard {`
	`525`	`+ data: NonNull::new_unchecked(lock.data.get()),`
	`526`	`+ inner_lock: &lock.inner,`
	`527`	`+ })`
`516`	`528`	`}`
`517`	`529`	`}`
`518`	`530`
`519`	`531`	`impl<'rwlock, T: ?Sized> RwLockWriteGuard<'rwlock, T> {`
	`532`	+ /// Create a new instance of `RwLockWriteGuard<T>` from a `RwLock<T>`.
	`533`	+ // SAFETY: if and only if `lock.inner.write()` (or `lock.inner.try_write()`) has been
	`534`	`+ // successfully called from the same thread before instantiating this object.`
`520`	`535`	`unsafe fn new(lock: &'rwlock RwLock<T>) -> LockResult<RwLockWriteGuard<'rwlock, T>> {`
`521`	`536`	`poison::map_result(lock.poison.guard(), \|guard\| RwLockWriteGuard { lock, poison: guard })`
`522`	`537`	`}`
`@@ -555,7 +570,8 @@ impl<T: ?Sized> Deref for RwLockReadGuard<'_, T> {`
`555`	`570`	`type Target = T;`
`556`	`571`
`557`	`572`	`fn deref(&self) -> &T {`
`558`		`- unsafe { &*self.lock.data.get() }`
	`573`	+ // SAFETY: the conditions of `RwLockGuard::new` were satisfied when created.
	`574`	`+ unsafe { self.data.as_ref() }`
`559`	`575`	`}`
`560`	`576`	`}`
`561`	`577`
`@@ -564,22 +580,25 @@ impl<T: ?Sized> Deref for RwLockWriteGuard<'_, T> {`
`564`	`580`	`type Target = T;`
`565`	`581`
`566`	`582`	`fn deref(&self) -> &T {`
	`583`	+ // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
`567`	`584`	`unsafe { &*self.lock.data.get() }`
`568`	`585`	`}`
`569`	`586`	`}`
`570`	`587`
`571`	`588`	`#[stable(feature = "rust1", since = "1.0.0")]`
`572`	`589`	`impl<T: ?Sized> DerefMut for RwLockWriteGuard<'_, T> {`
`573`	`590`	`fn deref_mut(&mut self) -> &mut T {`
	`591`	+ // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
`574`	`592`	`unsafe { &mut *self.lock.data.get() }`
`575`	`593`	`}`
`576`	`594`	`}`
`577`	`595`
`578`	`596`	`#[stable(feature = "rust1", since = "1.0.0")]`
`579`	`597`	`impl<T: ?Sized> Drop for RwLockReadGuard<'_, T> {`
`580`	`598`	`fn drop(&mut self) {`
	`599`	+ // SAFETY: the conditions of `RwLockReadGuard::new` were satisfied when created.
`581`	`600`	`unsafe {`
`582`		`- self.lock.inner.read_unlock();`
	`601`	`+ self.inner_lock.read_unlock();`
`583`	`602`	`}`
`584`	`603`	`}`
`585`	`604`	`}`
`@@ -588,6 +607,7 @@ impl<T: ?Sized> Drop for RwLockReadGuard<'_, T> {`
`588`	`607`	`impl<T: ?Sized> Drop for RwLockWriteGuard<'_, T> {`
`589`	`608`	`fn drop(&mut self) {`
`590`	`609`	`self.lock.poison.done(&self.poison);`
	`610`	+ // SAFETY: the conditions of `RwLockWriteGuard::new` were satisfied when created.
`591`	`611`	`unsafe {`
`592`	`612`	`self.lock.inner.write_unlock();`
`593`	`613`	`}`