mercurial-scm/hg: rust/hg-cpython/src/ref

comparison rust/hg-cpython/src/ref_sharing.rs @ 43427:b7ab3a0a9e57

rust-cpython: leverage RefCell::borrow() to guarantee there's no mutable ref Since the underlying value can't be mutably borrowed by PyLeaked, we don't have to manage yet another mutably-borrowed state. We can just rely on the RefCell implementation. Maybe we can add try_leak_immutable(), but this patch doesn't in order to keep the patch series not too long.

author	Yuya Nishihara <yuya@tcha.org>
date	Sat, 05 Oct 2019 08:56:15 -0400
parents	6f9f15a476a4
children	6c0e47874217

comparison

equal deleted inserted replaced

-:6f9f15a476a4
+:b7ab3a0a9e57
 ///
 /// - The immutability of `py_class!` object fields. Any mutation of
 ///   `PySharedRefCell` is allowed only through its `borrow_mut()`.
 /// - The `py: Python<'_>` token, which makes sure that any data access is
 ///   synchronized by the GIL.
+/// - The underlying `RefCell`, which prevents `PySharedRefCell` data from
+///   being directly borrowed or leaked while it is mutably borrowed.
 /// - The `borrow_count`, which is the number of references borrowed from
 ///   `PyLeaked`. Just like `RefCell`, mutation is prohibited while `PyLeaked`
 ///   is borrowed.
 /// - The `generation` counter, which increments on `borrow_mut()`. `PyLeaked`
 ///   reference is valid only if the `current_generation()` equals to the
 /// This is highly unsafe since the lifetime of the given data can be
 /// extended. Do not call this function directly.
 unsafe fn leak_immutable<T>(
 &self,
 py: Python,
-data: &PySharedRefCell<T>,
+data: Ref<T>,
 ) -> PyResult<(&'static T, &'static PySharedState)> {
 if self.mutably_borrowed.get() {
 return Err(AlreadyBorrowed::new(
 py,
 "Cannot borrow immutably while there is a \
 mutable reference in Python objects",
 ));
 }
-// TODO: it's weird that self is data.py_shared_state. Maybe we
+let ptr: *const T = &*data;
-// can move stuff to PySharedRefCell?
+let state_ptr: *const PySharedState = self;
-let ptr = data.as_ptr();
-let state_ptr: *const PySharedState = &data.py_shared_state;
 Ok((&*ptr, &*state_ptr))
 }
 fn current_borrow_count(&self, _py: Python) -> usize {
 self.borrow_count.load(Ordering::Relaxed)
 // - inner.borrow() would fail if self is mutably borrowed,
 // - and inner.borrow_mut() would fail while self is borrowed.
 self.inner.borrow()
 }
-fn as_ptr(&self) -> *mut T {
-self.inner.as_ptr()
-}
 // TODO: maybe this should be named as try_borrow_mut(), and use
 // inner.try_borrow_mut(). The current implementation panics if
 // self.inner has been borrowed, but returns error if py_shared_state
 // refuses to borrow.
 fn borrow_mut<'a>(&'a self, py: Python<'a>) -> PyResult<PyRefMut<'a, T>> {
 pub fn borrow_mut(&self) -> PyResult<PyRefMut<'a, T>> {
 self.data.borrow_mut(self.py)
 }
 /// Returns a leaked reference.
+///
+/// # Panics
+///
+/// Panics if this is mutably borrowed.
 pub fn leak_immutable(&self) -> PyResult<PyLeaked<&'static T>> {
 let state = &self.data.py_shared_state;
+// make sure self.data isn't mutably borrowed; otherwise the
+// generation number can't be trusted.
+let data_ref = self.borrow();
 unsafe {
 let (static_ref, static_state_ref) =
-state.leak_immutable(self.py, self.data)?;
+state.leak_immutable(self.py, data_ref)?;
 Ok(PyLeaked::new(
 self.py,
 self.owner,
 static_ref,
 static_state_ref,
 let _leaked_ref = leaked_iter.try_borrow_mut(py).unwrap();
 assert!(owner.string_shared(py).borrow_mut().is_err());
 }
 assert!(owner.string_shared(py).borrow_mut().is_ok());
 }
-}
+#[test]
+#[should_panic(expected = "mutably borrowed")]
+fn test_leak_while_borrow_mut() {
+let (gil, owner) = prepare_env();
+let py = gil.python();
+let _mut_ref = owner.string_shared(py).borrow_mut();
+let _ = owner.string_shared(py).leak_immutable();
+}
+}

Mercurial > public > mercurial-scm > hg

comparison rust/hg-cpython/src/ref_sharing.rs @ 43427:b7ab3a0a9e57