1 // SPDX-License-Identifier: Apache-2.0 OR MIT
3 //! This module provides the macros that actually implement the proc-macros `pin_data` and
4 //! `pinned_drop`. It also contains `__init_internal` the implementation of the `{try_}{pin_}init!`
7 //! These macros should never be called directly, since they expect their input to be
8 //! in a certain format which is internal. If used incorrectly, these macros can lead to UB even in
9 //! safe code! Use the public facing macros instead.
11 //! This architecture has been chosen because the kernel does not yet have access to `syn` which
12 //! would make matters a lot easier for implementing these as proc-macros.
14 //! # Macro expansion example
16 //! This section is intended for readers trying to understand the macros in this module and the
17 //! `pin_init!` macros from `init.rs`.
19 //! We will look at the following example:
22 //! # use kernel::init::*;
23 //! # use core::pin::Pin;
33 //! fn new(t: T) -> impl PinInit<Self> {
34 //! pin_init!(Self { t, x: 0 })
38 //! #[pin_data(PinnedDrop)]
46 //! impl PinnedDrop for Foo {
47 //! fn drop(self: Pin<&mut Self>) {
48 //! pr_info!("{self:p} is getting dropped.");
53 //! let initializer = pin_init!(Foo {
55 //! b <- Bar::new(36),
59 //! This example includes the most common and important features of the pin-init API.
61 //! Below you can find individual section about the different macro invocations. Here are some
62 //! general things we need to take into account when designing macros:
63 //! - use global paths, similarly to file paths, these start with the separator: `::core::panic!()`
64 //! this ensures that the correct item is used, since users could define their own `mod core {}`
65 //! and then their own `panic!` inside to execute arbitrary code inside of our macro.
66 //! - macro `unsafe` hygiene: we need to ensure that we do not expand arbitrary, user-supplied
67 //! expressions inside of an `unsafe` block in the macro, because this would allow users to do
68 //! `unsafe` operations without an associated `unsafe` block.
70 //! ## `#[pin_data]` on `Bar`
72 //! This macro is used to specify which fields are structurally pinned and which fields are not. It
73 //! is placed on the struct definition and allows `#[pin]` to be placed on the fields.
75 //! Here is the definition of `Bar` from our example:
78 //! # use kernel::init::*;
88 //! This expands to the following code:
91 //! // Firstly the normal definition of the struct, attributes are preserved:
97 //! // Then an anonymous constant is defined, this is because we do not want any code to access the
98 //! // types that we define inside:
100 //! // We define the pin-data carrying struct, it is a ZST and needs to have the same generics,
101 //! // since we need to implement access functions for each field and thus need to know its
103 //! struct __ThePinData<T> {
104 //! __phantom: ::core::marker::PhantomData<fn(Bar<T>) -> Bar<T>>,
106 //! // We implement `Copy` for the pin-data struct, since all functions it defines will take
107 //! // `self` by value.
108 //! impl<T> ::core::clone::Clone for __ThePinData<T> {
109 //! fn clone(&self) -> Self {
113 //! impl<T> ::core::marker::Copy for __ThePinData<T> {}
114 //! // For every field of `Bar`, the pin-data struct will define a function with the same name
115 //! // and accessor (`pub` or `pub(crate)` etc.). This function will take a pointer to the
116 //! // field (`slot`) and a `PinInit` or `Init` depending on the projection kind of the field
117 //! // (if pinning is structural for the field, then `PinInit` otherwise `Init`).
118 //! #[allow(dead_code)]
119 //! impl<T> __ThePinData<T> {
123 //! // Since `t` is `#[pin]`, this is `PinInit`.
124 //! init: impl ::kernel::init::PinInit<T, E>,
125 //! ) -> ::core::result::Result<(), E> {
126 //! unsafe { ::kernel::init::PinInit::__pinned_init(init, slot) }
128 //! pub unsafe fn x<E>(
130 //! slot: *mut usize,
131 //! // Since `x` is not `#[pin]`, this is `Init`.
132 //! init: impl ::kernel::init::Init<usize, E>,
133 //! ) -> ::core::result::Result<(), E> {
134 //! unsafe { ::kernel::init::Init::__init(init, slot) }
137 //! // Implement the internal `HasPinData` trait that associates `Bar` with the pin-data struct
138 //! // that we constructed above.
139 //! unsafe impl<T> ::kernel::init::__internal::HasPinData for Bar<T> {
140 //! type PinData = __ThePinData<T>;
141 //! unsafe fn __pin_data() -> Self::PinData {
143 //! __phantom: ::core::marker::PhantomData,
147 //! // Implement the internal `PinData` trait that marks the pin-data struct as a pin-data
148 //! // struct. This is important to ensure that no user can implement a rouge `__pin_data`
149 //! // function without using `unsafe`.
150 //! unsafe impl<T> ::kernel::init::__internal::PinData for __ThePinData<T> {
151 //! type Datee = Bar<T>;
153 //! // Now we only want to implement `Unpin` for `Bar` when every structurally pinned field is
154 //! // `Unpin`. In other words, whether `Bar` is `Unpin` only depends on structurally pinned
155 //! // fields (those marked with `#[pin]`). These fields will be listed in this struct, in our
156 //! // case no such fields exist, hence this is almost empty. The two phantomdata fields exist
157 //! // for two reasons:
158 //! // - `__phantom`: every generic must be used, since we cannot really know which generics
159 //! // are used, we declere all and then use everything here once.
160 //! // - `__phantom_pin`: uses the `'__pin` lifetime and ensures that this struct is invariant
161 //! // over it. The lifetime is needed to work around the limitation that trait bounds must
162 //! // not be trivial, e.g. the user has a `#[pin] PhantomPinned` field -- this is
163 //! // unconditionally `!Unpin` and results in an error. The lifetime tricks the compiler
164 //! // into accepting these bounds regardless.
165 //! #[allow(dead_code)]
166 //! struct __Unpin<'__pin, T> {
167 //! __phantom_pin: ::core::marker::PhantomData<fn(&'__pin ()) -> &'__pin ()>,
168 //! __phantom: ::core::marker::PhantomData<fn(Bar<T>) -> Bar<T>>,
169 //! // Our only `#[pin]` field is `t`.
173 //! impl<'__pin, T> ::core::marker::Unpin for Bar<T>
175 //! __Unpin<'__pin, T>: ::core::marker::Unpin,
177 //! // Now we need to ensure that `Bar` does not implement `Drop`, since that would give users
178 //! // access to `&mut self` inside of `drop` even if the struct was pinned. This could lead to
179 //! // UB with only safe code, so we disallow this by giving a trait implementation error using
180 //! // a direct impl and a blanket implementation.
181 //! trait MustNotImplDrop {}
182 //! // Normally `Drop` bounds do not have the correct semantics, but for this purpose they do
183 //! // (normally people want to know if a type has any kind of drop glue at all, here we want
184 //! // to know if it has any kind of custom drop glue, which is exactly what this bound does).
185 //! #[allow(drop_bounds)]
186 //! impl<T: ::core::ops::Drop> MustNotImplDrop for T {}
187 //! impl<T> MustNotImplDrop for Bar<T> {}
188 //! // Here comes a convenience check, if one implemented `PinnedDrop`, but forgot to add it to
189 //! // `#[pin_data]`, then this will error with the same mechanic as above, this is not needed
190 //! // for safety, but a good sanity check, since no normal code calls `PinnedDrop::drop`.
191 //! #[allow(non_camel_case_types)]
192 //! trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {}
194 //! T: ::kernel::init::PinnedDrop,
195 //! > UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for T {}
196 //! impl<T> UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for Bar<T> {}
200 //! ## `pin_init!` in `impl Bar`
202 //! This macro creates an pin-initializer for the given struct. It requires that the struct is
203 //! annotated by `#[pin_data]`.
205 //! Here is the impl on `Bar` defining the new function:
209 //! fn new(t: T) -> impl PinInit<Self> {
210 //! pin_init!(Self { t, x: 0 })
215 //! This expands to the following code:
219 //! fn new(t: T) -> impl PinInit<Self> {
221 //! // We do not want to allow arbitrary returns, so we declare this type as the `Ok`
222 //! // return type and shadow it later when we insert the arbitrary user code. That way
223 //! // there will be no possibility of returning without `unsafe`.
225 //! // Get the data about fields from the supplied type.
226 //! // - the function is unsafe, hence the unsafe block
227 //! // - we `use` the `HasPinData` trait in the block, it is only available in that
229 //! let data = unsafe {
230 //! use ::kernel::init::__internal::HasPinData;
231 //! Self::__pin_data()
233 //! // Ensure that `data` really is of type `PinData` and help with type inference:
234 //! let init = ::kernel::init::__internal::PinData::make_closure::<
237 //! ::core::convert::Infallible,
238 //! >(data, move |slot| {
240 //! // Shadow the structure so it cannot be used to return early. If a user
241 //! // tries to write `return Ok(__InitOk)`, then they get a type error,
242 //! // since that will refer to this struct instead of the one defined
245 //! // This is the expansion of `t,`, which is syntactic sugar for `t: t,`.
247 //! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).t), t) };
249 //! // Since initialization could fail later (not in this case, since the
250 //! // error type is `Infallible`) we will need to drop this field if there
251 //! // is an error later. This `DropGuard` will drop the field when it gets
252 //! // dropped and has not yet been forgotten.
254 //! ::pinned_init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).t))
256 //! // Expansion of `x: 0,`:
257 //! // Since this can be an arbitrary expression we cannot place it inside
258 //! // of the `unsafe` block, so we bind it here.
261 //! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).x), x) };
263 //! // We again create a `DropGuard`.
265 //! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).x))
267 //! // Since initialization has successfully completed, we can now forget
268 //! // the guards. This is not `mem::forget`, since we only have
270 //! ::core::mem::forget(x);
271 //! ::core::mem::forget(t);
272 //! // Here we use the type checker to ensure that every field has been
273 //! // initialized exactly once, since this is `if false` it will never get
274 //! // executed, but still type-checked.
275 //! // Additionally we abuse `slot` to automatically infer the correct type
276 //! // for the struct. This is also another check that every field is
277 //! // accessible from this scope.
278 //! #[allow(unreachable_code, clippy::diverging_sub_expression)]
281 //! ::core::ptr::write(
284 //! // We only care about typecheck finding every field
285 //! // here, the expression does not matter, just conjure
286 //! // one using `panic!()`:
287 //! t: ::core::panic!(),
288 //! x: ::core::panic!(),
294 //! // We leave the scope above and gain access to the previously shadowed
295 //! // `__InitOk` that we need to return.
298 //! // Change the return type from `__InitOk` to `()`.
299 //! let init = move |
301 //! | -> ::core::result::Result<(), ::core::convert::Infallible> {
302 //! init(slot).map(|__InitOk| ())
304 //! // Construct the initializer.
305 //! let init = unsafe {
306 //! ::kernel::init::pin_init_from_closure::<
308 //! ::core::convert::Infallible,
317 //! ## `#[pin_data]` on `Foo`
319 //! Since we already took a look at `#[pin_data]` on `Bar`, this section will only explain the
320 //! differences/new things in the expansion of the `Foo` definition:
323 //! #[pin_data(PinnedDrop)]
331 //! This expands to the following code:
339 //! struct __ThePinData {
340 //! __phantom: ::core::marker::PhantomData<fn(Foo) -> Foo>,
342 //! impl ::core::clone::Clone for __ThePinData {
343 //! fn clone(&self) -> Self {
347 //! impl ::core::marker::Copy for __ThePinData {}
348 //! #[allow(dead_code)]
349 //! impl __ThePinData {
352 //! slot: *mut Bar<u32>,
353 //! init: impl ::kernel::init::PinInit<Bar<u32>, E>,
354 //! ) -> ::core::result::Result<(), E> {
355 //! unsafe { ::kernel::init::PinInit::__pinned_init(init, slot) }
359 //! slot: *mut usize,
360 //! init: impl ::kernel::init::Init<usize, E>,
361 //! ) -> ::core::result::Result<(), E> {
362 //! unsafe { ::kernel::init::Init::__init(init, slot) }
365 //! unsafe impl ::kernel::init::__internal::HasPinData for Foo {
366 //! type PinData = __ThePinData;
367 //! unsafe fn __pin_data() -> Self::PinData {
369 //! __phantom: ::core::marker::PhantomData,
373 //! unsafe impl ::kernel::init::__internal::PinData for __ThePinData {
374 //! type Datee = Foo;
376 //! #[allow(dead_code)]
377 //! struct __Unpin<'__pin> {
378 //! __phantom_pin: ::core::marker::PhantomData<fn(&'__pin ()) -> &'__pin ()>,
379 //! __phantom: ::core::marker::PhantomData<fn(Foo) -> Foo>,
383 //! impl<'__pin> ::core::marker::Unpin for Foo
385 //! __Unpin<'__pin>: ::core::marker::Unpin,
387 //! // Since we specified `PinnedDrop` as the argument to `#[pin_data]`, we expect `Foo` to
388 //! // implement `PinnedDrop`. Thus we do not need to prevent `Drop` implementations like
389 //! // before, instead we implement `Drop` here and delegate to `PinnedDrop`.
390 //! impl ::core::ops::Drop for Foo {
391 //! fn drop(&mut self) {
392 //! // Since we are getting dropped, no one else has a reference to `self` and thus we
393 //! // can assume that we never move.
394 //! let pinned = unsafe { ::core::pin::Pin::new_unchecked(self) };
395 //! // Create the unsafe token that proves that we are inside of a destructor, this
396 //! // type is only allowed to be created in a destructor.
397 //! let token = unsafe { ::kernel::init::__internal::OnlyCallFromDrop::new() };
398 //! ::kernel::init::PinnedDrop::drop(pinned, token);
404 //! ## `#[pinned_drop]` on `impl PinnedDrop for Foo`
406 //! This macro is used to implement the `PinnedDrop` trait, since that trait is `unsafe` and has an
407 //! extra parameter that should not be used at all. The macro hides that parameter.
409 //! Here is the `PinnedDrop` impl for `Foo`:
413 //! impl PinnedDrop for Foo {
414 //! fn drop(self: Pin<&mut Self>) {
415 //! pr_info!("{self:p} is getting dropped.");
420 //! This expands to the following code:
423 //! // `unsafe`, full path and the token parameter are added, everything else stays the same.
424 //! unsafe impl ::kernel::init::PinnedDrop for Foo {
425 //! fn drop(self: Pin<&mut Self>, _: ::kernel::init::__internal::OnlyCallFromDrop) {
426 //! pr_info!("{self:p} is getting dropped.");
431 //! ## `pin_init!` on `Foo`
433 //! Since we already took a look at `pin_init!` on `Bar`, this section will only show the expansion
434 //! of `pin_init!` on `Foo`:
438 //! let initializer = pin_init!(Foo {
440 //! b <- Bar::new(36),
444 //! This expands to the following code:
448 //! let initializer = {
450 //! let data = unsafe {
451 //! use ::kernel::init::__internal::HasPinData;
452 //! Foo::__pin_data()
454 //! let init = ::kernel::init::__internal::PinData::make_closure::<
457 //! ::core::convert::Infallible,
458 //! >(data, move |slot| {
462 //! unsafe { ::core::ptr::write(::core::addr_of_mut!((*slot).a), a) };
465 //! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).a))
467 //! let init = Bar::new(36);
468 //! unsafe { data.b(::core::addr_of_mut!((*slot).b), b)? };
470 //! ::kernel::init::__internal::DropGuard::new(::core::addr_of_mut!((*slot).b))
472 //! ::core::mem::forget(b);
473 //! ::core::mem::forget(a);
474 //! #[allow(unreachable_code, clippy::diverging_sub_expression)]
477 //! ::core::ptr::write(
480 //! a: ::core::panic!(),
481 //! b: ::core::panic!(),
489 //! let init = move |
491 //! | -> ::core::result::Result<(), ::core::convert::Infallible> {
492 //! init(slot).map(|__InitOk| ())
494 //! let init = unsafe {
495 //! ::kernel::init::pin_init_from_closure::<_, ::core::convert::Infallible>(init)
501 /// Creates a `unsafe impl<...> PinnedDrop for $type` block.
503 /// See [`PinnedDrop`] for more information.
506 macro_rules! __pinned_drop {
508 @impl_sig($($impl_sig:tt)*),
511 fn drop($($sig:tt)*) {
516 unsafe $($impl_sig)* {
517 // Inherit all attributes and the type/ident tokens for the signature.
519 fn drop($($sig)*, _: $crate::init::__internal::OnlyCallFromDrop) {
526 /// This macro first parses the struct definition such that it separates pinned and not pinned
527 /// fields. Afterwards it declares the struct and implement the `PinData` trait safely.
530 macro_rules! __pin_data {
531 // Proc-macro entry point, this is supplied by the proc-macro pre-parsing.
533 @args($($pinned_drop:ident)?),
535 $(#[$($struct_attr:tt)*])*
536 $vis:vis struct $name:ident
537 $(where $($whr:tt)*)?
539 @impl_generics($($impl_generics:tt)*),
540 @ty_generics($($ty_generics:tt)*),
541 @body({ $($fields:tt)* }),
543 // We now use token munching to iterate through all of the fields. While doing this we
544 // identify fields marked with `#[pin]`, these fields are the 'pinned fields'. The user
545 // wants these to be structurally pinned. The rest of the fields are the
546 // 'not pinned fields'. Additionally we collect all fields, since we need them in the right
547 // order to declare the struct.
549 // In this call we also put some explaining comments for the parameters.
550 $crate::__pin_data!(find_pinned_fields:
551 // Attributes on the struct itself, these will just be propagated to be put onto the
552 // struct definition.
553 @struct_attrs($(#[$($struct_attr)*])*),
554 // The visibility of the struct.
556 // The name of the struct.
558 // The 'impl generics', the generics that will need to be specified on the struct inside
559 // of an `impl<$ty_generics>` block.
560 @impl_generics($($impl_generics)*),
561 // The 'ty generics', the generics that will need to be specified on the impl blocks.
562 @ty_generics($($ty_generics)*),
563 // The where clause of any impl block and the declaration.
564 @where($($($whr)*)?),
565 // The remaining fields tokens that need to be processed.
566 // We add a `,` at the end to ensure correct parsing.
567 @fields_munch($($fields)* ,),
568 // The pinned fields.
570 // The not pinned fields.
574 // The accumulator containing all attributes already parsed.
576 // Contains `yes` or `` to indicate if `#[pin]` was found on the current field.
578 // The proc-macro argument, this should be `PinnedDrop` or ``.
579 @pinned_drop($($pinned_drop)?),
583 @struct_attrs($($struct_attrs:tt)*),
586 @impl_generics($($impl_generics:tt)*),
587 @ty_generics($($ty_generics:tt)*),
589 // We found a PhantomPinned field, this should generally be pinned!
590 @fields_munch($field:ident : $($($(::)?core::)?marker::)?PhantomPinned, $($rest:tt)*),
591 @pinned($($pinned:tt)*),
592 @not_pinned($($not_pinned:tt)*),
593 @fields($($fields:tt)*),
594 @accum($($accum:tt)*),
595 // This field is not pinned.
597 @pinned_drop($($pinned_drop:ident)?),
599 ::core::compile_error!(concat!(
602 "` of type `PhantomPinned` only has an effect, if it has the `#[pin]` attribute.",
604 $crate::__pin_data!(find_pinned_fields:
605 @struct_attrs($($struct_attrs)*),
608 @impl_generics($($impl_generics)*),
609 @ty_generics($($ty_generics)*),
611 @fields_munch($($rest)*),
612 @pinned($($pinned)* $($accum)* $field: ::core::marker::PhantomPinned,),
613 @not_pinned($($not_pinned)*),
614 @fields($($fields)* $($accum)* $field: ::core::marker::PhantomPinned,),
617 @pinned_drop($($pinned_drop)?),
621 @struct_attrs($($struct_attrs:tt)*),
624 @impl_generics($($impl_generics:tt)*),
625 @ty_generics($($ty_generics:tt)*),
627 // We reached the field declaration.
628 @fields_munch($field:ident : $type:ty, $($rest:tt)*),
629 @pinned($($pinned:tt)*),
630 @not_pinned($($not_pinned:tt)*),
631 @fields($($fields:tt)*),
632 @accum($($accum:tt)*),
633 // This field is pinned.
635 @pinned_drop($($pinned_drop:ident)?),
637 $crate::__pin_data!(find_pinned_fields:
638 @struct_attrs($($struct_attrs)*),
641 @impl_generics($($impl_generics)*),
642 @ty_generics($($ty_generics)*),
644 @fields_munch($($rest)*),
645 @pinned($($pinned)* $($accum)* $field: $type,),
646 @not_pinned($($not_pinned)*),
647 @fields($($fields)* $($accum)* $field: $type,),
650 @pinned_drop($($pinned_drop)?),
654 @struct_attrs($($struct_attrs:tt)*),
657 @impl_generics($($impl_generics:tt)*),
658 @ty_generics($($ty_generics:tt)*),
660 // We reached the field declaration.
661 @fields_munch($field:ident : $type:ty, $($rest:tt)*),
662 @pinned($($pinned:tt)*),
663 @not_pinned($($not_pinned:tt)*),
664 @fields($($fields:tt)*),
665 @accum($($accum:tt)*),
666 // This field is not pinned.
668 @pinned_drop($($pinned_drop:ident)?),
670 $crate::__pin_data!(find_pinned_fields:
671 @struct_attrs($($struct_attrs)*),
674 @impl_generics($($impl_generics)*),
675 @ty_generics($($ty_generics)*),
677 @fields_munch($($rest)*),
678 @pinned($($pinned)*),
679 @not_pinned($($not_pinned)* $($accum)* $field: $type,),
680 @fields($($fields)* $($accum)* $field: $type,),
683 @pinned_drop($($pinned_drop)?),
687 @struct_attrs($($struct_attrs:tt)*),
690 @impl_generics($($impl_generics:tt)*),
691 @ty_generics($($ty_generics:tt)*),
693 // We found the `#[pin]` attr.
694 @fields_munch(#[pin] $($rest:tt)*),
695 @pinned($($pinned:tt)*),
696 @not_pinned($($not_pinned:tt)*),
697 @fields($($fields:tt)*),
698 @accum($($accum:tt)*),
699 @is_pinned($($is_pinned:ident)?),
700 @pinned_drop($($pinned_drop:ident)?),
702 $crate::__pin_data!(find_pinned_fields:
703 @struct_attrs($($struct_attrs)*),
706 @impl_generics($($impl_generics)*),
707 @ty_generics($($ty_generics)*),
709 @fields_munch($($rest)*),
710 // We do not include `#[pin]` in the list of attributes, since it is not actually an
711 // attribute that is defined somewhere.
712 @pinned($($pinned)*),
713 @not_pinned($($not_pinned)*),
714 @fields($($fields)*),
716 // Set this to `yes`.
718 @pinned_drop($($pinned_drop)?),
722 @struct_attrs($($struct_attrs:tt)*),
725 @impl_generics($($impl_generics:tt)*),
726 @ty_generics($($ty_generics:tt)*),
728 // We reached the field declaration with visibility, for simplicity we only munch the
729 // visibility and put it into `$accum`.
730 @fields_munch($fvis:vis $field:ident $($rest:tt)*),
731 @pinned($($pinned:tt)*),
732 @not_pinned($($not_pinned:tt)*),
733 @fields($($fields:tt)*),
734 @accum($($accum:tt)*),
735 @is_pinned($($is_pinned:ident)?),
736 @pinned_drop($($pinned_drop:ident)?),
738 $crate::__pin_data!(find_pinned_fields:
739 @struct_attrs($($struct_attrs)*),
742 @impl_generics($($impl_generics)*),
743 @ty_generics($($ty_generics)*),
745 @fields_munch($field $($rest)*),
746 @pinned($($pinned)*),
747 @not_pinned($($not_pinned)*),
748 @fields($($fields)*),
749 @accum($($accum)* $fvis),
750 @is_pinned($($is_pinned)?),
751 @pinned_drop($($pinned_drop)?),
755 @struct_attrs($($struct_attrs:tt)*),
758 @impl_generics($($impl_generics:tt)*),
759 @ty_generics($($ty_generics:tt)*),
761 // Some other attribute, just put it into `$accum`.
762 @fields_munch(#[$($attr:tt)*] $($rest:tt)*),
763 @pinned($($pinned:tt)*),
764 @not_pinned($($not_pinned:tt)*),
765 @fields($($fields:tt)*),
766 @accum($($accum:tt)*),
767 @is_pinned($($is_pinned:ident)?),
768 @pinned_drop($($pinned_drop:ident)?),
770 $crate::__pin_data!(find_pinned_fields:
771 @struct_attrs($($struct_attrs)*),
774 @impl_generics($($impl_generics)*),
775 @ty_generics($($ty_generics)*),
777 @fields_munch($($rest)*),
778 @pinned($($pinned)*),
779 @not_pinned($($not_pinned)*),
780 @fields($($fields)*),
781 @accum($($accum)* #[$($attr)*]),
782 @is_pinned($($is_pinned)?),
783 @pinned_drop($($pinned_drop)?),
787 @struct_attrs($($struct_attrs:tt)*),
790 @impl_generics($($impl_generics:tt)*),
791 @ty_generics($($ty_generics:tt)*),
793 // We reached the end of the fields, plus an optional additional comma, since we added one
794 // before and the user is also allowed to put a trailing comma.
795 @fields_munch($(,)?),
796 @pinned($($pinned:tt)*),
797 @not_pinned($($not_pinned:tt)*),
798 @fields($($fields:tt)*),
801 @pinned_drop($($pinned_drop:ident)?),
803 // Declare the struct with all fields in the correct order.
805 $vis struct $name <$($impl_generics)*>
811 // We put the rest into this const item, because it then will not be accessible to anything
814 // We declare this struct which will host all of the projection function for our type.
815 // it will be invariant over all generic parameters which are inherited from the
817 $vis struct __ThePinData<$($impl_generics)*>
820 __phantom: ::core::marker::PhantomData<
821 fn($name<$($ty_generics)*>) -> $name<$($ty_generics)*>
825 impl<$($impl_generics)*> ::core::clone::Clone for __ThePinData<$($ty_generics)*>
828 fn clone(&self) -> Self { *self }
831 impl<$($impl_generics)*> ::core::marker::Copy for __ThePinData<$($ty_generics)*>
835 // Make all projection functions.
836 $crate::__pin_data!(make_pin_data:
837 @pin_data(__ThePinData),
838 @impl_generics($($impl_generics)*),
839 @ty_generics($($ty_generics)*),
841 @pinned($($pinned)*),
842 @not_pinned($($not_pinned)*),
845 // SAFETY: We have added the correct projection functions above to `__ThePinData` and
846 // we also use the least restrictive generics possible.
847 unsafe impl<$($impl_generics)*>
848 $crate::init::__internal::HasPinData for $name<$($ty_generics)*>
851 type PinData = __ThePinData<$($ty_generics)*>;
853 unsafe fn __pin_data() -> Self::PinData {
854 __ThePinData { __phantom: ::core::marker::PhantomData }
858 unsafe impl<$($impl_generics)*>
859 $crate::init::__internal::PinData for __ThePinData<$($ty_generics)*>
862 type Datee = $name<$($ty_generics)*>;
865 // This struct will be used for the unpin analysis. Since only structurally pinned
866 // fields are relevant whether the struct should implement `Unpin`.
868 struct __Unpin <'__pin, $($impl_generics)*>
871 __phantom_pin: ::core::marker::PhantomData<fn(&'__pin ()) -> &'__pin ()>,
872 __phantom: ::core::marker::PhantomData<
873 fn($name<$($ty_generics)*>) -> $name<$($ty_generics)*>
875 // Only the pinned fields.
880 impl<'__pin, $($impl_generics)*> ::core::marker::Unpin for $name<$($ty_generics)*>
882 __Unpin<'__pin, $($ty_generics)*>: ::core::marker::Unpin,
886 // We need to disallow normal `Drop` implementation, the exact behavior depends on
887 // whether `PinnedDrop` was specified as the parameter.
888 $crate::__pin_data!(drop_prevention:
890 @impl_generics($($impl_generics)*),
891 @ty_generics($($ty_generics)*),
893 @pinned_drop($($pinned_drop)?),
897 // When no `PinnedDrop` was specified, then we have to prevent implementing drop.
900 @impl_generics($($impl_generics:tt)*),
901 @ty_generics($($ty_generics:tt)*),
905 // We prevent this by creating a trait that will be implemented for all types implementing
906 // `Drop`. Additionally we will implement this trait for the struct leading to a conflict,
907 // if it also implements `Drop`
908 trait MustNotImplDrop {}
909 #[allow(drop_bounds)]
910 impl<T: ::core::ops::Drop> MustNotImplDrop for T {}
911 impl<$($impl_generics)*> MustNotImplDrop for $name<$($ty_generics)*>
913 // We also take care to prevent users from writing a useless `PinnedDrop` implementation.
914 // They might implement `PinnedDrop` correctly for the struct, but forget to give
915 // `PinnedDrop` as the parameter to `#[pin_data]`.
916 #[allow(non_camel_case_types)]
917 trait UselessPinnedDropImpl_you_need_to_specify_PinnedDrop {}
918 impl<T: $crate::init::PinnedDrop>
919 UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for T {}
920 impl<$($impl_generics)*>
921 UselessPinnedDropImpl_you_need_to_specify_PinnedDrop for $name<$($ty_generics)*>
924 // When `PinnedDrop` was specified we just implement `Drop` and delegate.
927 @impl_generics($($impl_generics:tt)*),
928 @ty_generics($($ty_generics:tt)*),
930 @pinned_drop(PinnedDrop),
932 impl<$($impl_generics)*> ::core::ops::Drop for $name<$($ty_generics)*>
936 // SAFETY: Since this is a destructor, `self` will not move after this function
937 // terminates, since it is inaccessible.
938 let pinned = unsafe { ::core::pin::Pin::new_unchecked(self) };
939 // SAFETY: Since this is a drop function, we can create this token to call the
940 // pinned destructor of this type.
941 let token = unsafe { $crate::init::__internal::OnlyCallFromDrop::new() };
942 $crate::init::PinnedDrop::drop(pinned, token);
946 // If some other parameter was specified, we emit a readable error.
949 @impl_generics($($impl_generics:tt)*),
950 @ty_generics($($ty_generics:tt)*),
952 @pinned_drop($($rest:tt)*),
955 "Wrong parameters to `#[pin_data]`, expected nothing or `PinnedDrop`, got '{}'.",
956 stringify!($($rest)*),
960 @pin_data($pin_data:ident),
961 @impl_generics($($impl_generics:tt)*),
962 @ty_generics($($ty_generics:tt)*),
964 @pinned($($(#[$($p_attr:tt)*])* $pvis:vis $p_field:ident : $p_type:ty),* $(,)?),
965 @not_pinned($($(#[$($attr:tt)*])* $fvis:vis $field:ident : $type:ty),* $(,)?),
967 // For every field, we create a projection function according to its projection type. If a
968 // field is structurally pinned, then it must be initialized via `PinInit`, if it is not
969 // structurally pinned, then it can be initialized via `Init`.
971 // The functions are `unsafe` to prevent accidentally calling them.
973 impl<$($impl_generics)*> $pin_data<$($ty_generics)*>
978 $pvis unsafe fn $p_field<E>(
981 init: impl $crate::init::PinInit<$p_type, E>,
982 ) -> ::core::result::Result<(), E> {
983 unsafe { $crate::init::PinInit::__pinned_init(init, slot) }
988 $fvis unsafe fn $field<E>(
991 init: impl $crate::init::Init<$type, E>,
992 ) -> ::core::result::Result<(), E> {
993 unsafe { $crate::init::Init::__init(init, slot) }
1000 /// The internal init macro. Do not call manually!
1002 /// This is called by the `{try_}{pin_}init!` macros with various inputs.
1004 /// This macro has multiple internal call configurations, these are always the very first ident:
1005 /// - nothing: this is the base case and called by the `{try_}{pin_}init!` macros.
1006 /// - `with_update_parsed`: when the `..Zeroable::zeroed()` syntax has been handled.
1007 /// - `init_slot`: recursively creates the code that initializes all fields in `slot`.
1008 /// - `make_initializer`: recursively create the struct initializer that guarantees that every
1009 /// field has been initialized exactly once.
1012 macro_rules! __init_internal {
1014 @this($($this:ident)?),
1016 @fields($($fields:tt)*),
1018 // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
1020 @data($data:ident, $($use_data:ident)?),
1021 // `HasPinData` or `HasInitData`.
1022 @has_data($has_data:ident, $get_data:ident),
1023 // `pin_init_from_closure` or `init_from_closure`.
1024 @construct_closure($construct_closure:ident),
1027 $crate::__init_internal!(with_update_parsed:
1030 @fields($($fields)*),
1032 @data($data, $($use_data)?),
1033 @has_data($has_data, $get_data),
1034 @construct_closure($construct_closure),
1035 @zeroed(), // Nothing means default behavior.
1039 @this($($this:ident)?),
1041 @fields($($fields:tt)*),
1043 // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
1045 @data($data:ident, $($use_data:ident)?),
1046 // `HasPinData` or `HasInitData`.
1047 @has_data($has_data:ident, $get_data:ident),
1048 // `pin_init_from_closure` or `init_from_closure`.
1049 @construct_closure($construct_closure:ident),
1050 @munch_fields(..Zeroable::zeroed()),
1052 $crate::__init_internal!(with_update_parsed:
1055 @fields($($fields)*),
1057 @data($data, $($use_data)?),
1058 @has_data($has_data, $get_data),
1059 @construct_closure($construct_closure),
1060 @zeroed(()), // `()` means zero all fields not mentioned.
1064 @this($($this:ident)?),
1066 @fields($($fields:tt)*),
1068 // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
1070 @data($data:ident, $($use_data:ident)?),
1071 // `HasPinData` or `HasInitData`.
1072 @has_data($has_data:ident, $get_data:ident),
1073 // `pin_init_from_closure` or `init_from_closure`.
1074 @construct_closure($construct_closure:ident),
1075 @munch_fields($ignore:tt $($rest:tt)*),
1077 $crate::__init_internal!(
1080 @fields($($fields)*),
1082 @data($data, $($use_data)?),
1083 @has_data($has_data, $get_data),
1084 @construct_closure($construct_closure),
1085 @munch_fields($($rest)*),
1088 (with_update_parsed:
1089 @this($($this:ident)?),
1091 @fields($($fields:tt)*),
1093 // Either `PinData` or `InitData`, `$use_data` should only be present in the `PinData`
1095 @data($data:ident, $($use_data:ident)?),
1096 // `HasPinData` or `HasInitData`.
1097 @has_data($has_data:ident, $get_data:ident),
1098 // `pin_init_from_closure` or `init_from_closure`.
1099 @construct_closure($construct_closure:ident),
1100 @zeroed($($init_zeroed:expr)?),
1102 // We do not want to allow arbitrary returns, so we declare this type as the `Ok` return
1103 // type and shadow it later when we insert the arbitrary user code. That way there will be
1104 // no possibility of returning without `unsafe`.
1106 // Get the data about fields from the supplied type.
1108 use $crate::init::__internal::$has_data;
1109 // Here we abuse `paste!` to retokenize `$t`. Declarative macros have some internal
1110 // information that is associated to already parsed fragments, so a path fragment
1111 // cannot be used in this position. Doing the retokenization results in valid rust
1113 ::kernel::macros::paste!($t::$get_data())
1115 // Ensure that `data` really is of type `$data` and help with type inference:
1116 let init = $crate::init::__internal::$data::make_closure::<_, __InitOk, $err>(
1120 // Shadow the structure so it cannot be used to return early.
1122 // If `$init_zeroed` is present we should zero the slot now and not emit an
1123 // error when fields are missing (since they will be zeroed). We also have to
1124 // check that the type actually implements `Zeroable`.
1126 fn assert_zeroable<T: $crate::init::Zeroable>(_: *mut T) {}
1127 // Ensure that the struct is indeed `Zeroable`.
1128 assert_zeroable(slot);
1129 // SAFETY: The type implements `Zeroable` by the check above.
1130 unsafe { ::core::ptr::write_bytes(slot, 0, 1) };
1131 $init_zeroed // This will be `()` if set.
1133 // Create the `this` so it can be referenced by the user inside of the
1134 // expressions creating the individual fields.
1135 $(let $this = unsafe { ::core::ptr::NonNull::new_unchecked(slot) };)?
1136 // Initialize every field.
1137 $crate::__init_internal!(init_slot($($use_data)?):
1141 @munch_fields($($fields)*,),
1143 // We use unreachable code to ensure that all fields have been mentioned exactly
1144 // once, this struct initializer will still be type-checked and complain with a
1145 // very natural error message if a field is forgotten/mentioned more than once.
1146 #[allow(unreachable_code, clippy::diverging_sub_expression)]
1148 $crate::__init_internal!(make_initializer:
1151 @munch_fields($($fields)*,),
1159 let init = move |slot| -> ::core::result::Result<(), $err> {
1160 init(slot).map(|__InitOk| ())
1162 let init = unsafe { $crate::init::$construct_closure::<_, $err>(init) };
1165 (init_slot($($use_data:ident)?):
1168 @guards($($guards:ident,)*),
1169 @munch_fields($(..Zeroable::zeroed())? $(,)?),
1171 // Endpoint of munching, no fields are left. If execution reaches this point, all fields
1172 // have been initialized. Therefore we can now dismiss the guards by forgetting them.
1173 $(::core::mem::forget($guards);)*
1175 (init_slot($use_data:ident): // `use_data` is present, so we use the `data` to init fields.
1178 @guards($($guards:ident,)*),
1179 // In-place initialization syntax.
1180 @munch_fields($field:ident <- $val:expr, $($rest:tt)*),
1183 // Call the initializer.
1185 // SAFETY: `slot` is valid, because we are inside of an initializer closure, we
1186 // return when an error/panic occurs.
1187 // We also use the `data` to require the correct trait (`Init` or `PinInit`) for `$field`.
1188 unsafe { $data.$field(::core::ptr::addr_of_mut!((*$slot).$field), init)? };
1189 // Create the drop guard:
1191 // We rely on macro hygiene to make it impossible for users to access this local variable.
1192 // We use `paste!` to create new hygiene for `$field`.
1193 ::kernel::macros::paste! {
1194 // SAFETY: We forget the guard later when initialization has succeeded.
1195 let [<$field>] = unsafe {
1196 $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field))
1199 $crate::__init_internal!(init_slot($use_data):
1202 @guards([<$field>], $($guards,)*),
1203 @munch_fields($($rest)*),
1207 (init_slot(): // No `use_data`, so we use `Init::__init` directly.
1210 @guards($($guards:ident,)*),
1211 // In-place initialization syntax.
1212 @munch_fields($field:ident <- $val:expr, $($rest:tt)*),
1215 // Call the initializer.
1217 // SAFETY: `slot` is valid, because we are inside of an initializer closure, we
1218 // return when an error/panic occurs.
1219 unsafe { $crate::init::Init::__init(init, ::core::ptr::addr_of_mut!((*$slot).$field))? };
1220 // Create the drop guard:
1222 // We rely on macro hygiene to make it impossible for users to access this local variable.
1223 // We use `paste!` to create new hygiene for `$field`.
1224 ::kernel::macros::paste! {
1225 // SAFETY: We forget the guard later when initialization has succeeded.
1226 let [<$field>] = unsafe {
1227 $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field))
1230 $crate::__init_internal!(init_slot():
1233 @guards([<$field>], $($guards,)*),
1234 @munch_fields($($rest)*),
1238 (init_slot($($use_data:ident)?):
1241 @guards($($guards:ident,)*),
1243 @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*),
1246 $(let $field = $val;)?
1247 // Initialize the field.
1249 // SAFETY: The memory at `slot` is uninitialized.
1250 unsafe { ::core::ptr::write(::core::ptr::addr_of_mut!((*$slot).$field), $field) };
1252 // Create the drop guard:
1254 // We rely on macro hygiene to make it impossible for users to access this local variable.
1255 // We use `paste!` to create new hygiene for `$field`.
1256 ::kernel::macros::paste! {
1257 // SAFETY: We forget the guard later when initialization has succeeded.
1258 let [<$field>] = unsafe {
1259 $crate::init::__internal::DropGuard::new(::core::ptr::addr_of_mut!((*$slot).$field))
1262 $crate::__init_internal!(init_slot($($use_data)?):
1265 @guards([<$field>], $($guards,)*),
1266 @munch_fields($($rest)*),
1272 @type_name($t:path),
1273 @munch_fields(..Zeroable::zeroed() $(,)?),
1276 // Endpoint, nothing more to munch, create the initializer. Since the users specified
1277 // `..Zeroable::zeroed()`, the slot will already have been zeroed and all field that have
1278 // not been overwritten are thus zero and initialized. We still check that all fields are
1279 // actually accessible by using the struct update syntax ourselves.
1280 // We are inside of a closure that is never executed and thus we can abuse `slot` to
1281 // get the correct type inference here:
1282 #[allow(unused_assignments)]
1284 let mut zeroed = ::core::mem::zeroed();
1285 // We have to use type inference here to make zeroed have the correct type. This does
1286 // not get executed, so it has no effect.
1287 ::core::ptr::write($slot, zeroed);
1288 zeroed = ::core::mem::zeroed();
1289 // Here we abuse `paste!` to retokenize `$t`. Declarative macros have some internal
1290 // information that is associated to already parsed fragments, so a path fragment
1291 // cannot be used in this position. Doing the retokenization results in valid rust
1293 ::kernel::macros::paste!(
1294 ::core::ptr::write($slot, $t {
1303 @type_name($t:path),
1304 @munch_fields($(,)?),
1307 // Endpoint, nothing more to munch, create the initializer.
1308 // Since we are in the closure that is never called, this will never get executed.
1309 // We abuse `slot` to get the correct type inference here:
1311 // Here we abuse `paste!` to retokenize `$t`. Declarative macros have some internal
1312 // information that is associated to already parsed fragments, so a path fragment
1313 // cannot be used in this position. Doing the retokenization results in valid rust
1315 ::kernel::macros::paste!(
1316 ::core::ptr::write($slot, $t {
1324 @type_name($t:path),
1325 @munch_fields($field:ident <- $val:expr, $($rest:tt)*),
1328 $crate::__init_internal!(make_initializer:
1331 @munch_fields($($rest)*),
1332 @acc($($acc)* $field: ::core::panic!(),),
1337 @type_name($t:path),
1338 @munch_fields($field:ident $(: $val:expr)?, $($rest:tt)*),
1341 $crate::__init_internal!(make_initializer:
1344 @munch_fields($($rest)*),
1345 @acc($($acc)* $field: ::core::panic!(),),
1352 macro_rules! __derive_zeroable {
1355 $(#[$($struct_attr:tt)*])*
1356 $vis:vis struct $name:ident
1357 $(where $($whr:tt)*)?
1359 @impl_generics($($impl_generics:tt)*),
1360 @ty_generics($($ty_generics:tt)*),
1363 $(#[$($field_attr:tt)*])*
1364 $field:ident : $field_ty:ty
1368 // SAFETY: Every field type implements `Zeroable` and padding bytes may be zero.
1369 #[automatically_derived]
1370 unsafe impl<$($impl_generics)*> $crate::init::Zeroable for $name<$($ty_generics)*>
1375 fn assert_zeroable<T: ?::core::marker::Sized + $crate::init::Zeroable>() {}
1376 fn ensure_zeroable<$($impl_generics)*>()
1379 $(assert_zeroable::<$field_ty>();)*
projects / releases.git / blob