library/core/src/io/borrowed_buf.rs - rust - Git at Google

 #![unstable(feature = "core_io_borrowed_buf", issue = "117693")]

 use crate::fmt::{self, Debug, Formatter};
 use crate::mem::{self, MaybeUninit};

 /// A borrowed buffer of initially uninitialized bytes, which is incrementally filled.
 ///
 /// This type makes it safer to work with `MaybeUninit` buffers, such as to read into a buffer
 /// without having to initialize it first. It tracks the region of bytes that have been filled and
 /// the region that remains uninitialized.
 ///
 /// The contents of the buffer can be visualized as:
 /// ```not_rust
 /// [                         capacity                            ]
 /// [ len: filled and initialized | capacity - len: uninitialized ]
 /// ```
 ///
 /// Note that `BorrowedBuf` does not distinguish between uninitialized data and data that was
 /// previously initialized but no longer contains valid data.
 ///
 /// A `BorrowedBuf` is created around some existing data (or capacity for data) via a unique
 /// reference (`&mut`). The `BorrowedBuf` can be configured (e.g., using `clear` or `set_len`), but
 /// cannot be directly written. To write into the buffer, use `unfilled` to create a
 /// `BorrowedCursor`. The cursor has write-only access to the unfilled portion of the buffer.
 ///
 /// The lifetime `'data` is a bound on the lifetime of the underlying data.
 pub struct BorrowedBuf<'data> {
     /// The buffer's underlying data.
     buf: &'data mut [MaybeUninit<u8>],
     /// The length of `self.buf` which is known to be filled.
     filled: usize,
 }

 impl Debug for BorrowedBuf<'_> {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
         f.debug_struct("BorrowedBuf")
             .field("filled", &self.filled)
             .field("capacity", &self.capacity())
             .finish()
     }
 }

 /// Creates a new `BorrowedBuf` from a fully initialized slice.
 impl<'data> From<&'data mut [u8]> for BorrowedBuf<'data> {
     #[inline]
     fn from(slice: &'data mut [u8]) -> BorrowedBuf<'data> {
         BorrowedBuf {
             // SAFETY: Always in bounds. We treat the buffer as uninitialized, even though it's
             // already initialized.
             buf: unsafe { (slice as *mut [u8]).as_uninit_slice_mut().unwrap() },
             filled: 0,
         }
     }
 }

 /// Creates a new `BorrowedBuf` from an uninitialized buffer.
 ///
 /// Use `set_filled` if part of the buffer is known to be already filled.
 impl<'data> From<&'data mut [MaybeUninit<u8>]> for BorrowedBuf<'data> {
     #[inline]
     fn from(buf: &'data mut [MaybeUninit<u8>]) -> BorrowedBuf<'data> {
         BorrowedBuf { buf, filled: 0 }
     }
 }

 /// Creates a new `BorrowedBuf` from a cursor.
 ///
 /// Use `BorrowedCursor::with_unfilled_buf` instead for a safer alternative.
 impl<'data> From<BorrowedCursor<'data>> for BorrowedBuf<'data> {
     #[inline]
     fn from(buf: BorrowedCursor<'data>) -> BorrowedBuf<'data> {
         BorrowedBuf {
             // SAFETY: Always in bounds. We treat the buffer as uninitialized.
             buf: unsafe { buf.buf.buf.get_unchecked_mut(buf.buf.filled..) },
             filled: 0,
         }
     }
 }

 impl<'data> BorrowedBuf<'data> {
     /// Returns the total capacity of the buffer.
     #[inline]
     pub fn capacity(&self) -> usize {
         self.buf.len()
     }

     /// Returns the length of the filled part of the buffer.
     #[inline]
     pub fn len(&self) -> usize {
         self.filled
     }

     /// Returns a shared reference to the filled portion of the buffer.
     #[inline]
     pub fn filled(&self) -> &[u8] {
         // SAFETY: We only slice the filled part of the buffer, which is always valid
         unsafe {
             let buf = self.buf.get_unchecked(..self.filled);
             buf.assume_init_ref()
         }
     }

     /// Returns a mutable reference to the filled portion of the buffer.
     #[inline]
     pub fn filled_mut(&mut self) -> &mut [u8] {
         // SAFETY: We only slice the filled part of the buffer, which is always valid
         unsafe {
             let buf = self.buf.get_unchecked_mut(..self.filled);
             buf.assume_init_mut()
         }
     }

     /// Returns a shared reference to the filled portion of the buffer with its original lifetime.
     #[inline]
     pub fn into_filled(self) -> &'data [u8] {
         // SAFETY: We only slice the filled part of the buffer, which is always valid
         unsafe {
             let buf = self.buf.get_unchecked(..self.filled);
             buf.assume_init_ref()
         }
     }

     /// Returns a mutable reference to the filled portion of the buffer with its original lifetime.
     #[inline]
     pub fn into_filled_mut(self) -> &'data mut [u8] {
         // SAFETY: We only slice the filled part of the buffer, which is always valid
         unsafe {
             let buf = self.buf.get_unchecked_mut(..self.filled);
             buf.assume_init_mut()
         }
     }

     /// Returns a cursor over the unfilled part of the buffer.
     #[inline]
     pub fn unfilled<'this>(&'this mut self) -> BorrowedCursor<'this> {
         BorrowedCursor {
             // SAFETY: we never assign into `BorrowedCursor::buf`, so treating its
             // lifetime covariantly is safe.
             buf: unsafe {
                 mem::transmute::<&'this mut BorrowedBuf<'data>, &'this mut BorrowedBuf<'this>>(self)
             },
         }
     }

     /// Clears the buffer, resetting the filled region to empty.
     ///
     /// The contents of the buffer are not modified.
     #[inline]
     pub fn clear(&mut self) -> &mut Self {
         self.filled = 0;
         self
     }
 }

 /// A writeable view of the unfilled portion of a [`BorrowedBuf`].
 ///
 /// Data can be written directly to the cursor by using [`append`](BorrowedCursor::append) or
 /// indirectly by getting a slice of part or all of the cursor and writing into the slice. In the
 /// indirect case, the caller must call [`advance`](BorrowedCursor::advance) after writing to inform
 /// the cursor how many bytes have been written.
 ///
 /// Once data is written to the cursor, it becomes part of the filled portion of the underlying
 /// `BorrowedBuf` and can no longer be accessed or re-written by the cursor. I.e., the cursor tracks
 /// the unfilled part of the underlying `BorrowedBuf`.
 ///
 /// The lifetime `'a` is a bound on the lifetime of the underlying buffer (which means it is a bound
 /// on the data in that buffer by transitivity).
 #[derive(Debug)]
 pub struct BorrowedCursor<'a> {
     /// The underlying buffer.
     // Safety invariant: we treat the type of buf as covariant in the lifetime of `BorrowedBuf` when
     // we create a `BorrowedCursor`. This is only safe if we never replace `buf` by assigning into
     // it, so don't do that!
     buf: &'a mut BorrowedBuf<'a>,
 }

 impl<'a> BorrowedCursor<'a> {
     /// Reborrows this cursor by cloning it with a smaller lifetime.
     ///
     /// Since a cursor maintains unique access to its underlying buffer, the borrowed cursor is
     /// not accessible while the new cursor exists.
     #[inline]
     pub fn reborrow<'this>(&'this mut self) -> BorrowedCursor<'this> {
         BorrowedCursor {
             // SAFETY: we never assign into `BorrowedCursor::buf`, so treating its
             // lifetime covariantly is safe.
             buf: unsafe {
                 mem::transmute::<&'this mut BorrowedBuf<'a>, &'this mut BorrowedBuf<'this>>(
                     self.buf,
                 )
             },
         }
     }

     /// Returns the available space in the cursor.
     #[inline]
     pub fn capacity(&self) -> usize {
         self.buf.capacity() - self.buf.filled
     }

     /// Returns the number of bytes written to the `BorrowedBuf` this cursor was created from.
     ///
     /// In particular, the count returned is shared by all reborrows of the cursor.
     #[inline]
     pub fn written(&self) -> usize {
         self.buf.filled
     }

     /// Returns a mutable reference to the whole cursor.
     ///
     /// # Safety
     ///
     /// The caller must not uninitialize any previously initialized bytes.
     #[inline]
     pub unsafe fn as_mut(&mut self) -> &mut [MaybeUninit<u8>] {
         // SAFETY: always in bounds
         unsafe { self.buf.buf.get_unchecked_mut(self.buf.filled..) }
     }

     /// Advances the cursor by asserting that `n` bytes have been filled.
     ///
     /// After advancing, the `n` bytes are no longer accessible via the cursor and can only be
     /// accessed via the underlying buffer. I.e., the buffer's filled portion grows by `n` elements
     /// and its unfilled portion (and the capacity of this cursor) shrinks by `n` elements.
     ///
     /// # Safety
     ///
     /// The caller must ensure that the first `n` bytes of the cursor have been initialized. `n`
     /// must not exceed the remaining capacity of this cursor.
     #[inline]
     pub unsafe fn advance(&mut self, n: usize) -> &mut Self {
         self.buf.filled += n;
         self
     }

     /// Appends data to the cursor, advancing position within its buffer.
     ///
     /// # Panics
     ///
     /// Panics if `self.capacity()` is less than `buf.len()`.
     #[inline]
     pub fn append(&mut self, buf: &[u8]) {
         assert!(self.capacity() >= buf.len());

         // SAFETY: we do not de-initialize any of the elements of the slice
         unsafe {
             self.as_mut()[..buf.len()].write_copy_of_slice(buf);
         }

         self.buf.filled += buf.len();
     }

     /// Runs the given closure with a `BorrowedBuf` containing the unfilled part
     /// of the cursor.
     ///
     /// This enables inspecting what was written to the cursor.
     ///
     /// # Panics
     ///
     /// Panics if the `BorrowedBuf` given to the closure is replaced by another
     /// one.
     pub fn with_unfilled_buf<T>(&mut self, f: impl FnOnce(&mut BorrowedBuf<'_>) -> T) -> T {
         let mut buf = BorrowedBuf::from(self.reborrow());
         let prev_ptr = buf.buf as *const _;
         let res = f(&mut buf);

         // Check that the caller didn't replace the `BorrowedBuf`.
         // This is necessary for the safety of the code below: if the check wasn't
         // there, one could mark some bytes as initialized even though there aren't.
         assert!(core::ptr::addr_eq(prev_ptr, buf.buf));

         // SAFETY: These bytes were filled in the `BorrowedBuf`, so they're filled in the cursor
         // too, because the buffer wasn't replaced.
         self.buf.filled += buf.filled;

         res
     }
 }
	#![unstable(feature = "core_io_borrowed_buf", issue = "117693")]

	use crate::fmt::{self, Debug, Formatter};
	use crate::mem::{self, MaybeUninit};

	/// A borrowed buffer of initially uninitialized bytes, which is incrementally filled.
	///
	/// This type makes it safer to work with `MaybeUninit` buffers, such as to read into a buffer
	/// without having to initialize it first. It tracks the region of bytes that have been filled and
	/// the region that remains uninitialized.
	///
	/// The contents of the buffer can be visualized as:
	/// ```not_rust
	/// [ capacity ]
	/// [ len: filled and initialized \| capacity - len: uninitialized ]
	/// ```
	///
	/// Note that `BorrowedBuf` does not distinguish between uninitialized data and data that was
	/// previously initialized but no longer contains valid data.
	///
	/// A `BorrowedBuf` is created around some existing data (or capacity for data) via a unique
	/// reference (`&mut`). The `BorrowedBuf` can be configured (e.g., using `clear` or `set_len`), but
	/// cannot be directly written. To write into the buffer, use `unfilled` to create a
	/// `BorrowedCursor`. The cursor has write-only access to the unfilled portion of the buffer.
	///
	/// The lifetime `'data` is a bound on the lifetime of the underlying data.
	pub struct BorrowedBuf<'data> {
	/// The buffer's underlying data.
	buf: &'data mut [MaybeUninit<u8>],
	/// The length of `self.buf` which is known to be filled.
	filled: usize,
	}

	impl Debug for BorrowedBuf<'_> {
	fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
	f.debug_struct("BorrowedBuf")
	.field("filled", &self.filled)
	.field("capacity", &self.capacity())
	.finish()
	}
	}

	/// Creates a new `BorrowedBuf` from a fully initialized slice.
	impl<'data> From<&'data mut [u8]> for BorrowedBuf<'data> {
	#[inline]
	fn from(slice: &'data mut [u8]) -> BorrowedBuf<'data> {
	BorrowedBuf {
	// SAFETY: Always in bounds. We treat the buffer as uninitialized, even though it's
	// already initialized.
	buf: unsafe { (slice as *mut [u8]).as_uninit_slice_mut().unwrap() },
	filled: 0,
	}
	}
	}

	/// Creates a new `BorrowedBuf` from an uninitialized buffer.
	///
	/// Use `set_filled` if part of the buffer is known to be already filled.
	impl<'data> From<&'data mut [MaybeUninit<u8>]> for BorrowedBuf<'data> {
	#[inline]
	fn from(buf: &'data mut [MaybeUninit<u8>]) -> BorrowedBuf<'data> {
	BorrowedBuf { buf, filled: 0 }
	}
	}

	/// Creates a new `BorrowedBuf` from a cursor.
	///
	/// Use `BorrowedCursor::with_unfilled_buf` instead for a safer alternative.
	impl<'data> From<BorrowedCursor<'data>> for BorrowedBuf<'data> {
	#[inline]
	fn from(buf: BorrowedCursor<'data>) -> BorrowedBuf<'data> {
	BorrowedBuf {
	// SAFETY: Always in bounds. We treat the buffer as uninitialized.
	buf: unsafe { buf.buf.buf.get_unchecked_mut(buf.buf.filled..) },
	filled: 0,
	}
	}
	}

	impl<'data> BorrowedBuf<'data> {
	/// Returns the total capacity of the buffer.
	#[inline]
	pub fn capacity(&self) -> usize {
	self.buf.len()
	}

	/// Returns the length of the filled part of the buffer.
	#[inline]
	pub fn len(&self) -> usize {
	self.filled
	}

	/// Returns a shared reference to the filled portion of the buffer.
	#[inline]
	pub fn filled(&self) -> &[u8] {
	// SAFETY: We only slice the filled part of the buffer, which is always valid
	unsafe {
	let buf = self.buf.get_unchecked(..self.filled);
	buf.assume_init_ref()
	}
	}

	/// Returns a mutable reference to the filled portion of the buffer.
	#[inline]
	pub fn filled_mut(&mut self) -> &mut [u8] {
	// SAFETY: We only slice the filled part of the buffer, which is always valid
	unsafe {
	let buf = self.buf.get_unchecked_mut(..self.filled);
	buf.assume_init_mut()
	}
	}

	/// Returns a shared reference to the filled portion of the buffer with its original lifetime.
	#[inline]
	pub fn into_filled(self) -> &'data [u8] {
	// SAFETY: We only slice the filled part of the buffer, which is always valid
	unsafe {
	let buf = self.buf.get_unchecked(..self.filled);
	buf.assume_init_ref()
	}
	}

	/// Returns a mutable reference to the filled portion of the buffer with its original lifetime.
	#[inline]
	pub fn into_filled_mut(self) -> &'data mut [u8] {
	// SAFETY: We only slice the filled part of the buffer, which is always valid
	unsafe {
	let buf = self.buf.get_unchecked_mut(..self.filled);
	buf.assume_init_mut()
	}
	}

	/// Returns a cursor over the unfilled part of the buffer.
	#[inline]
	pub fn unfilled<'this>(&'this mut self) -> BorrowedCursor<'this> {
	BorrowedCursor {
	// SAFETY: we never assign into `BorrowedCursor::buf`, so treating its
	// lifetime covariantly is safe.
	buf: unsafe {
	mem::transmute::<&'this mut BorrowedBuf<'data>, &'this mut BorrowedBuf<'this>>(self)
	},
	}
	}

	/// Clears the buffer, resetting the filled region to empty.
	///
	/// The contents of the buffer are not modified.
	#[inline]
	pub fn clear(&mut self) -> &mut Self {
	self.filled = 0;
	self
	}
	}

	/// A writeable view of the unfilled portion of a [`BorrowedBuf`].
	///
	/// Data can be written directly to the cursor by using [`append`](BorrowedCursor::append) or
	/// indirectly by getting a slice of part or all of the cursor and writing into the slice. In the
	/// indirect case, the caller must call [`advance`](BorrowedCursor::advance) after writing to inform
	/// the cursor how many bytes have been written.
	///
	/// Once data is written to the cursor, it becomes part of the filled portion of the underlying
	/// `BorrowedBuf` and can no longer be accessed or re-written by the cursor. I.e., the cursor tracks
	/// the unfilled part of the underlying `BorrowedBuf`.
	///
	/// The lifetime `'a` is a bound on the lifetime of the underlying buffer (which means it is a bound
	/// on the data in that buffer by transitivity).
	#[derive(Debug)]
	pub struct BorrowedCursor<'a> {
	/// The underlying buffer.
	// Safety invariant: we treat the type of buf as covariant in the lifetime of `BorrowedBuf` when
	// we create a `BorrowedCursor`. This is only safe if we never replace `buf` by assigning into
	// it, so don't do that!
	buf: &'a mut BorrowedBuf<'a>,
	}

	impl<'a> BorrowedCursor<'a> {
	/// Reborrows this cursor by cloning it with a smaller lifetime.
	///
	/// Since a cursor maintains unique access to its underlying buffer, the borrowed cursor is
	/// not accessible while the new cursor exists.
	#[inline]
	pub fn reborrow<'this>(&'this mut self) -> BorrowedCursor<'this> {
	BorrowedCursor {
	// SAFETY: we never assign into `BorrowedCursor::buf`, so treating its
	// lifetime covariantly is safe.
	buf: unsafe {
	mem::transmute::<&'this mut BorrowedBuf<'a>, &'this mut BorrowedBuf<'this>>(
	self.buf,
	)
	},
	}
	}

	/// Returns the available space in the cursor.
	#[inline]
	pub fn capacity(&self) -> usize {
	self.buf.capacity() - self.buf.filled
	}

	/// Returns the number of bytes written to the `BorrowedBuf` this cursor was created from.
	///
	/// In particular, the count returned is shared by all reborrows of the cursor.
	#[inline]
	pub fn written(&self) -> usize {
	self.buf.filled
	}

	/// Returns a mutable reference to the whole cursor.
	///
	/// # Safety
	///
	/// The caller must not uninitialize any previously initialized bytes.
	#[inline]
	pub unsafe fn as_mut(&mut self) -> &mut [MaybeUninit<u8>] {
	// SAFETY: always in bounds
	unsafe { self.buf.buf.get_unchecked_mut(self.buf.filled..) }
	}

	/// Advances the cursor by asserting that `n` bytes have been filled.
	///
	/// After advancing, the `n` bytes are no longer accessible via the cursor and can only be
	/// accessed via the underlying buffer. I.e., the buffer's filled portion grows by `n` elements
	/// and its unfilled portion (and the capacity of this cursor) shrinks by `n` elements.
	///
	/// # Safety
	///
	/// The caller must ensure that the first `n` bytes of the cursor have been initialized. `n`
	/// must not exceed the remaining capacity of this cursor.
	#[inline]
	pub unsafe fn advance(&mut self, n: usize) -> &mut Self {
	self.buf.filled += n;
	self
	}

	/// Appends data to the cursor, advancing position within its buffer.
	///
	/// # Panics
	///
	/// Panics if `self.capacity()` is less than `buf.len()`.
	#[inline]
	pub fn append(&mut self, buf: &[u8]) {
	assert!(self.capacity() >= buf.len());

	// SAFETY: we do not de-initialize any of the elements of the slice
	unsafe {
	self.as_mut()[..buf.len()].write_copy_of_slice(buf);
	}

	self.buf.filled += buf.len();
	}

	/// Runs the given closure with a `BorrowedBuf` containing the unfilled part
	/// of the cursor.
	///
	/// This enables inspecting what was written to the cursor.
	///
	/// # Panics
	///
	/// Panics if the `BorrowedBuf` given to the closure is replaced by another
	/// one.
	pub fn with_unfilled_buf<T>(&mut self, f: impl FnOnce(&mut BorrowedBuf<'_>) -> T) -> T {
	let mut buf = BorrowedBuf::from(self.reborrow());
	let prev_ptr = buf.buf as *const _;
	let res = f(&mut buf);

	// Check that the caller didn't replace the `BorrowedBuf`.
	// This is necessary for the safety of the code below: if the check wasn't
	// there, one could mark some bytes as initialized even though there aren't.
	assert!(core::ptr::addr_eq(prev_ptr, buf.buf));

	// SAFETY: These bytes were filled in the `BorrowedBuf`, so they're filled in the cursor
	// too, because the buffer wasn't replaced.
	self.buf.filled += buf.filled;

	res
	}
	}