add pin_chain and chain functions

BennoLossin · BennoLossin · commit 1258aa49ddcd · 2024-04-09T11:26:48.000+02:00
These functions allow providing a closure to change a value after
initialization.
diff --git a/src/__internal.rs b/src/__internal.rs
@@ -13,7 +13,7 @@ use super::*;
 ///
 /// [nomicon]: https://doc.rust-lang.org/nomicon/subtyping.html
 /// [this table]: https://doc.rust-lang.org/nomicon/phantom-data.html#table-of-phantomdata-patterns
-type Invariant<T> = PhantomData<fn(*mut T) -> *mut T>;
+pub(crate) type Invariant<T> = PhantomData<fn(*mut T) -> *mut T>;
 
 /// This is the module-internal type implementing `PinInit` and `Init`. It is unsafe to create this
 /// type, since the closure needs to fulfill the same safety requirement as the
@@ -32,6 +32,18 @@ where
     }
 }
 
+// SAFETY: While constructing the `InitClosure`, the user promised that it upholds the
+// `__pinned_init` invariants.
+unsafe impl<T: ?Sized, F, E> PinInit<T, E> for InitClosure<F, T, E>
+where
+    F: FnOnce(*mut T) -> Result<(), E>,
+{
+    #[inline]
+    unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
+        (self.0)(slot)
+    }
+}
+
 /// This trait is only implemented via the `#[pin_data]` proc-macro. It is used to facilitate
 /// the pin projections within the initializers.
 ///
diff --git a/src/lib.rs b/src/lib.rs
@@ -850,6 +850,80 @@ pub unsafe trait PinInit<T: ?Sized, E = Infallible>: Sized {
     ///   deallocate.
     /// - `slot` will not move until it is dropped, i.e. it will be pinned.
     unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E>;
+
+    /// First initializes the value using `self` then calls the function `f` with the initialized
+    /// value.
+    ///
+    /// If `f` returns an error the value is dropped and the initializer will forward the error.
+    ///
+    /// # Examples
+    ///
+    /// ```rust
+    /// # #![allow(clippy::disallowed_names)]
+    /// # use core::{convert::Infallible, pin::Pin};
+    /// # use pinned_init::*;
+    /// use pinned_init::pin_init_from_closure;
+    /// #[repr(C)]
+    /// struct RawFoo([u8; 16]);
+    /// extern {
+    ///     fn init_foo(_: *mut RawFoo);
+    /// }
+    ///
+    /// #[pin_data]
+    /// struct Foo {
+    ///     #[pin]
+    ///     raw: RawFoo,
+    /// }
+    ///
+    /// impl Foo {
+    ///     fn setup(self: Pin<&mut Self>) {
+    ///         println!("Setting up foo");
+    ///     }
+    /// }
+    ///
+    /// let foo = pin_init!(Foo {
+    ///     raw <- unsafe { pin_init_from_closure(|slot| {
+    ///         init_foo(slot);
+    ///         Ok::<_, Infallible>(())
+    ///     }) },
+    /// }).pin_chain(|foo| {
+    ///     foo.setup();
+    ///     Ok(())
+    /// });
+    /// ```
+    fn pin_chain<F>(self, f: F) -> ChainPinInit<Self, F, T, E>
+    where
+        F: FnOnce(Pin<&mut T>) -> Result<(), E>,
+    {
+        ChainPinInit(self, f, PhantomData)
+    }
+}
+
+/// An initializer returned by [`PinInit::pin_chain`].
+pub struct ChainPinInit<I, F, T: ?Sized, E>(I, F, __internal::Invariant<(E, Box<T>)>);
+
+// SAFETY: The `__pinned_init` function is implemented such that it
+// - returns `Ok(())` on successful initialization,
+// - returns `Err(err)` on error and in this case `slot` will be dropped.
+// - considers `slot` pinned.
+unsafe impl<T: ?Sized, E, I, F> PinInit<T, E> for ChainPinInit<I, F, T, E>
+where
+    I: PinInit<T, E>,
+    F: FnOnce(Pin<&mut T>) -> Result<(), E>,
+{
+    unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
+        // SAFETY: All requirements fulfilled since this function is `__pinned_init`.
+        unsafe { self.0.__pinned_init(slot)? };
+        // SAFETY: The above call initialized `slot` and we still have unique access.
+        let val = unsafe { &mut *slot };
+        // SAFETY: `slot` is considered pinned.
+        let val = unsafe { Pin::new_unchecked(val) };
+        (self.1)(val).map_err(|e| {
+            // SAFETY: `slot` was initialized above.
+            unsafe { core::ptr::drop_in_place(slot) };
+            e
+        })
+    }
 }
 
 /// An initializer for `T`.
@@ -882,7 +956,7 @@ pub unsafe trait PinInit<T: ?Sized, E = Infallible>: Sized {
 ///
 /// [`Arc<T>`]: alloc::sync::Arc
 #[must_use = "An initializer must be used in order to create its value."]
-pub unsafe trait Init<T: ?Sized, E = Infallible>: Sized {
+pub unsafe trait Init<T: ?Sized, E = Infallible>: PinInit<T, E> {
     /// Initializes `slot`.
     ///
     /// # Safety
@@ -891,16 +965,75 @@ pub unsafe trait Init<T: ?Sized, E = Infallible>: Sized {
     /// - the caller does not touch `slot` when `Err` is returned, they are only permitted to
     ///   deallocate.
     unsafe fn __init(self, slot: *mut T) -> Result<(), E>;
+
+    /// First initializes the value using `self` then calls the function `f` with the initialized
+    /// value.
+    ///
+    /// If `f` returns an error the value is dropped and the initializer will forward the error.
+    ///
+    /// # Examples
+    ///
+    /// ```rust
+    /// # #![allow(clippy::disallowed_names)]
+    /// # use pinned_init::*;
+    /// # use core::convert::Infallible;
+    /// use pinned_init::{self, init_from_closure};
+    /// struct Foo {
+    ///     buf: [u8; 1_000_000],
+    /// }
+    ///
+    /// impl Foo {
+    ///     fn setup(&mut self) {
+    ///         println!("Setting up foo");
+    ///     }
+    /// }
+    ///
+    /// let foo = init!(Foo {
+    ///     buf <- zeroed::<_, Infallible>()
+    /// }).chain(|foo| {
+    ///     foo.setup();
+    ///     Ok(())
+    /// });
+    /// ```
+    fn chain<F>(self, f: F) -> ChainInit<Self, F, T, E>
+    where
+        F: FnOnce(&mut T) -> Result<(), E>,
+    {
+        ChainInit(self, f, PhantomData)
+    }
+}
+
+/// An initializer returned by [`Init::chain`].
+pub struct ChainInit<I, F, T: ?Sized, E>(I, F, __internal::Invariant<(E, Box<T>)>);
+
+// SAFETY: The `__init` function is implemented such that it
+// - returns `Ok(())` on successful initialization,
+// - returns `Err(err)` on error and in this case `slot` will be dropped.
+unsafe impl<T: ?Sized, E, I, F> Init<T, E> for ChainInit<I, F, T, E>
+where
+    I: Init<T, E>,
+    F: FnOnce(&mut T) -> Result<(), E>,
+{
+    unsafe fn __init(self, slot: *mut T) -> Result<(), E> {
+        // SAFETY: All requirements fulfilled since this function is `__init`.
+        unsafe { self.0.__pinned_init(slot)? };
+        // SAFETY: The above call initialized `slot` and we still have unique access.
+        (self.1)(unsafe { &mut *slot }).map_err(|e| {
+            // SAFETY: `slot` was initialized above.
+            unsafe { core::ptr::drop_in_place(slot) };
+            e
+        })
+    }
 }
 
-// SAFETY: Every in-place initializer can also be used as a pin-initializer.
-unsafe impl<T: ?Sized, E, I> PinInit<T, E> for I
+// SAFETY: `__pinned_init` behaves exactly the same as `__init`.
+unsafe impl<T: ?Sized, E, I, F> PinInit<T, E> for ChainInit<I, F, T, E>
 where
     I: Init<T, E>,
+    F: FnOnce(&mut T) -> Result<(), E>,
 {
     unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
-        // SAFETY: `__init` meets the same requirements as `__pinned_init`, except that it does not
-        // require `slot` to not move after init.
+        // SAFETY: `__init` has less strict requirements compared to `__pinned_init`.
         unsafe { self.__init(slot) }
     }
 }
@@ -953,13 +1086,20 @@ pub fn uninit<T, E>() -> impl Init<MaybeUninit<T>, E> {
 }
 
 // SAFETY: Every type can be initialized by-value.
-unsafe impl<T> Init<T> for T {
-    unsafe fn __init(self, slot: *mut T) -> Result<(), Infallible> {
+unsafe impl<T, E> Init<T, E> for T {
+    unsafe fn __init(self, slot: *mut T) -> Result<(), E> {
         unsafe { slot.write(self) };
         Ok(())
     }
 }
 
+// SAFETY: Every type can be initialized by-value. `__pinned_init` calls `__init`.
+unsafe impl<T, E> PinInit<T, E> for T {
+    unsafe fn __pinned_init(self, slot: *mut T) -> Result<(), E> {
+        unsafe { self.__init(slot) }
+    }
+}
+
 /// Smart pointer that can initialize memory in-place.
 pub trait InPlaceInit<T>: Sized {
     /// Use the given pin-initializer to pin-initialize a `T` inside of a new smart pointer of this
diff --git a/tests/ring_buf.rs b/tests/ring_buf.rs
@@ -44,11 +44,17 @@ impl<T, const SIZE: usize> RingBuffer<T, SIZE> {
             // SAFETY: `this` is a valid pointer.
             head: unsafe { addr_of_mut!((*this.as_ptr()).buffer).cast::<T>() },
             tail: unsafe { addr_of_mut!((*this.as_ptr()).buffer).cast::<T>() },
-            _pin <- PhantomPinned,
+            _pin: PhantomPinned,
         })
     }
 
-    pub fn push<E>(self: Pin<&mut Self>, value: impl Init<T, E>) -> Result<bool, E> {
+    pub fn push(self: Pin<&mut Self>, value: impl Init<T>) -> bool {
+        match self.try_push(value) {
+            Ok(res) => res,
+            Err(i) => match i {},
+        }
+    }
+    pub fn try_push<E>(self: Pin<&mut Self>, value: impl Init<T, E>) -> Result<bool, E> {
         // SAFETY: We do not move `this`.
         let this = unsafe { self.get_unchecked_mut() };
         let next_head = unsafe { this.advance(this.head) };
@@ -111,22 +117,22 @@ fn on_stack() -> Result<(), Infallible> {
     while let Some(elem) = buf.as_mut().pop() {
         panic!("found in empty buffer!: {elem}");
     }
-    assert!(buf.as_mut().push(10)?);
-    assert!(buf.as_mut().push(42)?);
+    assert!(buf.as_mut().push(10));
+    assert!(buf.as_mut().push(42));
     assert_eq!(buf.as_mut().pop(), Some(10));
     assert_eq!(buf.as_mut().pop(), Some(42));
     assert_eq!(buf.as_mut().pop(), None);
-    assert!(buf.as_mut().push(42)?);
-    assert!(buf.as_mut().push(24)?);
+    assert!(buf.as_mut().push(42));
+    assert!(buf.as_mut().push(24));
     assert_eq!(buf.as_mut().pop(), Some(42));
-    assert!(buf.as_mut().push(25)?);
+    assert!(buf.as_mut().push(25));
     assert_eq!(buf.as_mut().pop(), Some(24));
     assert_eq!(buf.as_mut().pop(), Some(25));
     assert_eq!(buf.as_mut().pop(), None);
     for i in 0..63 {
-        assert!(buf.as_mut().push(i)?);
+        assert!(buf.as_mut().push(i));
     }
-    assert!(!buf.as_mut().push(42)?);
+    assert!(!buf.as_mut().push(42));
     for i in 0..63 {
         if let Some(value) = buf.as_mut().pop_no_stack() {
             stack_pin_init!(let value = value);
@@ -199,13 +205,13 @@ fn even_failing() {
 #[test]
 fn with_failing_inner() {
     let mut buf = Box::pin_init(RingBuffer::<EvenU64, 4>::new()).unwrap();
-    assert_eq!(buf.as_mut().push(EvenU64::new(0)), Ok(true));
-    assert_eq!(buf.as_mut().push(EvenU64::new(1)), Err(()));
-    assert_eq!(buf.as_mut().push(EvenU64::new(2)), Ok(true));
-    assert_eq!(buf.as_mut().push(EvenU64::new(3)), Err(()));
-    assert_eq!(buf.as_mut().push(EvenU64::new(4)), Ok(true));
-    assert_eq!(buf.as_mut().push(EvenU64::new(5)), Ok(false));
-    assert_eq!(buf.as_mut().push(EvenU64::new(6)), Ok(false));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(0)), Ok(true));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(1)), Err(()));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(2)), Ok(true));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(3)), Err(()));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(4)), Ok(true));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(5)), Ok(false));
+    assert_eq!(buf.as_mut().try_push(EvenU64::new(6)), Ok(false));
 
     assert_eq!(
         buf.as_mut().pop(),
@@ -259,15 +265,15 @@ fn with_big_struct() {
     let mut buf = buf.lock();
     for _ in 0..63 {
         assert_eq!(
-            buf.as_mut().push(init!(BigStruct{
+            buf.as_mut().try_push(init!(BigStruct{
                 buf <- zeroed::<_, Infallible>(),
                 oth <- uninit::<_, Infallible>(),
             })),
             Ok(true)
         );
     }
     assert_eq!(
-        buf.as_mut().push(init!(BigStruct{
+        buf.as_mut().try_push(init!(BigStruct{
             buf <- zeroed::<_, Infallible>(),
             oth <- uninit::<_, Infallible>(),
         })),
diff --git a/tests/ui/no_pin_data_but_pinned_drop.stderr b/tests/ui/no_pin_data_but_pinned_drop.stderr
@@ -5,9 +5,9 @@ error[E0277]: the trait bound `Foo: HasPinData` is not satisfied
      |                     ^^^ the trait `HasPinData` is not implemented for `Foo`
      |
 note: required by a bound in `PinnedDrop`
-    --> $SRC_DIR/src/lib.rs:1094:30
+    --> $SRC_DIR/src/lib.rs:1234:30
      |
-1094 | pub unsafe trait PinnedDrop: __internal::HasPinData {
+1234 | pub unsafe trait PinnedDrop: __internal::HasPinData {
      |                              ^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `PinnedDrop`
 
 error: aborting due to 1 previous error

Original file line number	Diff line number	Diff line change
@@ -5,9 +5,9 @@ error[E0277]: the trait bound `Foo: HasPinData` is not satisfied
`5`	`5`	\| ^^^ the trait `HasPinData` is not implemented for `Foo`
`6`	`6`	`\|`
`7`	`7`	note: required by a bound in `PinnedDrop`
`8`		`- --> $SRC_DIR/src/lib.rs:1094:30`
	`8`	`+ --> $SRC_DIR/src/lib.rs:1234:30`
`9`	`9`	`\|`
`10`		`-1094 \| pub unsafe trait PinnedDrop: __internal::HasPinData {`
	`10`	`+1234 \| pub unsafe trait PinnedDrop: __internal::HasPinData {`
`11`	`11`	\| ^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `PinnedDrop`
`12`	`12`
`13`	`13`	`error: aborting due to 1 previous error`