##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

rust-cpython: remove PySharedRefCell and its companion structs...
Yuya Nishihara -
r44704:6b7aef44 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (551 lines changed) Show them Hide them
@@ -22,416 +22,6 b''
22
22
23 //! Macros for use in the `hg-cpython` bridge library.
23 //! Macros for use in the `hg-cpython` bridge library.
24
24
25 use cpython::{exc, PyClone, PyErr, PyObject, PyResult, Python};
26 use std::cell::{BorrowMutError, Ref, RefCell, RefMut};
27 use std::ops::{Deref, DerefMut};
28 use std::result;
29 use std::sync::atomic::{AtomicUsize, Ordering};
30
31 /// Manages the shared state between Python and Rust
32 ///
33 /// `PySharedState` is owned by `PySharedRefCell`, and is shared across its
34 /// derived references. The consistency of these references are guaranteed
35 /// as follows:
36 ///
37 /// - The immutability of `py_class!` object fields. Any mutation of
38 /// `PySharedRefCell` is allowed only through its `borrow_mut()`.
39 /// - The `py: Python<'_>` token, which makes sure that any data access is
40 /// synchronized by the GIL.
41 /// - The underlying `RefCell`, which prevents `PySharedRefCell` data from
42 /// being directly borrowed or leaked while it is mutably borrowed.
43 /// - The `borrow_count`, which is the number of references borrowed from
44 /// `PyLeaked`. Just like `RefCell`, mutation is prohibited while `PyLeaked`
45 /// is borrowed.
46 /// - The `generation` counter, which increments on `borrow_mut()`. `PyLeaked`
47 /// reference is valid only if the `current_generation()` equals to the
48 /// `generation` at the time of `leak_immutable()`.
49 #[derive(Debug, Default)]
50 struct PySharedState {
51 // The counter variable could be Cell<usize> since any operation on
52 // PySharedState is synchronized by the GIL, but being "atomic" makes
53 // PySharedState inherently Sync. The ordering requirement doesn't
54 // matter thanks to the GIL.
55 borrow_count: AtomicUsize,
56 generation: AtomicUsize,
57 }
58
59 impl PySharedState {
60 fn current_borrow_count(&self, _py: Python) -> usize {
61 self.borrow_count.load(Ordering::Relaxed)
62 }
63
64 fn increase_borrow_count(&self, _py: Python) {
65 // Note that this wraps around if there are more than usize::MAX
66 // borrowed references, which shouldn't happen due to memory limit.
67 self.borrow_count.fetch_add(1, Ordering::Relaxed);
68 }
69
70 fn decrease_borrow_count(&self, _py: Python) {
71 let prev_count = self.borrow_count.fetch_sub(1, Ordering::Relaxed);
72 assert!(prev_count > 0);
73 }
74
75 fn current_generation(&self, _py: Python) -> usize {
76 self.generation.load(Ordering::Relaxed)
77 }
78
79 fn increment_generation(&self, py: Python) {
80 assert_eq!(self.current_borrow_count(py), 0);
81 // Note that this wraps around to the same value if mutably
82 // borrowed more than usize::MAX times, which wouldn't happen
83 // in practice.
84 self.generation.fetch_add(1, Ordering::Relaxed);
85 }
86 }
87
88 /// Helper to keep the borrow count updated while the shared object is
89 /// immutably borrowed without using the `RefCell` interface.
90 struct BorrowPyShared<'a> {
91 py: Python<'a>,
92 py_shared_state: &'a PySharedState,
93 }
94
95 impl<'a> BorrowPyShared<'a> {
96 fn new(
97 py: Python<'a>,
98 py_shared_state: &'a PySharedState,
99 ) -> BorrowPyShared<'a> {
100 py_shared_state.increase_borrow_count(py);
101 BorrowPyShared {
102 py,
103 py_shared_state,
104 }
105 }
106 }
107
108 impl Drop for BorrowPyShared<'_> {
109 fn drop(&mut self) {
110 self.py_shared_state.decrease_borrow_count(self.py);
111 }
112 }
113
114 /// `RefCell` wrapper to be safely used in conjunction with `PySharedState`.
115 ///
116 /// This object can be stored in a `py_class!` object as a data field. Any
117 /// operation is allowed through the `PySharedRef` interface.
118 #[derive(Debug)]
119 pub struct PySharedRefCell<T> {
120 inner: RefCell<T>,
121 py_shared_state: PySharedState,
122 }
123
124 impl<T> PySharedRefCell<T> {
125 pub fn new(value: T) -> PySharedRefCell<T> {
126 Self {
127 inner: RefCell::new(value),
128 py_shared_state: PySharedState::default(),
129 }
130 }
131
132 fn borrow<'a>(&'a self, _py: Python<'a>) -> Ref<'a, T> {
133 // py_shared_state isn't involved since
134 // - inner.borrow() would fail if self is mutably borrowed,
135 // - and inner.try_borrow_mut() would fail while self is borrowed.
136 self.inner.borrow()
137 }
138
139 fn try_borrow_mut<'a>(
140 &'a self,
141 py: Python<'a>,
142 ) -> result::Result<RefMut<'a, T>, BorrowMutError> {
143 if self.py_shared_state.current_borrow_count(py) > 0 {
144 // propagate borrow-by-leaked state to inner to get BorrowMutError
145 let _dummy = self.inner.borrow();
146 self.inner.try_borrow_mut()?;
147 unreachable!("BorrowMutError must be returned");
148 }
149 let inner_ref = self.inner.try_borrow_mut()?;
150 self.py_shared_state.increment_generation(py);
151 Ok(inner_ref)
152 }
153 }
154
155 /// Sharable data member of type `T` borrowed from the `PyObject`.
156 pub struct PySharedRef<'a, T> {
157 py: Python<'a>,
158 owner: &'a PyObject,
159 data: &'a PySharedRefCell<T>,
160 }
161
162 impl<'a, T> PySharedRef<'a, T> {
163 /// # Safety
164 ///
165 /// The `data` must be owned by the `owner`. Otherwise, the leak count
166 /// would get wrong.
167 pub unsafe fn new(
168 py: Python<'a>,
169 owner: &'a PyObject,
170 data: &'a PySharedRefCell<T>,
171 ) -> Self {
172 Self { py, owner, data }
173 }
174
175 pub fn borrow(&self) -> Ref<'a, T> {
176 self.data.borrow(self.py)
177 }
178
179 /// Mutably borrows the wrapped value.
180 ///
181 /// # Panics
182 ///
183 /// Panics if the value is currently borrowed through `PySharedRef`
184 /// or `PyLeaked`.
185 pub fn borrow_mut(&self) -> RefMut<'a, T> {
186 self.try_borrow_mut().expect("already borrowed")
187 }
188
189 /// Mutably borrows the wrapped value, returning an error if the value
190 /// is currently borrowed.
191 pub fn try_borrow_mut(
192 &self,
193 ) -> result::Result<RefMut<'a, T>, BorrowMutError> {
194 self.data.try_borrow_mut(self.py)
195 }
196
197 /// Returns a leaked reference.
198 ///
199 /// # Panics
200 ///
201 /// Panics if this is mutably borrowed.
202 pub fn leak_immutable(&self) -> PyLeaked<&'static T> {
203 let state = &self.data.py_shared_state;
204 // make sure self.data isn't mutably borrowed; otherwise the
205 // generation number can't be trusted.
206 let data_ref = self.borrow();
207
208 // &'static cast is safe because data_ptr and state_ptr are owned
209 // by self.owner, and we do have the GIL for thread safety.
210 let data_ptr: *const T = &*data_ref;
211 let state_ptr: *const PySharedState = state;
212 PyLeaked::<&'static T> {
213 inner: self.owner.clone_ref(self.py),
214 data: unsafe { &*data_ptr },
215 py_shared_state: unsafe { &*state_ptr },
216 generation: state.current_generation(self.py),
217 }
218 }
219 }
220
221 /// Allows a `py_class!` generated struct to share references to one of its
222 /// data members with Python.
223 ///
224 /// # Parameters
225 ///
226 /// * `$name` is the same identifier used in for `py_class!` macro call.
227 /// * `$inner_struct` is the identifier of the underlying Rust struct
228 /// * `$data_member` is the identifier of the data member of `$inner_struct`
229 /// that will be shared.
230 /// * `$shared_accessor` is the function name to be generated, which allows
231 /// safe access to the data member.
232 ///
233 /// # Safety
234 ///
235 /// `$data_member` must persist while the `$name` object is alive. In other
236 /// words, it must be an accessor to a data field of the Python object.
237 ///
238 /// # Example
239 ///
240 /// ```
241 /// struct MyStruct {
242 /// inner: Vec<u32>;
243 /// }
244 ///
245 /// py_class!(pub class MyType |py| {
246 /// data inner: PySharedRefCell<MyStruct>;
247 /// });
248 ///
249 /// py_shared_ref!(MyType, MyStruct, inner, inner_shared);
250 /// ```
251 macro_rules! py_shared_ref {
252 (
253 $name: ident,
254 $inner_struct: ident,
255 $data_member: ident,
256 $shared_accessor: ident
257 ) => {
258 impl $name {
259 /// Returns a safe reference to the shared `$data_member`.
260 ///
261 /// This function guarantees that `PySharedRef` is created with
262 /// the valid `self` and `self.$data_member(py)` pair.
263 fn $shared_accessor<'a>(
264 &'a self,
265 py: Python<'a>,
266 ) -> $crate::ref_sharing::PySharedRef<'a, $inner_struct> {
267 use cpython::PythonObject;
268 use $crate::ref_sharing::PySharedRef;
269 let owner = self.as_object();
270 let data = self.$data_member(py);
271 unsafe { PySharedRef::new(py, owner, data) }
272 }
273 }
274 };
275 }
276
277 /// Manage immutable references to `PyObject` leaked into Python iterators.
278 ///
279 /// This reference will be invalidated once the original value is mutably
280 /// borrowed.
281 pub struct PyLeaked<T> {
282 inner: PyObject,
283 data: T,
284 py_shared_state: &'static PySharedState,
285 /// Generation counter of data `T` captured when PyLeaked is created.
286 generation: usize,
287 }
288
289 // DO NOT implement Deref for PyLeaked<T>! Dereferencing PyLeaked
290 // without taking Python GIL wouldn't be safe. Also, the underling reference
291 // is invalid if generation != py_shared_state.generation.
292
293 impl<T> PyLeaked<T> {
294 /// Immutably borrows the wrapped value.
295 ///
296 /// Borrowing fails if the underlying reference has been invalidated.
297 ///
298 /// # Safety
299 ///
300 /// The lifetime of the innermost object is cheated. Do not obtain and
301 /// copy it out of the borrow scope. See the example of `try_borrow_mut()`
302 /// for details.
303 pub unsafe fn try_borrow<'a>(
304 &'a self,
305 py: Python<'a>,
306 ) -> PyResult<PyLeakedRef<'a, T>> {
307 self.validate_generation(py)?;
308 Ok(PyLeakedRef {
309 _borrow: BorrowPyShared::new(py, self.py_shared_state),
310 data: &self.data,
311 })
312 }
313
314 /// Mutably borrows the wrapped value.
315 ///
316 /// Borrowing fails if the underlying reference has been invalidated.
317 ///
318 /// Typically `T` is an iterator. If `T` is an immutable reference,
319 /// `get_mut()` is useless since the inner value can't be mutated.
320 ///
321 /// # Safety
322 ///
323 /// The lifetime of the innermost object is cheated. Do not obtain and
324 /// copy it out of the borrow scope. For example, the following code
325 /// is unsafe:
326 ///
327 /// ```compile_fail
328 /// let slice;
329 /// {
330 /// let iter = leaked.try_borrow_mut(py);
331 /// // slice can outlive since the iterator is of Iter<'static, T>
332 /// // type, but it shouldn't.
333 /// slice = iter.as_slice();
334 /// }
335 /// println!("{:?}", slice);
336 /// ```
337 pub unsafe fn try_borrow_mut<'a>(
338 &'a mut self,
339 py: Python<'a>,
340 ) -> PyResult<PyLeakedRefMut<'a, T>> {
341 self.validate_generation(py)?;
342 Ok(PyLeakedRefMut {
343 _borrow: BorrowPyShared::new(py, self.py_shared_state),
344 data: &mut self.data,
345 })
346 }
347
348 /// Converts the inner value by the given function.
349 ///
350 /// Typically `T` is a static reference to a container, and `U` is an
351 /// iterator of that container.
352 ///
353 /// # Panics
354 ///
355 /// Panics if the underlying reference has been invalidated.
356 ///
357 /// This is typically called immediately after the `PyLeaked` is obtained.
358 /// In which case, the reference must be valid and no panic would occur.
359 ///
360 /// # Safety
361 ///
362 /// The lifetime of the object passed in to the function `f` is cheated.
363 /// It's typically a static reference, but is valid only while the
364 /// corresponding `PyLeaked` is alive. Do not copy it out of the
365 /// function call.
366 pub unsafe fn map<U>(
367 self,
368 py: Python,
369 f: impl FnOnce(T) -> U,
370 ) -> PyLeaked<U> {
371 // Needs to test the generation value to make sure self.data reference
372 // is still intact.
373 self.validate_generation(py)
374 .expect("map() over invalidated leaked reference");
375
376 // f() could make the self.data outlive. That's why map() is unsafe.
377 // In order to make this function safe, maybe we'll need a way to
378 // temporarily restrict the lifetime of self.data and translate the
379 // returned object back to Something<'static>.
380 let new_data = f(self.data);
381 PyLeaked {
382 inner: self.inner,
383 data: new_data,
384 py_shared_state: self.py_shared_state,
385 generation: self.generation,
386 }
387 }
388
389 fn validate_generation(&self, py: Python) -> PyResult<()> {
390 if self.py_shared_state.current_generation(py) == self.generation {
391 Ok(())
392 } else {
393 Err(PyErr::new::<exc::RuntimeError, _>(
394 py,
395 "Cannot access to leaked reference after mutation",
396 ))
397 }
398 }
399 }
400
401 /// Immutably borrowed reference to a leaked value.
402 pub struct PyLeakedRef<'a, T> {
403 _borrow: BorrowPyShared<'a>,
404 data: &'a T,
405 }
406
407 impl<T> Deref for PyLeakedRef<'_, T> {
408 type Target = T;
409
410 fn deref(&self) -> &T {
411 self.data
412 }
413 }
414
415 /// Mutably borrowed reference to a leaked value.
416 pub struct PyLeakedRefMut<'a, T> {
417 _borrow: BorrowPyShared<'a>,
418 data: &'a mut T,
419 }
420
421 impl<T> Deref for PyLeakedRefMut<'_, T> {
422 type Target = T;
423
424 fn deref(&self) -> &T {
425 self.data
426 }
427 }
428
429 impl<T> DerefMut for PyLeakedRefMut<'_, T> {
430 fn deref_mut(&mut self) -> &mut T {
431 self.data
432 }
433 }
434
435 /// Defines a `py_class!` that acts as a Python iterator over a Rust iterator.
25 /// Defines a `py_class!` that acts as a Python iterator over a Rust iterator.
436 ///
26 ///
437 /// TODO: this is a bit awkward to use, and a better (more complicated)
27 /// TODO: this is a bit awkward to use, and a better (more complicated)
@@ -440,7 +30,8 b" impl<T> DerefMut for PyLeakedRefMut<'_, "
440 /// # Parameters
30 /// # Parameters
441 ///
31 ///
442 /// * `$name` is the identifier to give to the resulting Rust struct.
32 /// * `$name` is the identifier to give to the resulting Rust struct.
443 /// * `$leaked` corresponds to `$leaked` in the matching `py_shared_ref!` call.
33 /// * `$leaked` corresponds to `UnsafePyLeaked` in the matching `@shared data`
34 /// declaration.
444 /// * `$iterator_type` is the type of the Rust iterator.
35 /// * `$iterator_type` is the type of the Rust iterator.
445 /// * `$success_func` is a function for processing the Rust `(key, value)`
36 /// * `$success_func` is a function for processing the Rust `(key, value)`
446 /// tuple on iteration success, turning it into something Python understands.
37 /// tuple on iteration success, turning it into something Python understands.
@@ -459,7 +50,7 b" impl<T> DerefMut for PyLeakedRefMut<'_, "
459 /// }
50 /// }
460 ///
51 ///
461 /// py_class!(pub class MyType |py| {
52 /// py_class!(pub class MyType |py| {
462 /// data inner: PySharedRefCell<MyStruct>;
53 /// @shared data inner: MyStruct;
463 ///
54 ///
464 /// def __iter__(&self) -> PyResult<MyTypeItemsIterator> {
55 /// def __iter__(&self) -> PyResult<MyTypeItemsIterator> {
465 /// let leaked_ref = self.inner_shared(py).leak_immutable();
56 /// let leaked_ref = self.inner_shared(py).leak_immutable();
@@ -483,11 +74,9 b" impl<T> DerefMut for PyLeakedRefMut<'_, "
483 /// }
74 /// }
484 /// }
75 /// }
485 ///
76 ///
486 /// py_shared_ref!(MyType, MyStruct, inner, MyTypeLeakedRef);
487 ///
488 /// py_shared_iterator!(
77 /// py_shared_iterator!(
489 /// MyTypeItemsIterator,
78 /// MyTypeItemsIterator,
490 /// PyLeaked<HashMap<'static, Vec<u8>, Vec<u8>>>,
79 /// UnsafePyLeaked<HashMap<'static, Vec<u8>, Vec<u8>>>,
491 /// MyType::translate_key_value,
80 /// MyType::translate_key_value,
492 /// Option<(PyBytes, PyBytes)>
81 /// Option<(PyBytes, PyBytes)>
493 /// );
82 /// );
@@ -530,135 +119,3 b' macro_rules! py_shared_iterator {'
530 }
119 }
531 };
120 };
532 }
121 }
533
534 #[cfg(test)]
535 #[cfg(any(feature = "python27-bin", feature = "python3-bin"))]
536 mod test {
537 use super::*;
538 use cpython::{GILGuard, Python};
539
540 py_class!(class Owner |py| {
541 data string: PySharedRefCell<String>;
542 });
543 py_shared_ref!(Owner, String, string, string_shared);
544
545 fn prepare_env() -> (GILGuard, Owner) {
546 let gil = Python::acquire_gil();
547 let py = gil.python();
548 let owner =
549 Owner::create_instance(py, PySharedRefCell::new("new".to_owned()))
550 .unwrap();
551 (gil, owner)
552 }
553
554 #[test]
555 fn test_leaked_borrow() {
556 let (gil, owner) = prepare_env();
557 let py = gil.python();
558 let leaked = owner.string_shared(py).leak_immutable();
559 let leaked_ref = unsafe { leaked.try_borrow(py) }.unwrap();
560 assert_eq!(*leaked_ref, "new");
561 }
562
563 #[test]
564 fn test_leaked_borrow_mut() {
565 let (gil, owner) = prepare_env();
566 let py = gil.python();
567 let leaked = owner.string_shared(py).leak_immutable();
568 let mut leaked_iter = unsafe { leaked.map(py, |s| s.chars()) };
569 let mut leaked_ref =
570 unsafe { leaked_iter.try_borrow_mut(py) }.unwrap();
571 assert_eq!(leaked_ref.next(), Some('n'));
572 assert_eq!(leaked_ref.next(), Some('e'));
573 assert_eq!(leaked_ref.next(), Some('w'));
574 assert_eq!(leaked_ref.next(), None);
575 }
576
577 #[test]
578 fn test_leaked_borrow_after_mut() {
579 let (gil, owner) = prepare_env();
580 let py = gil.python();
581 let leaked = owner.string_shared(py).leak_immutable();
582 owner.string_shared(py).borrow_mut().clear();
583 assert!(unsafe { leaked.try_borrow(py) }.is_err());
584 }
585
586 #[test]
587 fn test_leaked_borrow_mut_after_mut() {
588 let (gil, owner) = prepare_env();
589 let py = gil.python();
590 let leaked = owner.string_shared(py).leak_immutable();
591 let mut leaked_iter = unsafe { leaked.map(py, |s| s.chars()) };
592 owner.string_shared(py).borrow_mut().clear();
593 assert!(unsafe { leaked_iter.try_borrow_mut(py) }.is_err());
594 }
595
596 #[test]
597 #[should_panic(expected = "map() over invalidated leaked reference")]
598 fn test_leaked_map_after_mut() {
599 let (gil, owner) = prepare_env();
600 let py = gil.python();
601 let leaked = owner.string_shared(py).leak_immutable();
602 owner.string_shared(py).borrow_mut().clear();
603 let _leaked_iter = unsafe { leaked.map(py, |s| s.chars()) };
604 }
605
606 #[test]
607 fn test_try_borrow_mut_while_leaked_ref() {
608 let (gil, owner) = prepare_env();
609 let py = gil.python();
610 assert!(owner.string_shared(py).try_borrow_mut().is_ok());
611 let leaked = owner.string_shared(py).leak_immutable();
612 {
613 let _leaked_ref = unsafe { leaked.try_borrow(py) }.unwrap();
614 assert!(owner.string_shared(py).try_borrow_mut().is_err());
615 {
616 let _leaked_ref2 = unsafe { leaked.try_borrow(py) }.unwrap();
617 assert!(owner.string_shared(py).try_borrow_mut().is_err());
618 }
619 assert!(owner.string_shared(py).try_borrow_mut().is_err());
620 }
621 assert!(owner.string_shared(py).try_borrow_mut().is_ok());
622 }
623
624 #[test]
625 fn test_try_borrow_mut_while_leaked_ref_mut() {
626 let (gil, owner) = prepare_env();
627 let py = gil.python();
628 assert!(owner.string_shared(py).try_borrow_mut().is_ok());
629 let leaked = owner.string_shared(py).leak_immutable();
630 let mut leaked_iter = unsafe { leaked.map(py, |s| s.chars()) };
631 {
632 let _leaked_ref =
633 unsafe { leaked_iter.try_borrow_mut(py) }.unwrap();
634 assert!(owner.string_shared(py).try_borrow_mut().is_err());
635 }
636 assert!(owner.string_shared(py).try_borrow_mut().is_ok());
637 }
638
639 #[test]
640 #[should_panic(expected = "mutably borrowed")]
641 fn test_leak_while_borrow_mut() {
642 let (gil, owner) = prepare_env();
643 let py = gil.python();
644 let _mut_ref = owner.string_shared(py).borrow_mut();
645 owner.string_shared(py).leak_immutable();
646 }
647
648 #[test]
649 fn test_try_borrow_mut_while_borrow() {
650 let (gil, owner) = prepare_env();
651 let py = gil.python();
652 let _ref = owner.string_shared(py).borrow();
653 assert!(owner.string_shared(py).try_borrow_mut().is_err());
654 }
655
656 #[test]
657 #[should_panic(expected = "already borrowed")]
658 fn test_borrow_mut_while_borrow() {
659 let (gil, owner) = prepare_env();
660 let py = gil.python();
661 let _ref = owner.string_shared(py).borrow();
662 owner.string_shared(py).borrow_mut();
663 }
664 }
General Comments 0
You need to be logged in to leave comments. Login now