+2

.gitignore

reviewed

··· 13 13 !/futures/** 14 14 !/futures-*/ 15 15 !/futures-*/** 16 16 + !/lifetime-guard/ 17 17 + !/lifetime-guard/**

+4

Cargo.lock

reviewed

··· 49 49 ] 50 50 51 51 [[package]] 52 52 + name = "lifetime-guard" 53 53 + version = "0.1.0" 54 54 + 55 55 + [[package]] 52 56 name = "proc-macro2" 53 57 version = "1.0.95" 54 58 source = "registry+https://github.com/rust-lang/crates.io-index"

+1 -1

Cargo.toml

reviewed

··· 1 1 [workspace] 2 2 resolver = "3" 3 3 - members = [ "futures", "futures-core", "futures-combinators", "futures-compat", "futures-derive", "futures-util"] 3 3 + members = [ "futures", "futures-core", "futures-combinators", "futures-compat", "futures-derive", "futures-util", "lifetime-guard"] 4 4 5 5 [workspace.package] 6 6 version = "0.1.0"

+162 -9

README.md

reviewed

··· 82 82 83 83 New async primitives that disallow intra-task concurrency, clone of `futures` and `futures-concurrency` for the new primitives. 84 84 85 85 - ## TODO: 86 86 - - [x] ScopedFuture 87 87 - - [ ] static combinators (Join Race etc), see futures-concurrency 88 88 - - [ ] `#[bsync]` or some compiler ScopedFuture generation 89 89 - - [ ] growable combinators (eg. `FutureGroup`, `FuturesUnordered`) (require alloc?) 90 90 - - [ ] unsound (needs `Forget`) multithreading 91 91 - - [ ] "rethinking async rust" 92 92 - - [ ] all of the above for streams 93 93 - - [ ] rfc? 94 85 95 86 channels: need lifetimed receievers, probably needs `Forget` (arc-like channels would be unsafe) 96 87 ··· 141 132 - need tons of interior mutability, since immutable/can't move means `poll` cannot take `&mut self`, cells everywhere 142 133 - nvm lots of unsafe code, but nothing really unsound 143 134 - potentially bad error messages? stuff like `join!` will have to output code that manually sets up the waker self ref 135 135 + 136 136 + ## TODO: 137 137 + - [x] ScopedFuture 138 138 + - [x] static combinators (Join Race etc), see futures-concurrency 139 139 + - [x] `#[async_scoped]` or some compiler ScopedFuture generation 140 140 + - [ ] doubly linked list waker registration 141 141 + - [ ] repeating static time reactors - eg. make event poll every N seconds 142 142 + - [ ] io uring reactors 143 143 + - [ ] growable combinators (eg. `FutureGroup`, `FuturesUnordered`) (require alloc?) 144 144 + - [ ] unsound (needs `Forget`) multithreading 145 145 + - [ ] "rethinking async rust" 146 146 + - [ ] all of the above for streams 147 147 + - [ ] rfc? 148 148 + 149 149 + # Chapter 3 150 150 + 151 151 + man this really sucks 152 152 + 153 153 + i need better things to do 154 154 + 155 155 + issues from ch 2 156 156 + - works great[*] 157 157 + - *: incompatible with event loop - something still has to poll 158 158 + - we're back to doubly linked list of waker registration in event loop 159 159 + - this requires Forget 160 160 + - ScopedFuture - Future interop sucks 161 161 + 162 162 + 163 163 + structured concurrency with regular combinators: 164 164 + - scope holds tasks 165 165 + - scope cancels tasks when dropped 166 166 + - tasks are ran by central executor 167 167 + 168 168 + pure structured concurrency with borrow checker: 169 169 + - high level block_on(), any task wake wakes every level up 170 170 + - tasks have events 171 171 + 172 172 + how do the tasks register to an event loop? they don't fuck 173 173 + 174 174 + 175 175 + ```rust 176 176 + struct Task<F: Future> { 177 177 + inner: F, 178 178 + prev: *const Task, 179 179 + next: *const Task, 180 180 + waker: Waker, 181 181 + } 182 182 + ``` 183 183 + 184 184 + &waker is passed into all sub-tasks, calling wake clone etc panics!!! 185 185 + this is pretty jank 186 186 + 187 187 + also waker doesn't have a lifetime so a safe code could easily register to external source that outlives the task 188 188 + this is unsound 189 189 + 190 190 + we need 191 191 + ```rust 192 192 + struct WakerRegister { 193 193 + prev: *const WakerRegister, 194 194 + next: *const WakerRegister, 195 195 + } 196 196 + ``` 197 197 + 198 198 + # Borrow Checked Structured Concurrency 199 199 + 200 200 + An async system needs to have the following components: 201 201 + 202 202 + - event loop : polls events and schedules tasks when they are ready 203 203 + - tasks : state machines that progress and can await events from the event loop 204 204 + - task combinators : tasks that compose other tasks into useful logic structures 205 205 + 206 206 + Tasks will register themselves to events on the event loop, which will need to outlive tasks and register pointers to wake the tasks, so that they can again be polled. 207 207 + This is incompatible with the borrow checker because the task pointers (wakers) are being stored inside an event loop with a lifetime that may exceed the tasks'. 208 208 + 209 209 + `Waker` is effectively a `*const dyn Wake`. It is implemented using a custom `RawWakerVTable` rather than a `dyn` ptr to allow for `Wake::wake(self)`, which is not object safe. 210 210 + This method is necessary for runtime implementations that rely on the wakers to be effectively `Arc<Task>`, since `wake(self)` consumes `self` and decrements the reference count. 211 211 + 212 212 + There are two types of sound async runtimes that currently exist in rust: 213 213 + 214 214 + [tokio](https://github.com/tokio-rs) and [smol](https://github.com/smol-rs) work using the afformentioned reference counting system to ensure wakers aren't dangling pointers to tasks that no longer exist. 215 215 + 216 216 + [embassy](https://github.com/embassy-rs/embassy) and [rtic](https://github.com/rtic-rs/rtic) work by ensuring tasks are stored in `static` task pools for `N` tasks. Scheduled tasks are represented by an intrusively linked list to avoid allocation, and wakers can't be dangling pointers because completed tasks will refuse to add themselves back to the linked list, or will be replaced by a new task. This is useful in environments where it is desirable to avoid heap allocation, but requires the user annotate the maximum number of a specific task that can exist at one time, and fails to spawn tasks when they exceed that limit. 217 217 + 218 218 + An async runtime where futures are allocated to the stack cannot be sound under this model because `Future::poll` allows any safe `Future` implementation to store or clone wakers wherever they want, which become dangling pointers after the stack allocated future goes out of scope. In order to prevent this, we must have a circular reference, where the task (`Task<'scope>: Wake`) contains a `&'scope Waker` and the `Waker` contains `*const dyn Wake`. For that to be safe, the `Waker` must never be moved. This cannot be possible because something needs to register the waker: 219 219 + 220 220 + ```rust 221 221 + // waker is moved 222 222 + poll(self: Pin<&mut Self>, cx: &mut Context<'_> /* '_ is the duration of the poll fn */) -> Poll<Self::Output> { 223 223 + // waker is moved! 224 224 + // can't register &Waker bc we run into the same problem, 225 225 + // and the waker only lives for '_ 226 226 + store.register(cx.waker()) 227 227 + } 228 228 + ``` 229 229 + 230 230 + Effectively, by saying our waker can't move, we are saying it must be stored by the task, which means it can't be a useful waker. Instead, what we could do is have a waker-register (verb, not noun) that facilitates the binding of an immovable waker to an immovable task, where the waker is guaranteed to outlive the task: 231 231 + 232 232 + ```rust 233 233 + pub trait Wake<'task> { 234 234 + fn wake(&self); 235 235 + fn register_waker(&mut self, waker: &'task Waker); 236 236 + } 237 237 + 238 238 + pub struct Waker { 239 239 + task: *const dyn Wake, 240 240 + valid: bool, // task is in charge of invalidating when it goes out of scope 241 241 + } 242 242 + 243 243 + pub struct WakerRegistration<'poll> { 244 244 + task: &'poll mut dyn Wake, 245 245 + } 246 246 + 247 247 + impl<'poll> WakerRegistration<'poll> { 248 248 + pub fn register<'task>(self, slot: &'task Waker) 249 249 + where 250 250 + 'task: 'poll, 251 251 + Self: 'task 252 252 + { 253 253 + *slot = Waker::new(self.task as *const dyn Wake); 254 254 + *task.register_waker(slot) 255 255 + } 256 256 + } 257 257 + ``` 258 258 + 259 259 + This system works better because `WakerRegistration` only lives 260 260 + 261 261 + 262 262 + 263 263 + Experienced rust programmers might be reading this and thinking I am stupid (true) because `Forget` 264 264 + 265 265 + An astute (soon to be disappointed) reader might be thinking, as I did when I first learned about this sytem, "what if we ensured that there was only one `Waker` per `Task`, and gave the task a pointer to the waker, so that it could disable the waker when dropped?" 266 266 + 267 267 + Unfortunately, there are a multitude of issues with this system 268 268 + 269 269 + - In order to hold a pointer to the Waker from the 270 270 + - Preventing a `Waker` from moving means panicking on the 271 271 + 272 272 + Even if it was guaranteed that wakers could not be moved or `cloned` (by panicking on `clone`), and registration occured via `&Waker`, the task would still be unable to 273 273 + 274 274 + https://conradludgate.com/posts/async-stack 275 275 + 276 276 + ## Structured Concurrency 277 277 + 278 278 + https://trio.discourse.group/t/discussion-notes-on-structured-concurrency-or-go-statement-considered-harmful/25 279 279 + https://kotlinlang.org/docs/coroutines-basics.html 280 280 + 281 281 + Notably, the structured concurrency pattern fits very nicely with our hypothetical unsound stack based async runtime. 282 282 + 283 283 + ## WeakCell Pattern & Forget trait 284 284 + 285 285 + https://github.com/rust-lang/rfcs/pull/3782 286 286 + 287 287 + 288 288 + There are two solutions: 289 289 + 290 290 + - `Wakers` panic on `clone()` 291 291 + 292 292 + ## Waker allocation problem & intra task concurrency 293 293 + 294 294 + we can't do intra task concurrency because WeakRegistrations 295 295 + 296 296 +

+4 -10

futures-compat/src/lib.rs

reviewed

··· 13 13 //! that expects it to live for 'scope, and then the ScopedFutureWrapper is 14 14 //! dropped 15 15 //! 16 16 - //! 17 17 - //! ## TRIGGER WARNING 18 18 - //! 19 16 //! This code is not for the faint of heart. Read at your own risk. 20 17 21 18 use std::{ ··· 34 31 /// can transmute between them, but the waker will be completely invalid! 35 32 36 33 /// wraps an internal ScopedFuture, implements Future 37 37 - pub struct ScopedFutureWrapper<'scope, F: ScopedFuture<'scope> + 'scope> { 34 34 + pub struct ScopedFutureWrapper<'scope, F: ScopedFuture<'scope>> { 38 35 inner: UnsafeCell<F>, 39 36 marker: PhantomData<&'scope ()>, 40 37 } ··· 44 41 { 45 42 type Output = F::Output; 46 43 47 47 - fn poll( 48 48 - self: std::pin::Pin<&mut Self>, 49 49 - cx: &mut std::task::Context<'_>, 50 50 - ) -> Poll<Self::Output> { 44 44 + fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> { 51 45 // # Safety 52 46 // 53 47 // Transmutes `Waker` into `&'scope dyn Wake`. ··· 102 96 marker: PhantomData<&'scope ()>, 103 97 } 104 98 105 105 - impl<'scope, F: Future> ScopedFuture<'scope> 99 99 + impl<'scope, F: Future + 'scope> ScopedFuture<'scope> 106 100 for UnscopedFutureWrapper<'scope, F> 107 101 { 108 102 type Output = F::Output; ··· 140 134 } 141 135 } 142 136 143 143 - impl<'scope, F: Future> UnscopedFutureWrapper<'scope, F> { 137 137 + impl<'scope, F: Future + 'scope> UnscopedFutureWrapper<'scope, F> { 144 138 pub unsafe fn from_future(f: F) -> Self { 145 139 Self { 146 140 inner: f.into(),

+3 -2

futures-core/src/lib.rs

reviewed

··· 35 35 /// The waker is no longer tied to the actual future's lifetime, making it 36 36 /// unsound to not have either static tasks or reference counting. 37 37 /// To avoid this, we want to use a &'scope waker instead, with 1 waker / task. 38 38 + #[must_use = "futures do nothing unless you `.await` or poll them"] 38 39 #[diagnostic::on_unimplemented( 39 39 - message = "The type `{Self}` must implement the `ScopedFuture` trait.", 40 40 - label = "Missing `ScopedFuture` implementation", 40 40 + message = "`{Self}` is not a `ScopedFuture`", 41 41 + label = "`{Self}` is not a `ScopedFuture`", 41 42 note = "If you are trying to await a `task::Future` from within a `ScopedFuture`, note that the systems are incompatible." 42 43 )] 43 44 pub trait ScopedFuture<'scope> {

+49 -5

futures-core/src/task.rs

reviewed

··· 1 1 - /// A task that can be woken. 2 2 - /// 3 3 - /// This acts as a handle for a reactor to indicate when a `ScopedFuture` is 4 4 - /// once again ready to be polled. 5 5 - pub trait Wake<'scope> { 1 1 + use std::{mem, ptr::NonNull, sync::atomic::AtomicPtr}; 2 2 + 3 3 + // Task: Wake 4 4 + // 5 5 + // Wake must not outlive event loop/storage 6 6 + pub trait Wake<'events> { 6 7 fn wake(&self); 8 8 + // task can't outlive event loop -> holds &'events 9 9 + fn register_waker(&self, waker: &'events Waker); 10 10 + } 11 11 + 12 12 + // type Waker<'events> = Option<NonNull<dyn Wake<'events>>>; 13 13 + 14 14 + pub struct Waker<'events> { 15 15 + task: *const dyn Wake<'events>, 16 16 + } 17 17 + 18 18 + // wakers must outlive 'task 19 19 + impl<'events> Waker<'events> { 20 20 + pub fn new(task: *const dyn Wake<'events>) -> Self { 21 21 + Self { task: task.into() } 22 22 + } 23 23 + 24 24 + pub fn wake(self) { 25 25 + unsafe { self.task.as_ref() }.inspect(|task| task.wake()); 26 26 + } 27 27 + } 28 28 + 29 29 + pub struct WakerRegistration<'events> { 30 30 + task: &'events dyn Wake<'events>, // valid for all of 'events 31 31 + } 32 32 + 33 33 + impl<'events> WakerRegistration<'events> { 34 34 + // slot is valid for all 'events 35 35 + pub fn register(self, slot: &'events mut Waker<'events>) { 36 36 + // Cast from 'events to 'static 37 37 + // 38 38 + // # Safety 39 39 + // 40 40 + // This is safe because the drop guard guarantees that the task ptr (which lives for static) 41 41 + // becomes null when the wake is dropped, ensuring the dangling pointer is never dereferenced. 42 42 + let dangling_task = unsafe { 43 43 + mem::transmute::<&'events dyn Wake<'events>, *const dyn Wake<'events>>( 44 44 + self.task, 45 45 + ) 46 46 + }; 47 47 + slot.task = dangling_task; 48 48 + 49 49 + (*self.task).register_waker(slot); 50 50 + } 7 51 }

+107 -56

futures-derive/src/lib.rs

reviewed

··· 1 1 use proc_macro::TokenStream; 2 2 use quote::{ToTokens, quote}; 3 3 use syn::{ 4 4 - Expr, ExprAwait, FnArg, GenericArgument, ItemFn, Pat, ReturnType, 5 5 - Signature, parse_macro_input, visit_mut::VisitMut, 4 4 + Expr, ExprAwait, FnArg, GenericArgument, ItemFn, ReturnType, 5 5 + parse_macro_input, parse_quote, parse2, visit_mut::VisitMut, 6 6 }; 7 7 8 8 + /// Takes async fn that returns anonymous `Future` impl. 9 9 + /// Generates fn that returns `UnscopedFutureWrapper` wrapper for the the anonymous `Future` impl. 10 10 + /// 11 11 + /// ```rust 12 12 + /// fn my_func<'a, 'b>(a: &'a A, b: &'b B) -> impl ScopedFuture<'a + 'b, Output = T> + 'a + 'b { 13 13 + /// let output = async move { [body] } // compilers turns this into -> impl Future<Output = T> + 'a + 'b 14 14 + /// unsafe { UnscopedFutureWrapper::from_future(output) } 15 15 + /// } 16 16 + /// ``` 17 17 + /// 18 18 + /// see https://rust-lang.github.io/rfcs/2394-async_await.html#lifetime-capture-in-the-anonymous-future 19 19 + /// for more context on lifetime capture 20 20 + /// - resulting ScopedFuture needs to be constrained to not outlive the lifetimes of any references 21 21 + /// 22 22 + /// to actually implement this (capture all lifetimes) we use `ScopedFuture<'_> + '_` so the compiler can infer 23 23 + /// lifetimes from the anonymous future impl returned by the actual inner async fn 8 24 #[proc_macro_attribute] 9 25 pub fn async_scoped(_: TokenStream, item: TokenStream) -> TokenStream { 10 10 - let mut input = parse_macro_input!(item as ItemFn); 11 11 - 26 26 + let mut item_fn = parse_macro_input!(item as ItemFn); 12 27 // Wraps *every* async expression within the function block with 13 28 // `ScopedFutureWrapper`, allowing them to be treated as regular `Future` 14 29 // impls. ··· 16 31 // This will cause a compiler error if any expression being awaited is not 17 32 // a `ScopedFuture`, which is intentional because the `Future` and 18 33 // `ScopedFuture` systems are incompatible. 19 19 - ScopedFutureWrappingVisitor.visit_item_fn_mut(&mut input); 34 34 + ScopedFutureWrappingVisitor.visit_item_fn_mut(&mut item_fn); 20 35 21 21 - // Wrap the function with `UnscopedFutureWrapper` to convert it back into 22 22 - // a `ScopedFuture`. 23 23 - wrap_async_with_scoped(&input).into() 36 36 + // disable async since it is moved to the block 37 37 + item_fn.sig.asyncness = None; 38 38 + 39 39 + // wrap block with UnscopedFutureWrapper 40 40 + let block = *item_fn.block; 41 41 + *item_fn.block = parse_quote! { 42 42 + { 43 43 + let future = async move #block; 44 44 + unsafe { futures_compat::UnscopedFutureWrapper::from_future(future) } 45 45 + } 46 46 + }; 47 47 + 48 48 + let output = match &item_fn.sig.output { 49 49 + ReturnType::Default => quote! { () }, 50 50 + ReturnType::Type(_, ty) => quote! { #ty }, 51 51 + }; 52 52 + 53 53 + let has_lifetime_dependency = 54 54 + item_fn.sig.inputs.iter().any(|param| match param { 55 55 + FnArg::Receiver(receiver) => receiver.reference.is_some(), 56 56 + FnArg::Typed(pat) => has_lifetime_dependency(&pat.ty), 57 57 + }); 58 58 + 59 59 + // set outer fn output to ScopedFuture<'_/'static, Output = #output> 60 60 + item_fn.sig.output = if has_lifetime_dependency { 61 61 + parse_quote! { -> impl futures_core::ScopedFuture<'_, Output = #output> + '_ } 62 62 + } else { 63 63 + parse_quote! { -> impl futures_core::ScopedFuture<'static, Output = #output> } 64 64 + }; 65 65 + 66 66 + item_fn.to_token_stream().into() 24 67 } 25 68 69 69 + /// This currently is impossible to do the `futures_compat` workarounds not 70 70 + /// being compatible with closures. 71 71 + /// 26 72 /// Takes async fn that returns anonymous `Future` impl. 27 73 /// Generates fn that returns `UnscopedFutureWrapper` wrapper for the the anonymous `Future` impl. 28 74 /// ··· 39 85 /// 40 86 /// to actually implement this (capture all lifetimes) we use `ScopedFuture<'_> + '_` so the compiler can infer 41 87 /// lifetimes from the anonymous future impl returned by the actual inner async fn 42 42 - fn wrap_async_with_scoped( 43 43 - ItemFn { 44 44 - attrs, 45 45 - vis, 46 46 - sig: 47 47 - Signature { 48 48 - constness, 49 49 - unsafety, 50 50 - ident, 51 51 - generics, 52 52 - inputs, 53 53 - output, 54 54 - .. 55 55 - }, 56 56 - block, 57 57 - }: &ItemFn, 58 58 - ) -> proc_macro2::TokenStream { 59 59 - let output = match output { 60 60 - ReturnType::Default => quote! { () }, 61 61 - ReturnType::Type(_, ty) => quote! { #ty }, 62 62 - }; 88 88 + // #[proc_macro] 89 89 + // pub fn closure(input: TokenStream) -> TokenStream { 90 90 + // // let ExprClosure { 91 91 + // // attrs, 92 92 + // // lifetimes, 93 93 + // // constness, 94 94 + // // movability, 95 95 + // // capture, 96 96 + // // inputs, 97 97 + // // output, 98 98 + // // body, 99 99 + // // .. 100 100 + // // } = parse_macro_input!(input as ExprClosure); 101 101 + // let mut closure = parse_macro_input!(input as ExprClosure); 102 102 + // // disable async because we move it to inner 103 103 + // closure.asyncness = None; 104 104 + // let body = closure.body; 105 105 + 106 106 + // // let output = match closure.output { 107 107 + // // ReturnType::Default => parse_quote! { () }, 108 108 + // // ReturnType::Type(_, ty) => parse_quote! { #ty }, 109 109 + // // }; 63 110 64 64 - let inner_args: Vec<syn::Ident> = inputs 65 65 - .iter() 66 66 - .filter_map(|param| match param { 67 67 - FnArg::Receiver(_) => Some(quote::format_ident!("self")), 68 68 - FnArg::Typed(typed) => { 69 69 - if let Pat::Ident(ident) = &*typed.pat { 70 70 - Some(ident.ident.to_owned()) 71 71 - } else { 72 72 - None 73 73 - } 74 74 - } 75 75 - }) 76 76 - .collect(); 111 111 + // // let outer_output = 112 112 + // // parse_quote! { futures_core::ScopedFuture<'_, Output = #output> + '_ }; 77 113 78 78 - let has_lifetime_dependency = inputs.iter().any(|param| match param { 79 79 - FnArg::Receiver(receiver) => receiver.reference.is_some(), 80 80 - FnArg::Typed(pat) => has_lifetime_dependency(&pat.ty), 81 81 - }); 114 114 + // closure.body = parse_quote! {{ 115 115 + // let output = async move { #body }; 116 116 + // unsafe { futures_compat::UnscopedFutureWrapper::from_future(output) } 117 117 + // }}; 118 118 + // // closure.output = outer_output; 119 119 + // closure.to_token_stream().into() 120 120 + // } 82 121 83 83 - let outer_output = if has_lifetime_dependency { 84 84 - quote! { futures_core::ScopedFuture<'_, Output = #output> + '_ } 85 85 - } else { 86 86 - quote! { futures_core::ScopedFuture<'static, Output = #output> } 87 87 - }; 122 122 + /// Wraps a block of optionally async statements and expressions in an anonymous `ScopedFuture` impl. 123 123 + /// 124 124 + /// This generates a modified block of the form: 125 125 + /// 126 126 + /// ```rust 127 127 + /// { 128 128 + /// let output = async { <original block, mapped to convert all `ScopedFuture` to `Future`> }; 129 129 + /// unsafe { futures_compat::UnscopedFutureWrapper::from_future(output) } 130 130 + /// } 131 131 + /// ``` 132 132 + #[proc_macro] 133 133 + pub fn block(input: TokenStream) -> TokenStream { 134 134 + // block is formed { **expr/stmt }, so we need to surround the inputs in {} 135 135 + let input = proc_macro2::TokenStream::from(input); 136 136 + let block_input = quote! { { #input } }; 88 137 89 89 - quote! { 90 90 - #(#attrs)* #vis #constness #unsafety fn #ident #generics (#inputs) -> impl #outer_output { 91 91 - async #constness #unsafety fn __inner (#inputs) -> #output #block 138 138 + let mut block = parse2(block_input).expect("Failed to parse as block."); 92 139 93 93 - let future = __inner(#(#inner_args),*); 140 140 + ScopedFutureWrappingVisitor.visit_block_mut(&mut block); 94 141 95 95 - unsafe { futures_compat::UnscopedFutureWrapper::from_future(future) } 142 142 + quote! { 143 143 + { 144 144 + let output = async #block; 145 145 + unsafe { futures_compat::UnscopedFutureWrapper::from_future(output) } 96 146 } 97 147 } 148 148 + .into() 98 149 } 99 150 100 151 /// Determines if typed pattern contains a reference or dependency on a

+2 -14

futures/src/lib.rs

reviewed

··· 1 1 #![no_std] 2 2 3 3 pub use futures_combinators; 4 4 - use futures_compat::{ScopedFutureWrapper, UnscopedFutureWrapper}; 5 4 pub use futures_core; 6 5 use futures_core::ScopedFuture; 7 6 pub use futures_derive::async_scoped; ··· 16 15 } 17 16 18 17 #[async_scoped] 19 19 - fn test(a: i32, b: &i32) -> () { 20 20 - // evil().await; 21 21 - let x = inner(a, &b).await; 22 22 - // async {}.await; 23 23 - 24 24 - let test_block = futures_derive::block! { 1 + 1; 2 }.await; 25 25 - 26 26 - // let test_closure = futures_derive::closure! { |&ab, &cd| ab + cd }; 27 27 - 28 28 - // let asdf = futures_derive::closure! { |a: &i32| { 29 29 - // *a + b 30 30 - // }}; 31 31 - // let x = asdf(&a).await; 18 18 + fn test(a: i32, b: &i32) -> i32 { 19 19 + futures_derive::block! { 1 + *b; 2 }.await 32 20 } 33 21 34 22 fn test2<'a>(a: i32) {}

+11

lifetime-guard/Cargo.toml

reviewed

··· 1 1 + [package] 2 2 + name = "lifetime-guard" 3 3 + version.workspace = true 4 4 + rust-version.workspace = true 5 5 + edition.workspace = true 6 6 + license.workspace = true 7 7 + authors.workspace = true 8 8 + repository.workspace = true 9 9 + homepage.workspace = true 10 10 + 11 11 + [dependencies]

+153

lifetime-guard/src/lib.rs

reviewed

··· 1 1 + /// Unsound Drop based guard API 2 2 + use std::{ 3 3 + cell::Cell, 4 4 + mem, 5 5 + pin::{Pin, pin}, 6 6 + ptr::{self, NonNull, dangling}, 7 7 + }; 8 8 + 9 9 + /// must not outlive strong guard 10 10 + /// 11 11 + /// enforces strong guard doesn't move with ptr 12 12 + pub struct WeakGuard<'weak, T> { 13 13 + strong: Option<&'weak StrongGuard<'weak, T>>, 14 14 + } 15 15 + 16 16 + impl<'weak, T> WeakGuard<'weak, T> { 17 17 + pub fn register_strong(&mut self, weak: &'weak T) { 18 18 + self.strong = Some(weak); 19 19 + } 20 20 + } 21 21 + 22 22 + impl<'weak, T> Drop for WeakGuard<'weak, StrongGuard<'weak, T>> { 23 23 + fn drop(&mut self) { 24 24 + // self.weak. 25 25 + } 26 26 + } 27 27 + 28 28 + /// outlives strong guard 29 29 + pub struct StrongGuard<'weak, T> { 30 30 + strong: *const WeakGuard<'weak, T>, 31 31 + } 32 32 + 33 33 + // wakers must outlive 'task 34 34 + impl<'weak, T> StrongGuard<'weak, T> { 35 35 + pub fn new(strong: *const WeakGuard<'weak, T>) -> Self { 36 36 + Self { 37 37 + strong: task.into(), 38 38 + } 39 39 + } 40 40 + } 41 41 + 42 42 + // pub struct GuardRegistration<'weak, T> { 43 43 + // task: &'weak StrongGuard<'weak, T>, // valid for all of 'weak 44 44 + // } 45 45 + 46 46 + // impl<'weak> GuardRegistration<'weak> { 47 47 + // // slot is valid for all 'weak 48 48 + // pub fn register(self, slot: &'weak mut StrongGuard<'weak>) { 49 49 + // // Cast from 'weak to 'static 50 50 + // // 51 51 + // // # Safety 52 52 + // // 53 53 + // // This is safe because the drop guard guarantees that the task ptr (which lives for static) 54 54 + // // becomes null when the wake is dropped, ensuring the dangling pointer is never dereferenced. 55 55 + // let dangling_task = unsafe { 56 56 + // mem::transmute::< 57 57 + // &'weak dyn StrongGuard<'weak>, 58 58 + // *const dyn StrongGuard<'weak>, 59 59 + // >(self.task) 60 60 + // }; 61 61 + // slot.strong = dangling_task; 62 62 + 63 63 + // (*self.task).register_waker(slot); 64 64 + // } 65 65 + // } 66 66 + 67 67 + pub struct ValueGuard<T> { 68 68 + data: T, 69 69 + ref_guard: Cell<*const RefGuard<T>>, 70 70 + } 71 71 + 72 72 + impl<T> ValueGuard<T> { 73 73 + pub fn new(data: T) -> Self { 74 74 + Self { 75 75 + data, 76 76 + ref_guard: Cell::new(ptr::null()), 77 77 + } 78 78 + } 79 79 + 80 80 + pub fn set(&mut self, value: T) { 81 81 + self.data = value; 82 82 + } 83 83 + } 84 84 + 85 85 + impl<T: Copy> ValueGuard<T> { 86 86 + pub fn get(&self) -> T { 87 87 + self.data 88 88 + } 89 89 + } 90 90 + 91 91 + impl<T> Drop for ValueGuard<T> { 92 92 + fn drop(&mut self) { 93 93 + unsafe { 94 94 + self.ref_guard 95 95 + .get() 96 96 + .as_ref() 97 97 + .inspect(|guard| guard.value_guard.set(ptr::null())) 98 98 + }; 99 99 + } 100 100 + } 101 101 + 102 102 + pub struct RefGuard<T> { 103 103 + value_guard: Cell<*const ValueGuard<T>>, 104 104 + } 105 105 + 106 106 + impl<T> RefGuard<T> { 107 107 + pub fn new() -> Self { 108 108 + Self { 109 109 + value_guard: Cell::new(ptr::null()), 110 110 + } 111 111 + } 112 112 + } 113 113 + 114 114 + impl<T: Copy> RefGuard<T> { 115 115 + pub fn get(&self) -> Option<T> { 116 116 + unsafe { self.value_guard.get().as_ref().map(|ptr| ptr.data) } 117 117 + } 118 118 + } 119 119 + 120 120 + impl<T> Drop for RefGuard<T> { 121 121 + fn drop(&mut self) { 122 122 + unsafe { self.value_guard.get().as_ref() } 123 123 + .inspect(|guard| guard.ref_guard.set(ptr::null())); 124 124 + } 125 125 + } 126 126 + 127 127 + pub struct GuardRegistration<'a, T> { 128 128 + value_guard: Pin<&'a ValueGuard<T>>, 129 129 + } 130 130 + 131 131 + impl<'a, T> GuardRegistration<'a, T> { 132 132 + pub fn from_guard(value_guard: Pin<&'a ValueGuard<T>>) -> Self { 133 133 + Self { value_guard } 134 134 + } 135 135 + 136 136 + pub fn register(self, slot: Pin<&'a mut RefGuard<T>>) { 137 137 + // register new ptrs 138 138 + let old_value_guard = slot 139 139 + .value_guard 140 140 + .replace(self.value_guard.get_ref() as *const ValueGuard<T>); 141 141 + 142 142 + let old_ref_guard = self 143 143 + .value_guard 144 144 + .ref_guard 145 145 + .replace(slot.into_ref().get_ref()); 146 146 + 147 147 + // annul old ptrs 148 148 + unsafe { old_value_guard.as_ref() } 149 149 + .inspect(|guard| guard.ref_guard.set(ptr::null())); 150 150 + unsafe { old_ref_guard.as_ref() } 151 151 + .inspect(|guard| guard.value_guard.set(ptr::null())); 152 152 + } 153 153 + }