From d3915c555ee016b11ce288e107e46dbab9f78c4f Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 17:08:51 +0100 Subject: [PATCH 1/6] Fix spacing in docs for `core::pin` by combining consequent code blocks using HTML-syntax. --- library/core/src/pin.rs | 46 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index b2de0e16a17bb..8d73bf56dcb0d 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -16,9 +16,9 @@ //! By default, all types in Rust are movable. Rust allows passing all types by-value, //! and common smart-pointer types such as [`Box`] and `&mut T` allow replacing and //! moving the values they contain: you can move out of a [`Box`], or you can use [`mem::swap`]. -//! [`Pin

`] wraps a pointer type `P`, so [`Pin`]`<`[`Box`]`>` functions much like a regular -//! [`Box`]: when a [`Pin`]`<`[`Box`]`>` gets dropped, so do its contents, and the memory gets -//! deallocated. Similarly, [`Pin`]`<&mut T>` is a lot like `&mut T`. However, [`Pin

`] does +//! [`Pin

`] wraps a pointer type `P`, so [Pin]<[Box]\> functions much like a regular +//! [`Box`]: when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets +//! deallocated. Similarly, [Pin]<&mut T> is a lot like `&mut T`. However, [`Pin

`] does //! not let clients actually obtain a [`Box`] or `&mut T` to pinned data, which implies that you //! cannot use operations such as [`mem::swap`]: //! @@ -40,8 +40,8 @@ //! //! [`Pin

`] can be used to wrap any pointer type `P`, and as such it interacts with //! [`Deref`] and [`DerefMut`]. A [`Pin

`] where `P: Deref` should be considered -//! as a "`P`-style pointer" to a pinned `P::Target` -- so, a [`Pin`]`<`[`Box`]`>` is -//! an owned pointer to a pinned `T`, and a [`Pin`]`<`[`Rc`]`>` is a reference-counted +//! as a "`P`-style pointer" to a pinned `P::Target` -- so, a [Pin]<[Box]\> is +//! an owned pointer to a pinned `T`, and a [Pin]<[Rc]\> is a reference-counted //! pointer to a pinned `T`. //! For correctness, [`Pin

`] relies on the implementations of [`Deref`] and //! [`DerefMut`] not to move out of their `self` parameter, and only ever to @@ -54,12 +54,12 @@ //! [`bool`], [`i32`], and references) as well as types consisting solely of these //! types. Types that do not care about pinning implement the [`Unpin`] //! auto-trait, which cancels the effect of [`Pin

`]. For `T: Unpin`, -//! [`Pin`]`<`[`Box`]`>` and [`Box`] function identically, as do [`Pin`]`<&mut T>` and +//! [Pin]<[Box]\> and [`Box`] function identically, as do [Pin]<&mut T> and //! `&mut T`. //! //! Note that pinning and [`Unpin`] only affect the pointed-to type `P::Target`, not the pointer //! type `P` itself that got wrapped in [`Pin

`]. For example, whether or not [`Box`] is -//! [`Unpin`] has no effect on the behavior of [`Pin`]`<`[`Box`]`>` (here, `T` is the +//! [`Unpin`] has no effect on the behavior of [Pin]<[Box]\> (here, `T` is the //! pointed-to type). //! //! # Example: self-referential struct @@ -158,7 +158,7 @@ //! //! Notice that this guarantee does *not* mean that memory does not leak! It is still //! completely okay not ever to call [`drop`] on a pinned element (e.g., you can still -//! call [`mem::forget`] on a [`Pin`]`<`[`Box`]`>`). In the example of the doubly-linked +//! call [`mem::forget`] on a [Pin]<[Box]\>). In the example of the doubly-linked //! list, that element would just stay in the list. However you may not free or reuse the storage //! *without calling [`drop`]*. //! @@ -172,9 +172,9 @@ //! This can never cause a problem in safe code because implementing a type that //! relies on pinning requires unsafe code, but be aware that deciding to make //! use of pinning in your type (for example by implementing some operation on -//! [`Pin`]`<&Self>` or [`Pin`]`<&mut Self>`) has consequences for your [`Drop`] +//! [Pin]<&Self> or [Pin]<&mut Self>) has consequences for your [`Drop`] //! implementation as well: if an element of your type could have been pinned, -//! you must treat [`Drop`] as implicitly taking [`Pin`]`<&mut Self>`. +//! you must treat [`Drop`] as implicitly taking [Pin]<&mut Self>. //! //! For example, you could implement `Drop` as follows: //! @@ -204,10 +204,10 @@ //! # Projections and Structural Pinning //! //! When working with pinned structs, the question arises how one can access the -//! fields of that struct in a method that takes just [`Pin`]`<&mut Struct>`. +//! fields of that struct in a method that takes just [Pin]<&mut Struct>. //! The usual approach is to write helper methods (so called *projections*) -//! that turn [`Pin`]`<&mut Struct>` into a reference to the field, but what -//! type should that reference have? Is it [`Pin`]`<&mut Field>` or `&mut Field`? +//! that turn [Pin]<&mut Struct> into a reference to the field, but what +//! type should that reference have? Is it [Pin]<&mut Field> or `&mut Field`? //! The same question arises with the fields of an `enum`, and also when considering //! container/wrapper types such as [`Vec`], [`Box`], or [`RefCell`]. //! (This question applies to both mutable and shared references, we just @@ -215,7 +215,7 @@ //! //! It turns out that it is actually up to the author of the data structure //! to decide whether the pinned projection for a particular field turns -//! [`Pin`]`<&mut Struct>` into [`Pin`]`<&mut Field>` or `&mut Field`. There are some +//! [Pin]<&mut Struct> into [Pin]<&mut Field> or `&mut Field`. There are some //! constraints though, and the most important constraint is *consistency*: //! every field can be *either* projected to a pinned reference, *or* have //! pinning removed as part of the projection. If both are done for the same field, @@ -230,12 +230,12 @@ //! ## Pinning *is not* structural for `field` //! //! It may seem counter-intuitive that the field of a pinned struct might not be pinned, -//! but that is actually the easiest choice: if a [`Pin`]`<&mut Field>` is never created, +//! but that is actually the easiest choice: if a [Pin]<&mut Field> is never created, //! nothing can go wrong! So, if you decide that some field does not have structural pinning, //! all you have to ensure is that you never create a pinned reference to that field. //! //! Fields without structural pinning may have a projection method that turns -//! [`Pin`]`<&mut Struct>` into `&mut Field`: +//! [Pin]<&mut Struct> into `&mut Field`: //! //! ```rust,no_run //! # use std::pin::Pin; @@ -251,14 +251,14 @@ //! //! You may also `impl Unpin for Struct` *even if* the type of `field` //! is not [`Unpin`]. What that type thinks about pinning is not relevant -//! when no [`Pin`]`<&mut Field>` is ever created. +//! when no [Pin]<&mut Field> is ever created. //! //! ## Pinning *is* structural for `field` //! //! The other option is to decide that pinning is "structural" for `field`, //! meaning that if the struct is pinned then so is the field. //! -//! This allows writing a projection that creates a [`Pin`]`<&mut Field>`, thus +//! This allows writing a projection that creates a [Pin]<&mut Field>, thus //! witnessing that the field is pinned: //! //! ```rust,no_run @@ -336,17 +336,17 @@ //! and thus they do not offer pinning projections. This is why `Box: Unpin` holds for all `T`. //! It makes sense to do this for pointer types, because moving the `Box` //! does not actually move the `T`: the [`Box`] can be freely movable (aka `Unpin`) even if -//! the `T` is not. In fact, even [`Pin`]`<`[`Box`]`>` and [`Pin`]`<&mut T>` are always +//! the `T` is not. In fact, even [Pin]<[Box]\> and [Pin]<&mut T> are always //! [`Unpin`] themselves, for the same reason: their contents (the `T`) are pinned, but the //! pointers themselves can be moved without moving the pinned data. For both [`Box`] and -//! [`Pin`]`<`[`Box`]`>`, whether the content is pinned is entirely independent of whether the +//! [Pin]<[Box]\>, whether the content is pinned is entirely independent of whether the //! pointer is pinned, meaning pinning is *not* structural. //! //! When implementing a [`Future`] combinator, you will usually need structural pinning //! for the nested futures, as you need to get pinned references to them to call [`poll`]. //! But if your combinator contains any other data that does not need to be pinned, //! you can make those fields not structural and hence freely access them with a -//! mutable reference even when you just have [`Pin`]`<&mut Self>` (such as in your own +//! mutable reference even when you just have [Pin]<&mut Self> (such as in your own //! [`poll`] implementation). //! //! [`Deref`]: crate::ops::Deref @@ -356,10 +356,10 @@ //! [`Box`]: ../../std/boxed/struct.Box.html //! [`Vec`]: ../../std/vec/struct.Vec.html //! [`Vec::set_len`]: ../../std/vec/struct.Vec.html#method.set_len -//! [`Box`]: ../../std/boxed/struct.Box.html +//! [Box]: ../../std/boxed/struct.Box.html //! [Vec::pop]: ../../std/vec/struct.Vec.html#method.pop //! [Vec::push]: ../../std/vec/struct.Vec.html#method.push -//! [`Rc`]: ../../std/rc/struct.Rc.html +//! [Rc]: ../../std/rc/struct.Rc.html //! [`RefCell`]: crate::cell::RefCell //! [`drop`]: Drop::drop //! [`VecDeque`]: ../../std/collections/struct.VecDeque.html From ceaeb249a3813a78bd81fa3890e27e8843a58262 Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 17:39:18 +0100 Subject: [PATCH 2/6] Exclude single type parameters from links in `core::pin` for more visual consistency. --- library/core/src/pin.rs | 68 ++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index 8d73bf56dcb0d..2a8a127b6cab5 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -6,7 +6,7 @@ //! as moving an object with pointers to itself will invalidate them, which could cause undefined //! behavior. //! -//! At a high level, a [`Pin

`] ensures that the pointee of any pointer type +//! At a high level, a [Pin]\

ensures that the pointee of any pointer type //! `P` has a stable location in memory, meaning it cannot be moved elsewhere //! and its memory cannot be deallocated until it gets dropped. We say that the //! pointee is "pinned". Things get more subtle when discussing types that @@ -14,12 +14,12 @@ //! for more details. //! //! By default, all types in Rust are movable. Rust allows passing all types by-value, -//! and common smart-pointer types such as [`Box`] and `&mut T` allow replacing and -//! moving the values they contain: you can move out of a [`Box`], or you can use [`mem::swap`]. -//! [`Pin

`] wraps a pointer type `P`, so [Pin]<[Box]\> functions much like a regular -//! [`Box`]: when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets -//! deallocated. Similarly, [Pin]<&mut T> is a lot like `&mut T`. However, [`Pin

`] does -//! not let clients actually obtain a [`Box`] or `&mut T` to pinned data, which implies that you +//! and common smart-pointer types such as [Box]\ and `&mut T` allow replacing and +//! moving the values they contain: you can move out of a [Box]\, or you can use [`mem::swap`]. +//! [Pin]\

wraps a pointer type `P`, so [Pin]<[Box]\> functions much like a regular +//! [Box]\: when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets +//! deallocated. Similarly, [Pin]<&mut T> is a lot like `&mut T`. However, [Pin]\

does +//! not let clients actually obtain a [Box]\ or `&mut T` to pinned data, which implies that you //! cannot use operations such as [`mem::swap`]: //! //! ``` @@ -32,18 +32,18 @@ //! } //! ``` //! -//! It is worth reiterating that [`Pin

`] does *not* change the fact that a Rust compiler -//! considers all types movable. [`mem::swap`] remains callable for any `T`. Instead, [`Pin

`] -//! prevents certain *values* (pointed to by pointers wrapped in [`Pin

`]) from being +//! It is worth reiterating that [Pin]\

does *not* change the fact that a Rust compiler +//! considers all types movable. [`mem::swap`] remains callable for any `T`. Instead, [Pin]\

+//! prevents certain *values* (pointed to by pointers wrapped in [Pin]\

) from being //! moved by making it impossible to call methods that require `&mut T` on them //! (like [`mem::swap`]). //! -//! [`Pin

`] can be used to wrap any pointer type `P`, and as such it interacts with -//! [`Deref`] and [`DerefMut`]. A [`Pin

`] where `P: Deref` should be considered +//! [Pin]\

can be used to wrap any pointer type `P`, and as such it interacts with +//! [`Deref`] and [`DerefMut`]. A [Pin]\

where `P: Deref` should be considered //! as a "`P`-style pointer" to a pinned `P::Target` -- so, a [Pin]<[Box]\> is //! an owned pointer to a pinned `T`, and a [Pin]<[Rc]\> is a reference-counted //! pointer to a pinned `T`. -//! For correctness, [`Pin

`] relies on the implementations of [`Deref`] and +//! For correctness, [Pin]\

relies on the implementations of [`Deref`] and //! [`DerefMut`] not to move out of their `self` parameter, and only ever to //! return a pointer to pinned data when they are called on a pinned pointer. //! @@ -53,12 +53,12 @@ //! rely on having a stable address. This includes all the basic types (like //! [`bool`], [`i32`], and references) as well as types consisting solely of these //! types. Types that do not care about pinning implement the [`Unpin`] -//! auto-trait, which cancels the effect of [`Pin

`]. For `T: Unpin`, -//! [Pin]<[Box]\> and [`Box`] function identically, as do [Pin]<&mut T> and +//! auto-trait, which cancels the effect of [Pin]\

. For `T: Unpin`, +//! [Pin]<[Box]\> and [Box]\ function identically, as do [Pin]<&mut T> and //! `&mut T`. //! //! Note that pinning and [`Unpin`] only affect the pointed-to type `P::Target`, not the pointer -//! type `P` itself that got wrapped in [`Pin

`]. For example, whether or not [`Box`] is +//! type `P` itself that got wrapped in [Pin]\

. For example, whether or not [Box]\ is //! [`Unpin`] has no effect on the behavior of [Pin]<[Box]\> (here, `T` is the //! pointed-to type). //! @@ -149,7 +149,7 @@ //! when [`drop`] is called*. Only once [`drop`] returns or panics, the memory may be reused. //! //! Memory can be "invalidated" by deallocation, but also by -//! replacing a [`Some(v)`] by [`None`], or calling [`Vec::set_len`] to "kill" some elements +//! replacing a [Some]\(v) by [`None`], or calling [`Vec::set_len`] to "kill" some elements //! off of a vector. It can be repurposed by using [`ptr::write`] to overwrite it without //! calling the destructor first. None of this is allowed for pinned data without calling [`drop`]. //! @@ -209,7 +209,7 @@ //! that turn [Pin]<&mut Struct> into a reference to the field, but what //! type should that reference have? Is it [Pin]<&mut Field> or `&mut Field`? //! The same question arises with the fields of an `enum`, and also when considering -//! container/wrapper types such as [`Vec`], [`Box`], or [`RefCell`]. +//! container/wrapper types such as [Vec]\, [Box]\, or [RefCell]\. //! (This question applies to both mutable and shared references, we just //! use the more common case of mutable references here for illustration.) //! @@ -292,19 +292,19 @@ //! 3. You must make sure that you uphold the [`Drop` guarantee][drop-guarantee]: //! once your struct is pinned, the memory that contains the //! content is not overwritten or deallocated without calling the content's destructors. -//! This can be tricky, as witnessed by [`VecDeque`]: the destructor of [`VecDeque`] +//! This can be tricky, as witnessed by [VecDeque]\: the destructor of [VecDeque]\ //! can fail to call [`drop`] on all elements if one of the destructors panics. This violates //! the [`Drop`] guarantee, because it can lead to elements being deallocated without -//! their destructor being called. ([`VecDeque`] has no pinning projections, so this +//! their destructor being called. ([VecDeque]\ has no pinning projections, so this //! does not cause unsoundness.) //! 4. You must not offer any other operations that could lead to data being moved out of //! the structural fields when your type is pinned. For example, if the struct contains an -//! [`Option`] and there is a `take`-like operation with type +//! [Option]\ and there is a `take`-like operation with type //! `fn(Pin<&mut Struct>) -> Option`, //! that operation can be used to move a `T` out of a pinned `Struct` -- which means //! pinning cannot be structural for the field holding this data. //! -//! For a more complex example of moving data out of a pinned type, imagine if [`RefCell`] +//! For a more complex example of moving data out of a pinned type, imagine if [RefCell]\ //! had a method `fn get_pin_mut(self: Pin<&mut Self>) -> Pin<&mut T>`. //! Then we could do the following: //! ```compile_fail @@ -315,30 +315,30 @@ //! let content = &mut *b; // And here we have `&mut T` to the same data. //! } //! ``` -//! This is catastrophic, it means we can first pin the content of the [`RefCell`] +//! This is catastrophic, it means we can first pin the content of the [RefCell]\ //! (using `RefCell::get_pin_mut`) and then move that content using the mutable //! reference we got later. //! //! ## Examples //! -//! For a type like [`Vec`], both possibilities (structural pinning or not) make sense. -//! A [`Vec`] with structural pinning could have `get_pin`/`get_pin_mut` methods to get +//! For a type like [Vec]\, both possibilities (structural pinning or not) make sense. +//! A [Vec]\ with structural pinning could have `get_pin`/`get_pin_mut` methods to get //! pinned references to elements. However, it could *not* allow calling -//! [`pop`][Vec::pop] on a pinned [`Vec`] because that would move the (structurally pinned) +//! [`pop`][Vec::pop] on a pinned [Vec]\ because that would move the (structurally pinned) //! contents! Nor could it allow [`push`][Vec::push], which might reallocate and thus also move the //! contents. //! -//! A [`Vec`] without structural pinning could `impl Unpin for Vec`, because the contents -//! are never pinned and the [`Vec`] itself is fine with being moved as well. +//! A [Vec]\ without structural pinning could `impl Unpin for Vec`, because the contents +//! are never pinned and the [Vec]\ itself is fine with being moved as well. //! At that point pinning just has no effect on the vector at all. //! //! In the standard library, pointer types generally do not have structural pinning, //! and thus they do not offer pinning projections. This is why `Box: Unpin` holds for all `T`. //! It makes sense to do this for pointer types, because moving the `Box` -//! does not actually move the `T`: the [`Box`] can be freely movable (aka `Unpin`) even if +//! does not actually move the `T`: the [Box]\ can be freely movable (aka `Unpin`) even if //! the `T` is not. In fact, even [Pin]<[Box]\> and [Pin]<&mut T> are always //! [`Unpin`] themselves, for the same reason: their contents (the `T`) are pinned, but the -//! pointers themselves can be moved without moving the pinned data. For both [`Box`] and +//! pointers themselves can be moved without moving the pinned data. For both [Box]\ and //! [Pin]<[Box]\>, whether the content is pinned is entirely independent of whether the //! pointer is pinned, meaning pinning is *not* structural. //! @@ -353,17 +353,15 @@ //! [`DerefMut`]: crate::ops::DerefMut //! [`mem::swap`]: crate::mem::swap //! [`mem::forget`]: crate::mem::forget -//! [`Box`]: ../../std/boxed/struct.Box.html -//! [`Vec`]: ../../std/vec/struct.Vec.html +//! [Vec]: ../../std/vec/struct.Vec.html //! [`Vec::set_len`]: ../../std/vec/struct.Vec.html#method.set_len //! [Box]: ../../std/boxed/struct.Box.html //! [Vec::pop]: ../../std/vec/struct.Vec.html#method.pop //! [Vec::push]: ../../std/vec/struct.Vec.html#method.push //! [Rc]: ../../std/rc/struct.Rc.html -//! [`RefCell`]: crate::cell::RefCell +//! [RefCell]: crate::cell::RefCell //! [`drop`]: Drop::drop -//! [`VecDeque`]: ../../std/collections/struct.VecDeque.html -//! [`Some(v)`]: Some +//! [VecDeque]: ../../std/collections/struct.VecDeque.html //! [`ptr::write`]: crate::ptr::write //! [`Future`]: crate::future::Future //! [drop-impl]: #drop-implementation From 87ac118ba3d0c8268e043fadbd63b51e06904795 Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 18:03:54 +0100 Subject: [PATCH 3/6] Add more links to `core::pin` to improve visual consistency. --- library/core/src/pin.rs | 83 ++++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 39 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index 2a8a127b6cab5..52c1c1975cc50 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -14,12 +14,12 @@ //! for more details. //! //! By default, all types in Rust are movable. Rust allows passing all types by-value, -//! and common smart-pointer types such as [Box]\ and `&mut T` allow replacing and +//! and common smart-pointer types such as [Box]\ and [&mut] T allow replacing and //! moving the values they contain: you can move out of a [Box]\, or you can use [`mem::swap`]. //! [Pin]\

wraps a pointer type `P`, so [Pin]<[Box]\> functions much like a regular //! [Box]\: when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets -//! deallocated. Similarly, [Pin]<&mut T> is a lot like `&mut T`. However, [Pin]\

does -//! not let clients actually obtain a [Box]\ or `&mut T` to pinned data, which implies that you +//! deallocated. Similarly, [Pin]<[&mut] T> is a lot like [&mut] T. However, [Pin]\

does +//! not let clients actually obtain a [Box]\ or [&mut] T to pinned data, which implies that you //! cannot use operations such as [`mem::swap`]: //! //! ``` @@ -35,12 +35,12 @@ //! It is worth reiterating that [Pin]\

does *not* change the fact that a Rust compiler //! considers all types movable. [`mem::swap`] remains callable for any `T`. Instead, [Pin]\

//! prevents certain *values* (pointed to by pointers wrapped in [Pin]\

) from being -//! moved by making it impossible to call methods that require `&mut T` on them +//! moved by making it impossible to call methods that require [&mut] T on them //! (like [`mem::swap`]). //! //! [Pin]\

can be used to wrap any pointer type `P`, and as such it interacts with -//! [`Deref`] and [`DerefMut`]. A [Pin]\

where `P: Deref` should be considered -//! as a "`P`-style pointer" to a pinned `P::Target` -- so, a [Pin]<[Box]\> is +//! [`Deref`] and [`DerefMut`]. A [Pin]\

where P: [Deref] should be considered +//! as a "`P`-style pointer" to a pinned P::[Target] – so, a [Pin]<[Box]\> is //! an owned pointer to a pinned `T`, and a [Pin]<[Rc]\> is a reference-counted //! pointer to a pinned `T`. //! For correctness, [Pin]\

relies on the implementations of [`Deref`] and @@ -53,11 +53,11 @@ //! rely on having a stable address. This includes all the basic types (like //! [`bool`], [`i32`], and references) as well as types consisting solely of these //! types. Types that do not care about pinning implement the [`Unpin`] -//! auto-trait, which cancels the effect of [Pin]\

. For `T: Unpin`, -//! [Pin]<[Box]\> and [Box]\ function identically, as do [Pin]<&mut T> and -//! `&mut T`. +//! auto-trait, which cancels the effect of [Pin]\

. For T: [Unpin], +//! [Pin]<[Box]\> and [Box]\ function identically, as do [Pin]<[&mut] T> and +//! [&mut] T. //! -//! Note that pinning and [`Unpin`] only affect the pointed-to type `P::Target`, not the pointer +//! Note that pinning and [`Unpin`] only affect the pointed-to type P::[Target], not the pointer //! type `P` itself that got wrapped in [Pin]\

. For example, whether or not [Box]\ is //! [`Unpin`] has no effect on the behavior of [Pin]<[Box]\> (here, `T` is the //! pointed-to type). @@ -65,7 +65,7 @@ //! # Example: self-referential struct //! //! Before we go into more details to explain the guarantees and choices -//! associated with `Pin`, we discuss some examples for how it might be used. +//! associated with [Pin]\

, we discuss some examples for how it might be used. //! Feel free to [skip to where the theoretical discussion continues](#drop-guarantee). //! //! ```rust @@ -165,18 +165,18 @@ //! # `Drop` implementation //! //! If your type uses pinning (such as the two examples above), you have to be careful -//! when implementing [`Drop`]. The [`drop`] function takes `&mut self`, but this +//! when implementing [`Drop`]. The [`drop`] function takes [&mut] self, but this //! is called *even if your type was previously pinned*! It is as if the //! compiler automatically called [`Pin::get_unchecked_mut`]. //! //! This can never cause a problem in safe code because implementing a type that //! relies on pinning requires unsafe code, but be aware that deciding to make //! use of pinning in your type (for example by implementing some operation on -//! [Pin]<&Self> or [Pin]<&mut Self>) has consequences for your [`Drop`] +//! [Pin]<[&]Self> or [Pin]<[&mut] Self>) has consequences for your [`Drop`] //! implementation as well: if an element of your type could have been pinned, -//! you must treat [`Drop`] as implicitly taking [Pin]<&mut Self>. +//! you must treat [`Drop`] as implicitly taking [Pin]<[&mut] Self>. //! -//! For example, you could implement `Drop` as follows: +//! For example, you could implement [`Drop`] as follows: //! //! ```rust,no_run //! # use std::pin::Pin; @@ -204,10 +204,10 @@ //! # Projections and Structural Pinning //! //! When working with pinned structs, the question arises how one can access the -//! fields of that struct in a method that takes just [Pin]<&mut Struct>. +//! fields of that struct in a method that takes just [Pin]<[&mut] Struct>. //! The usual approach is to write helper methods (so called *projections*) -//! that turn [Pin]<&mut Struct> into a reference to the field, but what -//! type should that reference have? Is it [Pin]<&mut Field> or `&mut Field`? +//! that turn [Pin]<[&mut] Struct> into a reference to the field, but what +//! type should that reference have? Is it [Pin]<[&mut] Field> or [&mut] Field? //! The same question arises with the fields of an `enum`, and also when considering //! container/wrapper types such as [Vec]\, [Box]\, or [RefCell]\. //! (This question applies to both mutable and shared references, we just @@ -215,7 +215,7 @@ //! //! It turns out that it is actually up to the author of the data structure //! to decide whether the pinned projection for a particular field turns -//! [Pin]<&mut Struct> into [Pin]<&mut Field> or `&mut Field`. There are some +//! [Pin]<[&mut] Struct> into [Pin]<[&mut] Field> or [&mut] Field. There are some //! constraints though, and the most important constraint is *consistency*: //! every field can be *either* projected to a pinned reference, *or* have //! pinning removed as part of the projection. If both are done for the same field, @@ -230,12 +230,12 @@ //! ## Pinning *is not* structural for `field` //! //! It may seem counter-intuitive that the field of a pinned struct might not be pinned, -//! but that is actually the easiest choice: if a [Pin]<&mut Field> is never created, +//! but that is actually the easiest choice: if a [Pin]<[&mut] Field> is never created, //! nothing can go wrong! So, if you decide that some field does not have structural pinning, //! all you have to ensure is that you never create a pinned reference to that field. //! //! Fields without structural pinning may have a projection method that turns -//! [Pin]<&mut Struct> into `&mut Field`: +//! [Pin]<[&mut] Struct> into [&mut] Field: //! //! ```rust,no_run //! # use std::pin::Pin; @@ -249,16 +249,16 @@ //! } //! ``` //! -//! You may also `impl Unpin for Struct` *even if* the type of `field` +//! You may also impl [Unpin] for Struct *even if* the type of `field` //! is not [`Unpin`]. What that type thinks about pinning is not relevant -//! when no [Pin]<&mut Field> is ever created. +//! when no [Pin]<[&mut] Field> is ever created. //! //! ## Pinning *is* structural for `field` //! //! The other option is to decide that pinning is "structural" for `field`, //! meaning that if the struct is pinned then so is the field. //! -//! This allows writing a projection that creates a [Pin]<&mut Field>, thus +//! This allows writing a projection that creates a [Pin]<[&mut] Field>, thus //! witnessing that the field is pinned: //! //! ```rust,no_run @@ -278,12 +278,12 @@ //! 1. The struct must only be [`Unpin`] if all the structural fields are //! [`Unpin`]. This is the default, but [`Unpin`] is a safe trait, so as the author of //! the struct it is your responsibility *not* to add something like -//! `impl Unpin for Struct`. (Notice that adding a projection operation +//! impl\ [Unpin] for Struct\. (Notice that adding a projection operation //! requires unsafe code, so the fact that [`Unpin`] is a safe trait does not break -//! the principle that you only have to worry about any of this if you use `unsafe`.) +//! the principle that you only have to worry about any of this if you use [`unsafe`].) //! 2. The destructor of the struct must not move structural fields out of its argument. This -//! is the exact point that was raised in the [previous section][drop-impl]: `drop` takes -//! `&mut self`, but the struct (and hence its fields) might have been pinned before. +//! is the exact point that was raised in the [previous section][drop-impl]: [`drop`] takes +//! [&mut] self, but the struct (and hence its fields) might have been pinned before. //! You have to guarantee that you do not move a field inside your [`Drop`] implementation. //! In particular, as explained previously, this means that your struct must *not* //! be `#[repr(packed)]`. @@ -299,13 +299,13 @@ //! does not cause unsoundness.) //! 4. You must not offer any other operations that could lead to data being moved out of //! the structural fields when your type is pinned. For example, if the struct contains an -//! [Option]\ and there is a `take`-like operation with type -//! `fn(Pin<&mut Struct>) -> Option`, -//! that operation can be used to move a `T` out of a pinned `Struct` -- which means +//! [Option]\ and there is a [`take`][Option::take]-like operation with type +//! fn([Pin]<[&mut] Struct\>) -> [Option]\, +//! that operation can be used to move a `T` out of a pinned `Struct` – which means //! pinning cannot be structural for the field holding this data. //! //! For a more complex example of moving data out of a pinned type, imagine if [RefCell]\ -//! had a method `fn get_pin_mut(self: Pin<&mut Self>) -> Pin<&mut T>`. +//! had a method fn get_pin_mut(self: [Pin]<[&mut] Self>) -> [Pin]<[&mut] T>. //! Then we could do the following: //! ```compile_fail //! fn exploit_ref_cell(rc: Pin<&mut RefCell>) { @@ -316,7 +316,7 @@ //! } //! ``` //! This is catastrophic, it means we can first pin the content of the [RefCell]\ -//! (using `RefCell::get_pin_mut`) and then move that content using the mutable +//! (using [RefCell]::get_pin_mut) and then move that content using the mutable //! reference we got later. //! //! ## Examples @@ -328,15 +328,15 @@ //! contents! Nor could it allow [`push`][Vec::push], which might reallocate and thus also move the //! contents. //! -//! A [Vec]\ without structural pinning could `impl Unpin for Vec`, because the contents +//! A [Vec]\ without structural pinning could impl\ [Unpin] for [Vec]\, because the contents //! are never pinned and the [Vec]\ itself is fine with being moved as well. //! At that point pinning just has no effect on the vector at all. //! //! In the standard library, pointer types generally do not have structural pinning, -//! and thus they do not offer pinning projections. This is why `Box: Unpin` holds for all `T`. -//! It makes sense to do this for pointer types, because moving the `Box` -//! does not actually move the `T`: the [Box]\ can be freely movable (aka `Unpin`) even if -//! the `T` is not. In fact, even [Pin]<[Box]\> and [Pin]<&mut T> are always +//! and thus they do not offer pinning projections. This is why [Box]\: [Unpin] holds for all `T`. +//! It makes sense to do this for pointer types, because moving the [Box]\ +//! does not actually move the `T`: the [Box]\ can be freely movable (aka [`Unpin`]) even if +//! the `T` is not. In fact, even [Pin]<[Box]\> and [Pin]<[&mut] T> are always //! [`Unpin`] themselves, for the same reason: their contents (the `T`) are pinned, but the //! pointers themselves can be moved without moving the pinned data. For both [Box]\ and //! [Pin]<[Box]\>, whether the content is pinned is entirely independent of whether the @@ -346,10 +346,12 @@ //! for the nested futures, as you need to get pinned references to them to call [`poll`]. //! But if your combinator contains any other data that does not need to be pinned, //! you can make those fields not structural and hence freely access them with a -//! mutable reference even when you just have [Pin]<&mut Self> (such as in your own +//! mutable reference even when you just have [Pin]<[&mut] Self> (such as in your own //! [`poll`] implementation). //! +//! [Deref]: crate::ops::Deref //! [`Deref`]: crate::ops::Deref +//! [Target]: crate::ops::Deref::Target //! [`DerefMut`]: crate::ops::DerefMut //! [`mem::swap`]: crate::mem::swap //! [`mem::forget`]: crate::mem::forget @@ -367,6 +369,9 @@ //! [drop-impl]: #drop-implementation //! [drop-guarantee]: #drop-guarantee //! [`poll`]: crate::future::Future::poll +//! [&]: ../../std/primitive.reference.html +//! [&mut]: ../../std/primitive.reference.html +//! [`unsafe`]: ../../std/keyword.unsafe.html #![stable(feature = "pin", since = "1.33.0")] From e65385fbfa72995b27ec64aa54f330cf503dfc03 Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 19:11:20 +0100 Subject: [PATCH 4/6] Fix broken links to `Drop` that used to point to `Drop::drop` due to the markdown link definition names being case insensitive. --- library/core/src/pin.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index 52c1c1975cc50..b4a3bffff5a21 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -129,7 +129,7 @@ //! //! To make this work, every element has pointers to its predecessor and successor in //! the list. Elements can only be added when they are pinned, because moving the elements -//! around would invalidate the pointers. Moreover, the [`Drop`] implementation of a linked +//! around would invalidate the pointers. Moreover, the [`Drop`][Drop] implementation of a linked //! list element will patch the pointers of its predecessor and successor to remove itself //! from the list. //! @@ -165,18 +165,18 @@ //! # `Drop` implementation //! //! If your type uses pinning (such as the two examples above), you have to be careful -//! when implementing [`Drop`]. The [`drop`] function takes [&mut] self, but this +//! when implementing [`Drop`][Drop]. The [`drop`] function takes [&mut] self, but this //! is called *even if your type was previously pinned*! It is as if the //! compiler automatically called [`Pin::get_unchecked_mut`]. //! //! This can never cause a problem in safe code because implementing a type that //! relies on pinning requires unsafe code, but be aware that deciding to make //! use of pinning in your type (for example by implementing some operation on -//! [Pin]<[&]Self> or [Pin]<[&mut] Self>) has consequences for your [`Drop`] +//! [Pin]<[&]Self> or [Pin]<[&mut] Self>) has consequences for your [`Drop`][Drop] //! implementation as well: if an element of your type could have been pinned, -//! you must treat [`Drop`] as implicitly taking [Pin]<[&mut] Self>. +//! you must treat [`Drop`][Drop] as implicitly taking [Pin]<[&mut] Self>. //! -//! For example, you could implement [`Drop`] as follows: +//! For example, you could implement [`Drop`][Drop] as follows: //! //! ```rust,no_run //! # use std::pin::Pin; @@ -284,7 +284,7 @@ //! 2. The destructor of the struct must not move structural fields out of its argument. This //! is the exact point that was raised in the [previous section][drop-impl]: [`drop`] takes //! [&mut] self, but the struct (and hence its fields) might have been pinned before. -//! You have to guarantee that you do not move a field inside your [`Drop`] implementation. +//! You have to guarantee that you do not move a field inside your [`Drop`][Drop] implementation. //! In particular, as explained previously, this means that your struct must *not* //! be `#[repr(packed)]`. //! See that section for how to write [`drop`] in a way that the compiler can help you @@ -294,7 +294,7 @@ //! content is not overwritten or deallocated without calling the content's destructors. //! This can be tricky, as witnessed by [VecDeque]\: the destructor of [VecDeque]\ //! can fail to call [`drop`] on all elements if one of the destructors panics. This violates -//! the [`Drop`] guarantee, because it can lead to elements being deallocated without +//! the [`Drop`][Drop] guarantee, because it can lead to elements being deallocated without //! their destructor being called. ([VecDeque]\ has no pinning projections, so this //! does not cause unsoundness.) //! 4. You must not offer any other operations that could lead to data being moved out of From 684edf7a70d2e90466ae74e7a321670259bf3fd9 Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 19:33:32 +0100 Subject: [PATCH 5/6] Add titles (tooltips) to defined links in `core::pin`. --- library/core/src/pin.rs | 42 ++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index b4a3bffff5a21..864fd89cbf54c 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -349,29 +349,29 @@ //! mutable reference even when you just have [Pin]<[&mut] Self> (such as in your own //! [`poll`] implementation). //! -//! [Deref]: crate::ops::Deref -//! [`Deref`]: crate::ops::Deref -//! [Target]: crate::ops::Deref::Target -//! [`DerefMut`]: crate::ops::DerefMut -//! [`mem::swap`]: crate::mem::swap -//! [`mem::forget`]: crate::mem::forget -//! [Vec]: ../../std/vec/struct.Vec.html -//! [`Vec::set_len`]: ../../std/vec/struct.Vec.html#method.set_len -//! [Box]: ../../std/boxed/struct.Box.html -//! [Vec::pop]: ../../std/vec/struct.Vec.html#method.pop -//! [Vec::push]: ../../std/vec/struct.Vec.html#method.push -//! [Rc]: ../../std/rc/struct.Rc.html -//! [RefCell]: crate::cell::RefCell -//! [`drop`]: Drop::drop -//! [VecDeque]: ../../std/collections/struct.VecDeque.html -//! [`ptr::write`]: crate::ptr::write -//! [`Future`]: crate::future::Future +//! [Deref]: crate::ops::Deref "ops::Deref" +//! [`Deref`]: crate::ops::Deref "ops::Deref" +//! [Target]: crate::ops::Deref::Target "ops::Deref::Target" +//! [`DerefMut`]: crate::ops::DerefMut "ops::DerefMut" +//! [`mem::swap`]: crate::mem::swap "mem::swap" +//! [`mem::forget`]: crate::mem::forget "mem::forget" +//! [Vec]: ../../std/vec/struct.Vec.html "Vec" +//! [`Vec::set_len`]: ../../std/vec/struct.Vec.html#method.set_len "Vec::set_len" +//! [Box]: ../../std/boxed/struct.Box.html "Box" +//! [Vec::pop]: ../../std/vec/struct.Vec.html#method.pop "Vec::pop" +//! [Vec::push]: ../../std/vec/struct.Vec.html#method.push "Vec::push" +//! [Rc]: ../../std/rc/struct.Rc.html "rc::Rc" +//! [RefCell]: crate::cell::RefCell "cell::RefCell" +//! [`drop`]: Drop::drop "Drop::drop" +//! [VecDeque]: ../../std/collections/struct.VecDeque.html "collections::VecDeque" +//! [`ptr::write`]: crate::ptr::write "ptr::write" +//! [`Future`]: crate::future::Future "future::Future" //! [drop-impl]: #drop-implementation //! [drop-guarantee]: #drop-guarantee -//! [`poll`]: crate::future::Future::poll -//! [&]: ../../std/primitive.reference.html -//! [&mut]: ../../std/primitive.reference.html -//! [`unsafe`]: ../../std/keyword.unsafe.html +//! [`poll`]: crate::future::Future::poll "future::Future::poll" +//! [&]: ../../std/primitive.reference.html "shared reference" +//! [&mut]: ../../std/primitive.reference.html "mutable reference" +//! [`unsafe`]: ../../std/keyword.unsafe.html "keyword unsafe" #![stable(feature = "pin", since = "1.33.0")] From 3e0cef7d6937e17b67dec25477ed56ef2386a3e0 Mon Sep 17 00:00:00 2001 From: Frank Steffahn Date: Tue, 5 Jan 2021 20:02:34 +0100 Subject: [PATCH 6/6] Fix overlength lines in `core::pin`. --- library/core/src/pin.rs | 130 +++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 62 deletions(-) diff --git a/library/core/src/pin.rs b/library/core/src/pin.rs index 864fd89cbf54c..3d888299485b5 100644 --- a/library/core/src/pin.rs +++ b/library/core/src/pin.rs @@ -14,13 +14,15 @@ //! for more details. //! //! By default, all types in Rust are movable. Rust allows passing all types by-value, -//! and common smart-pointer types such as [Box]\ and [&mut] T allow replacing and -//! moving the values they contain: you can move out of a [Box]\, or you can use [`mem::swap`]. -//! [Pin]\

wraps a pointer type `P`, so [Pin]<[Box]\> functions much like a regular -//! [Box]\: when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets -//! deallocated. Similarly, [Pin]<[&mut] T> is a lot like [&mut] T. However, [Pin]\

does -//! not let clients actually obtain a [Box]\ or [&mut] T to pinned data, which implies that you -//! cannot use operations such as [`mem::swap`]: +//! and common smart-pointer types such as [Box]\ and [&mut] T allow +//! replacing and moving the values they contain: you can move out of a [Box]\, +//! or you can use [`mem::swap`]. [Pin]\

wraps a pointer type `P`, so +//! [Pin]<[Box]\> functions much like a regular [Box]\: +//! when a [Pin]<[Box]\> gets dropped, so do its contents, and the memory gets +//! deallocated. Similarly, [Pin]<[&mut] T> is a lot like [&mut] T. +//! However, [Pin]\

does not let clients actually obtain a [Box]\ +//! or [&mut] T to pinned data, which implies that you cannot use operations such +//! as [`mem::swap`]: //! //! ``` //! use std::pin::Pin; @@ -32,17 +34,17 @@ //! } //! ``` //! -//! It is worth reiterating that [Pin]\

does *not* change the fact that a Rust compiler -//! considers all types movable. [`mem::swap`] remains callable for any `T`. Instead, [Pin]\

-//! prevents certain *values* (pointed to by pointers wrapped in [Pin]\

) from being -//! moved by making it impossible to call methods that require [&mut] T on them -//! (like [`mem::swap`]). +//! It is worth reiterating that [Pin]\

does *not* change the fact that a Rust +//! compiler considers all types movable. [`mem::swap`] remains callable for any `T`. Instead, +//! [Pin]\

prevents certain *values* (pointed to by pointers wrapped in +//! [Pin]\

) from being moved by making it impossible to call methods that require +//! [&mut] T on them (like [`mem::swap`]). //! //! [Pin]\

can be used to wrap any pointer type `P`, and as such it interacts with -//! [`Deref`] and [`DerefMut`]. A [Pin]\

where P: [Deref] should be considered -//! as a "`P`-style pointer" to a pinned P::[Target] – so, a [Pin]<[Box]\> is -//! an owned pointer to a pinned `T`, and a [Pin]<[Rc]\> is a reference-counted -//! pointer to a pinned `T`. +//! [`Deref`] and [`DerefMut`]. A [Pin]\

where P: [Deref] should be +//! considered as a "`P`-style pointer" to a pinned P::[Target] – so, a +//! [Pin]<[Box]\> is an owned pointer to a pinned `T`, and a +//! [Pin]<[Rc]\> is a reference-counted pointer to a pinned `T`. //! For correctness, [Pin]\

relies on the implementations of [`Deref`] and //! [`DerefMut`] not to move out of their `self` parameter, and only ever to //! return a pointer to pinned data when they are called on a pinned pointer. @@ -54,13 +56,13 @@ //! [`bool`], [`i32`], and references) as well as types consisting solely of these //! types. Types that do not care about pinning implement the [`Unpin`] //! auto-trait, which cancels the effect of [Pin]\

. For T: [Unpin], -//! [Pin]<[Box]\> and [Box]\ function identically, as do [Pin]<[&mut] T> and -//! [&mut] T. +//! [Pin]<[Box]\> and [Box]\ function identically, as do +//! [Pin]<[&mut] T> and [&mut] T. //! -//! Note that pinning and [`Unpin`] only affect the pointed-to type P::[Target], not the pointer -//! type `P` itself that got wrapped in [Pin]\

. For example, whether or not [Box]\ is -//! [`Unpin`] has no effect on the behavior of [Pin]<[Box]\> (here, `T` is the -//! pointed-to type). +//! Note that pinning and [`Unpin`] only affect the pointed-to type P::[Target], +//! not the pointer type `P` itself that got wrapped in [Pin]\

. For example, +//! whether or not [Box]\ is [`Unpin`] has no effect on the behavior of +//! [Pin]<[Box]\> (here, `T` is the pointed-to type). //! //! # Example: self-referential struct //! @@ -149,8 +151,8 @@ //! when [`drop`] is called*. Only once [`drop`] returns or panics, the memory may be reused. //! //! Memory can be "invalidated" by deallocation, but also by -//! replacing a [Some]\(v) by [`None`], or calling [`Vec::set_len`] to "kill" some elements -//! off of a vector. It can be repurposed by using [`ptr::write`] to overwrite it without +//! replacing a [Some]\(v) by [`None`], or calling [`Vec::set_len`] to "kill" some +//! elements off of a vector. It can be repurposed by using [`ptr::write`] to overwrite it without //! calling the destructor first. None of this is allowed for pinned data without calling [`drop`]. //! //! This is exactly the kind of guarantee that the intrusive linked list from the previous @@ -172,8 +174,8 @@ //! This can never cause a problem in safe code because implementing a type that //! relies on pinning requires unsafe code, but be aware that deciding to make //! use of pinning in your type (for example by implementing some operation on -//! [Pin]<[&]Self> or [Pin]<[&mut] Self>) has consequences for your [`Drop`][Drop] -//! implementation as well: if an element of your type could have been pinned, +//! [Pin]<[&]Self> or [Pin]<[&mut] Self>) has consequences for your +//! [`Drop`][Drop]implementation as well: if an element of your type could have been pinned, //! you must treat [`Drop`][Drop] as implicitly taking [Pin]<[&mut] Self>. //! //! For example, you could implement [`Drop`][Drop] as follows: @@ -206,16 +208,16 @@ //! When working with pinned structs, the question arises how one can access the //! fields of that struct in a method that takes just [Pin]<[&mut] Struct>. //! The usual approach is to write helper methods (so called *projections*) -//! that turn [Pin]<[&mut] Struct> into a reference to the field, but what -//! type should that reference have? Is it [Pin]<[&mut] Field> or [&mut] Field? +//! that turn [Pin]<[&mut] Struct> into a reference to the field, but what type should +//! that reference have? Is it [Pin]<[&mut] Field> or [&mut] Field? //! The same question arises with the fields of an `enum`, and also when considering -//! container/wrapper types such as [Vec]\, [Box]\, or [RefCell]\. -//! (This question applies to both mutable and shared references, we just -//! use the more common case of mutable references here for illustration.) +//! container/wrapper types such as [Vec]\, [Box]\, +//! or [RefCell]\. (This question applies to both mutable and shared references, +//! we just use the more common case of mutable references here for illustration.) //! -//! It turns out that it is actually up to the author of the data structure -//! to decide whether the pinned projection for a particular field turns -//! [Pin]<[&mut] Struct> into [Pin]<[&mut] Field> or [&mut] Field. There are some +//! It turns out that it is actually up to the author of the data structure to decide whether +//! the pinned projection for a particular field turns [Pin]<[&mut] Struct> +//! into [Pin]<[&mut] Field> or [&mut] Field. There are some //! constraints though, and the most important constraint is *consistency*: //! every field can be *either* projected to a pinned reference, *or* have //! pinning removed as part of the projection. If both are done for the same field, @@ -283,19 +285,20 @@ //! the principle that you only have to worry about any of this if you use [`unsafe`].) //! 2. The destructor of the struct must not move structural fields out of its argument. This //! is the exact point that was raised in the [previous section][drop-impl]: [`drop`] takes -//! [&mut] self, but the struct (and hence its fields) might have been pinned before. -//! You have to guarantee that you do not move a field inside your [`Drop`][Drop] implementation. -//! In particular, as explained previously, this means that your struct must *not* -//! be `#[repr(packed)]`. +//! [&mut] self, but the struct (and hence its fields) might have been pinned +//! before. You have to guarantee that you do not move a field inside your [`Drop`][Drop] +//! implementation. In particular, as explained previously, this means that your struct +//! must *not* be `#[repr(packed)]`. //! See that section for how to write [`drop`] in a way that the compiler can help you //! not accidentally break pinning. //! 3. You must make sure that you uphold the [`Drop` guarantee][drop-guarantee]: //! once your struct is pinned, the memory that contains the //! content is not overwritten or deallocated without calling the content's destructors. -//! This can be tricky, as witnessed by [VecDeque]\: the destructor of [VecDeque]\ -//! can fail to call [`drop`] on all elements if one of the destructors panics. This violates -//! the [`Drop`][Drop] guarantee, because it can lead to elements being deallocated without -//! their destructor being called. ([VecDeque]\ has no pinning projections, so this +//! This can be tricky, as witnessed by [VecDeque]\: the destructor of +//! [VecDeque]\ can fail to call [`drop`] on all elements if one of the +//! destructors panics. This violates the [`Drop`][Drop] guarantee, because it can lead to +//! elements being deallocated without their destructor being called. +//! ([VecDeque]\ has no pinning projections, so this //! does not cause unsoundness.) //! 4. You must not offer any other operations that could lead to data being moved out of //! the structural fields when your type is pinned. For example, if the struct contains an @@ -304,8 +307,9 @@ //! that operation can be used to move a `T` out of a pinned `Struct` – which means //! pinning cannot be structural for the field holding this data. //! -//! For a more complex example of moving data out of a pinned type, imagine if [RefCell]\ -//! had a method fn get_pin_mut(self: [Pin]<[&mut] Self>) -> [Pin]<[&mut] T>. +//! For a more complex example of moving data out of a pinned type, +//! imagine if [RefCell]\ had a method +//! fn get_pin_mut(self: [Pin]<[&mut] Self>) -> [Pin]<[&mut] T>. //! Then we could do the following: //! ```compile_fail //! fn exploit_ref_cell(rc: Pin<&mut RefCell>) { @@ -315,31 +319,33 @@ //! let content = &mut *b; // And here we have `&mut T` to the same data. //! } //! ``` -//! This is catastrophic, it means we can first pin the content of the [RefCell]\ -//! (using [RefCell]::get_pin_mut) and then move that content using the mutable -//! reference we got later. +//! This is catastrophic, it means we can first pin the content of the +//! [RefCell]\ (using [RefCell]::get_pin_mut) and then move that +//! content using the mutable reference we got later. //! //! ## Examples //! -//! For a type like [Vec]\, both possibilities (structural pinning or not) make sense. -//! A [Vec]\ with structural pinning could have `get_pin`/`get_pin_mut` methods to get -//! pinned references to elements. However, it could *not* allow calling -//! [`pop`][Vec::pop] on a pinned [Vec]\ because that would move the (structurally pinned) -//! contents! Nor could it allow [`push`][Vec::push], which might reallocate and thus also move the -//! contents. +//! For a type like [Vec]\, both possibilities (structural pinning or not) make +//! sense. A [Vec]\ with structural pinning could have `get_pin`/`get_pin_mut` +//! methods to get pinned references to elements. However, it could *not* allow calling +//! [`pop`][Vec::pop] on a pinned [Vec]\ because that would move the (structurally +//! pinned) contents! Nor could it allow [`push`][Vec::push], which might reallocate and thus also +//! move the contents. //! -//! A [Vec]\ without structural pinning could impl\ [Unpin] for [Vec]\, because the contents -//! are never pinned and the [Vec]\ itself is fine with being moved as well. +//! A [Vec]\ without structural pinning could +//! impl\ [Unpin] for [Vec]\, because the contents are never pinned +//! and the [Vec]\ itself is fine with being moved as well. //! At that point pinning just has no effect on the vector at all. //! //! In the standard library, pointer types generally do not have structural pinning, -//! and thus they do not offer pinning projections. This is why [Box]\: [Unpin] holds for all `T`. -//! It makes sense to do this for pointer types, because moving the [Box]\ -//! does not actually move the `T`: the [Box]\ can be freely movable (aka [`Unpin`]) even if -//! the `T` is not. In fact, even [Pin]<[Box]\> and [Pin]<[&mut] T> are always -//! [`Unpin`] themselves, for the same reason: their contents (the `T`) are pinned, but the -//! pointers themselves can be moved without moving the pinned data. For both [Box]\ and -//! [Pin]<[Box]\>, whether the content is pinned is entirely independent of whether the +//! and thus they do not offer pinning projections. This is why [Box]\: [Unpin] +//! holds for all `T`. It makes sense to do this for pointer types, because moving the +//! [Box]\ does not actually move the `T`: the [Box]\ can be freely +//! movable (aka [`Unpin`]) even if the `T` is not. In fact, even [Pin]<[Box]\> and +//! [Pin]<[&mut] T> are always [`Unpin`] themselves, for the same reason: +//! their contents (the `T`) are pinned, but the pointers themselves can be moved without moving +//! the pinned data. For both [Box]\ and [Pin]<[Box]\>, +//! whether the content is pinned is entirely independent of whether the //! pointer is pinned, meaning pinning is *not* structural. //! //! When implementing a [`Future`] combinator, you will usually need structural pinning