rename immutable borrows to shared borrows
This commit is contained in:
Pat Hickey
@@ -25,8 +25,8 @@ impl BorrowChecker {
|
||||
pub fn has_outstanding_borrows(&self) -> bool {
|
||||
self.bc.borrow().has_outstanding_borrows()
|
||||
}
|
||||
pub fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.borrow_mut().immut_borrow(r)
|
||||
pub fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.borrow_mut().shared_borrow(r)
|
||||
}
|
||||
pub fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.borrow_mut().mut_borrow(r)
|
||||
@@ -47,7 +47,7 @@ struct InnerBorrowChecker {
|
||||
/// for this but it works. It would be more efficient if we could
|
||||
/// check `is_borrowed` without an O(n) iteration, by organizing borrows
|
||||
/// by an ordering of Region.
|
||||
immut_borrows: HashMap<BorrowHandle, Region>,
|
||||
shared_borrows: HashMap<BorrowHandle, Region>,
|
||||
mut_borrows: HashMap<BorrowHandle, Region>,
|
||||
/// Handle to give out for the next borrow. This is the bare minimum of
|
||||
/// bookkeeping of free handles, and in a pathological case we could run
|
||||
@@ -58,19 +58,19 @@ struct InnerBorrowChecker {
|
||||
impl InnerBorrowChecker {
|
||||
fn new() -> Self {
|
||||
InnerBorrowChecker {
|
||||
immut_borrows: HashMap::new(),
|
||||
shared_borrows: HashMap::new(),
|
||||
mut_borrows: HashMap::new(),
|
||||
next_handle: BorrowHandle(0),
|
||||
}
|
||||
}
|
||||
|
||||
fn has_outstanding_borrows(&self) -> bool {
|
||||
!(self.immut_borrows.is_empty() && self.mut_borrows.is_empty())
|
||||
!(self.shared_borrows.is_empty() && self.mut_borrows.is_empty())
|
||||
}
|
||||
|
||||
fn is_borrowed(&self, r: Region) -> bool {
|
||||
!self
|
||||
.immut_borrows
|
||||
.shared_borrows
|
||||
.values()
|
||||
.chain(self.mut_borrows.values())
|
||||
.all(|b| !b.overlaps(r))
|
||||
@@ -78,7 +78,7 @@ impl InnerBorrowChecker {
|
||||
|
||||
fn new_handle(&mut self) -> Result<BorrowHandle, GuestError> {
|
||||
// Reset handles to 0 if all handles have been returned.
|
||||
if self.immut_borrows.is_empty() && self.mut_borrows.is_empty() {
|
||||
if self.shared_borrows.is_empty() && self.mut_borrows.is_empty() {
|
||||
self.next_handle = BorrowHandle(0);
|
||||
}
|
||||
let h = self.next_handle;
|
||||
@@ -94,12 +94,12 @@ impl InnerBorrowChecker {
|
||||
Ok(h)
|
||||
}
|
||||
|
||||
fn immut_borrow(&mut self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
fn shared_borrow(&mut self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
if !self.mut_borrows.values().all(|b| !b.overlaps(r)) {
|
||||
return Err(GuestError::PtrBorrowed(r));
|
||||
}
|
||||
let h = self.new_handle()?;
|
||||
self.immut_borrows.insert(h, r);
|
||||
self.shared_borrows.insert(h, r);
|
||||
Ok(h)
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ impl InnerBorrowChecker {
|
||||
fn unborrow(&mut self, h: BorrowHandle) {
|
||||
let removed = self.mut_borrows.remove(&h);
|
||||
if removed.is_none() {
|
||||
let _ = self.immut_borrows.remove(&h);
|
||||
let _ = self.shared_borrows.remove(&h);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -146,33 +146,33 @@ mod test {
|
||||
let r1 = Region::new(0, 10);
|
||||
let r2 = Region::new(9, 10);
|
||||
assert!(r1.overlaps(r2));
|
||||
bs.immut_borrow(r1).expect("can borrow r1");
|
||||
bs.shared_borrow(r1).expect("can borrow r1");
|
||||
assert!(bs.mut_borrow(r2).is_err(), "cant mut borrow r2");
|
||||
bs.immut_borrow(r2).expect("can immut borrow r2");
|
||||
bs.shared_borrow(r2).expect("can shared borrow r2");
|
||||
|
||||
let mut bs = InnerBorrowChecker::new();
|
||||
let r1 = Region::new(0, 10);
|
||||
let r2 = Region::new(2, 5);
|
||||
assert!(r1.overlaps(r2));
|
||||
bs.immut_borrow(r1).expect("can borrow r1");
|
||||
bs.shared_borrow(r1).expect("can borrow r1");
|
||||
assert!(bs.mut_borrow(r2).is_err(), "cant borrow r2");
|
||||
bs.immut_borrow(r2).expect("can immut borrow r2");
|
||||
bs.shared_borrow(r2).expect("can shared borrow r2");
|
||||
|
||||
let mut bs = InnerBorrowChecker::new();
|
||||
let r1 = Region::new(9, 10);
|
||||
let r2 = Region::new(0, 10);
|
||||
assert!(r1.overlaps(r2));
|
||||
bs.immut_borrow(r1).expect("can borrow r1");
|
||||
bs.shared_borrow(r1).expect("can borrow r1");
|
||||
assert!(bs.mut_borrow(r2).is_err(), "cant borrow r2");
|
||||
bs.immut_borrow(r2).expect("can immut borrow r2");
|
||||
bs.shared_borrow(r2).expect("can shared borrow r2");
|
||||
|
||||
let mut bs = InnerBorrowChecker::new();
|
||||
let r1 = Region::new(2, 5);
|
||||
let r2 = Region::new(0, 10);
|
||||
assert!(r1.overlaps(r2));
|
||||
bs.immut_borrow(r1).expect("can borrow r1");
|
||||
bs.shared_borrow(r1).expect("can borrow r1");
|
||||
assert!(bs.mut_borrow(r2).is_err(), "cant borrow r2");
|
||||
bs.immut_borrow(r2).expect("can immut borrow r2");
|
||||
bs.shared_borrow(r2).expect("can shared borrow r2");
|
||||
|
||||
let mut bs = InnerBorrowChecker::new();
|
||||
let r1 = Region::new(2, 5);
|
||||
@@ -180,11 +180,11 @@ mod test {
|
||||
let r3 = Region::new(15, 5);
|
||||
let r4 = Region::new(0, 10);
|
||||
assert!(r1.overlaps(r4));
|
||||
bs.immut_borrow(r1).expect("can borrow r1");
|
||||
bs.immut_borrow(r2).expect("can borrow r2");
|
||||
bs.immut_borrow(r3).expect("can borrow r3");
|
||||
bs.shared_borrow(r1).expect("can borrow r1");
|
||||
bs.shared_borrow(r2).expect("can borrow r2");
|
||||
bs.shared_borrow(r3).expect("can borrow r3");
|
||||
assert!(bs.mut_borrow(r4).is_err(), "cant mut borrow r4");
|
||||
bs.immut_borrow(r4).expect("can immut borrow r4");
|
||||
bs.shared_borrow(r4).expect("can shared borrow r4");
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -212,17 +212,17 @@ mod test {
|
||||
.mut_borrow(r2)
|
||||
.expect("can borrow r2 again now that its been unborrowed");
|
||||
|
||||
// Lets try again with immut:
|
||||
// Lets try again with shared:
|
||||
|
||||
let mut bs = InnerBorrowChecker::new();
|
||||
let r1 = Region::new(0, 10);
|
||||
let r2 = Region::new(10, 10);
|
||||
assert!(!r1.overlaps(r2));
|
||||
assert_eq!(bs.has_outstanding_borrows(), false, "start with no borrows");
|
||||
let h1 = bs.immut_borrow(r1).expect("can borrow r1");
|
||||
let h1 = bs.shared_borrow(r1).expect("can borrow r1");
|
||||
assert_eq!(bs.has_outstanding_borrows(), true, "h1 is outstanding");
|
||||
let h2 = bs.immut_borrow(r2).expect("can borrow r2");
|
||||
let h3 = bs.immut_borrow(r2).expect("can immut borrow r2 twice");
|
||||
let h2 = bs.shared_borrow(r2).expect("can borrow r2");
|
||||
let h3 = bs.shared_borrow(r2).expect("can shared borrow r2 twice");
|
||||
|
||||
bs.unborrow(h2);
|
||||
assert_eq!(
|
||||
|
||||
@@ -166,7 +166,7 @@ pub unsafe trait GuestMemory {
|
||||
/// borrow, and that `GuestMemory::is_borrowed` of any overlapping region
|
||||
/// is false for the duration of the borrow.
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError>;
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError>;
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError>;
|
||||
/// Unborrow a previously borrowed region. As long as `GuestSlice` and
|
||||
/// `GuestStr` are implemented correctly, a `BorrowHandle` should only be
|
||||
/// unborrowed once.
|
||||
@@ -193,8 +193,8 @@ unsafe impl<'a, T: ?Sized + GuestMemory> GuestMemory for &'a T {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::mut_borrow(self, r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::immut_borrow(self, r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::shared_borrow(self, r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
T::unborrow(self, h)
|
||||
@@ -214,8 +214,8 @@ unsafe impl<'a, T: ?Sized + GuestMemory> GuestMemory for &'a mut T {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::mut_borrow(self, r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::immut_borrow(self, r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::shared_borrow(self, r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
T::unborrow(self, h)
|
||||
@@ -235,8 +235,8 @@ unsafe impl<T: ?Sized + GuestMemory> GuestMemory for Box<T> {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::mut_borrow(self, r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::immut_borrow(self, r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::shared_borrow(self, r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
T::unborrow(self, h)
|
||||
@@ -256,8 +256,8 @@ unsafe impl<T: ?Sized + GuestMemory> GuestMemory for Rc<T> {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::mut_borrow(self, r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::immut_borrow(self, r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::shared_borrow(self, r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
T::unborrow(self, h)
|
||||
@@ -277,8 +277,8 @@ unsafe impl<T: ?Sized + GuestMemory> GuestMemory for Arc<T> {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::mut_borrow(self, r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::immut_borrow(self, r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
T::shared_borrow(self, r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
T::unborrow(self, h)
|
||||
@@ -304,11 +304,11 @@ unsafe impl<T: ?Sized + GuestMemory> GuestMemory for Arc<T> {
|
||||
/// * `GuestPtr<'_, str>` - a pointer to a guest string. Has the methods
|
||||
/// [`GuestPtr::as_str_mut`], which gives a dynamically borrow-checked
|
||||
/// `GuestStrMut<'_>`, which `DerefMut`s to a `&mut str`, and
|
||||
/// [`GuestPtr::as_str`], which is the immutable version of same.
|
||||
/// [`GuestPtr::as_str`], which is the sharedable version of same.
|
||||
/// * `GuestPtr<'_, [T]>` - a pointer to a guest array. Has methods
|
||||
/// [`GuestPtr::as_slice_mut`], which gives a dynamically borrow-checked
|
||||
/// `GuestSliceMut<'_, T>`, which `DerefMut`s to a `&mut [T]` and
|
||||
/// [`GuestPtr::as_slice`], which is the immutable version of same.
|
||||
/// [`GuestPtr::as_slice`], which is the sharedable version of same.
|
||||
///
|
||||
/// Unsized types such as this may have extra methods and won't have methods
|
||||
/// like [`GuestPtr::read`] or [`GuestPtr::write`].
|
||||
@@ -489,9 +489,9 @@ impl<'a, T> GuestPtr<'a, [T]> {
|
||||
/// Attempts to create a [`GuestSlice<'_, T>`] from this pointer, performing
|
||||
/// bounds checks and type validation. The `GuestSlice` is a smart pointer
|
||||
/// that can be used as a `&[T]` via the `Deref` trait.
|
||||
/// The region of memory backing the slice will be marked as immutably
|
||||
/// The region of memory backing the slice will be marked as sharedably
|
||||
/// borrowed by the [`GuestMemory`] until the `GuestSlice` is dropped.
|
||||
/// Multiple immutable borrows of the same memory are permitted, but only
|
||||
/// Multiple sharedable borrows of the same memory are permitted, but only
|
||||
/// one mutable borrow.
|
||||
///
|
||||
/// This function will return a `GuestSlice` into host memory if all checks
|
||||
@@ -509,7 +509,7 @@ impl<'a, T> GuestPtr<'a, [T]> {
|
||||
self.mem
|
||||
.validate_size_align(self.pointer.0, T::guest_align(), len)? as *mut T;
|
||||
|
||||
let borrow = self.mem.immut_borrow(Region {
|
||||
let borrow = self.mem.shared_borrow(Region {
|
||||
start: self.pointer.0,
|
||||
len,
|
||||
})?;
|
||||
@@ -668,7 +668,7 @@ impl<'a> GuestPtr<'a, str> {
|
||||
/// Attempts to create a [`GuestStr<'_>`] from this pointer, performing
|
||||
/// bounds checks and utf-8 checks. The resulting `GuestStr` can be used
|
||||
/// as a `&str` via the `Deref` trait. The region of memory backing the
|
||||
/// `str` will be marked as immutably borrowed by the [`GuestMemory`]
|
||||
/// `str` will be marked as sharedably borrowed by the [`GuestMemory`]
|
||||
/// until the `GuestStr` is dropped.
|
||||
///
|
||||
/// This function will return `GuestStr` into host memory if all checks
|
||||
@@ -679,7 +679,7 @@ impl<'a> GuestPtr<'a, str> {
|
||||
.mem
|
||||
.validate_size_align(self.pointer.0, 1, self.pointer.1)?;
|
||||
|
||||
let borrow = self.mem.immut_borrow(Region {
|
||||
let borrow = self.mem.shared_borrow(Region {
|
||||
start: self.pointer.0,
|
||||
len: self.pointer.1,
|
||||
})?;
|
||||
@@ -754,7 +754,7 @@ impl<T: ?Sized + Pointee> fmt::Debug for GuestPtr<'_, T> {
|
||||
}
|
||||
}
|
||||
|
||||
/// A smart pointer to an immutable slice in guest memory.
|
||||
/// A smart pointer to an sharedable slice in guest memory.
|
||||
/// Usable as a `&'a [T]` via [`std::ops::Deref`].
|
||||
pub struct GuestSlice<'a, T> {
|
||||
ptr: &'a [T],
|
||||
@@ -803,7 +803,7 @@ impl<'a, T> Drop for GuestSliceMut<'a, T> {
|
||||
}
|
||||
}
|
||||
|
||||
/// A smart pointer to an immutable `str` in guest memory.
|
||||
/// A smart pointer to an sharedable `str` in guest memory.
|
||||
/// Usable as a `&'a str` via [`std::ops::Deref`].
|
||||
pub struct GuestStr<'a> {
|
||||
ptr: &'a str,
|
||||
|
||||
@@ -131,8 +131,8 @@ unsafe impl GuestMemory for HostMemory {
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.mut_borrow(r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.immut_borrow(r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.shared_borrow(r)
|
||||
}
|
||||
fn unborrow(&self, h: BorrowHandle) {
|
||||
self.bc.unborrow(h)
|
||||
|
||||
@@ -38,8 +38,8 @@ unsafe impl GuestMemory for WasmtimeGuestMemory {
|
||||
fn is_borrowed(&self, r: Region) -> bool {
|
||||
self.bc.is_borrowed(r)
|
||||
}
|
||||
fn immut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.immut_borrow(r)
|
||||
fn shared_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.shared_borrow(r)
|
||||
}
|
||||
fn mut_borrow(&self, r: Region) -> Result<BorrowHandle, GuestError> {
|
||||
self.bc.mut_borrow(r)
|
||||
|
||||
Reference in New Issue
Block a user