rust/src/libstd/c_vec.rs

/*!
 * Library to interface with chunks of memory allocated in C.
 *
 * It is often desirable to safely interface with memory allocated from C,
 * encapsulating the unsafety into allocation and destruction time.  Indeed,
 * allocating memory externally is currently the only way to give Rust shared
 * mut state with C programs that keep their own references; vectors are
 * unsuitable because they could be reallocated or moved at any time, and
 * importing C memory into a vector takes a one-time snapshot of the memory.
 *
 * This module simplifies the usage of such external blocks of memory.  Memory
 * is encapsulated into an opaque object after creation; the lifecycle of the
 * memory can be optionally managed by Rust, if an appropriate destructor
 * closure is provided.  Safety is ensured by bounds-checking accesses, which
 * are marshalled through get and set functions.
 *
 * There are three unsafe functions: the two introduction forms, and the
 * pointer elimination form.  The introduction forms are unsafe for the
 * obvious reason (they act on a pointer that cannot be checked inside the
 * method), but the elimination form is somewhat more subtle in its unsafety.
 * By using a pointer taken from a c_vec::t without keeping a reference to the
 * c_vec::t itself around, the CVec could be garbage collected, and the
 * memory within could be destroyed.  There are legitimate uses for the
 * pointer elimination form -- for instance, to pass memory back into C -- but
 * great care must be taken to ensure that a reference to the c_vec::t is
 * still held if needed.
 */

export CVec;
export CVec, c_vec_with_dtor;
export get, set;
export len;
export ptr;

/**
 * The type representing a foreign chunk of memory
 *
 * Wrapped in a enum for opacity; FIXME #818 when it is possible to have
 * truly opaque types, this should be revisited.
 */
enum CVec<T> {
    CVecCtor({ base: *mut T, len: uint, rsrc: @DtorRes})
}

struct DtorRes {
  let dtor: Option<fn@()>;
  new(dtor: Option<fn@()>) { self.dtor = dtor; }
  drop {
    match self.dtor {
      option::None => (),
      option::Some(f) => f()
    }
  }
}

/*
 Section: Introduction forms
 */

/**
 * Create a `CVec` from a foreign buffer with a given length.
 *
 * # Arguments
 *
 * * base - A foreign pointer to a buffer
 * * len - The number of elements in the buffer
 */
unsafe fn CVec<T>(base: *mut T, len: uint) -> CVec<T> {
    return CVecCtor({
        base: base,
        len: len,
        rsrc: @DtorRes(option::None)
    });
}

/**
 * Create a `CVec` from a foreign buffer, with a given length,
 * and a function to run upon destruction.
 *
 * # Arguments
 *
 * * base - A foreign pointer to a buffer
 * * len - The number of elements in the buffer
 * * dtor - A function to run when the value is destructed, useful
 *          for freeing the buffer, etc.
 */
unsafe fn c_vec_with_dtor<T>(base: *mut T, len: uint, dtor: fn@())
  -> CVec<T> {
    return CVecCtor({
        base: base,
        len: len,
        rsrc: @DtorRes(option::Some(dtor))
    });
}

/*
 Section: Operations
 */

/**
 * Retrieves an element at a given index
 *
 * Fails if `ofs` is greater or equal to the length of the vector
 */
fn get<T: copy>(t: CVec<T>, ofs: uint) -> T {
    assert ofs < len(t);
    return unsafe { *ptr::mut_offset((*t).base, ofs) };
}

/**
 * Sets the value of an element at a given index
 *
 * Fails if `ofs` is greater or equal to the length of the vector
 */
fn set<T: copy>(t: CVec<T>, ofs: uint, v: T) {
    assert ofs < len(t);
    unsafe { *ptr::mut_offset((*t).base, ofs) = v };
}

/*
 Section: Elimination forms
 */

/// Returns the length of the vector
fn len<T>(t: CVec<T>) -> uint {
    return (*t).len;
}

/// Returns a pointer to the first element of the vector
unsafe fn ptr<T>(t: CVec<T>) -> *mut T {
    return (*t).base;
}

#[cfg(test)]
mod tests {
    import libc::*;

    fn malloc(n: size_t) -> CVec<u8> {
        let mem = libc::malloc(n);

        assert mem as int != 0;

        return unsafe { c_vec_with_dtor(mem as *mut u8, n as uint,
                                     ||free(mem)) };
    }

    #[test]
    fn test_basic() {
        let cv = malloc(16u as size_t);

        set(cv, 3u, 8u8);
        set(cv, 4u, 9u8);
        assert get(cv, 3u) == 8u8;
        assert get(cv, 4u) == 9u8;
        assert len(cv) == 16u;
    }

    #[test]
    #[should_fail]
    #[ignore(cfg(windows))]
    fn test_overrun_get() {
        let cv = malloc(16u as size_t);

        get(cv, 17u);
    }

    #[test]
    #[should_fail]
    #[ignore(cfg(windows))]
    fn test_overrun_set() {
        let cv = malloc(16u as size_t);

        set(cv, 17u, 0u8);
    }

    #[test]
    fn test_and_I_mean_it() {
        let cv = malloc(16u as size_t);
        let p = unsafe { ptr(cv) };

        set(cv, 0u, 32u8);
        set(cv, 1u, 33u8);
        assert unsafe { *p } == 32u8;
        set(cv, 2u, 34u8); /* safety */
    }

}
convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/*!`
			`* Library to interface with chunks of memory allocated in C.`
			`*`
			`* It is often desirable to safely interface with memory allocated from C,`
			`* encapsulating the unsafety into allocation and destruction time. Indeed,`
			`* allocating memory externally is currently the only way to give Rust shared`
			`* mut state with C programs that keep their own references; vectors are`
			`* unsuitable because they could be reallocated or moved at any time, and`
			`* importing C memory into a vector takes a one-time snapshot of the memory.`
			`*`
			`* This module simplifies the usage of such external blocks of memory. Memory`
			`* is encapsulated into an opaque object after creation; the lifecycle of the`
			`* memory can be optionally managed by Rust, if an appropriate destructor`
			`* closure is provided. Safety is ensured by bounds-checking accesses, which`
			`* are marshalled through get and set functions.`
			`*`
			`* There are three unsafe functions: the two introduction forms, and the`
			`* pointer elimination form. The introduction forms are unsafe for the`
			`* obvious reason (they act on a pointer that cannot be checked inside the`
			`* method), but the elimination form is somewhat more subtle in its unsafety.`
			`* By using a pointer taken from a c_vec::t without keeping a reference to the`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`* c_vec::t itself around, the CVec could be garbage collected, and the`
convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`* memory within could be destroyed. There are legitimate uses for the`
			`* pointer elimination form -- for instance, to pass memory back into C -- but`
			`* great care must be taken to ensure that a reference to the c_vec::t is`
			`* still held if needed.`
			`*/`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`export CVec;`
std: Camel case some constructors 2012-08-29 14:45:25 -07:00			`export CVec, c_vec_with_dtor;`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`export get, set;`
libstd: rename c_vec::size to len. 2012-01-06 08:12:18 -08:00			`export len;`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`export ptr;`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/**`
			`* The type representing a foreign chunk of memory`
			`*`
			`* Wrapped in a enum for opacity; FIXME #818 when it is possible to have`
			`* truly opaque types, this should be revisited.`
			`*/`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`enum CVec<T> {`
			`CVecCtor({ base: *mut T, len: uint, rsrc: @DtorRes})`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`struct DtorRes {`
Camel case the option type 2012-08-20 12:23:37 -07:00			`let dtor: Option<fn@()>;`
			`new(dtor: Option<fn@()>) { self.dtor = dtor; }`
Change resources to classes in libstd and rustc 2012-06-22 11:53:25 -07:00			`drop {`
Convert alt to match. Stop parsing alt 2012-08-06 12:34:08 -07:00			`match self.dtor {`
Camel case the option type 2012-08-20 12:23:37 -07:00			`option::None => (),`
			`option::Some(f) => f()`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`
Change resources to classes in libstd and rustc 2012-06-22 11:53:25 -07:00			`}`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

			`/*`
			`Section: Introduction forms`
			`*/`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/**`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			* Create a `CVec` from a foreign buffer with a given length.
convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`*`
			`* # Arguments`
			`*`
			`* * base - A foreign pointer to a buffer`
			`* * len - The number of elements in the buffer`
			`*/`
std: Camel case some constructors 2012-08-29 14:45:25 -07:00			`unsafe fn CVec<T>(base: *mut T, len: uint) -> CVec<T> {`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`return CVecCtor({`
Name types after their modules instead of 't' 2012-03-13 14:39:28 -07:00			`base: base,`
			`len: len,`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`rsrc: @DtorRes(option::None)`
Name types after their modules instead of 't' 2012-03-13 14:39:28 -07:00			`});`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/**`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			* Create a `CVec` from a foreign buffer, with a given length,
convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`* and a function to run upon destruction.`
			`*`
			`* # Arguments`
			`*`
			`* * base - A foreign pointer to a buffer`
			`* * len - The number of elements in the buffer`
			`* * dtor - A function to run when the value is destructed, useful`
			`* for freeing the buffer, etc.`
			`*/`
Bulk-edit mutable -> mut. 2012-03-26 18:35:18 -07:00			`unsafe fn c_vec_with_dtor<T>(base: *mut T, len: uint, dtor: fn@())`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`-> CVec<T> {`
			`return CVecCtor({`
Name types after their modules instead of 't' 2012-03-13 14:39:28 -07:00			`base: base,`
			`len: len,`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`rsrc: @DtorRes(option::Some(dtor))`
Name types after their modules instead of 't' 2012-03-13 14:39:28 -07:00			`});`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

			`/*`
			`Section: Operations`
			`*/`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/**`
			`* Retrieves an element at a given index`
			`*`
			* Fails if `ofs` is greater or equal to the length of the vector
			`*/`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`fn get<T: copy>(t: CVec<T>, ofs: uint) -> T {`
libstd: rename c_vec::size to len. 2012-01-06 08:12:18 -08:00			`assert ofs < len(t);`
Convert ret to return 2012-08-01 17:30:05 -07:00			`return unsafe { ptr::mut_offset((t).base, ofs) };`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/**`
			`* Sets the value of an element at a given index`
			`*`
			* Fails if `ofs` is greater or equal to the length of the vector
			`*/`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`fn set<T: copy>(t: CVec<T>, ofs: uint, v: T) {`
libstd: rename c_vec::size to len. 2012-01-06 08:12:18 -08:00			`assert ofs < len(t);`
c_vec: Remove the mutable cast be forcing the pointer to be mutable throughout (discussion in #1217). 2011-11-25 02:42:56 -05:00			`unsafe { ptr::mut_offset((t).base, ofs) = v };`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

			`/*`
			`Section: Elimination forms`
			`*/`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/// Returns the length of the vector`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`fn len<T>(t: CVec<T>) -> uint {`
Convert ret to return 2012-08-01 17:30:05 -07:00			`return (*t).len;`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`/// Returns a pointer to the first element of the vector`
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`unsafe fn ptr<T>(t: CVec<T>) -> *mut T {`
Convert ret to return 2012-08-01 17:30:05 -07:00			`return (*t).base;`
Add c_vec library to std. 2011-11-23 05:15:04 -05:00			`}`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00
			`#[cfg(test)]`
			`mod tests {`
Libc/os/run/rand/io reorganization. Close #1373. Close #1638. - Move io, run and rand to core. - Remove incorrect ctypes module (use libc). - Remove os-specific modules for os and fs. - Split fs between core::path and core::os. 2012-03-12 20:04:27 -07:00			`import libc::*;`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00
CamelCasify lots of std 2012-08-11 10:08:42 -04:00			`fn malloc(n: size_t) -> CVec<u8> {`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00			`let mem = libc::malloc(n);`

			`assert mem as int != 0;`

Convert ret to return 2012-08-01 17:30:05 -07:00			`return unsafe { c_vec_with_dtor(mem as *mut u8, n as uint,`
Convert to new closure syntax 2012-06-30 16:19:07 -07:00			`\|\|free(mem)) };`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00			`}`

			`#[test]`
			`fn test_basic() {`
Machine types are different from int/uint, etc (Issue #2187) 2012-06-04 17:26:17 -07:00			`let cv = malloc(16u as size_t);`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00
			`set(cv, 3u, 8u8);`
			`set(cv, 4u, 9u8);`
			`assert get(cv, 3u) == 8u8;`
			`assert get(cv, 4u) == 9u8;`
			`assert len(cv) == 16u;`
			`}`

			`#[test]`
			`#[should_fail]`
Use #[cfg(unix)] and #[cfg(windows)] everywhere 2012-06-07 21:38:25 -07:00			`#[ignore(cfg(windows))]`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00			`fn test_overrun_get() {`
Machine types are different from int/uint, etc (Issue #2187) 2012-06-04 17:26:17 -07:00			`let cv = malloc(16u as size_t);`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00
			`get(cv, 17u);`
			`}`

			`#[test]`
			`#[should_fail]`
Use #[cfg(unix)] and #[cfg(windows)] everywhere 2012-06-07 21:38:25 -07:00			`#[ignore(cfg(windows))]`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00			`fn test_overrun_set() {`
Machine types are different from int/uint, etc (Issue #2187) 2012-06-04 17:26:17 -07:00			`let cv = malloc(16u as size_t);`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00
			`set(cv, 17u, 0u8);`
			`}`

			`#[test]`
			`fn test_and_I_mean_it() {`
Machine types are different from int/uint, etc (Issue #2187) 2012-06-04 17:26:17 -07:00			`let cv = malloc(16u as size_t);`
libstd: Move std tests into libstd 2012-01-17 19:05:07 -08:00			`let p = unsafe { ptr(cv) };`

			`set(cv, 0u, 32u8);`
			`set(cv, 1u, 33u8);`
			`assert unsafe { *p } == 32u8;`
			`set(cv, 2u, 34u8); /* safety */`
			`}`

convert doc-attributes to doc-comments using ./src/etc/sugarise-doc-comments.py (and manually tweaking) - for issue #2498 2012-07-04 22:53:12 +01:00			`}`