1972 Commits

Author SHA1 Message Date
bors
bbb36fe545 Auto merge of #105851 - dtolnay:peekmutleak, r=Mark-Simulacrum
Leak amplification for peek_mut() to ensure BinaryHeap's invariant is always met

In the libs-api team's discussion around #104210, some of the team had hesitations around exposing malformed BinaryHeaps of an element type whose Ord and Drop impls are trusted, and which does not contain interior mutability.

For example in the context of this kind of code:

```rust
use std::collections::BinaryHeap;
use std::ops::Range;
use std::slice;

fn main() {
    let slice = &mut ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
    let cut_points = BinaryHeap::from(vec![4, 2, 7]);
    println!("{:?}", chop(slice, cut_points));
}

// This is a souped up slice::split_at_mut to split in arbitrary many places.
//
// usize's Ord impl is trusted, so 1 single bounds check guarantees all those
// output slices are non-overlapping and in-bounds
fn chop<T>(slice: &mut [T], mut cut_points: BinaryHeap<usize>) -> Vec<&mut [T]> {
    let mut vec = Vec::with_capacity(cut_points.len() + 1);
    let max = match cut_points.pop() {
        Some(max) => max,
        None => {
            vec.push(slice);
            return vec;
        }
    };

    assert!(max <= slice.len());

    let len = slice.len();
    let ptr: *mut T = slice.as_mut_ptr();
    let get_unchecked_mut = unsafe {
        |range: Range<usize>| &mut *slice::from_raw_parts_mut(ptr.add(range.start), range.len())
    };

    vec.push(get_unchecked_mut(max..len));
    let mut end = max;
    while let Some(start) = cut_points.pop() {
        vec.push(get_unchecked_mut(start..end));
        end = start;
    }
    vec.push(get_unchecked_mut(0..end));
    vec
}
```

```console
[['7', '8', '9'], ['4', '5', '6'], ['2', '3'], ['0', '1']]
```

In the current BinaryHeap API, `peek_mut()` is the only thing that makes the above function unsound.

```rust
let slice = &mut ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
let mut cut_points = BinaryHeap::from(vec![4, 2, 7]);
{
    let mut max = cut_points.peek_mut().unwrap();
    *max = 0;
    std::mem::forget(max);
}
println!("{:?}", chop(slice, cut_points));
```

```console
[['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'], [], ['2', '3'], ['0', '1']]
```

Or worse:

```rust
let slice = &mut ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
let mut cut_points = BinaryHeap::from(vec![100, 100]);
{
    let mut max = cut_points.peek_mut().unwrap();
    *max = 0;
    std::mem::forget(max);
}
println!("{:?}", chop(slice, cut_points));
```

```console
[['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'], [], ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '\u{1}', '\0', '?', '翾', '?', '翾', '\0', '\0', '?', '翾', '?', '翾', '?', '啿', '?', '啿', '?', '啿', '?', '啿', '?', '啿', '?', '翾', '\0', '\0', '񤬐', '啿', '\u{5}', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\u{8}', '\0', '`@',` '\0', '\u{1}', '\0', '?', '翾', '?', '翾', '?', '翾', '
thread 'main' panicked at 'index out of bounds: the len is 33 but the index is 33', library/core/src/unicode/unicode_data.rs:319:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```

---

This PR makes `peek_mut()` use leak amplification (https://doc.rust-lang.org/1.66.0/nomicon/leaking.html#drain) to preserve the heap's invariant even in the situation that `PeekMut` gets leaked.

I'll also follow up in the tracking issue of unstable `drain_sorted()` (#59278) and `retain()` (#71503).
2023-01-15 08:59:55 +00:00
David Tolnay
23501703fb
Document guarantees about BinaryHeap invariant 2023-01-14 13:28:30 -08:00
David Tolnay
aedb756020
Leak amplification for peek_mut() to ensure BinaryHeap's invariant is always met 2023-01-14 13:28:22 -08:00
David Tolnay
4fe167f83a
Add test of leaking a binary_heap PeekMut 2023-01-14 13:28:14 -08:00
André Vennberg
0b35f448f8 Remove various double spaces in source comments. 2023-01-14 17:22:04 +01:00
Yuki Okushi
feac18c0d6
Rollup merge of #106692 - eggyal:mv-binary_heap.rs-binary_heap/mod.rs, r=Mark-Simulacrum
mv binary_heap.rs binary_heap/mod.rs

I confess this request is somewhat selfish, as it's made in order to ease synchronisation with my [copse](https://crates.io/crates/copse) crate (see eggyal/copse#6 for explanation). I wholly understand that such grounds may be insufficient to justify merging this request—but no harm in asking, right?
2023-01-14 12:04:33 +09:00
Alan Egerton
1a87ed9a45
mv binary_heap.rs binary_heap/mod.rs 2023-01-10 18:01:39 +00:00
Ezra Shaw
203bbfa2f7
impl: specialize impl of ToString on bool 2023-01-10 15:34:21 +13:00
Michael Goulet
70f1566b2b
Rollup merge of #106584 - kpreid:vec-allocator, r=JohnTitor
Document that `Vec::from_raw_parts[_in]` must be given a pointer from the correct allocator.

Currently, the documentation of `Vec::from_raw_parts` and `Vec::from_raw_parts_in` says nothing about what allocator the pointer must come from. This PR adds that missing information explicitly.
2023-01-08 19:57:54 -08:00
bors
a377893da2 Auto merge of #90291 - geeklint:loosen_weak_debug_bound, r=dtolnay
Loosen the bound on the Debug implementation of Weak.

Both `rc::Weak<T>` and `sync::Weak<T>` currently require `T: Debug` in their own `Debug` implementations, but they don't currently use it;  they only ever print a fixed string.

A general implementation of Debug for Weak that actually attempts to upgrade and rely on the contents is unlikely in the future because it may have unbounded recursion in the presence of reference cycles, which Weak is commonly used in.  (This was the justification for why the current implementation [was implemented the way it is](f0976e2cf3)).

When I brought it up [on the forum](https://internals.rust-lang.org/t/could-the-bound-on-weak-debug-be-relaxed/15504), it was suggested that, even if an implementation is specialized in the future that relies on the data stored within the Weak, it would likely rely on specialization anyway, and could therefore easily specialize on the Debug bound as well.
2023-01-08 22:40:38 +00:00
Yuki Okushi
14ce60333d
Rollup merge of #106562 - clubby789:vec-deque-example, r=Mark-Simulacrum
Clarify examples for `VecDeque::get/get_mut`

Closes #106114

``@rustbot`` label +A-docs
2023-01-08 17:01:48 +09:00
bors
2afe58571e Auto merge of #104658 - thomcc:rand-update-and-usable-no_std, r=Mark-Simulacrum
Update `rand` in the stdlib tests, and remove the `getrandom` feature from it.

The main goal is actually removing `getrandom`, so that eventually we can allow running the stdlib test suite on tier3 targets which don't have `getrandom` support. Currently those targets can only run the subset of stdlib tests that exist in uitests, and (generally speaking), we prefer not to test libstd functionality in uitests, which came up recently in https://github.com/rust-lang/rust/pull/104095 and https://github.com/rust-lang/rust/pull/104185. Additionally, the fact that we can't update `rand`/`getrandom` means we're stuck with the old set of tier3 targets, so can't test new ones.

~~Anyway, I haven't checked that this actually does allow use on tier3 targets (I think it does not, as some work is needed in stdlib submodules) but it moves us slightly closer to this, and seems to allow at least finally updating our `rand` dep, which definitely improves the status quo.~~ Checked and works now.

For the most part, our tests and benchmarks are fine using hard-coded seeds. A couple tests seem to fail with this (stuff manipulating the environment expecting no collisions, for example), or become pointless (all inputs to a function become equivalent). In these cases I've done a (gross) dance (ab)using `RandomState` and `Location::caller()` for some extra "entropy".

Trying to share that code seems *way* more painful than it's worth given that the duplication is a 7-line function, even if the lines are quite gross. (Keeping in mind that sharing it would require adding `rand` as a non-dev dep to std, and exposing a type from it publicly, all of which sounds truly awful, even if done behind a perma-unstable feature).

See also some previous attempts:
- https://github.com/rust-lang/rust/pull/86963 (in particular https://github.com/rust-lang/rust/pull/86963#issuecomment-885438936 which explains why this is non-trivial)
- https://github.com/rust-lang/rust/pull/89131
- https://github.com/rust-lang/rust/pull/96626#issuecomment-1114562857 (I tried in that PR at the same time, but settled for just removing the usage of `thread_rng()` from the benchmarks, since that was the main goal).
- https://github.com/rust-lang/rust/pull/104185
- Probably more. It's very tempting of a thing to "just update".

r? `@Mark-Simulacrum`
2023-01-08 01:34:05 +00:00
Kevin Reid
288e89bf76 Document that Vec::from_raw_parts[_in] must be given a pointer from the correct allocator. 2023-01-07 15:56:36 -08:00
Matthias Krüger
d7519c3639
Rollup merge of #105128 - Sp00ph:vec_vec_deque_conversion, r=dtolnay
Add O(1) `Vec -> VecDeque` conversion guarantee

(See #105072)
2023-01-07 20:43:20 +01:00
clubby789
fed349957d Clarify examples for VecDeque::get/get_mut 2023-01-07 14:38:21 +00:00
Thom Chiovoloni
a4bf36e87b
Update rand in the stdlib tests, and remove the getrandom feature from it 2023-01-04 14:52:41 -08:00
bors
df756439df Auto merge of #106239 - LegionMammal978:thin-box-drop-guard, r=Amanieu
Deallocate ThinBox even if the value unwinds on drop

This makes it match the behavior of an ordinary `Box`.
2023-01-04 12:55:22 +00:00
Michael Goulet
f6b0f4707b
Rollup merge of #106045 - RalfJung:oom-nounwind-panic, r=Amanieu
default OOM handler: use non-unwinding panic, to match std handler

The OOM handler in std will by default abort. This adjusts the default in liballoc to do the same, using the `can_unwind` flag on the panic info to indicate a non-unwinding panic.

In practice this probably makes little difference since the liballoc default will only come into play in no-std situations where people write a custom panic handler, which most likely will not implement unwinding. But still, this seems more consistent.

Cc `@rust-lang/wg-allocators,` https://github.com/rust-lang/rust/issues/66741
2023-01-03 17:19:26 -08:00
Ralf Jung
5974f6f0a5 default OOM handler: use non-unwinding panic (unless -Zoom=panic is set), to match std handler 2023-01-02 16:35:14 +01:00
LegionMammal978
ce28b4d408 Deallocate ThinBox even if the value unwinds on drop 2023-01-01 13:48:18 -05:00
Michael Goulet
5b74a33b8d
Rollup merge of #106248 - dtolnay:revertupcastlint, r=jackh726
Revert "Implement allow-by-default `multiple_supertrait_upcastable` lint"

This is a clean revert of #105484.

I confirmed that reverting that PR fixes the regression reported in #106247. ~~I can't say I understand what this code is doing, but maybe it can be re-landed with a different implementation.~~ **Edit:** https://github.com/rust-lang/rust/issues/106247#issuecomment-1367174384 has an explanation of why #105484 ends up surfacing spurious `where_clause_object_safety` errors. The implementation of `where_clause_object_safety` assumes we only check whether a trait is object safe when somebody actually uses that trait with `dyn`. However the implementation of `multiple_supertrait_upcastable` added in the problematic PR involves checking *every* trait for whether it is object-safe.

FYI `@nbdd0121` `@compiler-errors`
2022-12-30 21:26:34 -08:00
jonathanCogan
78691e3589 Update paths in comments. 2022-12-30 14:00:42 +01:00
jonathanCogan
db47071df2 Replace libstd, libcore, liballoc in line comments. 2022-12-30 14:00:42 +01:00
jonathanCogan
72067c77bd Replace libstd, libcore, liballoc in docs. 2022-12-30 14:00:40 +01:00
David Tolnay
06ec0bf8b0
Revert "Implement allow-by-default multiple_supertrait_upcastable lint"
This reverts commit 5e44a65517bfcccbe6624a70b54b9f192baa94f3.
2022-12-29 00:47:23 -08:00
Lukas Markeffsky
f4ff423d67 fix documenting private items of standard library 2022-12-28 09:18:43 -05:00
Pietro Albini
11191279b7 Update bootstrap cfg 2022-12-28 09:18:43 -05:00
fee1-dead
8b3d0c4cf9
Rollup merge of #105484 - nbdd0121:upcast, r=compiler-errors
Implement allow-by-default `multiple_supertrait_upcastable` lint

The lint detects when an object-safe trait has multiple supertraits.

Enabled in libcore and liballoc as they are low-level enough that many embedded programs will use them.

r? `@nikomatsakis`
2022-12-28 15:51:41 +08:00
fee1-dead
58233e90b8
Rollup merge of #104024 - noeddl:unused-must-use, r=compiler-errors
Fix `unused_must_use` warning for `Box::from_raw`
2022-12-28 15:51:39 +08:00
fee1-dead
dc98aa681f
Rollup merge of #94145 - ssomers:binary_heap_tests, r=jyn514
Test leaking of BinaryHeap Drain iterators

Add test cases about forgetting the `BinaryHeap::Drain` iterator, and slightly fortifies some other test cases.

Consists of separate commits that I don't think are relevant on their own (but I'll happily turn these into more PRs if desired).
2022-12-28 15:51:37 +08:00
Chayim Refael Friedman
4df5459dd1
Update the documentation of Vec to use extend(array) instead of extend(array.iter().copied()) 2022-12-27 19:44:58 +02:00
Ralf Jung
6fb314ed7d add lib tests for vec::IntoIter alignment issues 2022-12-24 10:08:27 +01:00
Ralf Jung
a48d2e1783 fix one more unaligned self.ptr, and add tests 2022-12-23 15:49:23 +01:00
Ralf Jung
d0f404d77a fix IntoIter::drop on high-alignment ZST 2022-12-23 15:18:18 +01:00
bors
1d12c3cea3 Auto merge of #105127 - Sp00ph:const_new, r=dtolnay
Make `VecDeque::new` const

(See #105072)
2022-12-20 20:25:42 +00:00
Anders Kaseorg
8c73ce6611 Update coerce_unsized tracking issue from #27732 to #18598
Issue #27732 was closed as a duplicate of #18598.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-12-19 23:09:47 -08:00
Evan Jones
ab2151cbf8 std::fmt: Use args directly in example code
The lint "clippy::uninlined_format_args" recommends inline
variables in format strings. Fix two places in the docs that do
not do this. I noticed this because I copy/pasted one example in
to my project, then noticed this lint error. This fixes:

error: variables can be used directly in the `format!` string
  --> src/main.rs:30:22
   |
30 |         let string = format!("{:.*}", decimals, magnitude);
   |                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error: variables can be used directly in the `format!` string
  --> src/main.rs:39:2
   |
39 |  write!(&mut io::stdout(), "{}", args).unwrap();
2022-12-17 13:43:08 -05:00
Hannes Körber
9671dd239d doc: Fix a few small issues
* A few typos around generic types (`;` vs `,`)
* Use inline code formatting for code fragments
* One instance of wrong wording
2022-12-15 14:05:03 +01:00
Scott McMurray
6648134434 Apply review feedback; Fix no_global_oom_handling build 2022-12-08 22:08:55 -08:00
Gary Guo
5e44a65517 Implement allow-by-default multiple_supertrait_upcastable lint 2022-12-09 02:29:51 +00:00
Scott McMurray
58e60ac211 Make VecDeque::from_iter O(1) from vec(_deque)::IntoIter 2022-12-08 01:42:45 -08:00
Markus Everling
ac583f18b7 Add O(1) Vec -> VecDeque conversion guarantee 2022-12-05 14:57:22 +01:00
bors
203c8765ea Auto merge of #105046 - scottmcm:vecdeque-vs-vec, r=Mark-Simulacrum
Send `VecDeque::from_iter` via `Vec::from_iter`

Since it's O(1) to convert between them now, might as well reuse the logic.

Mostly for the various specializations it does, but might also save some monomorphization work if, say, people collect slice iterators into both `Vec`s and `VecDeque`s.
2022-12-05 08:45:03 +00:00
Yuki Okushi
9f3ccd4bf6
Rollup merge of #105032 - HintringerFabian:improve_docs, r=JohnTitor
improve doc of into_boxed_slice and impl From<Vec<T>> for Box<[T]>

Improves description of `into_boxed_slice`, and adds example to `impl From<Vec<T>> for Box<[T]>`.
Fixes #98908
2022-12-03 12:51:27 +09:00
Markus Everling
c959fbe771 Fix typo in comment 2022-12-01 12:44:29 +01:00
Markus Everling
2fba07842b Make VecDeque::new const 2022-12-01 12:41:31 +01:00
Markus Everling
929003aacf Make VecDeque::new_in unstably const 2022-12-01 12:15:29 +01:00
Scott McMurray
a964a37211 Send VecDeque::from_iter via Vec::from_iter
Since it's O(1) to convert between them now, might as well reuse the logic.

Mostly for the various specializations it does, but might also save some monomorphization work if, say, people collect slice iterators into both `Vec`s and `VecDeque`s.
2022-11-29 00:24:15 -08:00
Fabian Hintringer
f9490c8121 improve doc 2022-11-28 22:42:05 +01:00
bors
69df0f2c2f Auto merge of #102991 - Sp00ph:master, r=scottmcm
Update VecDeque implementation to use head+len instead of head+tail

(See #99805)

This changes `alloc::collections::VecDeque`'s internal representation from using head and tail indices to using a head index and a length field. It has a few advantages over the current design:
* It allows the buffer to be of length 0, which means the `VecDeque::new` new longer has to allocate and could be changed to a `const fn`
* It allows the `VecDeque` to fill the buffer completely, unlike the old implementation, which always had to leave a free space
* It removes the restriction for the size to be a power of two, allowing it to properly `shrink_to_fit`, unlike the old `VecDeque`
* The above points also combine to allow the `Vec<T> -> VecDeque<T>` conversion to be very cheap and guaranteed O(1). I mention this in the `From<Vec<T>>` impl, but it's not a strong guarantee just yet, as that would likely need some form of API change proposal.

All the tests seem to pass for the new `VecDeque`, with some slight adjustments.

r? `@scottmcm`
2022-11-28 10:39:47 +00:00