// Copyright 2012-2014 The Rust Project Developers. See the COPYRIGHT // file at the top-level directory of this distribution and at // http://rust-lang.org/COPYRIGHT. // // Licensed under the Apache License, Version 2.0 or the MIT license // , at your // option. This file may not be copied, modified, or distributed // except according to those terms. //! Shareable mutable containers. //! //! Values of the `Cell` and `RefCell` types may be mutated through shared references (i.e. //! the common `&T` type), whereas most Rust types can only be mutated through unique (`&mut T`) //! references. We say that `Cell` and `RefCell` provide 'interior mutability', in contrast //! with typical Rust types that exhibit 'inherited mutability'. //! //! Cell types come in two flavors: `Cell` and `RefCell`. `Cell` provides `get` and `set` //! methods that change the interior value with a single method call. `Cell` though is only //! compatible with types that implement `Copy`. For other types, one must use the `RefCell` //! type, acquiring a write lock before mutating. //! //! `RefCell` uses Rust's lifetimes to implement 'dynamic borrowing', a process whereby one can //! claim temporary, exclusive, mutable access to the inner value. Borrows for `RefCell`s are //! tracked 'at runtime', unlike Rust's native reference types which are entirely tracked //! statically, at compile time. Because `RefCell` borrows are dynamic it is possible to attempt //! to borrow a value that is already mutably borrowed; when this happens it results in thread //! panic. //! //! # When to choose interior mutability //! //! The more common inherited mutability, where one must have unique access to mutate a value, is //! one of the key language elements that enables Rust to reason strongly about pointer aliasing, //! statically preventing crash bugs. Because of that, inherited mutability is preferred, and //! interior mutability is something of a last resort. Since cell types enable mutation where it //! would otherwise be disallowed though, there are occasions when interior mutability might be //! appropriate, or even *must* be used, e.g. //! //! * Introducing mutability 'inside' of something immutable //! * Implementation details of logically-immutable methods. //! * Mutating implementations of `Clone`. //! //! ## Introducing mutability 'inside' of something immutable //! //! Many shared smart pointer types, including `Rc` and `Arc`, provide containers that can be //! cloned and shared between multiple parties. Because the contained values may be //! multiply-aliased, they can only be borrowed with `&`, not `&mut`. Without cells it would be //! impossible to mutate data inside of these smart pointers at all. //! //! It's very common then to put a `RefCell` inside shared pointer types to reintroduce //! mutability: //! //! ``` //! use std::collections::HashMap; //! use std::cell::RefCell; //! use std::rc::Rc; //! //! fn main() { //! let shared_map: Rc> = Rc::new(RefCell::new(HashMap::new())); //! shared_map.borrow_mut().insert("africa", 92388); //! shared_map.borrow_mut().insert("kyoto", 11837); //! shared_map.borrow_mut().insert("piccadilly", 11826); //! shared_map.borrow_mut().insert("marbles", 38); //! } //! ``` //! //! Note that this example uses `Rc` and not `Arc`. `RefCell`s are for single-threaded //! scenarios. Consider using `RwLock` or `Mutex` if you need shared mutability in a //! multi-threaded situation. //! //! ## Implementation details of logically-immutable methods //! //! Occasionally it may be desirable not to expose in an API that there is mutation happening //! "under the hood". This may be because logically the operation is immutable, but e.g. caching //! forces the implementation to perform mutation; or because you must employ mutation to implement //! a trait method that was originally defined to take `&self`. //! //! ``` //! # #![allow(dead_code)] //! use std::cell::RefCell; //! //! struct Graph { //! edges: Vec<(i32, i32)>, //! span_tree_cache: RefCell>> //! } //! //! impl Graph { //! fn minimum_spanning_tree(&self) -> Vec<(i32, i32)> { //! // Create a new scope to contain the lifetime of the //! // dynamic borrow //! { //! // Take a reference to the inside of cache cell //! let mut cache = self.span_tree_cache.borrow_mut(); //! if cache.is_some() { //! return cache.as_ref().unwrap().clone(); //! } //! //! let span_tree = self.calc_span_tree(); //! *cache = Some(span_tree); //! } //! //! // Recursive call to return the just-cached value. //! // Note that if we had not let the previous borrow //! // of the cache fall out of scope then the subsequent //! // recursive borrow would cause a dynamic thread panic. //! // This is the major hazard of using `RefCell`. //! self.minimum_spanning_tree() //! } //! # fn calc_span_tree(&self) -> Vec<(i32, i32)> { vec![] } //! } //! ``` //! //! ## Mutating implementations of `Clone` //! //! This is simply a special - but common - case of the previous: hiding mutability for operations //! that appear to be immutable. The `clone` method is expected to not change the source value, and //! is declared to take `&self`, not `&mut self`. Therefore any mutation that happens in the //! `clone` method must use cell types. For example, `Rc` maintains its reference counts within a //! `Cell`. //! //! ``` //! use std::cell::Cell; //! //! struct Rc { //! ptr: *mut RcBox //! } //! //! struct RcBox { //! # #[allow(dead_code)] //! value: T, //! refcount: Cell //! } //! //! impl Clone for Rc { //! fn clone(&self) -> Rc { //! unsafe { //! (*self.ptr).refcount.set((*self.ptr).refcount.get() + 1); //! Rc { ptr: self.ptr } //! } //! } //! } //! ``` //! #![stable(feature = "rust1", since = "1.0.0")] use clone::Clone; use cmp::{PartialEq, Eq, PartialOrd, Ord, Ordering}; use default::Default; use marker::{Copy, Send, Sync, Sized, Unsize}; use ops::{Deref, DerefMut, Drop, FnOnce, CoerceUnsized}; use option::Option; use option::Option::{None, Some}; /// A mutable memory location that admits only `Copy` data. /// /// See the [module-level documentation](index.html) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct Cell { value: UnsafeCell, } impl Cell { /// Creates a new `Cell` containing the given value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub const fn new(value: T) -> Cell { Cell { value: UnsafeCell::new(value), } } /// Returns a copy of the contained value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// let five = c.get(); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn get(&self) -> T { unsafe{ *self.value.get() } } /// Sets the contained value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// c.set(10); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn set(&self, value: T) { unsafe { *self.value.get() = value; } } /// Returns a reference to the underlying `UnsafeCell`. /// /// # Examples /// /// ``` /// #![feature(as_unsafe_cell)] /// /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// let uc = c.as_unsafe_cell(); /// ``` #[inline] #[unstable(feature = "as_unsafe_cell", issue = "27708")] pub fn as_unsafe_cell(&self) -> &UnsafeCell { &self.value } /// Returns a mutable reference to the underlying data. /// /// This call borrows `Cell` mutably (at compile-time) which guarantees /// that we possess the only reference. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let mut c = Cell::new(5); /// *c.get_mut() += 1; /// /// assert_eq!(c.get(), 6); /// ``` #[inline] #[stable(feature = "cell_get_mut", since = "1.11.0")] pub fn get_mut(&mut self) -> &mut T { unsafe { &mut *self.value.get() } } } #[stable(feature = "rust1", since = "1.0.0")] unsafe impl Send for Cell where T: Send {} #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for Cell {} #[stable(feature = "rust1", since = "1.0.0")] impl Clone for Cell { #[inline] fn clone(&self) -> Cell { Cell::new(self.get()) } } #[stable(feature = "rust1", since = "1.0.0")] impl Default for Cell { #[inline] fn default() -> Cell { Cell::new(Default::default()) } } #[stable(feature = "rust1", since = "1.0.0")] impl PartialEq for Cell { #[inline] fn eq(&self, other: &Cell) -> bool { self.get() == other.get() } } #[stable(feature = "cell_eq", since = "1.2.0")] impl Eq for Cell {} #[stable(feature = "cell_ord", since = "1.10.0")] impl PartialOrd for Cell { #[inline] fn partial_cmp(&self, other: &Cell) -> Option { self.get().partial_cmp(&other.get()) } #[inline] fn lt(&self, other: &Cell) -> bool { self.get() < other.get() } #[inline] fn le(&self, other: &Cell) -> bool { self.get() <= other.get() } #[inline] fn gt(&self, other: &Cell) -> bool { self.get() > other.get() } #[inline] fn ge(&self, other: &Cell) -> bool { self.get() >= other.get() } } #[stable(feature = "cell_ord", since = "1.10.0")] impl Ord for Cell { #[inline] fn cmp(&self, other: &Cell) -> Ordering { self.get().cmp(&other.get()) } } /// A mutable memory location with dynamically checked borrow rules /// /// See the [module-level documentation](index.html) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct RefCell { borrow: Cell, value: UnsafeCell, } /// An enumeration of values returned from the `state` method on a `RefCell`. #[derive(Copy, Clone, PartialEq, Eq, Debug)] #[unstable(feature = "borrow_state", issue = "27733")] pub enum BorrowState { /// The cell is currently being read, there is at least one active `borrow`. Reading, /// The cell is currently being written to, there is an active `borrow_mut`. Writing, /// There are no outstanding borrows on this cell. Unused, } // Values [1, MAX-1] represent the number of `Ref` active // (will not outgrow its range since `usize` is the size of the address space) type BorrowFlag = usize; const UNUSED: BorrowFlag = 0; const WRITING: BorrowFlag = !0; impl RefCell { /// Creates a new `RefCell` containing `value`. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub const fn new(value: T) -> RefCell { RefCell { value: UnsafeCell::new(value), borrow: Cell::new(UNUSED), } } /// Consumes the `RefCell`, returning the wrapped value. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let five = c.into_inner(); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub fn into_inner(self) -> T { // Since this function takes `self` (the `RefCell`) by value, the // compiler statically verifies that it is not currently borrowed. // Therefore the following assertion is just a `debug_assert!`. debug_assert!(self.borrow.get() == UNUSED); unsafe { self.value.into_inner() } } } impl RefCell { /// Query the current state of this `RefCell` /// /// The returned value can be dispatched on to determine if a call to /// `borrow` or `borrow_mut` would succeed. /// /// # Examples /// /// ``` /// #![feature(borrow_state)] /// /// use std::cell::{BorrowState, RefCell}; /// /// let c = RefCell::new(5); /// /// match c.borrow_state() { /// BorrowState::Writing => println!("Cannot be borrowed"), /// BorrowState::Reading => println!("Cannot be borrowed mutably"), /// BorrowState::Unused => println!("Can be borrowed (mutably as well)"), /// } /// ``` #[unstable(feature = "borrow_state", issue = "27733")] #[inline] pub fn borrow_state(&self) -> BorrowState { match self.borrow.get() { WRITING => BorrowState::Writing, UNUSED => BorrowState::Unused, _ => BorrowState::Reading, } } /// Immutably borrows the wrapped value. /// /// The borrow lasts until the returned `Ref` exits scope. Multiple /// immutable borrows can be taken out at the same time. /// /// # Panics /// /// Panics if the value is currently mutably borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let borrowed_five = c.borrow(); /// let borrowed_five2 = c.borrow(); /// ``` /// /// An example of panic: /// /// ``` /// use std::cell::RefCell; /// use std::thread; /// /// let result = thread::spawn(move || { /// let c = RefCell::new(5); /// let m = c.borrow_mut(); /// /// let b = c.borrow(); // this causes a panic /// }).join(); /// /// assert!(result.is_err()); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub fn borrow(&self) -> Ref { match BorrowRef::new(&self.borrow) { Some(b) => Ref { value: unsafe { &*self.value.get() }, borrow: b, }, None => panic!("RefCell already mutably borrowed"), } } /// Mutably borrows the wrapped value. /// /// The borrow lasts until the returned `RefMut` exits scope. The value /// cannot be borrowed while this borrow is active. /// /// # Panics /// /// Panics if the value is currently borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// *c.borrow_mut() = 7; /// /// assert_eq!(*c.borrow(), 7); /// ``` /// /// An example of panic: /// /// ``` /// use std::cell::RefCell; /// use std::thread; /// /// let result = thread::spawn(move || { /// let c = RefCell::new(5); /// let m = c.borrow(); /// /// let b = c.borrow_mut(); // this causes a panic /// }).join(); /// /// assert!(result.is_err()); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub fn borrow_mut(&self) -> RefMut { match BorrowRefMut::new(&self.borrow) { Some(b) => RefMut { value: unsafe { &mut *self.value.get() }, borrow: b, }, None => panic!("RefCell already borrowed"), } } /// Returns a reference to the underlying `UnsafeCell`. /// /// This can be used to circumvent `RefCell`'s safety checks. /// /// This function is `unsafe` because `UnsafeCell`'s field is public. /// /// # Examples /// /// ``` /// #![feature(as_unsafe_cell)] /// /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// let c = unsafe { c.as_unsafe_cell() }; /// ``` #[inline] #[unstable(feature = "as_unsafe_cell", issue = "27708")] pub unsafe fn as_unsafe_cell(&self) -> &UnsafeCell { &self.value } /// Returns a mutable reference to the underlying data. /// /// This call borrows `RefCell` mutably (at compile-time) so there is no /// need for dynamic checks. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let mut c = RefCell::new(5); /// *c.get_mut() += 1; /// /// assert_eq!(c, RefCell::new(6)); /// ``` #[inline] #[stable(feature = "cell_get_mut", since = "1.11.0")] pub fn get_mut(&mut self) -> &mut T { unsafe { &mut *self.value.get() } } } #[stable(feature = "rust1", since = "1.0.0")] unsafe impl Send for RefCell where T: Send {} #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for RefCell {} #[stable(feature = "rust1", since = "1.0.0")] impl Clone for RefCell { #[inline] fn clone(&self) -> RefCell { RefCell::new(self.borrow().clone()) } } #[stable(feature = "rust1", since = "1.0.0")] impl Default for RefCell { #[inline] fn default() -> RefCell { RefCell::new(Default::default()) } } #[stable(feature = "rust1", since = "1.0.0")] impl PartialEq for RefCell { #[inline] fn eq(&self, other: &RefCell) -> bool { *self.borrow() == *other.borrow() } } #[stable(feature = "cell_eq", since = "1.2.0")] impl Eq for RefCell {} #[stable(feature = "cell_ord", since = "1.10.0")] impl PartialOrd for RefCell { #[inline] fn partial_cmp(&self, other: &RefCell) -> Option { self.borrow().partial_cmp(&*other.borrow()) } #[inline] fn lt(&self, other: &RefCell) -> bool { *self.borrow() < *other.borrow() } #[inline] fn le(&self, other: &RefCell) -> bool { *self.borrow() <= *other.borrow() } #[inline] fn gt(&self, other: &RefCell) -> bool { *self.borrow() > *other.borrow() } #[inline] fn ge(&self, other: &RefCell) -> bool { *self.borrow() >= *other.borrow() } } #[stable(feature = "cell_ord", since = "1.10.0")] impl Ord for RefCell { #[inline] fn cmp(&self, other: &RefCell) -> Ordering { self.borrow().cmp(&*other.borrow()) } } struct BorrowRef<'b> { borrow: &'b Cell, } impl<'b> BorrowRef<'b> { #[inline] fn new(borrow: &'b Cell) -> Option> { match borrow.get() { WRITING => None, b => { borrow.set(b + 1); Some(BorrowRef { borrow: borrow }) }, } } } impl<'b> Drop for BorrowRef<'b> { #[inline] fn drop(&mut self) { let borrow = self.borrow.get(); debug_assert!(borrow != WRITING && borrow != UNUSED); self.borrow.set(borrow - 1); } } impl<'b> Clone for BorrowRef<'b> { #[inline] fn clone(&self) -> BorrowRef<'b> { // Since this Ref exists, we know the borrow flag // is not set to WRITING. let borrow = self.borrow.get(); debug_assert!(borrow != UNUSED); // Prevent the borrow counter from overflowing. assert!(borrow != WRITING); self.borrow.set(borrow + 1); BorrowRef { borrow: self.borrow } } } /// Wraps a borrowed reference to a value in a `RefCell` box. /// A wrapper type for an immutably borrowed value from a `RefCell`. /// /// See the [module-level documentation](index.html) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct Ref<'b, T: ?Sized + 'b> { value: &'b T, borrow: BorrowRef<'b>, } #[stable(feature = "rust1", since = "1.0.0")] impl<'b, T: ?Sized> Deref for Ref<'b, T> { type Target = T; #[inline] fn deref(&self) -> &T { self.value } } impl<'b, T: ?Sized> Ref<'b, T> { /// Copies a `Ref`. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `Ref::clone(...)`. A `Clone` implementation or a method would interfere /// with the widespread use of `r.borrow().clone()` to clone the contents of /// a `RefCell`. #[unstable(feature = "cell_extras", reason = "likely to be moved to a method, pending language changes", issue = "27746")] #[inline] pub fn clone(orig: &Ref<'b, T>) -> Ref<'b, T> { Ref { value: orig.value, borrow: orig.borrow.clone(), } } /// Make a new `Ref` for a component of the borrowed data. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as `Ref::map(...)`. /// A method would interfere with methods of the same name on the contents /// of a `RefCell` used through `Deref`. /// /// # Example /// /// ``` /// use std::cell::{RefCell, Ref}; /// /// let c = RefCell::new((5, 'b')); /// let b1: Ref<(u32, char)> = c.borrow(); /// let b2: Ref = Ref::map(b1, |t| &t.0); /// assert_eq!(*b2, 5) /// ``` #[stable(feature = "cell_map", since = "1.8.0")] #[inline] pub fn map(orig: Ref<'b, T>, f: F) -> Ref<'b, U> where F: FnOnce(&T) -> &U { Ref { value: f(orig.value), borrow: orig.borrow, } } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl<'b, T: ?Sized + Unsize, U: ?Sized> CoerceUnsized> for Ref<'b, T> {} impl<'b, T: ?Sized> RefMut<'b, T> { /// Make a new `RefMut` for a component of the borrowed data, e.g. an enum /// variant. /// /// The `RefCell` is already mutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `RefMut::map(...)`. A method would interfere with methods of the same /// name on the contents of a `RefCell` used through `Deref`. /// /// # Example /// /// ``` /// use std::cell::{RefCell, RefMut}; /// /// let c = RefCell::new((5, 'b')); /// { /// let b1: RefMut<(u32, char)> = c.borrow_mut(); /// let mut b2: RefMut = RefMut::map(b1, |t| &mut t.0); /// assert_eq!(*b2, 5); /// *b2 = 42; /// } /// assert_eq!(*c.borrow(), (42, 'b')); /// ``` #[stable(feature = "cell_map", since = "1.8.0")] #[inline] pub fn map(orig: RefMut<'b, T>, f: F) -> RefMut<'b, U> where F: FnOnce(&mut T) -> &mut U { RefMut { value: f(orig.value), borrow: orig.borrow, } } } struct BorrowRefMut<'b> { borrow: &'b Cell, } impl<'b> Drop for BorrowRefMut<'b> { #[inline] fn drop(&mut self) { let borrow = self.borrow.get(); debug_assert!(borrow == WRITING); self.borrow.set(UNUSED); } } impl<'b> BorrowRefMut<'b> { #[inline] fn new(borrow: &'b Cell) -> Option> { match borrow.get() { UNUSED => { borrow.set(WRITING); Some(BorrowRefMut { borrow: borrow }) }, _ => None, } } } /// A wrapper type for a mutably borrowed value from a `RefCell`. /// /// See the [module-level documentation](index.html) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct RefMut<'b, T: ?Sized + 'b> { value: &'b mut T, borrow: BorrowRefMut<'b>, } #[stable(feature = "rust1", since = "1.0.0")] impl<'b, T: ?Sized> Deref for RefMut<'b, T> { type Target = T; #[inline] fn deref(&self) -> &T { self.value } } #[stable(feature = "rust1", since = "1.0.0")] impl<'b, T: ?Sized> DerefMut for RefMut<'b, T> { #[inline] fn deref_mut(&mut self) -> &mut T { self.value } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl<'b, T: ?Sized + Unsize, U: ?Sized> CoerceUnsized> for RefMut<'b, T> {} /// The core primitive for interior mutability in Rust. /// /// `UnsafeCell` is a type that wraps some `T` and indicates unsafe interior operations on the /// wrapped type. Types with an `UnsafeCell` field are considered to have an 'unsafe interior'. /// The `UnsafeCell` type is the only legal way to obtain aliasable data that is considered /// mutable. In general, transmuting an `&T` type into an `&mut T` is considered undefined behavior. /// /// Types like `Cell` and `RefCell` use this type to wrap their internal data. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// use std::marker::Sync; /// /// # #[allow(dead_code)] /// struct NotThreadSafe { /// value: UnsafeCell, /// } /// /// unsafe impl Sync for NotThreadSafe {} /// ``` #[lang = "unsafe_cell"] #[stable(feature = "rust1", since = "1.0.0")] pub struct UnsafeCell { value: T, } #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for UnsafeCell {} impl UnsafeCell { /// Constructs a new instance of `UnsafeCell` which will wrap the specified /// value. /// /// All access to the inner value through methods is `unsafe`. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] pub const fn new(value: T) -> UnsafeCell { UnsafeCell { value: value } } /// Unwraps the value. /// /// # Safety /// /// This function is unsafe because this thread or another thread may currently be /// inspecting the inner value. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// /// let five = unsafe { uc.into_inner() }; /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub unsafe fn into_inner(self) -> T { self.value } } impl UnsafeCell { /// Gets a mutable pointer to the wrapped value. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// /// let five = uc.get(); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn get(&self) -> *mut T { &self.value as *const T as *mut T } } #[stable(feature = "unsafe_cell_default", since = "1.9.0")] impl Default for UnsafeCell { fn default() -> UnsafeCell { UnsafeCell::new(Default::default()) } }