//! Shareable mutable containers. //! //! Rust memory safety is based on this rule: Given an object `T`, it is only possible to //! have one of the following: //! //! - Having several immutable references (`&T`) to the object (also known as **aliasing**). //! - Having one mutable reference (`&mut T`) to the object (also known as **mutability**). //! //! This is enforced by the Rust compiler. However, there are situations where this rule is not //! flexible enough. Sometimes it is required to have multiple references to an object and yet //! mutate it. //! //! Shareable mutable containers exist to permit mutability in a controlled manner, even in the //! presence of aliasing. Both `Cell` and `RefCell` allow doing this in a single-threaded //! way. However, neither `Cell` nor `RefCell` are thread safe (they do not implement //! `Sync`). If you need to do aliasing and mutation between multiple threads it is possible to //! use [`Mutex`](../../std/sync/struct.Mutex.html), //! [`RwLock`](../../std/sync/struct.RwLock.html) or //! [`atomic`](../../core/sync/atomic/index.html) types. //! //! Values of the `Cell` and `RefCell` types may be mutated through shared references (i.e. //! the common `&T` type), whereas most Rust types can only be mutated through unique (`&mut T`) //! references. We say that `Cell` and `RefCell` provide 'interior mutability', in contrast //! with typical Rust types that exhibit 'inherited mutability'. //! //! Cell types come in two flavors: `Cell` and `RefCell`. `Cell` implements interior //! mutability by moving values in and out of the `Cell`. To use references instead of values, //! one must use the `RefCell` type, acquiring a write lock before mutating. `Cell` provides //! methods to retrieve and change the current interior value: //! //! - For types that implement `Copy`, the `get` method retrieves the current interior value. //! - For types that implement `Default`, the `take` method replaces the current interior value //! with `Default::default()` and returns the replaced value. //! - For all types, the `replace` method replaces the current interior value and returns the //! replaced value and the `into_inner` method consumes the `Cell` and returns the interior //! value. Additionally, the `set` method replaces the interior value, dropping the replaced //! value. //! //! `RefCell` uses Rust's lifetimes to implement 'dynamic borrowing', a process whereby one can //! claim temporary, exclusive, mutable access to the inner value. Borrows for `RefCell`s are //! tracked 'at runtime', unlike Rust's native reference types which are entirely tracked //! statically, at compile time. Because `RefCell` borrows are dynamic it is possible to attempt //! to borrow a value that is already mutably borrowed; when this happens it results in thread //! panic. //! //! # When to choose interior mutability //! //! The more common inherited mutability, where one must have unique access to mutate a value, is //! one of the key language elements that enables Rust to reason strongly about pointer aliasing, //! statically preventing crash bugs. Because of that, inherited mutability is preferred, and //! interior mutability is something of a last resort. Since cell types enable mutation where it //! would otherwise be disallowed though, there are occasions when interior mutability might be //! appropriate, or even *must* be used, e.g. //! //! * Introducing mutability 'inside' of something immutable //! * Implementation details of logically-immutable methods. //! * Mutating implementations of `Clone`. //! //! ## Introducing mutability 'inside' of something immutable //! //! Many shared smart pointer types, including `Rc` and `Arc`, provide containers that can be //! cloned and shared between multiple parties. Because the contained values may be //! multiply-aliased, they can only be borrowed with `&`, not `&mut`. Without cells it would be //! impossible to mutate data inside of these smart pointers at all. //! //! It's very common then to put a `RefCell` inside shared pointer types to reintroduce //! mutability: //! //! ``` //! use std::cell::{RefCell, RefMut}; //! use std::collections::HashMap; //! use std::rc::Rc; //! //! fn main() { //! let shared_map: Rc> = Rc::new(RefCell::new(HashMap::new())); //! // Create a new block to limit the scope of the dynamic borrow //! { //! let mut map: RefMut<_> = shared_map.borrow_mut(); //! map.insert("africa", 92388); //! map.insert("kyoto", 11837); //! map.insert("piccadilly", 11826); //! map.insert("marbles", 38); //! } //! //! // Note that if we had not let the previous borrow of the cache fall out //! // of scope then the subsequent borrow would cause a dynamic thread panic. //! // This is the major hazard of using `RefCell`. //! let total: i32 = shared_map.borrow().values().sum(); //! println!("{}", total); //! } //! ``` //! //! Note that this example uses `Rc` and not `Arc`. `RefCell`s are for single-threaded //! scenarios. Consider using `RwLock` or `Mutex` if you need shared mutability in a //! multi-threaded situation. //! //! ## Implementation details of logically-immutable methods //! //! Occasionally it may be desirable not to expose in an API that there is mutation happening //! "under the hood". This may be because logically the operation is immutable, but e.g., caching //! forces the implementation to perform mutation; or because you must employ mutation to implement //! a trait method that was originally defined to take `&self`. //! //! ``` //! # #![allow(dead_code)] //! use std::cell::RefCell; //! //! struct Graph { //! edges: Vec<(i32, i32)>, //! span_tree_cache: RefCell>> //! } //! //! impl Graph { //! fn minimum_spanning_tree(&self) -> Vec<(i32, i32)> { //! self.span_tree_cache.borrow_mut() //! .get_or_insert_with(|| self.calc_span_tree()) //! .clone() //! } //! //! fn calc_span_tree(&self) -> Vec<(i32, i32)> { //! // Expensive computation goes here //! vec![] //! } //! } //! ``` //! //! ## Mutating implementations of `Clone` //! //! This is simply a special - but common - case of the previous: hiding mutability for operations //! that appear to be immutable. The `clone` method is expected to not change the source value, and //! is declared to take `&self`, not `&mut self`. Therefore, any mutation that happens in the //! `clone` method must use cell types. For example, `Rc` maintains its reference counts within a //! `Cell`. //! //! ``` //! use std::cell::Cell; //! use std::ptr::NonNull; //! use std::process::abort; //! use std::marker::PhantomData; //! //! struct Rc { //! ptr: NonNull>, //! phantom: PhantomData>, //! } //! //! struct RcBox { //! strong: Cell, //! refcount: Cell, //! value: T, //! } //! //! impl Clone for Rc { //! fn clone(&self) -> Rc { //! self.inc_strong(); //! Rc { //! ptr: self.ptr, //! phantom: PhantomData, //! } //! } //! } //! //! trait RcBoxPtr { //! //! fn inner(&self) -> &RcBox; //! //! fn strong(&self) -> usize { //! self.inner().strong.get() //! } //! //! fn inc_strong(&self) { //! self.inner() //! .strong //! .set(self.strong() //! .checked_add(1) //! .unwrap_or_else(|| abort() )); //! } //! } //! //! impl RcBoxPtr for Rc { //! fn inner(&self) -> &RcBox { //! unsafe { //! self.ptr.as_ref() //! } //! } //! } //! ``` //! #![stable(feature = "rust1", since = "1.0.0")] use crate::cmp::Ordering; use crate::fmt::{self, Debug, Display}; use crate::marker::Unsize; use crate::mem; use crate::ops::{CoerceUnsized, Deref, DerefMut}; use crate::ptr; /// A mutable memory location. /// /// # Examples /// /// In this example, you can see that `Cell` enables mutation inside an /// immutable struct. In other words, it enables "interior mutability". /// /// ``` /// use std::cell::Cell; /// /// struct SomeStruct { /// regular_field: u8, /// special_field: Cell, /// } /// /// let my_struct = SomeStruct { /// regular_field: 0, /// special_field: Cell::new(1), /// }; /// /// let new_value = 100; /// /// // ERROR: `my_struct` is immutable /// // my_struct.regular_field = new_value; /// /// // WORKS: although `my_struct` is immutable, `special_field` is a `Cell`, /// // which can always be mutated /// my_struct.special_field.set(new_value); /// assert_eq!(my_struct.special_field.get(), new_value); /// ``` /// /// See the [module-level documentation](self) for more. #[stable(feature = "rust1", since = "1.0.0")] #[repr(transparent)] pub struct Cell { value: UnsafeCell, } #[stable(feature = "rust1", since = "1.0.0")] unsafe impl Send for Cell where T: Send {} #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for Cell {} #[stable(feature = "rust1", since = "1.0.0")] impl Clone for Cell { #[inline] fn clone(&self) -> Cell { Cell::new(self.get()) } } #[stable(feature = "rust1", since = "1.0.0")] impl Default for Cell { /// Creates a `Cell`, with the `Default` value for T. #[inline] fn default() -> Cell { Cell::new(Default::default()) } } #[stable(feature = "rust1", since = "1.0.0")] impl PartialEq for Cell { #[inline] fn eq(&self, other: &Cell) -> bool { self.get() == other.get() } } #[stable(feature = "cell_eq", since = "1.2.0")] impl Eq for Cell {} #[stable(feature = "cell_ord", since = "1.10.0")] impl PartialOrd for Cell { #[inline] fn partial_cmp(&self, other: &Cell) -> Option { self.get().partial_cmp(&other.get()) } #[inline] fn lt(&self, other: &Cell) -> bool { self.get() < other.get() } #[inline] fn le(&self, other: &Cell) -> bool { self.get() <= other.get() } #[inline] fn gt(&self, other: &Cell) -> bool { self.get() > other.get() } #[inline] fn ge(&self, other: &Cell) -> bool { self.get() >= other.get() } } #[stable(feature = "cell_ord", since = "1.10.0")] impl Ord for Cell { #[inline] fn cmp(&self, other: &Cell) -> Ordering { self.get().cmp(&other.get()) } } #[stable(feature = "cell_from", since = "1.12.0")] impl From for Cell { fn from(t: T) -> Cell { Cell::new(t) } } impl Cell { /// Creates a new `Cell` containing the given value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_stable(feature = "const_cell_new", since = "1.32.0")] #[inline] pub const fn new(value: T) -> Cell { Cell { value: UnsafeCell::new(value) } } /// Sets the contained value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// c.set(10); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn set(&self, val: T) { let old = self.replace(val); drop(old); } /// Swaps the values of two Cells. /// Difference with `std::mem::swap` is that this function doesn't require `&mut` reference. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c1 = Cell::new(5i32); /// let c2 = Cell::new(10i32); /// c1.swap(&c2); /// assert_eq!(10, c1.get()); /// assert_eq!(5, c2.get()); /// ``` #[inline] #[stable(feature = "move_cell", since = "1.17.0")] pub fn swap(&self, other: &Self) { if ptr::eq(self, other) { return; } // SAFETY: This can be risky if called from separate threads, but `Cell` // is `!Sync` so this won't happen. This also won't invalidate any // pointers since `Cell` makes sure nothing else will be pointing into // either of these `Cell`s. unsafe { ptr::swap(self.value.get(), other.value.get()); } } /// Replaces the contained value, and returns it. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let cell = Cell::new(5); /// assert_eq!(cell.get(), 5); /// assert_eq!(cell.replace(10), 5); /// assert_eq!(cell.get(), 10); /// ``` #[stable(feature = "move_cell", since = "1.17.0")] pub fn replace(&self, val: T) -> T { // SAFETY: This can cause data races if called from a separate thread, // but `Cell` is `!Sync` so this won't happen. mem::replace(unsafe { &mut *self.value.get() }, val) } /// Unwraps the value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// let five = c.into_inner(); /// /// assert_eq!(five, 5); /// ``` #[stable(feature = "move_cell", since = "1.17.0")] #[rustc_const_unstable(feature = "const_cell_into_inner", issue = "78729")] pub const fn into_inner(self) -> T { self.value.into_inner() } } impl Cell { /// Returns a copy of the contained value. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// let five = c.get(); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn get(&self) -> T { // SAFETY: This can cause data races if called from a separate thread, // but `Cell` is `!Sync` so this won't happen. unsafe { *self.value.get() } } /// Updates the contained value using a function and returns the new value. /// /// # Examples /// /// ``` /// #![feature(cell_update)] /// /// use std::cell::Cell; /// /// let c = Cell::new(5); /// let new = c.update(|x| x + 1); /// /// assert_eq!(new, 6); /// assert_eq!(c.get(), 6); /// ``` #[inline] #[unstable(feature = "cell_update", issue = "50186")] pub fn update(&self, f: F) -> T where F: FnOnce(T) -> T, { let old = self.get(); let new = f(old); self.set(new); new } } impl Cell { /// Returns a raw pointer to the underlying data in this cell. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// /// let ptr = c.as_ptr(); /// ``` #[inline] #[stable(feature = "cell_as_ptr", since = "1.12.0")] #[rustc_const_stable(feature = "const_cell_as_ptr", since = "1.32.0")] pub const fn as_ptr(&self) -> *mut T { self.value.get() } /// Returns a mutable reference to the underlying data. /// /// This call borrows `Cell` mutably (at compile-time) which guarantees /// that we possess the only reference. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let mut c = Cell::new(5); /// *c.get_mut() += 1; /// /// assert_eq!(c.get(), 6); /// ``` #[inline] #[stable(feature = "cell_get_mut", since = "1.11.0")] pub fn get_mut(&mut self) -> &mut T { self.value.get_mut() } /// Returns a `&Cell` from a `&mut T` /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let slice: &mut [i32] = &mut [1, 2, 3]; /// let cell_slice: &Cell<[i32]> = Cell::from_mut(slice); /// let slice_cell: &[Cell] = cell_slice.as_slice_of_cells(); /// /// assert_eq!(slice_cell.len(), 3); /// ``` #[inline] #[stable(feature = "as_cell", since = "1.37.0")] pub fn from_mut(t: &mut T) -> &Cell { // SAFETY: `&mut` ensures unique access. unsafe { &*(t as *mut T as *const Cell) } } } impl Cell { /// Takes the value of the cell, leaving `Default::default()` in its place. /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let c = Cell::new(5); /// let five = c.take(); /// /// assert_eq!(five, 5); /// assert_eq!(c.into_inner(), 0); /// ``` #[stable(feature = "move_cell", since = "1.17.0")] pub fn take(&self) -> T { self.replace(Default::default()) } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl, U> CoerceUnsized> for Cell {} impl Cell<[T]> { /// Returns a `&[Cell]` from a `&Cell<[T]>` /// /// # Examples /// /// ``` /// use std::cell::Cell; /// /// let slice: &mut [i32] = &mut [1, 2, 3]; /// let cell_slice: &Cell<[i32]> = Cell::from_mut(slice); /// let slice_cell: &[Cell] = cell_slice.as_slice_of_cells(); /// /// assert_eq!(slice_cell.len(), 3); /// ``` #[stable(feature = "as_cell", since = "1.37.0")] pub fn as_slice_of_cells(&self) -> &[Cell] { // SAFETY: `Cell` has the same memory layout as `T`. unsafe { &*(self as *const Cell<[T]> as *const [Cell]) } } } /// A mutable memory location with dynamically checked borrow rules /// /// See the [module-level documentation](self) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct RefCell { borrow: Cell, value: UnsafeCell, } /// An error returned by [`RefCell::try_borrow`]. #[stable(feature = "try_borrow", since = "1.13.0")] pub struct BorrowError { _private: (), } #[stable(feature = "try_borrow", since = "1.13.0")] impl Debug for BorrowError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("BorrowError").finish() } } #[stable(feature = "try_borrow", since = "1.13.0")] impl Display for BorrowError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { Display::fmt("already mutably borrowed", f) } } /// An error returned by [`RefCell::try_borrow_mut`]. #[stable(feature = "try_borrow", since = "1.13.0")] pub struct BorrowMutError { _private: (), } #[stable(feature = "try_borrow", since = "1.13.0")] impl Debug for BorrowMutError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("BorrowMutError").finish() } } #[stable(feature = "try_borrow", since = "1.13.0")] impl Display for BorrowMutError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { Display::fmt("already borrowed", f) } } // Positive values represent the number of `Ref` active. Negative values // represent the number of `RefMut` active. Multiple `RefMut`s can only be // active at a time if they refer to distinct, nonoverlapping components of a // `RefCell` (e.g., different ranges of a slice). // // `Ref` and `RefMut` are both two words in size, and so there will likely never // be enough `Ref`s or `RefMut`s in existence to overflow half of the `usize` // range. Thus, a `BorrowFlag` will probably never overflow or underflow. // However, this is not a guarantee, as a pathological program could repeatedly // create and then mem::forget `Ref`s or `RefMut`s. Thus, all code must // explicitly check for overflow and underflow in order to avoid unsafety, or at // least behave correctly in the event that overflow or underflow happens (e.g., // see BorrowRef::new). type BorrowFlag = isize; const UNUSED: BorrowFlag = 0; #[inline(always)] fn is_writing(x: BorrowFlag) -> bool { x < UNUSED } #[inline(always)] fn is_reading(x: BorrowFlag) -> bool { x > UNUSED } impl RefCell { /// Creates a new `RefCell` containing `value`. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_stable(feature = "const_refcell_new", since = "1.32.0")] #[inline] pub const fn new(value: T) -> RefCell { RefCell { value: UnsafeCell::new(value), borrow: Cell::new(UNUSED) } } /// Consumes the `RefCell`, returning the wrapped value. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let five = c.into_inner(); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_unstable(feature = "const_cell_into_inner", issue = "78729")] #[inline] pub const fn into_inner(self) -> T { // Since this function takes `self` (the `RefCell`) by value, the // compiler statically verifies that it is not currently borrowed. self.value.into_inner() } /// Replaces the wrapped value with a new one, returning the old value, /// without deinitializing either one. /// /// This function corresponds to [`std::mem::replace`](../mem/fn.replace.html). /// /// # Panics /// /// Panics if the value is currently borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// let cell = RefCell::new(5); /// let old_value = cell.replace(6); /// assert_eq!(old_value, 5); /// assert_eq!(cell, RefCell::new(6)); /// ``` #[inline] #[stable(feature = "refcell_replace", since = "1.24.0")] #[track_caller] pub fn replace(&self, t: T) -> T { mem::replace(&mut *self.borrow_mut(), t) } /// Replaces the wrapped value with a new one computed from `f`, returning /// the old value, without deinitializing either one. /// /// # Panics /// /// Panics if the value is currently borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// let cell = RefCell::new(5); /// let old_value = cell.replace_with(|&mut old| old + 1); /// assert_eq!(old_value, 5); /// assert_eq!(cell, RefCell::new(6)); /// ``` #[inline] #[stable(feature = "refcell_replace_swap", since = "1.35.0")] #[track_caller] pub fn replace_with T>(&self, f: F) -> T { let mut_borrow = &mut *self.borrow_mut(); let replacement = f(mut_borrow); mem::replace(mut_borrow, replacement) } /// Swaps the wrapped value of `self` with the wrapped value of `other`, /// without deinitializing either one. /// /// This function corresponds to [`std::mem::swap`](../mem/fn.swap.html). /// /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// let c = RefCell::new(5); /// let d = RefCell::new(6); /// c.swap(&d); /// assert_eq!(c, RefCell::new(6)); /// assert_eq!(d, RefCell::new(5)); /// ``` #[inline] #[stable(feature = "refcell_swap", since = "1.24.0")] pub fn swap(&self, other: &Self) { mem::swap(&mut *self.borrow_mut(), &mut *other.borrow_mut()) } } impl RefCell { /// Immutably borrows the wrapped value. /// /// The borrow lasts until the returned `Ref` exits scope. Multiple /// immutable borrows can be taken out at the same time. /// /// # Panics /// /// Panics if the value is currently mutably borrowed. For a non-panicking variant, use /// [`try_borrow`](#method.try_borrow). /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let borrowed_five = c.borrow(); /// let borrowed_five2 = c.borrow(); /// ``` /// /// An example of panic: /// /// ```should_panic /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let m = c.borrow_mut(); /// let b = c.borrow(); // this causes a panic /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] #[track_caller] pub fn borrow(&self) -> Ref<'_, T> { self.try_borrow().expect("already mutably borrowed") } /// Immutably borrows the wrapped value, returning an error if the value is currently mutably /// borrowed. /// /// The borrow lasts until the returned `Ref` exits scope. Multiple immutable borrows can be /// taken out at the same time. /// /// This is the non-panicking variant of [`borrow`](#method.borrow). /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// { /// let m = c.borrow_mut(); /// assert!(c.try_borrow().is_err()); /// } /// /// { /// let m = c.borrow(); /// assert!(c.try_borrow().is_ok()); /// } /// ``` #[stable(feature = "try_borrow", since = "1.13.0")] #[inline] pub fn try_borrow(&self) -> Result, BorrowError> { match BorrowRef::new(&self.borrow) { // SAFETY: `BorrowRef` ensures that there is only immutable access // to the value while borrowed. Some(b) => Ok(Ref { value: unsafe { &*self.value.get() }, borrow: b }), None => Err(BorrowError { _private: () }), } } /// Mutably borrows the wrapped value. /// /// The borrow lasts until the returned `RefMut` or all `RefMut`s derived /// from it exit scope. The value cannot be borrowed while this borrow is /// active. /// /// # Panics /// /// Panics if the value is currently borrowed. For a non-panicking variant, use /// [`try_borrow_mut`](#method.try_borrow_mut). /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new("hello".to_owned()); /// /// *c.borrow_mut() = "bonjour".to_owned(); /// /// assert_eq!(&*c.borrow(), "bonjour"); /// ``` /// /// An example of panic: /// /// ```should_panic /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// let m = c.borrow(); /// /// let b = c.borrow_mut(); // this causes a panic /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[inline] #[track_caller] pub fn borrow_mut(&self) -> RefMut<'_, T> { self.try_borrow_mut().expect("already borrowed") } /// Mutably borrows the wrapped value, returning an error if the value is currently borrowed. /// /// The borrow lasts until the returned `RefMut` or all `RefMut`s derived /// from it exit scope. The value cannot be borrowed while this borrow is /// active. /// /// This is the non-panicking variant of [`borrow_mut`](#method.borrow_mut). /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// { /// let m = c.borrow(); /// assert!(c.try_borrow_mut().is_err()); /// } /// /// assert!(c.try_borrow_mut().is_ok()); /// ``` #[stable(feature = "try_borrow", since = "1.13.0")] #[inline] pub fn try_borrow_mut(&self) -> Result, BorrowMutError> { match BorrowRefMut::new(&self.borrow) { // SAFETY: `BorrowRef` guarantees unique access. Some(b) => Ok(RefMut { value: unsafe { &mut *self.value.get() }, borrow: b }), None => Err(BorrowMutError { _private: () }), } } /// Returns a raw pointer to the underlying data in this cell. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// let ptr = c.as_ptr(); /// ``` #[inline] #[stable(feature = "cell_as_ptr", since = "1.12.0")] pub fn as_ptr(&self) -> *mut T { self.value.get() } /// Returns a mutable reference to the underlying data. /// /// This call borrows `RefCell` mutably (at compile-time) so there is no /// need for dynamic checks. /// /// However be cautious: this method expects `self` to be mutable, which is /// generally not the case when using a `RefCell`. Take a look at the /// [`borrow_mut`] method instead if `self` isn't mutable. /// /// Also, please be aware that this method is only for special circumstances and is usually /// not what you want. In case of doubt, use [`borrow_mut`] instead. /// /// [`borrow_mut`]: RefCell::borrow_mut() /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let mut c = RefCell::new(5); /// *c.get_mut() += 1; /// /// assert_eq!(c, RefCell::new(6)); /// ``` #[inline] #[stable(feature = "cell_get_mut", since = "1.11.0")] pub fn get_mut(&mut self) -> &mut T { self.value.get_mut() } /// Undo the effect of leaked guards on the borrow state of the `RefCell`. /// /// This call is similar to [`get_mut`] but more specialized. It borrows `RefCell` mutably to /// ensure no borrows exist and then resets the state tracking shared borrows. This is relevant /// if some `Ref` or `RefMut` borrows have been leaked. /// /// [`get_mut`]: RefCell::get_mut() /// /// # Examples /// /// ``` /// #![feature(cell_leak)] /// use std::cell::RefCell; /// /// let mut c = RefCell::new(0); /// std::mem::forget(c.borrow_mut()); /// /// assert!(c.try_borrow().is_err()); /// c.undo_leak(); /// assert!(c.try_borrow().is_ok()); /// ``` #[unstable(feature = "cell_leak", issue = "69099")] pub fn undo_leak(&mut self) -> &mut T { *self.borrow.get_mut() = UNUSED; self.get_mut() } /// Immutably borrows the wrapped value, returning an error if the value is /// currently mutably borrowed. /// /// # Safety /// /// Unlike `RefCell::borrow`, this method is unsafe because it does not /// return a `Ref`, thus leaving the borrow flag untouched. Mutably /// borrowing the `RefCell` while the reference returned by this method /// is alive is undefined behaviour. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// /// { /// let m = c.borrow_mut(); /// assert!(unsafe { c.try_borrow_unguarded() }.is_err()); /// } /// /// { /// let m = c.borrow(); /// assert!(unsafe { c.try_borrow_unguarded() }.is_ok()); /// } /// ``` #[stable(feature = "borrow_state", since = "1.37.0")] #[inline] pub unsafe fn try_borrow_unguarded(&self) -> Result<&T, BorrowError> { if !is_writing(self.borrow.get()) { // SAFETY: We check that nobody is actively writing now, but it is // the caller's responsibility to ensure that nobody writes until // the returned reference is no longer in use. // Also, `self.value.get()` refers to the value owned by `self` // and is thus guaranteed to be valid for the lifetime of `self`. Ok(unsafe { &*self.value.get() }) } else { Err(BorrowError { _private: () }) } } } impl RefCell { /// Takes the wrapped value, leaving `Default::default()` in its place. /// /// # Panics /// /// Panics if the value is currently borrowed. /// /// # Examples /// /// ``` /// use std::cell::RefCell; /// /// let c = RefCell::new(5); /// let five = c.take(); /// /// assert_eq!(five, 5); /// assert_eq!(c.into_inner(), 0); /// ``` #[stable(feature = "refcell_take", since = "1.50.0")] pub fn take(&self) -> T { self.replace(Default::default()) } } #[stable(feature = "rust1", since = "1.0.0")] unsafe impl Send for RefCell where T: Send {} #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for RefCell {} #[stable(feature = "rust1", since = "1.0.0")] impl Clone for RefCell { /// # Panics /// /// Panics if the value is currently mutably borrowed. #[inline] #[track_caller] fn clone(&self) -> RefCell { RefCell::new(self.borrow().clone()) } } #[stable(feature = "rust1", since = "1.0.0")] impl Default for RefCell { /// Creates a `RefCell`, with the `Default` value for T. #[inline] fn default() -> RefCell { RefCell::new(Default::default()) } } #[stable(feature = "rust1", since = "1.0.0")] impl PartialEq for RefCell { /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn eq(&self, other: &RefCell) -> bool { *self.borrow() == *other.borrow() } } #[stable(feature = "cell_eq", since = "1.2.0")] impl Eq for RefCell {} #[stable(feature = "cell_ord", since = "1.10.0")] impl PartialOrd for RefCell { /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn partial_cmp(&self, other: &RefCell) -> Option { self.borrow().partial_cmp(&*other.borrow()) } /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn lt(&self, other: &RefCell) -> bool { *self.borrow() < *other.borrow() } /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn le(&self, other: &RefCell) -> bool { *self.borrow() <= *other.borrow() } /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn gt(&self, other: &RefCell) -> bool { *self.borrow() > *other.borrow() } /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn ge(&self, other: &RefCell) -> bool { *self.borrow() >= *other.borrow() } } #[stable(feature = "cell_ord", since = "1.10.0")] impl Ord for RefCell { /// # Panics /// /// Panics if the value in either `RefCell` is currently borrowed. #[inline] fn cmp(&self, other: &RefCell) -> Ordering { self.borrow().cmp(&*other.borrow()) } } #[stable(feature = "cell_from", since = "1.12.0")] impl From for RefCell { fn from(t: T) -> RefCell { RefCell::new(t) } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl, U> CoerceUnsized> for RefCell {} struct BorrowRef<'b> { borrow: &'b Cell, } impl<'b> BorrowRef<'b> { #[inline] fn new(borrow: &'b Cell) -> Option> { let b = borrow.get().wrapping_add(1); if !is_reading(b) { // Incrementing borrow can result in a non-reading value (<= 0) in these cases: // 1. It was < 0, i.e. there are writing borrows, so we can't allow a read borrow // due to Rust's reference aliasing rules // 2. It was isize::MAX (the max amount of reading borrows) and it overflowed // into isize::MIN (the max amount of writing borrows) so we can't allow // an additional read borrow because isize can't represent so many read borrows // (this can only happen if you mem::forget more than a small constant amount of // `Ref`s, which is not good practice) None } else { // Incrementing borrow can result in a reading value (> 0) in these cases: // 1. It was = 0, i.e. it wasn't borrowed, and we are taking the first read borrow // 2. It was > 0 and < isize::MAX, i.e. there were read borrows, and isize // is large enough to represent having one more read borrow borrow.set(b); Some(BorrowRef { borrow }) } } } impl Drop for BorrowRef<'_> { #[inline] fn drop(&mut self) { let borrow = self.borrow.get(); debug_assert!(is_reading(borrow)); self.borrow.set(borrow - 1); } } impl Clone for BorrowRef<'_> { #[inline] fn clone(&self) -> Self { // Since this Ref exists, we know the borrow flag // is a reading borrow. let borrow = self.borrow.get(); debug_assert!(is_reading(borrow)); // Prevent the borrow counter from overflowing into // a writing borrow. assert!(borrow != isize::MAX); self.borrow.set(borrow + 1); BorrowRef { borrow: self.borrow } } } /// Wraps a borrowed reference to a value in a `RefCell` box. /// A wrapper type for an immutably borrowed value from a `RefCell`. /// /// See the [module-level documentation](self) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct Ref<'b, T: ?Sized + 'b> { value: &'b T, borrow: BorrowRef<'b>, } #[stable(feature = "rust1", since = "1.0.0")] impl Deref for Ref<'_, T> { type Target = T; #[inline] fn deref(&self) -> &T { self.value } } impl<'b, T: ?Sized> Ref<'b, T> { /// Copies a `Ref`. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `Ref::clone(...)`. A `Clone` implementation or a method would interfere /// with the widespread use of `r.borrow().clone()` to clone the contents of /// a `RefCell`. #[stable(feature = "cell_extras", since = "1.15.0")] #[inline] pub fn clone(orig: &Ref<'b, T>) -> Ref<'b, T> { Ref { value: orig.value, borrow: orig.borrow.clone() } } /// Makes a new `Ref` for a component of the borrowed data. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as `Ref::map(...)`. /// A method would interfere with methods of the same name on the contents /// of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// use std::cell::{RefCell, Ref}; /// /// let c = RefCell::new((5, 'b')); /// let b1: Ref<(u32, char)> = c.borrow(); /// let b2: Ref = Ref::map(b1, |t| &t.0); /// assert_eq!(*b2, 5) /// ``` #[stable(feature = "cell_map", since = "1.8.0")] #[inline] pub fn map(orig: Ref<'b, T>, f: F) -> Ref<'b, U> where F: FnOnce(&T) -> &U, { Ref { value: f(orig.value), borrow: orig.borrow } } /// Makes a new `Ref` for an optional component of the borrowed data. The /// original guard is returned as an `Err(..)` if the closure returns /// `None`. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `Ref::filter_map(...)`. A method would interfere with methods of the same /// name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// #![feature(cell_filter_map)] /// /// use std::cell::{RefCell, Ref}; /// /// let c = RefCell::new(vec![1, 2, 3]); /// let b1: Ref> = c.borrow(); /// let b2: Result, _> = Ref::filter_map(b1, |v| v.get(1)); /// assert_eq!(*b2.unwrap(), 2); /// ``` #[unstable(feature = "cell_filter_map", reason = "recently added", issue = "81061")] #[inline] pub fn filter_map(orig: Ref<'b, T>, f: F) -> Result, Self> where F: FnOnce(&T) -> Option<&U>, { match f(orig.value) { Some(value) => Ok(Ref { value, borrow: orig.borrow }), None => Err(orig), } } /// Splits a `Ref` into multiple `Ref`s for different components of the /// borrowed data. /// /// The `RefCell` is already immutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `Ref::map_split(...)`. A method would interfere with methods of the same /// name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// use std::cell::{Ref, RefCell}; /// /// let cell = RefCell::new([1, 2, 3, 4]); /// let borrow = cell.borrow(); /// let (begin, end) = Ref::map_split(borrow, |slice| slice.split_at(2)); /// assert_eq!(*begin, [1, 2]); /// assert_eq!(*end, [3, 4]); /// ``` #[stable(feature = "refcell_map_split", since = "1.35.0")] #[inline] pub fn map_split(orig: Ref<'b, T>, f: F) -> (Ref<'b, U>, Ref<'b, V>) where F: FnOnce(&T) -> (&U, &V), { let (a, b) = f(orig.value); let borrow = orig.borrow.clone(); (Ref { value: a, borrow }, Ref { value: b, borrow: orig.borrow }) } /// Convert into a reference to the underlying data. /// /// The underlying `RefCell` can never be mutably borrowed from again and will always appear /// already immutably borrowed. It is not a good idea to leak more than a constant number of /// references. The `RefCell` can be immutably borrowed again if only a smaller number of leaks /// have occurred in total. /// /// This is an associated function that needs to be used as /// `Ref::leak(...)`. A method would interfere with methods of the /// same name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// #![feature(cell_leak)] /// use std::cell::{RefCell, Ref}; /// let cell = RefCell::new(0); /// /// let value = Ref::leak(cell.borrow()); /// assert_eq!(*value, 0); /// /// assert!(cell.try_borrow().is_ok()); /// assert!(cell.try_borrow_mut().is_err()); /// ``` #[unstable(feature = "cell_leak", issue = "69099")] pub fn leak(orig: Ref<'b, T>) -> &'b T { // By forgetting this Ref we ensure that the borrow counter in the RefCell can't go back to // UNUSED within the lifetime `'b`. Resetting the reference tracking state would require a // unique reference to the borrowed RefCell. No further mutable references can be created // from the original cell. mem::forget(orig.borrow); orig.value } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl<'b, T: ?Sized + Unsize, U: ?Sized> CoerceUnsized> for Ref<'b, T> {} #[stable(feature = "std_guard_impls", since = "1.20.0")] impl fmt::Display for Ref<'_, T> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.value.fmt(f) } } impl<'b, T: ?Sized> RefMut<'b, T> { /// Makes a new `RefMut` for a component of the borrowed data, e.g., an enum /// variant. /// /// The `RefCell` is already mutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `RefMut::map(...)`. A method would interfere with methods of the same /// name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// use std::cell::{RefCell, RefMut}; /// /// let c = RefCell::new((5, 'b')); /// { /// let b1: RefMut<(u32, char)> = c.borrow_mut(); /// let mut b2: RefMut = RefMut::map(b1, |t| &mut t.0); /// assert_eq!(*b2, 5); /// *b2 = 42; /// } /// assert_eq!(*c.borrow(), (42, 'b')); /// ``` #[stable(feature = "cell_map", since = "1.8.0")] #[inline] pub fn map(orig: RefMut<'b, T>, f: F) -> RefMut<'b, U> where F: FnOnce(&mut T) -> &mut U, { // FIXME(nll-rfc#40): fix borrow-check let RefMut { value, borrow } = orig; RefMut { value: f(value), borrow } } /// Makes a new `RefMut` for an optional component of the borrowed data. The /// original guard is returned as an `Err(..)` if the closure returns /// `None`. /// /// The `RefCell` is already mutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `RefMut::filter_map(...)`. A method would interfere with methods of the /// same name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// #![feature(cell_filter_map)] /// /// use std::cell::{RefCell, RefMut}; /// /// let c = RefCell::new(vec![1, 2, 3]); /// /// { /// let b1: RefMut> = c.borrow_mut(); /// let mut b2: Result, _> = RefMut::filter_map(b1, |v| v.get_mut(1)); /// /// if let Ok(mut b2) = b2 { /// *b2 += 2; /// } /// } /// /// assert_eq!(*c.borrow(), vec![1, 4, 3]); /// ``` #[unstable(feature = "cell_filter_map", reason = "recently added", issue = "81061")] #[inline] pub fn filter_map(orig: RefMut<'b, T>, f: F) -> Result, Self> where F: FnOnce(&mut T) -> Option<&mut U>, { // FIXME(nll-rfc#40): fix borrow-check let RefMut { value, borrow } = orig; let value = value as *mut T; // SAFETY: function holds onto an exclusive reference for the duration // of its call through `orig`, and the pointer is only de-referenced // inside of the function call never allowing the exclusive reference to // escape. match f(unsafe { &mut *value }) { Some(value) => Ok(RefMut { value, borrow }), None => { // SAFETY: same as above. Err(RefMut { value: unsafe { &mut *value }, borrow }) } } } /// Splits a `RefMut` into multiple `RefMut`s for different components of the /// borrowed data. /// /// The underlying `RefCell` will remain mutably borrowed until both /// returned `RefMut`s go out of scope. /// /// The `RefCell` is already mutably borrowed, so this cannot fail. /// /// This is an associated function that needs to be used as /// `RefMut::map_split(...)`. A method would interfere with methods of the /// same name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// use std::cell::{RefCell, RefMut}; /// /// let cell = RefCell::new([1, 2, 3, 4]); /// let borrow = cell.borrow_mut(); /// let (mut begin, mut end) = RefMut::map_split(borrow, |slice| slice.split_at_mut(2)); /// assert_eq!(*begin, [1, 2]); /// assert_eq!(*end, [3, 4]); /// begin.copy_from_slice(&[4, 3]); /// end.copy_from_slice(&[2, 1]); /// ``` #[stable(feature = "refcell_map_split", since = "1.35.0")] #[inline] pub fn map_split( orig: RefMut<'b, T>, f: F, ) -> (RefMut<'b, U>, RefMut<'b, V>) where F: FnOnce(&mut T) -> (&mut U, &mut V), { let (a, b) = f(orig.value); let borrow = orig.borrow.clone(); (RefMut { value: a, borrow }, RefMut { value: b, borrow: orig.borrow }) } /// Convert into a mutable reference to the underlying data. /// /// The underlying `RefCell` can not be borrowed from again and will always appear already /// mutably borrowed, making the returned reference the only to the interior. /// /// This is an associated function that needs to be used as /// `RefMut::leak(...)`. A method would interfere with methods of the /// same name on the contents of a `RefCell` used through `Deref`. /// /// # Examples /// /// ``` /// #![feature(cell_leak)] /// use std::cell::{RefCell, RefMut}; /// let cell = RefCell::new(0); /// /// let value = RefMut::leak(cell.borrow_mut()); /// assert_eq!(*value, 0); /// *value = 1; /// /// assert!(cell.try_borrow_mut().is_err()); /// ``` #[unstable(feature = "cell_leak", issue = "69099")] pub fn leak(orig: RefMut<'b, T>) -> &'b mut T { // By forgetting this BorrowRefMut we ensure that the borrow counter in the RefCell can't // go back to UNUSED within the lifetime `'b`. Resetting the reference tracking state would // require a unique reference to the borrowed RefCell. No further references can be created // from the original cell within that lifetime, making the current borrow the only // reference for the remaining lifetime. mem::forget(orig.borrow); orig.value } } struct BorrowRefMut<'b> { borrow: &'b Cell, } impl Drop for BorrowRefMut<'_> { #[inline] fn drop(&mut self) { let borrow = self.borrow.get(); debug_assert!(is_writing(borrow)); self.borrow.set(borrow + 1); } } impl<'b> BorrowRefMut<'b> { #[inline] fn new(borrow: &'b Cell) -> Option> { // NOTE: Unlike BorrowRefMut::clone, new is called to create the initial // mutable reference, and so there must currently be no existing // references. Thus, while clone increments the mutable refcount, here // we explicitly only allow going from UNUSED to UNUSED - 1. match borrow.get() { UNUSED => { borrow.set(UNUSED - 1); Some(BorrowRefMut { borrow }) } _ => None, } } // Clones a `BorrowRefMut`. // // This is only valid if each `BorrowRefMut` is used to track a mutable // reference to a distinct, nonoverlapping range of the original object. // This isn't in a Clone impl so that code doesn't call this implicitly. #[inline] fn clone(&self) -> BorrowRefMut<'b> { let borrow = self.borrow.get(); debug_assert!(is_writing(borrow)); // Prevent the borrow counter from underflowing. assert!(borrow != isize::MIN); self.borrow.set(borrow - 1); BorrowRefMut { borrow: self.borrow } } } /// A wrapper type for a mutably borrowed value from a `RefCell`. /// /// See the [module-level documentation](self) for more. #[stable(feature = "rust1", since = "1.0.0")] pub struct RefMut<'b, T: ?Sized + 'b> { value: &'b mut T, borrow: BorrowRefMut<'b>, } #[stable(feature = "rust1", since = "1.0.0")] impl Deref for RefMut<'_, T> { type Target = T; #[inline] fn deref(&self) -> &T { self.value } } #[stable(feature = "rust1", since = "1.0.0")] impl DerefMut for RefMut<'_, T> { #[inline] fn deref_mut(&mut self) -> &mut T { self.value } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl<'b, T: ?Sized + Unsize, U: ?Sized> CoerceUnsized> for RefMut<'b, T> {} #[stable(feature = "std_guard_impls", since = "1.20.0")] impl fmt::Display for RefMut<'_, T> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.value.fmt(f) } } /// The core primitive for interior mutability in Rust. /// /// `UnsafeCell` is a type that wraps some `T` and indicates unsafe interior operations on the /// wrapped type. Types with an `UnsafeCell` field are considered to have an 'unsafe interior'. /// The `UnsafeCell` type is the only legal way to obtain aliasable data that is considered /// mutable. In general, transmuting an `&T` type into an `&mut T` is considered undefined behavior. /// /// If you have a reference `&SomeStruct`, then normally in Rust all fields of `SomeStruct` are /// immutable. The compiler makes optimizations based on the knowledge that `&T` is not mutably /// aliased or mutated, and that `&mut T` is unique. `UnsafeCell` is the only core language /// feature to work around the restriction that `&T` may not be mutated. All other types that /// allow internal mutability, such as `Cell` and `RefCell`, use `UnsafeCell` to wrap their /// internal data. There is *no* legal way to obtain aliasing `&mut`, not even with `UnsafeCell`. /// /// The `UnsafeCell` API itself is technically very simple: [`.get()`] gives you a raw pointer /// `*mut T` to its contents. It is up to _you_ as the abstraction designer to use that raw pointer /// correctly. /// /// [`.get()`]: `UnsafeCell::get` /// /// The precise Rust aliasing rules are somewhat in flux, but the main points are not contentious: /// /// - If you create a safe reference with lifetime `'a` (either a `&T` or `&mut T` /// reference) that is accessible by safe code (for example, because you returned it), /// then you must not access the data in any way that contradicts that reference for the /// remainder of `'a`. For example, this means that if you take the `*mut T` from an /// `UnsafeCell` and cast it to an `&T`, then the data in `T` must remain immutable /// (modulo any `UnsafeCell` data found within `T`, of course) until that reference's /// lifetime expires. Similarly, if you create a `&mut T` reference that is released to /// safe code, then you must not access the data within the `UnsafeCell` until that /// reference expires. /// /// - At all times, you must avoid data races. If multiple threads have access to /// the same `UnsafeCell`, then any writes must have a proper happens-before relation to all other /// accesses (or use atomics). /// /// To assist with proper design, the following scenarios are explicitly declared legal /// for single-threaded code: /// /// 1. A `&T` reference can be released to safe code and there it can co-exist with other `&T` /// references, but not with a `&mut T` /// /// 2. A `&mut T` reference may be released to safe code provided neither other `&mut T` nor `&T` /// co-exist with it. A `&mut T` must always be unique. /// /// Note that whilst mutating the contents of an `&UnsafeCell` (even while other /// `&UnsafeCell` references alias the cell) is /// ok (provided you enforce the above invariants some other way), it is still undefined behavior /// to have multiple `&mut UnsafeCell` aliases. That is, `UnsafeCell` is a wrapper /// designed to have a special interaction with _shared_ accesses (_i.e._, through an /// `&UnsafeCell<_>` reference); there is no magic whatsoever when dealing with _exclusive_ /// accesses (_e.g._, through an `&mut UnsafeCell<_>`): neither the cell nor the wrapped value /// may be aliased for the duration of that `&mut` borrow. /// This is showcased by the [`.get_mut()`] accessor, which is a _safe_ getter that yields /// a `&mut T`. /// /// [`.get_mut()`]: `UnsafeCell::get_mut` /// /// # Examples /// /// Here is an example showcasing how to soundly mutate the contents of an `UnsafeCell<_>` despite /// there being multiple references aliasing the cell: /// /// ``` /// use std::cell::UnsafeCell; /// /// let x: UnsafeCell = 42.into(); /// // Get multiple / concurrent / shared references to the same `x`. /// let (p1, p2): (&UnsafeCell, &UnsafeCell) = (&x, &x); /// /// unsafe { /// // SAFETY: within this scope there are no other references to `x`'s contents, /// // so ours is effectively unique. /// let p1_exclusive: &mut i32 = &mut *p1.get(); // -- borrow --+ /// *p1_exclusive += 27; // | /// } // <---------- cannot go beyond this point -------------------+ /// /// unsafe { /// // SAFETY: within this scope nobody expects to have exclusive access to `x`'s contents, /// // so we can have multiple shared accesses concurrently. /// let p2_shared: &i32 = &*p2.get(); /// assert_eq!(*p2_shared, 42 + 27); /// let p1_shared: &i32 = &*p1.get(); /// assert_eq!(*p1_shared, *p2_shared); /// } /// ``` /// /// The following example showcases the fact that exclusive access to an `UnsafeCell` /// implies exclusive access to its `T`: /// /// ```rust /// #![forbid(unsafe_code)] // with exclusive accesses, /// // `UnsafeCell` is a transparent no-op wrapper, /// // so no need for `unsafe` here. /// use std::cell::UnsafeCell; /// /// let mut x: UnsafeCell = 42.into(); /// /// // Get a compile-time-checked unique reference to `x`. /// let p_unique: &mut UnsafeCell = &mut x; /// // With an exclusive reference, we can mutate the contents for free. /// *p_unique.get_mut() = 0; /// // Or, equivalently: /// x = UnsafeCell::new(0); /// /// // When we own the value, we can extract the contents for free. /// let contents: i32 = x.into_inner(); /// assert_eq!(contents, 0); /// ``` #[lang = "unsafe_cell"] #[stable(feature = "rust1", since = "1.0.0")] #[repr(transparent)] #[repr(no_niche)] // rust-lang/rust#68303. pub struct UnsafeCell { value: T, } #[stable(feature = "rust1", since = "1.0.0")] impl !Sync for UnsafeCell {} impl UnsafeCell { /// Constructs a new instance of `UnsafeCell` which will wrap the specified /// value. /// /// All access to the inner value through methods is `unsafe`. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// ``` #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_stable(feature = "const_unsafe_cell_new", since = "1.32.0")] #[inline] pub const fn new(value: T) -> UnsafeCell { UnsafeCell { value } } /// Unwraps the value. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// /// let five = uc.into_inner(); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_unstable(feature = "const_cell_into_inner", issue = "78729")] pub const fn into_inner(self) -> T { self.value } } impl UnsafeCell { /// Gets a mutable pointer to the wrapped value. /// /// This can be cast to a pointer of any kind. /// Ensure that the access is unique (no active references, mutable or not) /// when casting to `&mut T`, and ensure that there are no mutations /// or mutable aliases going on when casting to `&T` /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let uc = UnsafeCell::new(5); /// /// let five = uc.get(); /// ``` #[inline] #[stable(feature = "rust1", since = "1.0.0")] #[rustc_const_stable(feature = "const_unsafecell_get", since = "1.32.0")] pub const fn get(&self) -> *mut T { // We can just cast the pointer from `UnsafeCell` to `T` because of // #[repr(transparent)]. This exploits libstd's special status, there is // no guarantee for user code that this will work in future versions of the compiler! self as *const UnsafeCell as *const T as *mut T } /// Returns a mutable reference to the underlying data. /// /// This call borrows the `UnsafeCell` mutably (at compile-time) which /// guarantees that we possess the only reference. /// /// # Examples /// /// ``` /// use std::cell::UnsafeCell; /// /// let mut c = UnsafeCell::new(5); /// *c.get_mut() += 1; /// /// assert_eq!(*c.get_mut(), 6); /// ``` #[inline] #[stable(feature = "unsafe_cell_get_mut", since = "1.50.0")] pub fn get_mut(&mut self) -> &mut T { &mut self.value } /// Gets a mutable pointer to the wrapped value. /// The difference to [`get`] is that this function accepts a raw pointer, /// which is useful to avoid the creation of temporary references. /// /// The result can be cast to a pointer of any kind. /// Ensure that the access is unique (no active references, mutable or not) /// when casting to `&mut T`, and ensure that there are no mutations /// or mutable aliases going on when casting to `&T`. /// /// [`get`]: UnsafeCell::get() /// /// # Examples /// /// Gradual initialization of an `UnsafeCell` requires `raw_get`, as /// calling `get` would require creating a reference to uninitialized data: /// /// ``` /// #![feature(unsafe_cell_raw_get)] /// use std::cell::UnsafeCell; /// use std::mem::MaybeUninit; /// /// let m = MaybeUninit::>::uninit(); /// unsafe { UnsafeCell::raw_get(m.as_ptr()).write(5); } /// let uc = unsafe { m.assume_init() }; /// /// assert_eq!(uc.into_inner(), 5); /// ``` #[inline] #[unstable(feature = "unsafe_cell_raw_get", issue = "66358")] pub const fn raw_get(this: *const Self) -> *mut T { // We can just cast the pointer from `UnsafeCell` to `T` because of // #[repr(transparent)]. This exploits libstd's special status, there is // no guarantee for user code that this will work in future versions of the compiler! this as *const T as *mut T } } #[stable(feature = "unsafe_cell_default", since = "1.10.0")] impl Default for UnsafeCell { /// Creates an `UnsafeCell`, with the `Default` value for T. fn default() -> UnsafeCell { UnsafeCell::new(Default::default()) } } #[stable(feature = "cell_from", since = "1.12.0")] impl From for UnsafeCell { fn from(t: T) -> UnsafeCell { UnsafeCell::new(t) } } #[unstable(feature = "coerce_unsized", issue = "27732")] impl, U> CoerceUnsized> for UnsafeCell {} #[allow(unused)] fn assert_coerce_unsized(a: UnsafeCell<&i32>, b: Cell<&i32>, c: RefCell<&i32>) { let _: UnsafeCell<&dyn Send> = a; let _: Cell<&dyn Send> = b; let _: RefCell<&dyn Send> = c; }