Auto merge of #56275 - RalfJung:win-mutex, r=SimonSapin

bors · bors · commit 8660eba2b9be · 2018-12-02T13:45:22.000Z
use MaybeUninit instead of mem::uninitialized for Windows Mutex

I hope this builds, I do not have a Windows machine to test...
diff --git a/src/liballoc/collections/btree/node.rs b/src/liballoc/collections/btree/node.rs
@@ -602,7 +602,7 @@ impl<'a, K: 'a, V: 'a, Type> NodeRef<marker::Mut<'a>, K, V, Type> {
         } else {
             unsafe {
                 slice::from_raw_parts_mut(
-                    self.as_leaf_mut().keys.get_mut() as *mut [K] as *mut K,
+                    self.as_leaf_mut().keys.as_mut_ptr() as *mut K,
                     self.len()
                 )
             }
@@ -613,7 +613,7 @@ impl<'a, K: 'a, V: 'a, Type> NodeRef<marker::Mut<'a>, K, V, Type> {
         debug_assert!(!self.is_shared_root());
         unsafe {
             slice::from_raw_parts_mut(
-                self.as_leaf_mut().vals.get_mut() as *mut [V] as *mut V,
+                self.as_leaf_mut().vals.as_mut_ptr() as *mut V,
                 self.len()
             )
         }
diff --git a/src/libcore/fmt/float.rs b/src/libcore/fmt/float.rs
@@ -22,6 +22,9 @@ fn float_to_decimal_common_exact<T>(fmt: &mut Formatter, num: &T,
     unsafe {
         let mut buf = MaybeUninit::<[u8; 1024]>::uninitialized(); // enough for f32 and f64
         let mut parts = MaybeUninit::<[flt2dec::Part; 4]>::uninitialized();
+        // FIXME(#53491): Technically, this is calling `get_mut` on an uninitialized
+        // `MaybeUninit` (here and elsewhere in this file).  Revisit this once
+        // we decided whether that is valid or not.
         let formatted = flt2dec::to_exact_fixed_str(flt2dec::strategy::grisu::format_exact,
                                                     *num, sign, precision,
                                                     false, buf.get_mut(), parts.get_mut());
diff --git a/src/libcore/mem.rs b/src/libcore/mem.rs
@@ -1118,6 +1118,9 @@ impl<T> MaybeUninit<T> {
     ///
     /// It is up to the caller to guarantee that the `MaybeUninit` really is in an initialized
     /// state, otherwise this will immediately cause undefined behavior.
+    // FIXME(#53491): We currently rely on the above being incorrect, i.e., we have references
+    // to uninitialized data (e.g. in `libcore/fmt/float.rs`).  We should make
+    // a final decision about the rules before stabilization.
     #[unstable(feature = "maybe_uninit", issue = "53491")]
     #[inline(always)]
     pub unsafe fn get_mut(&mut self) -> &mut T {
diff --git a/src/libstd/lib.rs b/src/libstd/lib.rs
@@ -311,6 +311,7 @@
 #![feature(panic_info_message)]
 #![feature(non_exhaustive)]
 #![feature(alloc_layout_extra)]
+#![feature(maybe_uninit)]
 
 #![default_lib_allocator]
 
diff --git a/src/libstd/sys/windows/mutex.rs b/src/libstd/sys/windows/mutex.rs
@@ -30,7 +30,7 @@
 //! detect recursive locks.
 
 use cell::UnsafeCell;
-use mem;
+use mem::{self, MaybeUninit};
 use sync::atomic::{AtomicUsize, Ordering};
 use sys::c;
 use sys::compat;
@@ -157,34 +157,34 @@ fn kind() -> Kind {
     return ret;
 }
 
-pub struct ReentrantMutex { inner: UnsafeCell<c::CRITICAL_SECTION> }
+pub struct ReentrantMutex { inner: UnsafeCell<MaybeUninit<c::CRITICAL_SECTION>> }
 
 unsafe impl Send for ReentrantMutex {}
 unsafe impl Sync for ReentrantMutex {}
 
 impl ReentrantMutex {
-    pub unsafe fn uninitialized() -> ReentrantMutex {
-        mem::uninitialized()
+    pub fn uninitialized() -> ReentrantMutex {
+        ReentrantMutex { inner: UnsafeCell::new(MaybeUninit::uninitialized()) }
     }
 
     pub unsafe fn init(&mut self) {
-        c::InitializeCriticalSection(self.inner.get());
+        c::InitializeCriticalSection((&mut *self.inner.get()).as_mut_ptr());
     }
 
     pub unsafe fn lock(&self) {
-        c::EnterCriticalSection(self.inner.get());
+        c::EnterCriticalSection((&mut *self.inner.get()).as_mut_ptr());
     }
 
     #[inline]
     pub unsafe fn try_lock(&self) -> bool {
-        c::TryEnterCriticalSection(self.inner.get()) != 0
+        c::TryEnterCriticalSection((&mut *self.inner.get()).as_mut_ptr()) != 0
     }
 
     pub unsafe fn unlock(&self) {
-        c::LeaveCriticalSection(self.inner.get());
+        c::LeaveCriticalSection((&mut *self.inner.get()).as_mut_ptr());
     }
 
     pub unsafe fn destroy(&self) {
-        c::DeleteCriticalSection(self.inner.get());
+        c::DeleteCriticalSection((&mut *self.inner.get()).as_mut_ptr());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -602,7 +602,7 @@ impl<'a, K: 'a, V: 'a, Type> NodeRef<marker::Mut<'a>, K, V, Type> {`
`602`	`602`	`} else {`
`603`	`603`	`unsafe {`
`604`	`604`	`slice::from_raw_parts_mut(`
`605`		`- self.as_leaf_mut().keys.get_mut() as mut [K] as mut K,`
	`605`	`+ self.as_leaf_mut().keys.as_mut_ptr() as *mut K,`
`606`	`606`	`self.len()`
`607`	`607`	`)`
`608`	`608`	`}`
`@@ -613,7 +613,7 @@ impl<'a, K: 'a, V: 'a, Type> NodeRef<marker::Mut<'a>, K, V, Type> {`
`613`	`613`	`debug_assert!(!self.is_shared_root());`
`614`	`614`	`unsafe {`
`615`	`615`	`slice::from_raw_parts_mut(`
`616`		`- self.as_leaf_mut().vals.get_mut() as mut [V] as mut V,`
	`616`	`+ self.as_leaf_mut().vals.as_mut_ptr() as *mut V,`
`617`	`617`	`self.len()`
`618`	`618`	`)`
`619`	`619`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@`
`30`	`30`	`//! detect recursive locks.`
`31`	`31`
`32`	`32`	`use cell::UnsafeCell;`
`33`		`-use mem;`
	`33`	`+use mem::{self, MaybeUninit};`
`34`	`34`	`use sync::atomic::{AtomicUsize, Ordering};`
`35`	`35`	`use sys::c;`
`36`	`36`	`use sys::compat;`
`@@ -157,34 +157,34 @@ fn kind() -> Kind {`
`157`	`157`	`return ret;`
`158`	`158`	`}`
`159`	`159`
`160`		`-pub struct ReentrantMutex { inner: UnsafeCell<c::CRITICAL_SECTION> }`
	`160`	`+pub struct ReentrantMutex { inner: UnsafeCell<MaybeUninit<c::CRITICAL_SECTION>> }`
`161`	`161`
`162`	`162`	`unsafe impl Send for ReentrantMutex {}`
`163`	`163`	`unsafe impl Sync for ReentrantMutex {}`
`164`	`164`
`165`	`165`	`impl ReentrantMutex {`
`166`		`- pub unsafe fn uninitialized() -> ReentrantMutex {`
`167`		`- mem::uninitialized()`
	`166`	`+ pub fn uninitialized() -> ReentrantMutex {`
	`167`	`+ ReentrantMutex { inner: UnsafeCell::new(MaybeUninit::uninitialized()) }`
`168`	`168`	`}`
`169`	`169`
`170`	`170`	`pub unsafe fn init(&mut self) {`
`171`		`- c::InitializeCriticalSection(self.inner.get());`
	`171`	`+ c::InitializeCriticalSection((&mut *self.inner.get()).as_mut_ptr());`
`172`	`172`	`}`
`173`	`173`
`174`	`174`	`pub unsafe fn lock(&self) {`
`175`		`- c::EnterCriticalSection(self.inner.get());`
	`175`	`+ c::EnterCriticalSection((&mut *self.inner.get()).as_mut_ptr());`
`176`	`176`	`}`
`177`	`177`
`178`	`178`	`#[inline]`
`179`	`179`	`pub unsafe fn try_lock(&self) -> bool {`
`180`		`- c::TryEnterCriticalSection(self.inner.get()) != 0`
	`180`	`+ c::TryEnterCriticalSection((&mut *self.inner.get()).as_mut_ptr()) != 0`
`181`	`181`	`}`
`182`	`182`
`183`	`183`	`pub unsafe fn unlock(&self) {`
`184`		`- c::LeaveCriticalSection(self.inner.get());`
	`184`	`+ c::LeaveCriticalSection((&mut *self.inner.get()).as_mut_ptr());`
`185`	`185`	`}`
`186`	`186`
`187`	`187`	`pub unsafe fn destroy(&self) {`
`188`		`- c::DeleteCriticalSection(self.inner.get());`
	`188`	`+ c::DeleteCriticalSection((&mut *self.inner.get()).as_mut_ptr());`
`189`	`189`	`}`
`190`	`190`	`}`