BTreeMap: postpone some DrainFilter processing to drop handler

ssomers · ssomers · commit e2242bb82c2c · 2020-08-23T14:55:27.000+02:00
diff --git a/library/alloc/src/collections/btree/map.rs b/library/alloc/src/collections/btree/map.rs
@@ -1,3 +1,5 @@
+// ignore-tidy-filelength
+
 use core::borrow::Borrow;
 use core::cmp::Ordering;
 use core::fmt::{self, Debug};
@@ -1277,16 +1279,28 @@ impl<K: Ord, V> BTreeMap<K, V> {
     }
 
     pub(super) fn drain_filter_inner(&mut self) -> DrainFilterInner<'_, K, V> {
-        if let Some(root) = self.root.as_mut() {
-            let (root, dormant_root) = DormantMutRef::new(root);
-            let front = root.node_as_mut().first_leaf_edge();
+        let (map, dormant_map) = DormantMutRef::new(self);
+        // Leak amplification: wipe root and length in case caller skips drop handler.
+        if let Some(root) = map.root.take() {
+            let length = mem::replace(&mut map.length, 0);
+            let height = root.height();
+
+            let front = root.into_node_mut().first_leaf_edge();
             DrainFilterInner {
-                length: &mut self.length,
-                dormant_root: Some(dormant_root),
-                cur_leaf_edge: Some(front),
+                dormant_map: Some(dormant_map),
+                position: Some(DrainFilterPosition::Edge(front)),
+                height,
+                length,
+                remaining: length,
             }
         } else {
-            DrainFilterInner { length: &mut self.length, dormant_root: None, cur_leaf_edge: None }
+            DrainFilterInner {
+                dormant_map: None,
+                position: None,
+                height: 0,
+                length: 0,
+                remaining: 0,
+            }
         }
     }
 
@@ -1671,11 +1685,21 @@ where
 /// Most of the implementation of DrainFilter, independent of the type
 /// of the predicate, thus also serving for BTreeSet::DrainFilter.
 pub(super) struct DrainFilterInner<'a, K: 'a, V: 'a> {
-    length: &'a mut usize,
-    // dormant_root is wrapped in an Option to be able to `take` it.
-    dormant_root: Option<DormantMutRef<'a, node::Root<K, V>>>,
-    // cur_leaf_edge is wrapped in an Option because maps without root lack a leaf edge.
-    cur_leaf_edge: Option<Handle<NodeRef<marker::Mut<'a>, K, V, marker::Leaf>, marker::Edge>>,
+    // wrapped in an Option to be able to `take` it in the drop handler.
+    dormant_map: Option<DormantMutRef<'a, BTreeMap<K, V>>>,
+    // wrapped in an Option some maps don't have any:
+    position: Option<DrainFilterPosition<'a, K, V>>,
+    height: usize,
+    length: usize,
+    remaining: usize,
+}
+enum DrainFilterPosition<'a, K: 'a, V: 'a> {
+    // Initial and normal position on a leaf edge.
+    Edge(Handle<NodeRef<marker::Mut<'a>, K, V, marker::Leaf>, marker::Edge>),
+    // Intermediate position on a KV, that sticks around if a predicate panics.
+    KV(Handle<NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInternal>, marker::KV>),
+    // End position on the root node.
+    Root(NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInternal>),
 }
 
 #[unstable(feature = "btree_drain_filter", issue = "70530")]
@@ -1716,40 +1740,105 @@ where
     }
 }
 
+impl<K, V> Drop for DrainFilterInner<'_, K, V> {
+    fn drop(&mut self) {
+        if let Some(dormant_map) = self.dormant_map.take() {
+            let root_node = match self.position.take() {
+                None => unreachable!(),
+                Some(DrainFilterPosition::Edge(edge)) => {
+                    // panic during drop
+                    edge.into_node().forget_type().root_node()
+                }
+                Some(DrainFilterPosition::KV(kv)) => {
+                    // panic in predicate
+                    kv.into_node().root_node()
+                }
+                Some(DrainFilterPosition::Root(root_node)) => root_node,
+            };
+            let mut root = node::Root::restore_from_node(root_node);
+            for _ in self.height..root.height() {
+                root.pop_internal_level();
+            }
+            debug_assert_eq!(self.height, root.height());
+
+            let map = unsafe { dormant_map.awaken() };
+            map.root = Some(root);
+            map.length = self.length;
+        }
+    }
+}
+
 impl<'a, K: 'a, V: 'a> DrainFilterInner<'a, K, V> {
     /// Allow Debug implementations to predict the next element.
     pub(super) fn peek(&self) -> Option<(&K, &V)> {
-        let edge = self.cur_leaf_edge.as_ref()?;
-        edge.reborrow().next_kv().ok().map(|kv| kv.into_kv())
+        if let Some(DrainFilterPosition::Edge(edge)) = self.position.as_ref() {
+            edge.reborrow().next_kv().ok().map(|kv| kv.into_kv())
+        } else {
+            None
+        }
     }
 
     /// Implementation of a typical `DrainFilter::next` method, given the predicate.
     pub(super) fn next<F>(&mut self, pred: &mut F) -> Option<(K, V)>
     where
         F: FnMut(&K, &mut V) -> bool,
     {
-        while let Ok(mut kv) = self.cur_leaf_edge.take()?.next_kv() {
-            let (k, v) = kv.kv_mut();
-            if pred(k, v) {
-                *self.length -= 1;
-                let (kv, pos) = kv.remove_kv_tracking(|| {
-                    // SAFETY: we will touch the root in a way that will not
-                    // invalidate the position returned.
-                    let root = unsafe { self.dormant_root.take().unwrap().awaken() };
-                    root.pop_internal_level();
-                    self.dormant_root = Some(DormantMutRef::new(root).1);
-                });
-                self.cur_leaf_edge = Some(pos);
-                return Some(kv);
+        let mut cur_leaf_edge = match self.position.take() {
+            None => return None,
+            Some(DrainFilterPosition::Root(root_node)) => {
+                self.position = Some(DrainFilterPosition::Root(root_node));
+                return None;
+            }
+            Some(DrainFilterPosition::KV(kv)) => {
+                self.position = Some(DrainFilterPosition::KV(kv));
+                return None;
+            }
+            Some(DrainFilterPosition::Edge(edge)) => edge,
+        };
+
+        loop {
+            match cur_leaf_edge.next_kv() {
+                Err(root_node) => {
+                    self.position = Some(DrainFilterPosition::Root(root_node));
+                    return None;
+                }
+                Ok(kv) => {
+                    self.remaining -= 1;
+                    // Store the intermediate position in case the predicate panics.
+                    self.position = Some(DrainFilterPosition::KV(kv));
+                    let drain = self
+                        .position
+                        .as_mut()
+                        .map(|pos| match pos {
+                            DrainFilterPosition::KV(kv) => {
+                                let (k, v) = kv.kv_mut();
+                                pred(k, v)
+                            }
+                            _ => unreachable!(),
+                        })
+                        .unwrap();
+                    let kv = if let Some(DrainFilterPosition::KV(kv)) = self.position.take() {
+                        kv
+                    } else {
+                        unreachable!()
+                    };
+                    if drain {
+                        self.length -= 1;
+                        let (kv, pos) = kv.remove_kv_tracking(|emptied_internal_node| {
+                            self.height = emptied_internal_node.height() - 1
+                        });
+                        self.position = Some(DrainFilterPosition::Edge(pos));
+                        return Some(kv);
+                    }
+                    cur_leaf_edge = kv.next_leaf_edge();
+                }
             }
-            self.cur_leaf_edge = Some(kv.next_leaf_edge());
         }
-        None
     }
 
     /// Implementation of a typical `DrainFilter::size_hint` method.
     pub(super) fn size_hint(&self) -> (usize, Option<usize>) {
-        (0, Some(*self.length))
+        (0, Some(self.remaining))
     }
 }
 
@@ -2767,7 +2856,7 @@ impl<'a, K: Ord, V> OccupiedEntry<'a, K, V> {
     // Body of `remove_entry`, separate to keep the above implementations short.
     fn remove_kv(self) -> (K, V) {
         let mut emptied_internal_root = false;
-        let (old_kv, _) = self.handle.remove_kv_tracking(|| emptied_internal_root = true);
+        let (old_kv, _) = self.handle.remove_kv_tracking(|_| emptied_internal_root = true);
         // SAFETY: we consumed the intermediate root borrow, `self.handle`.
         let map = unsafe { self.dormant_map.awaken() };
         map.length -= 1;
@@ -2782,10 +2871,13 @@ impl<'a, K: Ord, V> OccupiedEntry<'a, K, V> {
 impl<'a, K: 'a, V: 'a> Handle<NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInternal>, marker::KV> {
     /// Removes a key/value-pair from the map, and returns that pair, as well as
     /// the leaf edge corresponding to that former pair.
-    fn remove_kv_tracking<F: FnOnce()>(
+    fn remove_kv_tracking<F>(
         self,
-        handle_emptied_internal_root: F,
-    ) -> ((K, V), Handle<NodeRef<marker::Mut<'a>, K, V, marker::Leaf>, marker::Edge>) {
+        handle_emptied_parent: F,
+    ) -> ((K, V), Handle<NodeRef<marker::Mut<'a>, K, V, marker::Leaf>, marker::Edge>)
+    where
+        F: FnOnce(NodeRef<marker::Mut<'a>, K, V, marker::Internal>),
+    {
         let (old_kv, mut pos, was_internal) = match self.force() {
             Leaf(leaf) => {
                 let (old_kv, pos) = leaf.remove();
@@ -2836,8 +2928,10 @@ impl<'a, K: 'a, V: 'a> Handle<NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInter
                     if parent.len() == 0 {
                         // The parent that was just emptied must be the root,
                         // because nodes on a lower level would not have been
-                        // left with a single child.
-                        handle_emptied_internal_root();
+                        // left with a single child. Or, during `DrainFilter`
+                        // use, its ancestors have been emptied earlier.
+                        // The parent and its ancestors should be popped off.
+                        handle_emptied_parent(parent);
                         break;
                     } else {
                         cur_node = parent.forget_type();
@@ -2948,8 +3042,16 @@ fn handle_underfull_node<K, V>(
     let (is_left, mut handle) = match parent.left_kv() {
         Ok(left) => (true, left),
         Err(parent) => {
-            let right = unsafe { unwrap_unchecked(parent.right_kv().ok()) };
-            (false, right)
+            match parent.right_kv() {
+                Ok(right) => (false, right),
+                Err(_) => {
+                    // The underfull node has an empty parent, so it is the only child
+                    // of an empty root. It is destined to become the new root, thus
+                    // allowed to be underfull. The empty parent should be removed later
+                    // by `pop_internal_level`.
+                    return AtRoot;
+                }
+            }
         }
     };
 
diff --git a/library/alloc/src/collections/btree/map/tests.rs b/library/alloc/src/collections/btree/map/tests.rs
@@ -1147,6 +1147,37 @@ mod test_drain_filter {
         assert_eq!(map.last_entry().unwrap().key(), &8);
         map.check();
     }
+
+    #[test]
+    #[cfg_attr(miri, ignore)] // Miri reports the expected leak
+    fn forget_height_1() {
+        static DROPS: AtomicUsize = AtomicUsize::new(0);
+
+        struct D;
+        impl Drop for D {
+            fn drop(&mut self) {
+                DROPS.fetch_add(1, Ordering::SeqCst);
+            }
+        }
+
+        let mut map: BTreeMap<_, _> = (0..MIN_INSERTS_HEIGHT_1).map(|i| (i, D)).collect();
+        map.remove(&0); // leaving 2 levels on the verge of collapse, 5 + 1 + 5 elements.
+        map.check();
+        assert_eq!(map.height(), Some(1));
+        assert_eq!(DROPS.load(Ordering::SeqCst), 1);
+
+        let mut it = map.drain_filter(|_, _| true);
+        assert_eq!(it.size_hint(), (0, Some(MIN_INSERTS_HEIGHT_1 - 1)));
+        assert_eq!(it.next().unwrap().0, 1);
+        assert_eq!(it.size_hint(), (0, Some(MIN_INSERTS_HEIGHT_1 - 2)));
+        assert_eq!(DROPS.load(Ordering::SeqCst), 2);
+        mem::forget(it);
+        assert_eq!(map.len(), 0);
+        assert_eq!(map.height(), None);
+        map.check();
+        drop(map);
+        assert_eq!(DROPS.load(Ordering::SeqCst), 2); // more would be nice to have.
+    }
 }
 
 #[test]
diff --git a/library/alloc/src/collections/btree/navigate.rs b/library/alloc/src/collections/btree/navigate.rs
@@ -333,3 +333,14 @@ impl<BorrowType, K, V> Handle<NodeRef<BorrowType, K, V, marker::LeafOrInternal>,
         }
     }
 }
+
+impl<BorrowType, K, V> NodeRef<BorrowType, K, V, marker::LeafOrInternal> {
+    pub fn root_node(mut self) -> Self {
+        loop {
+            self = match self.ascend() {
+                Ok(edge) => edge.into_node().forget_type(),
+                Err(root) => return root,
+            }
+        }
+    }
+}
diff --git a/library/alloc/src/collections/btree/node.rs b/library/alloc/src/collections/btree/node.rs
@@ -166,6 +166,12 @@ impl<K, V> Root<K, V> {
         Root { node: BoxedNode::from_leaf(Box::new(unsafe { LeafNode::new() })), height: 0 }
     }
 
+    pub fn restore_from_node<'a>(
+        root_node: NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInternal>,
+    ) -> Self {
+        Root { node: unsafe { BoxedNode::from_ptr(root_node.node) }, height: root_node.height() }
+    }
+
     /// Borrows and returns an immutable reference to the node owned by the root.
     pub fn node_as_ref(&self) -> NodeRef<marker::Immut<'_>, K, V, marker::LeafOrInternal> {
         NodeRef { height: self.height, node: self.node.as_ptr(), _marker: PhantomData }
@@ -176,6 +182,11 @@ impl<K, V> Root<K, V> {
         NodeRef { height: self.height, node: self.node.as_ptr(), _marker: PhantomData }
     }
 
+    /// Converts root into a mutable reference to its node.
+    pub fn into_node_mut<'a>(self) -> NodeRef<marker::Mut<'a>, K, V, marker::LeafOrInternal> {
+        NodeRef { height: self.height, node: self.node.as_ptr(), _marker: PhantomData }
+    }
+
     pub fn into_ref(self) -> NodeRef<marker::Owned, K, V, marker::LeafOrInternal> {
         NodeRef { height: self.height, node: self.node.as_ptr(), _marker: PhantomData }
     }
@@ -205,8 +216,7 @@ impl<K, V> Root<K, V> {
     /// no cleanup is done on any of the other children.
     /// This decreases the height by 1 and is the opposite of `push_internal_level`.
     ///
-    /// Requires exclusive access to the `Root` object but not to the root node;
-    /// it will not invalidate existing handles or references to the root node.
+    /// Requires exclusive access to the `Root` object and to the root node.
     ///
     /// Panics if there is no internal level, i.e., if the root node is a leaf.
     pub fn pop_internal_level(&mut self) {
@@ -220,9 +230,8 @@ impl<K, V> Root<K, V> {
             )
         };
         self.height -= 1;
-        unsafe {
-            (*self.node_as_mut().as_leaf_mut()).parent = ptr::null();
-        }
+        let root_node = unsafe { &mut *self.node_as_mut().as_leaf_mut() };
+        root_node.parent = ptr::null();
 
         unsafe {
             Global.dealloc(NonNull::from(top).cast(), Layout::new::<InternalNode<K, V>>());

Original file line number	Diff line number	Diff line change
`@@ -333,3 +333,14 @@ impl<BorrowType, K, V> Handle<NodeRef<BorrowType, K, V, marker::LeafOrInternal>,`
`333`	`333`	`}`
`334`	`334`	`}`
`335`	`335`	`}`
	`336`	`+`
	`337`	`+impl<BorrowType, K, V> NodeRef<BorrowType, K, V, marker::LeafOrInternal> {`
	`338`	`+ pub fn root_node(mut self) -> Self {`
	`339`	`+ loop {`
	`340`	`+ self = match self.ascend() {`
	`341`	`+ Ok(edge) => edge.into_node().forget_type(),`
	`342`	`+ Err(root) => return root,`
	`343`	`+ }`
	`344`	`+ }`
	`345`	`+ }`
	`346`	`+}`