alloc/sync.rs
1#![stable(feature = "rust1", since = "1.0.0")]
2
3//! Thread-safe reference-counting pointers.
4//!
5//! See the [`Arc<T>`][Arc] documentation for more details.
6//!
7//! **Note**: This module is only available on platforms that support atomic
8//! loads and stores of pointers. This may be detected at compile time using
9//! `#[cfg(target_has_atomic = "ptr")]`.
10
11use core::any::Any;
12#[cfg(not(no_global_oom_handling))]
13use core::clone::CloneToUninit;
14use core::clone::UseCloned;
15use core::cmp::Ordering;
16use core::hash::{Hash, Hasher};
17use core::intrinsics::abort;
18#[cfg(not(no_global_oom_handling))]
19use core::iter;
20use core::marker::{PhantomData, Unsize};
21use core::mem::{self, ManuallyDrop, align_of_val_raw};
22use core::num::NonZeroUsize;
23use core::ops::{CoerceUnsized, Deref, DerefPure, DispatchFromDyn, LegacyReceiver};
24use core::panic::{RefUnwindSafe, UnwindSafe};
25use core::pin::{Pin, PinCoerceUnsized};
26use core::ptr::{self, NonNull};
27#[cfg(not(no_global_oom_handling))]
28use core::slice::from_raw_parts_mut;
29use core::sync::atomic;
30use core::sync::atomic::Ordering::{Acquire, Relaxed, Release};
31use core::{borrow, fmt, hint};
32
33#[cfg(not(no_global_oom_handling))]
34use crate::alloc::handle_alloc_error;
35use crate::alloc::{AllocError, Allocator, Global, Layout};
36use crate::borrow::{Cow, ToOwned};
37use crate::boxed::Box;
38use crate::rc::is_dangling;
39#[cfg(not(no_global_oom_handling))]
40use crate::string::String;
41#[cfg(not(no_global_oom_handling))]
42use crate::vec::Vec;
43
44/// A soft limit on the amount of references that may be made to an `Arc`.
45///
46/// Going above this limit will abort your program (although not
47/// necessarily) at _exactly_ `MAX_REFCOUNT + 1` references.
48/// Trying to go above it might call a `panic` (if not actually going above it).
49///
50/// This is a global invariant, and also applies when using a compare-exchange loop.
51///
52/// See comment in `Arc::clone`.
53const MAX_REFCOUNT: usize = (isize::MAX) as usize;
54
55/// The error in case either counter reaches above `MAX_REFCOUNT`, and we can `panic` safely.
56const INTERNAL_OVERFLOW_ERROR: &str = "Arc counter overflow";
57
58#[cfg(not(sanitize = "thread"))]
59macro_rules! acquire {
60 ($x:expr) => {
61 atomic::fence(Acquire)
62 };
63}
64
65// ThreadSanitizer does not support memory fences. To avoid false positive
66// reports in Arc / Weak implementation use atomic loads for synchronization
67// instead.
68#[cfg(sanitize = "thread")]
69macro_rules! acquire {
70 ($x:expr) => {
71 $x.load(Acquire)
72 };
73}
74
75/// A thread-safe reference-counting pointer. 'Arc' stands for 'Atomically
76/// Reference Counted'.
77///
78/// The type `Arc<T>` provides shared ownership of a value of type `T`,
79/// allocated in the heap. Invoking [`clone`][clone] on `Arc` produces
80/// a new `Arc` instance, which points to the same allocation on the heap as the
81/// source `Arc`, while increasing a reference count. When the last `Arc`
82/// pointer to a given allocation is destroyed, the value stored in that allocation (often
83/// referred to as "inner value") is also dropped.
84///
85/// Shared references in Rust disallow mutation by default, and `Arc` is no
86/// exception: you cannot generally obtain a mutable reference to something
87/// inside an `Arc`. If you need to mutate through an `Arc`, use
88/// [`Mutex`][mutex], [`RwLock`][rwlock], or one of the [`Atomic`][atomic]
89/// types.
90///
91/// **Note**: This type is only available on platforms that support atomic
92/// loads and stores of pointers, which includes all platforms that support
93/// the `std` crate but not all those which only support [`alloc`](crate).
94/// This may be detected at compile time using `#[cfg(target_has_atomic = "ptr")]`.
95///
96/// ## Thread Safety
97///
98/// Unlike [`Rc<T>`], `Arc<T>` uses atomic operations for its reference
99/// counting. This means that it is thread-safe. The disadvantage is that
100/// atomic operations are more expensive than ordinary memory accesses. If you
101/// are not sharing reference-counted allocations between threads, consider using
102/// [`Rc<T>`] for lower overhead. [`Rc<T>`] is a safe default, because the
103/// compiler will catch any attempt to send an [`Rc<T>`] between threads.
104/// However, a library might choose `Arc<T>` in order to give library consumers
105/// more flexibility.
106///
107/// `Arc<T>` will implement [`Send`] and [`Sync`] as long as the `T` implements
108/// [`Send`] and [`Sync`]. Why can't you put a non-thread-safe type `T` in an
109/// `Arc<T>` to make it thread-safe? This may be a bit counter-intuitive at
110/// first: after all, isn't the point of `Arc<T>` thread safety? The key is
111/// this: `Arc<T>` makes it thread safe to have multiple ownership of the same
112/// data, but it doesn't add thread safety to its data. Consider
113/// <code>Arc<[RefCell\<T>]></code>. [`RefCell<T>`] isn't [`Sync`], and if `Arc<T>` was always
114/// [`Send`], <code>Arc<[RefCell\<T>]></code> would be as well. But then we'd have a problem:
115/// [`RefCell<T>`] is not thread safe; it keeps track of the borrowing count using
116/// non-atomic operations.
117///
118/// In the end, this means that you may need to pair `Arc<T>` with some sort of
119/// [`std::sync`] type, usually [`Mutex<T>`][mutex].
120///
121/// ## Breaking cycles with `Weak`
122///
123/// The [`downgrade`][downgrade] method can be used to create a non-owning
124/// [`Weak`] pointer. A [`Weak`] pointer can be [`upgrade`][upgrade]d
125/// to an `Arc`, but this will return [`None`] if the value stored in the allocation has
126/// already been dropped. In other words, `Weak` pointers do not keep the value
127/// inside the allocation alive; however, they *do* keep the allocation
128/// (the backing store for the value) alive.
129///
130/// A cycle between `Arc` pointers will never be deallocated. For this reason,
131/// [`Weak`] is used to break cycles. For example, a tree could have
132/// strong `Arc` pointers from parent nodes to children, and [`Weak`]
133/// pointers from children back to their parents.
134///
135/// # Cloning references
136///
137/// Creating a new reference from an existing reference-counted pointer is done using the
138/// `Clone` trait implemented for [`Arc<T>`][Arc] and [`Weak<T>`][Weak].
139///
140/// ```
141/// use std::sync::Arc;
142/// let foo = Arc::new(vec![1.0, 2.0, 3.0]);
143/// // The two syntaxes below are equivalent.
144/// let a = foo.clone();
145/// let b = Arc::clone(&foo);
146/// // a, b, and foo are all Arcs that point to the same memory location
147/// ```
148///
149/// ## `Deref` behavior
150///
151/// `Arc<T>` automatically dereferences to `T` (via the [`Deref`] trait),
152/// so you can call `T`'s methods on a value of type `Arc<T>`. To avoid name
153/// clashes with `T`'s methods, the methods of `Arc<T>` itself are associated
154/// functions, called using [fully qualified syntax]:
155///
156/// ```
157/// use std::sync::Arc;
158///
159/// let my_arc = Arc::new(());
160/// let my_weak = Arc::downgrade(&my_arc);
161/// ```
162///
163/// `Arc<T>`'s implementations of traits like `Clone` may also be called using
164/// fully qualified syntax. Some people prefer to use fully qualified syntax,
165/// while others prefer using method-call syntax.
166///
167/// ```
168/// use std::sync::Arc;
169///
170/// let arc = Arc::new(());
171/// // Method-call syntax
172/// let arc2 = arc.clone();
173/// // Fully qualified syntax
174/// let arc3 = Arc::clone(&arc);
175/// ```
176///
177/// [`Weak<T>`][Weak] does not auto-dereference to `T`, because the inner value may have
178/// already been dropped.
179///
180/// [`Rc<T>`]: crate::rc::Rc
181/// [clone]: Clone::clone
182/// [mutex]: ../../std/sync/struct.Mutex.html
183/// [rwlock]: ../../std/sync/struct.RwLock.html
184/// [atomic]: core::sync::atomic
185/// [downgrade]: Arc::downgrade
186/// [upgrade]: Weak::upgrade
187/// [RefCell\<T>]: core::cell::RefCell
188/// [`RefCell<T>`]: core::cell::RefCell
189/// [`std::sync`]: ../../std/sync/index.html
190/// [`Arc::clone(&from)`]: Arc::clone
191/// [fully qualified syntax]: https://doc.rust-lang.org/book/ch19-03-advanced-traits.html#fully-qualified-syntax-for-disambiguation-calling-methods-with-the-same-name
192///
193/// # Examples
194///
195/// Sharing some immutable data between threads:
196///
197/// ```
198/// use std::sync::Arc;
199/// use std::thread;
200///
201/// let five = Arc::new(5);
202///
203/// for _ in 0..10 {
204/// let five = Arc::clone(&five);
205///
206/// thread::spawn(move || {
207/// println!("{five:?}");
208/// });
209/// }
210/// ```
211///
212/// Sharing a mutable [`AtomicUsize`]:
213///
214/// [`AtomicUsize`]: core::sync::atomic::AtomicUsize "sync::atomic::AtomicUsize"
215///
216/// ```
217/// use std::sync::Arc;
218/// use std::sync::atomic::{AtomicUsize, Ordering};
219/// use std::thread;
220///
221/// let val = Arc::new(AtomicUsize::new(5));
222///
223/// for _ in 0..10 {
224/// let val = Arc::clone(&val);
225///
226/// thread::spawn(move || {
227/// let v = val.fetch_add(1, Ordering::Relaxed);
228/// println!("{v:?}");
229/// });
230/// }
231/// ```
232///
233/// See the [`rc` documentation][rc_examples] for more examples of reference
234/// counting in general.
235///
236/// [rc_examples]: crate::rc#examples
237#[doc(search_unbox)]
238#[rustc_diagnostic_item = "Arc"]
239#[stable(feature = "rust1", since = "1.0.0")]
240#[rustc_insignificant_dtor]
241pub struct Arc<
242 T: ?Sized,
243 #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,
244> {
245 ptr: NonNull<ArcInner<T>>,
246 phantom: PhantomData<ArcInner<T>>,
247 alloc: A,
248}
249
250#[stable(feature = "rust1", since = "1.0.0")]
251unsafe impl<T: ?Sized + Sync + Send, A: Allocator + Send> Send for Arc<T, A> {}
252#[stable(feature = "rust1", since = "1.0.0")]
253unsafe impl<T: ?Sized + Sync + Send, A: Allocator + Sync> Sync for Arc<T, A> {}
254
255#[stable(feature = "catch_unwind", since = "1.9.0")]
256impl<T: RefUnwindSafe + ?Sized, A: Allocator + UnwindSafe> UnwindSafe for Arc<T, A> {}
257
258#[unstable(feature = "coerce_unsized", issue = "18598")]
259impl<T: ?Sized + Unsize<U>, U: ?Sized, A: Allocator> CoerceUnsized<Arc<U, A>> for Arc<T, A> {}
260
261#[unstable(feature = "dispatch_from_dyn", issue = "none")]
262impl<T: ?Sized + Unsize<U>, U: ?Sized> DispatchFromDyn<Arc<U>> for Arc<T> {}
263
264impl<T: ?Sized> Arc<T> {
265 unsafe fn from_inner(ptr: NonNull<ArcInner<T>>) -> Self {
266 unsafe { Self::from_inner_in(ptr, Global) }
267 }
268
269 unsafe fn from_ptr(ptr: *mut ArcInner<T>) -> Self {
270 unsafe { Self::from_ptr_in(ptr, Global) }
271 }
272}
273
274impl<T: ?Sized, A: Allocator> Arc<T, A> {
275 #[inline]
276 fn into_inner_with_allocator(this: Self) -> (NonNull<ArcInner<T>>, A) {
277 let this = mem::ManuallyDrop::new(this);
278 (this.ptr, unsafe { ptr::read(&this.alloc) })
279 }
280
281 #[inline]
282 unsafe fn from_inner_in(ptr: NonNull<ArcInner<T>>, alloc: A) -> Self {
283 Self { ptr, phantom: PhantomData, alloc }
284 }
285
286 #[inline]
287 unsafe fn from_ptr_in(ptr: *mut ArcInner<T>, alloc: A) -> Self {
288 unsafe { Self::from_inner_in(NonNull::new_unchecked(ptr), alloc) }
289 }
290}
291
292/// `Weak` is a version of [`Arc`] that holds a non-owning reference to the
293/// managed allocation.
294///
295/// The allocation is accessed by calling [`upgrade`] on the `Weak`
296/// pointer, which returns an <code>[Option]<[Arc]\<T>></code>.
297///
298/// Since a `Weak` reference does not count towards ownership, it will not
299/// prevent the value stored in the allocation from being dropped, and `Weak` itself makes no
300/// guarantees about the value still being present. Thus it may return [`None`]
301/// when [`upgrade`]d. Note however that a `Weak` reference *does* prevent the allocation
302/// itself (the backing store) from being deallocated.
303///
304/// A `Weak` pointer is useful for keeping a temporary reference to the allocation
305/// managed by [`Arc`] without preventing its inner value from being dropped. It is also used to
306/// prevent circular references between [`Arc`] pointers, since mutual owning references
307/// would never allow either [`Arc`] to be dropped. For example, a tree could
308/// have strong [`Arc`] pointers from parent nodes to children, and `Weak`
309/// pointers from children back to their parents.
310///
311/// The typical way to obtain a `Weak` pointer is to call [`Arc::downgrade`].
312///
313/// [`upgrade`]: Weak::upgrade
314#[stable(feature = "arc_weak", since = "1.4.0")]
315#[rustc_diagnostic_item = "ArcWeak"]
316pub struct Weak<
317 T: ?Sized,
318 #[unstable(feature = "allocator_api", issue = "32838")] A: Allocator = Global,
319> {
320 // This is a `NonNull` to allow optimizing the size of this type in enums,
321 // but it is not necessarily a valid pointer.
322 // `Weak::new` sets this to `usize::MAX` so that it doesn’t need
323 // to allocate space on the heap. That's not a value a real pointer
324 // will ever have because RcInner has alignment at least 2.
325 // This is only possible when `T: Sized`; unsized `T` never dangle.
326 ptr: NonNull<ArcInner<T>>,
327 alloc: A,
328}
329
330#[stable(feature = "arc_weak", since = "1.4.0")]
331unsafe impl<T: ?Sized + Sync + Send, A: Allocator + Send> Send for Weak<T, A> {}
332#[stable(feature = "arc_weak", since = "1.4.0")]
333unsafe impl<T: ?Sized + Sync + Send, A: Allocator + Sync> Sync for Weak<T, A> {}
334
335#[unstable(feature = "coerce_unsized", issue = "18598")]
336impl<T: ?Sized + Unsize<U>, U: ?Sized, A: Allocator> CoerceUnsized<Weak<U, A>> for Weak<T, A> {}
337#[unstable(feature = "dispatch_from_dyn", issue = "none")]
338impl<T: ?Sized + Unsize<U>, U: ?Sized> DispatchFromDyn<Weak<U>> for Weak<T> {}
339
340#[stable(feature = "arc_weak", since = "1.4.0")]
341impl<T: ?Sized, A: Allocator> fmt::Debug for Weak<T, A> {
342 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
343 write!(f, "(Weak)")
344 }
345}
346
347// This is repr(C) to future-proof against possible field-reordering, which
348// would interfere with otherwise safe [into|from]_raw() of transmutable
349// inner types.
350#[repr(C)]
351struct ArcInner<T: ?Sized> {
352 strong: atomic::AtomicUsize,
353
354 // the value usize::MAX acts as a sentinel for temporarily "locking" the
355 // ability to upgrade weak pointers or downgrade strong ones; this is used
356 // to avoid races in `make_mut` and `get_mut`.
357 weak: atomic::AtomicUsize,
358
359 data: T,
360}
361
362/// Calculate layout for `ArcInner<T>` using the inner value's layout
363fn arcinner_layout_for_value_layout(layout: Layout) -> Layout {
364 // Calculate layout using the given value layout.
365 // Previously, layout was calculated on the expression
366 // `&*(ptr as *const ArcInner<T>)`, but this created a misaligned
367 // reference (see #54908).
368 Layout::new::<ArcInner<()>>().extend(layout).unwrap().0.pad_to_align()
369}
370
371unsafe impl<T: ?Sized + Sync + Send> Send for ArcInner<T> {}
372unsafe impl<T: ?Sized + Sync + Send> Sync for ArcInner<T> {}
373
374impl<T> Arc<T> {
375 /// Constructs a new `Arc<T>`.
376 ///
377 /// # Examples
378 ///
379 /// ```
380 /// use std::sync::Arc;
381 ///
382 /// let five = Arc::new(5);
383 /// ```
384 #[cfg(not(no_global_oom_handling))]
385 #[inline]
386 #[stable(feature = "rust1", since = "1.0.0")]
387 pub fn new(data: T) -> Arc<T> {
388 // Start the weak pointer count as 1 which is the weak pointer that's
389 // held by all the strong pointers (kinda), see std/rc.rs for more info
390 let x: Box<_> = Box::new(ArcInner {
391 strong: atomic::AtomicUsize::new(1),
392 weak: atomic::AtomicUsize::new(1),
393 data,
394 });
395 unsafe { Self::from_inner(Box::leak(x).into()) }
396 }
397
398 /// Constructs a new `Arc<T>` while giving you a `Weak<T>` to the allocation,
399 /// to allow you to construct a `T` which holds a weak pointer to itself.
400 ///
401 /// Generally, a structure circularly referencing itself, either directly or
402 /// indirectly, should not hold a strong reference to itself to prevent a memory leak.
403 /// Using this function, you get access to the weak pointer during the
404 /// initialization of `T`, before the `Arc<T>` is created, such that you can
405 /// clone and store it inside the `T`.
406 ///
407 /// `new_cyclic` first allocates the managed allocation for the `Arc<T>`,
408 /// then calls your closure, giving it a `Weak<T>` to this allocation,
409 /// and only afterwards completes the construction of the `Arc<T>` by placing
410 /// the `T` returned from your closure into the allocation.
411 ///
412 /// Since the new `Arc<T>` is not fully-constructed until `Arc<T>::new_cyclic`
413 /// returns, calling [`upgrade`] on the weak reference inside your closure will
414 /// fail and result in a `None` value.
415 ///
416 /// # Panics
417 ///
418 /// If `data_fn` panics, the panic is propagated to the caller, and the
419 /// temporary [`Weak<T>`] is dropped normally.
420 ///
421 /// # Example
422 ///
423 /// ```
424 /// # #![allow(dead_code)]
425 /// use std::sync::{Arc, Weak};
426 ///
427 /// struct Gadget {
428 /// me: Weak<Gadget>,
429 /// }
430 ///
431 /// impl Gadget {
432 /// /// Constructs a reference counted Gadget.
433 /// fn new() -> Arc<Self> {
434 /// // `me` is a `Weak<Gadget>` pointing at the new allocation of the
435 /// // `Arc` we're constructing.
436 /// Arc::new_cyclic(|me| {
437 /// // Create the actual struct here.
438 /// Gadget { me: me.clone() }
439 /// })
440 /// }
441 ///
442 /// /// Returns a reference counted pointer to Self.
443 /// fn me(&self) -> Arc<Self> {
444 /// self.me.upgrade().unwrap()
445 /// }
446 /// }
447 /// ```
448 /// [`upgrade`]: Weak::upgrade
449 #[cfg(not(no_global_oom_handling))]
450 #[inline]
451 #[stable(feature = "arc_new_cyclic", since = "1.60.0")]
452 pub fn new_cyclic<F>(data_fn: F) -> Arc<T>
453 where
454 F: FnOnce(&Weak<T>) -> T,
455 {
456 Self::new_cyclic_in(data_fn, Global)
457 }
458
459 /// Constructs a new `Arc` with uninitialized contents.
460 ///
461 /// # Examples
462 ///
463 /// ```
464 /// #![feature(get_mut_unchecked)]
465 ///
466 /// use std::sync::Arc;
467 ///
468 /// let mut five = Arc::<u32>::new_uninit();
469 ///
470 /// // Deferred initialization:
471 /// Arc::get_mut(&mut five).unwrap().write(5);
472 ///
473 /// let five = unsafe { five.assume_init() };
474 ///
475 /// assert_eq!(*five, 5)
476 /// ```
477 #[cfg(not(no_global_oom_handling))]
478 #[inline]
479 #[stable(feature = "new_uninit", since = "1.82.0")]
480 #[must_use]
481 pub fn new_uninit() -> Arc<mem::MaybeUninit<T>> {
482 unsafe {
483 Arc::from_ptr(Arc::allocate_for_layout(
484 Layout::new::<T>(),
485 |layout| Global.allocate(layout),
486 <*mut u8>::cast,
487 ))
488 }
489 }
490
491 /// Constructs a new `Arc` with uninitialized contents, with the memory
492 /// being filled with `0` bytes.
493 ///
494 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
495 /// of this method.
496 ///
497 /// # Examples
498 ///
499 /// ```
500 /// #![feature(new_zeroed_alloc)]
501 ///
502 /// use std::sync::Arc;
503 ///
504 /// let zero = Arc::<u32>::new_zeroed();
505 /// let zero = unsafe { zero.assume_init() };
506 ///
507 /// assert_eq!(*zero, 0)
508 /// ```
509 ///
510 /// [zeroed]: mem::MaybeUninit::zeroed
511 #[cfg(not(no_global_oom_handling))]
512 #[inline]
513 #[unstable(feature = "new_zeroed_alloc", issue = "129396")]
514 #[must_use]
515 pub fn new_zeroed() -> Arc<mem::MaybeUninit<T>> {
516 unsafe {
517 Arc::from_ptr(Arc::allocate_for_layout(
518 Layout::new::<T>(),
519 |layout| Global.allocate_zeroed(layout),
520 <*mut u8>::cast,
521 ))
522 }
523 }
524
525 /// Constructs a new `Pin<Arc<T>>`. If `T` does not implement `Unpin`, then
526 /// `data` will be pinned in memory and unable to be moved.
527 #[cfg(not(no_global_oom_handling))]
528 #[stable(feature = "pin", since = "1.33.0")]
529 #[must_use]
530 pub fn pin(data: T) -> Pin<Arc<T>> {
531 unsafe { Pin::new_unchecked(Arc::new(data)) }
532 }
533
534 /// Constructs a new `Pin<Arc<T>>`, return an error if allocation fails.
535 #[unstable(feature = "allocator_api", issue = "32838")]
536 #[inline]
537 pub fn try_pin(data: T) -> Result<Pin<Arc<T>>, AllocError> {
538 unsafe { Ok(Pin::new_unchecked(Arc::try_new(data)?)) }
539 }
540
541 /// Constructs a new `Arc<T>`, returning an error if allocation fails.
542 ///
543 /// # Examples
544 ///
545 /// ```
546 /// #![feature(allocator_api)]
547 /// use std::sync::Arc;
548 ///
549 /// let five = Arc::try_new(5)?;
550 /// # Ok::<(), std::alloc::AllocError>(())
551 /// ```
552 #[unstable(feature = "allocator_api", issue = "32838")]
553 #[inline]
554 pub fn try_new(data: T) -> Result<Arc<T>, AllocError> {
555 // Start the weak pointer count as 1 which is the weak pointer that's
556 // held by all the strong pointers (kinda), see std/rc.rs for more info
557 let x: Box<_> = Box::try_new(ArcInner {
558 strong: atomic::AtomicUsize::new(1),
559 weak: atomic::AtomicUsize::new(1),
560 data,
561 })?;
562 unsafe { Ok(Self::from_inner(Box::leak(x).into())) }
563 }
564
565 /// Constructs a new `Arc` with uninitialized contents, returning an error
566 /// if allocation fails.
567 ///
568 /// # Examples
569 ///
570 /// ```
571 /// #![feature(allocator_api)]
572 /// #![feature(get_mut_unchecked)]
573 ///
574 /// use std::sync::Arc;
575 ///
576 /// let mut five = Arc::<u32>::try_new_uninit()?;
577 ///
578 /// // Deferred initialization:
579 /// Arc::get_mut(&mut five).unwrap().write(5);
580 ///
581 /// let five = unsafe { five.assume_init() };
582 ///
583 /// assert_eq!(*five, 5);
584 /// # Ok::<(), std::alloc::AllocError>(())
585 /// ```
586 #[unstable(feature = "allocator_api", issue = "32838")]
587 // #[unstable(feature = "new_uninit", issue = "63291")]
588 pub fn try_new_uninit() -> Result<Arc<mem::MaybeUninit<T>>, AllocError> {
589 unsafe {
590 Ok(Arc::from_ptr(Arc::try_allocate_for_layout(
591 Layout::new::<T>(),
592 |layout| Global.allocate(layout),
593 <*mut u8>::cast,
594 )?))
595 }
596 }
597
598 /// Constructs a new `Arc` with uninitialized contents, with the memory
599 /// being filled with `0` bytes, returning an error if allocation fails.
600 ///
601 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
602 /// of this method.
603 ///
604 /// # Examples
605 ///
606 /// ```
607 /// #![feature( allocator_api)]
608 ///
609 /// use std::sync::Arc;
610 ///
611 /// let zero = Arc::<u32>::try_new_zeroed()?;
612 /// let zero = unsafe { zero.assume_init() };
613 ///
614 /// assert_eq!(*zero, 0);
615 /// # Ok::<(), std::alloc::AllocError>(())
616 /// ```
617 ///
618 /// [zeroed]: mem::MaybeUninit::zeroed
619 #[unstable(feature = "allocator_api", issue = "32838")]
620 // #[unstable(feature = "new_uninit", issue = "63291")]
621 pub fn try_new_zeroed() -> Result<Arc<mem::MaybeUninit<T>>, AllocError> {
622 unsafe {
623 Ok(Arc::from_ptr(Arc::try_allocate_for_layout(
624 Layout::new::<T>(),
625 |layout| Global.allocate_zeroed(layout),
626 <*mut u8>::cast,
627 )?))
628 }
629 }
630}
631
632impl<T, A: Allocator> Arc<T, A> {
633 /// Constructs a new `Arc<T>` in the provided allocator.
634 ///
635 /// # Examples
636 ///
637 /// ```
638 /// #![feature(allocator_api)]
639 ///
640 /// use std::sync::Arc;
641 /// use std::alloc::System;
642 ///
643 /// let five = Arc::new_in(5, System);
644 /// ```
645 #[inline]
646 #[cfg(not(no_global_oom_handling))]
647 #[unstable(feature = "allocator_api", issue = "32838")]
648 pub fn new_in(data: T, alloc: A) -> Arc<T, A> {
649 // Start the weak pointer count as 1 which is the weak pointer that's
650 // held by all the strong pointers (kinda), see std/rc.rs for more info
651 let x = Box::new_in(
652 ArcInner {
653 strong: atomic::AtomicUsize::new(1),
654 weak: atomic::AtomicUsize::new(1),
655 data,
656 },
657 alloc,
658 );
659 let (ptr, alloc) = Box::into_unique(x);
660 unsafe { Self::from_inner_in(ptr.into(), alloc) }
661 }
662
663 /// Constructs a new `Arc` with uninitialized contents in the provided allocator.
664 ///
665 /// # Examples
666 ///
667 /// ```
668 /// #![feature(get_mut_unchecked)]
669 /// #![feature(allocator_api)]
670 ///
671 /// use std::sync::Arc;
672 /// use std::alloc::System;
673 ///
674 /// let mut five = Arc::<u32, _>::new_uninit_in(System);
675 ///
676 /// let five = unsafe {
677 /// // Deferred initialization:
678 /// Arc::get_mut_unchecked(&mut five).as_mut_ptr().write(5);
679 ///
680 /// five.assume_init()
681 /// };
682 ///
683 /// assert_eq!(*five, 5)
684 /// ```
685 #[cfg(not(no_global_oom_handling))]
686 #[unstable(feature = "allocator_api", issue = "32838")]
687 // #[unstable(feature = "new_uninit", issue = "63291")]
688 #[inline]
689 pub fn new_uninit_in(alloc: A) -> Arc<mem::MaybeUninit<T>, A> {
690 unsafe {
691 Arc::from_ptr_in(
692 Arc::allocate_for_layout(
693 Layout::new::<T>(),
694 |layout| alloc.allocate(layout),
695 <*mut u8>::cast,
696 ),
697 alloc,
698 )
699 }
700 }
701
702 /// Constructs a new `Arc` with uninitialized contents, with the memory
703 /// being filled with `0` bytes, in the provided allocator.
704 ///
705 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
706 /// of this method.
707 ///
708 /// # Examples
709 ///
710 /// ```
711 /// #![feature(allocator_api)]
712 ///
713 /// use std::sync::Arc;
714 /// use std::alloc::System;
715 ///
716 /// let zero = Arc::<u32, _>::new_zeroed_in(System);
717 /// let zero = unsafe { zero.assume_init() };
718 ///
719 /// assert_eq!(*zero, 0)
720 /// ```
721 ///
722 /// [zeroed]: mem::MaybeUninit::zeroed
723 #[cfg(not(no_global_oom_handling))]
724 #[unstable(feature = "allocator_api", issue = "32838")]
725 // #[unstable(feature = "new_uninit", issue = "63291")]
726 #[inline]
727 pub fn new_zeroed_in(alloc: A) -> Arc<mem::MaybeUninit<T>, A> {
728 unsafe {
729 Arc::from_ptr_in(
730 Arc::allocate_for_layout(
731 Layout::new::<T>(),
732 |layout| alloc.allocate_zeroed(layout),
733 <*mut u8>::cast,
734 ),
735 alloc,
736 )
737 }
738 }
739
740 /// Constructs a new `Arc<T, A>` in the given allocator while giving you a `Weak<T, A>` to the allocation,
741 /// to allow you to construct a `T` which holds a weak pointer to itself.
742 ///
743 /// Generally, a structure circularly referencing itself, either directly or
744 /// indirectly, should not hold a strong reference to itself to prevent a memory leak.
745 /// Using this function, you get access to the weak pointer during the
746 /// initialization of `T`, before the `Arc<T, A>` is created, such that you can
747 /// clone and store it inside the `T`.
748 ///
749 /// `new_cyclic_in` first allocates the managed allocation for the `Arc<T, A>`,
750 /// then calls your closure, giving it a `Weak<T, A>` to this allocation,
751 /// and only afterwards completes the construction of the `Arc<T, A>` by placing
752 /// the `T` returned from your closure into the allocation.
753 ///
754 /// Since the new `Arc<T, A>` is not fully-constructed until `Arc<T, A>::new_cyclic_in`
755 /// returns, calling [`upgrade`] on the weak reference inside your closure will
756 /// fail and result in a `None` value.
757 ///
758 /// # Panics
759 ///
760 /// If `data_fn` panics, the panic is propagated to the caller, and the
761 /// temporary [`Weak<T>`] is dropped normally.
762 ///
763 /// # Example
764 ///
765 /// See [`new_cyclic`]
766 ///
767 /// [`new_cyclic`]: Arc::new_cyclic
768 /// [`upgrade`]: Weak::upgrade
769 #[cfg(not(no_global_oom_handling))]
770 #[inline]
771 #[unstable(feature = "allocator_api", issue = "32838")]
772 pub fn new_cyclic_in<F>(data_fn: F, alloc: A) -> Arc<T, A>
773 where
774 F: FnOnce(&Weak<T, A>) -> T,
775 {
776 // Construct the inner in the "uninitialized" state with a single
777 // weak reference.
778 let (uninit_raw_ptr, alloc) = Box::into_raw_with_allocator(Box::new_in(
779 ArcInner {
780 strong: atomic::AtomicUsize::new(0),
781 weak: atomic::AtomicUsize::new(1),
782 data: mem::MaybeUninit::<T>::uninit(),
783 },
784 alloc,
785 ));
786 let uninit_ptr: NonNull<_> = (unsafe { &mut *uninit_raw_ptr }).into();
787 let init_ptr: NonNull<ArcInner<T>> = uninit_ptr.cast();
788
789 let weak = Weak { ptr: init_ptr, alloc };
790
791 // It's important we don't give up ownership of the weak pointer, or
792 // else the memory might be freed by the time `data_fn` returns. If
793 // we really wanted to pass ownership, we could create an additional
794 // weak pointer for ourselves, but this would result in additional
795 // updates to the weak reference count which might not be necessary
796 // otherwise.
797 let data = data_fn(&weak);
798
799 // Now we can properly initialize the inner value and turn our weak
800 // reference into a strong reference.
801 let strong = unsafe {
802 let inner = init_ptr.as_ptr();
803 ptr::write(&raw mut (*inner).data, data);
804
805 // The above write to the data field must be visible to any threads which
806 // observe a non-zero strong count. Therefore we need at least "Release" ordering
807 // in order to synchronize with the `compare_exchange_weak` in `Weak::upgrade`.
808 //
809 // "Acquire" ordering is not required. When considering the possible behaviors
810 // of `data_fn` we only need to look at what it could do with a reference to a
811 // non-upgradeable `Weak`:
812 // - It can *clone* the `Weak`, increasing the weak reference count.
813 // - It can drop those clones, decreasing the weak reference count (but never to zero).
814 //
815 // These side effects do not impact us in any way, and no other side effects are
816 // possible with safe code alone.
817 let prev_value = (*inner).strong.fetch_add(1, Release);
818 debug_assert_eq!(prev_value, 0, "No prior strong references should exist");
819
820 // Strong references should collectively own a shared weak reference,
821 // so don't run the destructor for our old weak reference.
822 // Calling into_raw_with_allocator has the double effect of giving us back the allocator,
823 // and forgetting the weak reference.
824 let alloc = weak.into_raw_with_allocator().1;
825
826 Arc::from_inner_in(init_ptr, alloc)
827 };
828
829 strong
830 }
831
832 /// Constructs a new `Pin<Arc<T, A>>` in the provided allocator. If `T` does not implement `Unpin`,
833 /// then `data` will be pinned in memory and unable to be moved.
834 #[cfg(not(no_global_oom_handling))]
835 #[unstable(feature = "allocator_api", issue = "32838")]
836 #[inline]
837 pub fn pin_in(data: T, alloc: A) -> Pin<Arc<T, A>>
838 where
839 A: 'static,
840 {
841 unsafe { Pin::new_unchecked(Arc::new_in(data, alloc)) }
842 }
843
844 /// Constructs a new `Pin<Arc<T, A>>` in the provided allocator, return an error if allocation
845 /// fails.
846 #[inline]
847 #[unstable(feature = "allocator_api", issue = "32838")]
848 pub fn try_pin_in(data: T, alloc: A) -> Result<Pin<Arc<T, A>>, AllocError>
849 where
850 A: 'static,
851 {
852 unsafe { Ok(Pin::new_unchecked(Arc::try_new_in(data, alloc)?)) }
853 }
854
855 /// Constructs a new `Arc<T, A>` in the provided allocator, returning an error if allocation fails.
856 ///
857 /// # Examples
858 ///
859 /// ```
860 /// #![feature(allocator_api)]
861 ///
862 /// use std::sync::Arc;
863 /// use std::alloc::System;
864 ///
865 /// let five = Arc::try_new_in(5, System)?;
866 /// # Ok::<(), std::alloc::AllocError>(())
867 /// ```
868 #[inline]
869 #[unstable(feature = "allocator_api", issue = "32838")]
870 #[inline]
871 pub fn try_new_in(data: T, alloc: A) -> Result<Arc<T, A>, AllocError> {
872 // Start the weak pointer count as 1 which is the weak pointer that's
873 // held by all the strong pointers (kinda), see std/rc.rs for more info
874 let x = Box::try_new_in(
875 ArcInner {
876 strong: atomic::AtomicUsize::new(1),
877 weak: atomic::AtomicUsize::new(1),
878 data,
879 },
880 alloc,
881 )?;
882 let (ptr, alloc) = Box::into_unique(x);
883 Ok(unsafe { Self::from_inner_in(ptr.into(), alloc) })
884 }
885
886 /// Constructs a new `Arc` with uninitialized contents, in the provided allocator, returning an
887 /// error if allocation fails.
888 ///
889 /// # Examples
890 ///
891 /// ```
892 /// #![feature(allocator_api)]
893 /// #![feature(get_mut_unchecked)]
894 ///
895 /// use std::sync::Arc;
896 /// use std::alloc::System;
897 ///
898 /// let mut five = Arc::<u32, _>::try_new_uninit_in(System)?;
899 ///
900 /// let five = unsafe {
901 /// // Deferred initialization:
902 /// Arc::get_mut_unchecked(&mut five).as_mut_ptr().write(5);
903 ///
904 /// five.assume_init()
905 /// };
906 ///
907 /// assert_eq!(*five, 5);
908 /// # Ok::<(), std::alloc::AllocError>(())
909 /// ```
910 #[unstable(feature = "allocator_api", issue = "32838")]
911 // #[unstable(feature = "new_uninit", issue = "63291")]
912 #[inline]
913 pub fn try_new_uninit_in(alloc: A) -> Result<Arc<mem::MaybeUninit<T>, A>, AllocError> {
914 unsafe {
915 Ok(Arc::from_ptr_in(
916 Arc::try_allocate_for_layout(
917 Layout::new::<T>(),
918 |layout| alloc.allocate(layout),
919 <*mut u8>::cast,
920 )?,
921 alloc,
922 ))
923 }
924 }
925
926 /// Constructs a new `Arc` with uninitialized contents, with the memory
927 /// being filled with `0` bytes, in the provided allocator, returning an error if allocation
928 /// fails.
929 ///
930 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and incorrect usage
931 /// of this method.
932 ///
933 /// # Examples
934 ///
935 /// ```
936 /// #![feature(allocator_api)]
937 ///
938 /// use std::sync::Arc;
939 /// use std::alloc::System;
940 ///
941 /// let zero = Arc::<u32, _>::try_new_zeroed_in(System)?;
942 /// let zero = unsafe { zero.assume_init() };
943 ///
944 /// assert_eq!(*zero, 0);
945 /// # Ok::<(), std::alloc::AllocError>(())
946 /// ```
947 ///
948 /// [zeroed]: mem::MaybeUninit::zeroed
949 #[unstable(feature = "allocator_api", issue = "32838")]
950 // #[unstable(feature = "new_uninit", issue = "63291")]
951 #[inline]
952 pub fn try_new_zeroed_in(alloc: A) -> Result<Arc<mem::MaybeUninit<T>, A>, AllocError> {
953 unsafe {
954 Ok(Arc::from_ptr_in(
955 Arc::try_allocate_for_layout(
956 Layout::new::<T>(),
957 |layout| alloc.allocate_zeroed(layout),
958 <*mut u8>::cast,
959 )?,
960 alloc,
961 ))
962 }
963 }
964 /// Returns the inner value, if the `Arc` has exactly one strong reference.
965 ///
966 /// Otherwise, an [`Err`] is returned with the same `Arc` that was
967 /// passed in.
968 ///
969 /// This will succeed even if there are outstanding weak references.
970 ///
971 /// It is strongly recommended to use [`Arc::into_inner`] instead if you don't
972 /// keep the `Arc` in the [`Err`] case.
973 /// Immediately dropping the [`Err`]-value, as the expression
974 /// `Arc::try_unwrap(this).ok()` does, can cause the strong count to
975 /// drop to zero and the inner value of the `Arc` to be dropped.
976 /// For instance, if two threads execute such an expression in parallel,
977 /// there is a race condition without the possibility of unsafety:
978 /// The threads could first both check whether they own the last instance
979 /// in `Arc::try_unwrap`, determine that they both do not, and then both
980 /// discard and drop their instance in the call to [`ok`][`Result::ok`].
981 /// In this scenario, the value inside the `Arc` is safely destroyed
982 /// by exactly one of the threads, but neither thread will ever be able
983 /// to use the value.
984 ///
985 /// # Examples
986 ///
987 /// ```
988 /// use std::sync::Arc;
989 ///
990 /// let x = Arc::new(3);
991 /// assert_eq!(Arc::try_unwrap(x), Ok(3));
992 ///
993 /// let x = Arc::new(4);
994 /// let _y = Arc::clone(&x);
995 /// assert_eq!(*Arc::try_unwrap(x).unwrap_err(), 4);
996 /// ```
997 #[inline]
998 #[stable(feature = "arc_unique", since = "1.4.0")]
999 pub fn try_unwrap(this: Self) -> Result<T, Self> {
1000 if this.inner().strong.compare_exchange(1, 0, Relaxed, Relaxed).is_err() {
1001 return Err(this);
1002 }
1003
1004 acquire!(this.inner().strong);
1005
1006 let this = ManuallyDrop::new(this);
1007 let elem: T = unsafe { ptr::read(&this.ptr.as_ref().data) };
1008 let alloc: A = unsafe { ptr::read(&this.alloc) }; // copy the allocator
1009
1010 // Make a weak pointer to clean up the implicit strong-weak reference
1011 let _weak = Weak { ptr: this.ptr, alloc };
1012
1013 Ok(elem)
1014 }
1015
1016 /// Returns the inner value, if the `Arc` has exactly one strong reference.
1017 ///
1018 /// Otherwise, [`None`] is returned and the `Arc` is dropped.
1019 ///
1020 /// This will succeed even if there are outstanding weak references.
1021 ///
1022 /// If `Arc::into_inner` is called on every clone of this `Arc`,
1023 /// it is guaranteed that exactly one of the calls returns the inner value.
1024 /// This means in particular that the inner value is not dropped.
1025 ///
1026 /// [`Arc::try_unwrap`] is conceptually similar to `Arc::into_inner`, but it
1027 /// is meant for different use-cases. If used as a direct replacement
1028 /// for `Arc::into_inner` anyway, such as with the expression
1029 /// <code>[Arc::try_unwrap]\(this).[ok][Result::ok]()</code>, then it does
1030 /// **not** give the same guarantee as described in the previous paragraph.
1031 /// For more information, see the examples below and read the documentation
1032 /// of [`Arc::try_unwrap`].
1033 ///
1034 /// # Examples
1035 ///
1036 /// Minimal example demonstrating the guarantee that `Arc::into_inner` gives.
1037 /// ```
1038 /// use std::sync::Arc;
1039 ///
1040 /// let x = Arc::new(3);
1041 /// let y = Arc::clone(&x);
1042 ///
1043 /// // Two threads calling `Arc::into_inner` on both clones of an `Arc`:
1044 /// let x_thread = std::thread::spawn(|| Arc::into_inner(x));
1045 /// let y_thread = std::thread::spawn(|| Arc::into_inner(y));
1046 ///
1047 /// let x_inner_value = x_thread.join().unwrap();
1048 /// let y_inner_value = y_thread.join().unwrap();
1049 ///
1050 /// // One of the threads is guaranteed to receive the inner value:
1051 /// assert!(matches!(
1052 /// (x_inner_value, y_inner_value),
1053 /// (None, Some(3)) | (Some(3), None)
1054 /// ));
1055 /// // The result could also be `(None, None)` if the threads called
1056 /// // `Arc::try_unwrap(x).ok()` and `Arc::try_unwrap(y).ok()` instead.
1057 /// ```
1058 ///
1059 /// A more practical example demonstrating the need for `Arc::into_inner`:
1060 /// ```
1061 /// use std::sync::Arc;
1062 ///
1063 /// // Definition of a simple singly linked list using `Arc`:
1064 /// #[derive(Clone)]
1065 /// struct LinkedList<T>(Option<Arc<Node<T>>>);
1066 /// struct Node<T>(T, Option<Arc<Node<T>>>);
1067 ///
1068 /// // Dropping a long `LinkedList<T>` relying on the destructor of `Arc`
1069 /// // can cause a stack overflow. To prevent this, we can provide a
1070 /// // manual `Drop` implementation that does the destruction in a loop:
1071 /// impl<T> Drop for LinkedList<T> {
1072 /// fn drop(&mut self) {
1073 /// let mut link = self.0.take();
1074 /// while let Some(arc_node) = link.take() {
1075 /// if let Some(Node(_value, next)) = Arc::into_inner(arc_node) {
1076 /// link = next;
1077 /// }
1078 /// }
1079 /// }
1080 /// }
1081 ///
1082 /// // Implementation of `new` and `push` omitted
1083 /// impl<T> LinkedList<T> {
1084 /// /* ... */
1085 /// # fn new() -> Self {
1086 /// # LinkedList(None)
1087 /// # }
1088 /// # fn push(&mut self, x: T) {
1089 /// # self.0 = Some(Arc::new(Node(x, self.0.take())));
1090 /// # }
1091 /// }
1092 ///
1093 /// // The following code could have still caused a stack overflow
1094 /// // despite the manual `Drop` impl if that `Drop` impl had used
1095 /// // `Arc::try_unwrap(arc).ok()` instead of `Arc::into_inner(arc)`.
1096 ///
1097 /// // Create a long list and clone it
1098 /// let mut x = LinkedList::new();
1099 /// let size = 100000;
1100 /// # let size = if cfg!(miri) { 100 } else { size };
1101 /// for i in 0..size {
1102 /// x.push(i); // Adds i to the front of x
1103 /// }
1104 /// let y = x.clone();
1105 ///
1106 /// // Drop the clones in parallel
1107 /// let x_thread = std::thread::spawn(|| drop(x));
1108 /// let y_thread = std::thread::spawn(|| drop(y));
1109 /// x_thread.join().unwrap();
1110 /// y_thread.join().unwrap();
1111 /// ```
1112 #[inline]
1113 #[stable(feature = "arc_into_inner", since = "1.70.0")]
1114 pub fn into_inner(this: Self) -> Option<T> {
1115 // Make sure that the ordinary `Drop` implementation isn’t called as well
1116 let mut this = mem::ManuallyDrop::new(this);
1117
1118 // Following the implementation of `drop` and `drop_slow`
1119 if this.inner().strong.fetch_sub(1, Release) != 1 {
1120 return None;
1121 }
1122
1123 acquire!(this.inner().strong);
1124
1125 // SAFETY: This mirrors the line
1126 //
1127 // unsafe { ptr::drop_in_place(Self::get_mut_unchecked(self)) };
1128 //
1129 // in `drop_slow`. Instead of dropping the value behind the pointer,
1130 // it is read and eventually returned; `ptr::read` has the same
1131 // safety conditions as `ptr::drop_in_place`.
1132
1133 let inner = unsafe { ptr::read(Self::get_mut_unchecked(&mut this)) };
1134 let alloc = unsafe { ptr::read(&this.alloc) };
1135
1136 drop(Weak { ptr: this.ptr, alloc });
1137
1138 Some(inner)
1139 }
1140}
1141
1142impl<T> Arc<[T]> {
1143 /// Constructs a new atomically reference-counted slice with uninitialized contents.
1144 ///
1145 /// # Examples
1146 ///
1147 /// ```
1148 /// #![feature(get_mut_unchecked)]
1149 ///
1150 /// use std::sync::Arc;
1151 ///
1152 /// let mut values = Arc::<[u32]>::new_uninit_slice(3);
1153 ///
1154 /// // Deferred initialization:
1155 /// let data = Arc::get_mut(&mut values).unwrap();
1156 /// data[0].write(1);
1157 /// data[1].write(2);
1158 /// data[2].write(3);
1159 ///
1160 /// let values = unsafe { values.assume_init() };
1161 ///
1162 /// assert_eq!(*values, [1, 2, 3])
1163 /// ```
1164 #[cfg(not(no_global_oom_handling))]
1165 #[inline]
1166 #[stable(feature = "new_uninit", since = "1.82.0")]
1167 #[must_use]
1168 pub fn new_uninit_slice(len: usize) -> Arc<[mem::MaybeUninit<T>]> {
1169 unsafe { Arc::from_ptr(Arc::allocate_for_slice(len)) }
1170 }
1171
1172 /// Constructs a new atomically reference-counted slice with uninitialized contents, with the memory being
1173 /// filled with `0` bytes.
1174 ///
1175 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and
1176 /// incorrect usage of this method.
1177 ///
1178 /// # Examples
1179 ///
1180 /// ```
1181 /// #![feature(new_zeroed_alloc)]
1182 ///
1183 /// use std::sync::Arc;
1184 ///
1185 /// let values = Arc::<[u32]>::new_zeroed_slice(3);
1186 /// let values = unsafe { values.assume_init() };
1187 ///
1188 /// assert_eq!(*values, [0, 0, 0])
1189 /// ```
1190 ///
1191 /// [zeroed]: mem::MaybeUninit::zeroed
1192 #[cfg(not(no_global_oom_handling))]
1193 #[inline]
1194 #[unstable(feature = "new_zeroed_alloc", issue = "129396")]
1195 #[must_use]
1196 pub fn new_zeroed_slice(len: usize) -> Arc<[mem::MaybeUninit<T>]> {
1197 unsafe {
1198 Arc::from_ptr(Arc::allocate_for_layout(
1199 Layout::array::<T>(len).unwrap(),
1200 |layout| Global.allocate_zeroed(layout),
1201 |mem| {
1202 ptr::slice_from_raw_parts_mut(mem as *mut T, len)
1203 as *mut ArcInner<[mem::MaybeUninit<T>]>
1204 },
1205 ))
1206 }
1207 }
1208
1209 /// Converts the reference-counted slice into a reference-counted array.
1210 ///
1211 /// This operation does not reallocate; the underlying array of the slice is simply reinterpreted as an array type.
1212 ///
1213 /// If `N` is not exactly equal to the length of `self`, then this method returns `None`.
1214 #[unstable(feature = "slice_as_array", issue = "133508")]
1215 #[inline]
1216 #[must_use]
1217 pub fn into_array<const N: usize>(self) -> Option<Arc<[T; N]>> {
1218 if self.len() == N {
1219 let ptr = Self::into_raw(self) as *const [T; N];
1220
1221 // SAFETY: The underlying array of a slice has the exact same layout as an actual array `[T; N]` if `N` is equal to the slice's length.
1222 let me = unsafe { Arc::from_raw(ptr) };
1223 Some(me)
1224 } else {
1225 None
1226 }
1227 }
1228}
1229
1230impl<T, A: Allocator> Arc<[T], A> {
1231 /// Constructs a new atomically reference-counted slice with uninitialized contents in the
1232 /// provided allocator.
1233 ///
1234 /// # Examples
1235 ///
1236 /// ```
1237 /// #![feature(get_mut_unchecked)]
1238 /// #![feature(allocator_api)]
1239 ///
1240 /// use std::sync::Arc;
1241 /// use std::alloc::System;
1242 ///
1243 /// let mut values = Arc::<[u32], _>::new_uninit_slice_in(3, System);
1244 ///
1245 /// let values = unsafe {
1246 /// // Deferred initialization:
1247 /// Arc::get_mut_unchecked(&mut values)[0].as_mut_ptr().write(1);
1248 /// Arc::get_mut_unchecked(&mut values)[1].as_mut_ptr().write(2);
1249 /// Arc::get_mut_unchecked(&mut values)[2].as_mut_ptr().write(3);
1250 ///
1251 /// values.assume_init()
1252 /// };
1253 ///
1254 /// assert_eq!(*values, [1, 2, 3])
1255 /// ```
1256 #[cfg(not(no_global_oom_handling))]
1257 #[unstable(feature = "allocator_api", issue = "32838")]
1258 #[inline]
1259 pub fn new_uninit_slice_in(len: usize, alloc: A) -> Arc<[mem::MaybeUninit<T>], A> {
1260 unsafe { Arc::from_ptr_in(Arc::allocate_for_slice_in(len, &alloc), alloc) }
1261 }
1262
1263 /// Constructs a new atomically reference-counted slice with uninitialized contents, with the memory being
1264 /// filled with `0` bytes, in the provided allocator.
1265 ///
1266 /// See [`MaybeUninit::zeroed`][zeroed] for examples of correct and
1267 /// incorrect usage of this method.
1268 ///
1269 /// # Examples
1270 ///
1271 /// ```
1272 /// #![feature(allocator_api)]
1273 ///
1274 /// use std::sync::Arc;
1275 /// use std::alloc::System;
1276 ///
1277 /// let values = Arc::<[u32], _>::new_zeroed_slice_in(3, System);
1278 /// let values = unsafe { values.assume_init() };
1279 ///
1280 /// assert_eq!(*values, [0, 0, 0])
1281 /// ```
1282 ///
1283 /// [zeroed]: mem::MaybeUninit::zeroed
1284 #[cfg(not(no_global_oom_handling))]
1285 #[unstable(feature = "allocator_api", issue = "32838")]
1286 #[inline]
1287 pub fn new_zeroed_slice_in(len: usize, alloc: A) -> Arc<[mem::MaybeUninit<T>], A> {
1288 unsafe {
1289 Arc::from_ptr_in(
1290 Arc::allocate_for_layout(
1291 Layout::array::<T>(len).unwrap(),
1292 |layout| alloc.allocate_zeroed(layout),
1293 |mem| {
1294 ptr::slice_from_raw_parts_mut(mem.cast::<T>(), len)
1295 as *mut ArcInner<[mem::MaybeUninit<T>]>
1296 },
1297 ),
1298 alloc,
1299 )
1300 }
1301 }
1302}
1303
1304impl<T, A: Allocator> Arc<mem::MaybeUninit<T>, A> {
1305 /// Converts to `Arc<T>`.
1306 ///
1307 /// # Safety
1308 ///
1309 /// As with [`MaybeUninit::assume_init`],
1310 /// it is up to the caller to guarantee that the inner value
1311 /// really is in an initialized state.
1312 /// Calling this when the content is not yet fully initialized
1313 /// causes immediate undefined behavior.
1314 ///
1315 /// [`MaybeUninit::assume_init`]: mem::MaybeUninit::assume_init
1316 ///
1317 /// # Examples
1318 ///
1319 /// ```
1320 /// #![feature(get_mut_unchecked)]
1321 ///
1322 /// use std::sync::Arc;
1323 ///
1324 /// let mut five = Arc::<u32>::new_uninit();
1325 ///
1326 /// // Deferred initialization:
1327 /// Arc::get_mut(&mut five).unwrap().write(5);
1328 ///
1329 /// let five = unsafe { five.assume_init() };
1330 ///
1331 /// assert_eq!(*five, 5)
1332 /// ```
1333 #[stable(feature = "new_uninit", since = "1.82.0")]
1334 #[must_use = "`self` will be dropped if the result is not used"]
1335 #[inline]
1336 pub unsafe fn assume_init(self) -> Arc<T, A> {
1337 let (ptr, alloc) = Arc::into_inner_with_allocator(self);
1338 unsafe { Arc::from_inner_in(ptr.cast(), alloc) }
1339 }
1340}
1341
1342impl<T, A: Allocator> Arc<[mem::MaybeUninit<T>], A> {
1343 /// Converts to `Arc<[T]>`.
1344 ///
1345 /// # Safety
1346 ///
1347 /// As with [`MaybeUninit::assume_init`],
1348 /// it is up to the caller to guarantee that the inner value
1349 /// really is in an initialized state.
1350 /// Calling this when the content is not yet fully initialized
1351 /// causes immediate undefined behavior.
1352 ///
1353 /// [`MaybeUninit::assume_init`]: mem::MaybeUninit::assume_init
1354 ///
1355 /// # Examples
1356 ///
1357 /// ```
1358 /// #![feature(get_mut_unchecked)]
1359 ///
1360 /// use std::sync::Arc;
1361 ///
1362 /// let mut values = Arc::<[u32]>::new_uninit_slice(3);
1363 ///
1364 /// // Deferred initialization:
1365 /// let data = Arc::get_mut(&mut values).unwrap();
1366 /// data[0].write(1);
1367 /// data[1].write(2);
1368 /// data[2].write(3);
1369 ///
1370 /// let values = unsafe { values.assume_init() };
1371 ///
1372 /// assert_eq!(*values, [1, 2, 3])
1373 /// ```
1374 #[stable(feature = "new_uninit", since = "1.82.0")]
1375 #[must_use = "`self` will be dropped if the result is not used"]
1376 #[inline]
1377 pub unsafe fn assume_init(self) -> Arc<[T], A> {
1378 let (ptr, alloc) = Arc::into_inner_with_allocator(self);
1379 unsafe { Arc::from_ptr_in(ptr.as_ptr() as _, alloc) }
1380 }
1381}
1382
1383impl<T: ?Sized> Arc<T> {
1384 /// Constructs an `Arc<T>` from a raw pointer.
1385 ///
1386 /// The raw pointer must have been previously returned by a call to
1387 /// [`Arc<U>::into_raw`][into_raw] with the following requirements:
1388 ///
1389 /// * If `U` is sized, it must have the same size and alignment as `T`. This
1390 /// is trivially true if `U` is `T`.
1391 /// * If `U` is unsized, its data pointer must have the same size and
1392 /// alignment as `T`. This is trivially true if `Arc<U>` was constructed
1393 /// through `Arc<T>` and then converted to `Arc<U>` through an [unsized
1394 /// coercion].
1395 ///
1396 /// Note that if `U` or `U`'s data pointer is not `T` but has the same size
1397 /// and alignment, this is basically like transmuting references of
1398 /// different types. See [`mem::transmute`][transmute] for more information
1399 /// on what restrictions apply in this case.
1400 ///
1401 /// The raw pointer must point to a block of memory allocated by the global allocator.
1402 ///
1403 /// The user of `from_raw` has to make sure a specific value of `T` is only
1404 /// dropped once.
1405 ///
1406 /// This function is unsafe because improper use may lead to memory unsafety,
1407 /// even if the returned `Arc<T>` is never accessed.
1408 ///
1409 /// [into_raw]: Arc::into_raw
1410 /// [transmute]: core::mem::transmute
1411 /// [unsized coercion]: https://doc.rust-lang.org/reference/type-coercions.html#unsized-coercions
1412 ///
1413 /// # Examples
1414 ///
1415 /// ```
1416 /// use std::sync::Arc;
1417 ///
1418 /// let x = Arc::new("hello".to_owned());
1419 /// let x_ptr = Arc::into_raw(x);
1420 ///
1421 /// unsafe {
1422 /// // Convert back to an `Arc` to prevent leak.
1423 /// let x = Arc::from_raw(x_ptr);
1424 /// assert_eq!(&*x, "hello");
1425 ///
1426 /// // Further calls to `Arc::from_raw(x_ptr)` would be memory-unsafe.
1427 /// }
1428 ///
1429 /// // The memory was freed when `x` went out of scope above, so `x_ptr` is now dangling!
1430 /// ```
1431 ///
1432 /// Convert a slice back into its original array:
1433 ///
1434 /// ```
1435 /// use std::sync::Arc;
1436 ///
1437 /// let x: Arc<[u32]> = Arc::new([1, 2, 3]);
1438 /// let x_ptr: *const [u32] = Arc::into_raw(x);
1439 ///
1440 /// unsafe {
1441 /// let x: Arc<[u32; 3]> = Arc::from_raw(x_ptr.cast::<[u32; 3]>());
1442 /// assert_eq!(&*x, &[1, 2, 3]);
1443 /// }
1444 /// ```
1445 #[inline]
1446 #[stable(feature = "rc_raw", since = "1.17.0")]
1447 pub unsafe fn from_raw(ptr: *const T) -> Self {
1448 unsafe { Arc::from_raw_in(ptr, Global) }
1449 }
1450
1451 /// Increments the strong reference count on the `Arc<T>` associated with the
1452 /// provided pointer by one.
1453 ///
1454 /// # Safety
1455 ///
1456 /// The pointer must have been obtained through `Arc::into_raw`, and the
1457 /// associated `Arc` instance must be valid (i.e. the strong count must be at
1458 /// least 1) for the duration of this method, and `ptr` must point to a block of memory
1459 /// allocated by the global allocator.
1460 ///
1461 /// # Examples
1462 ///
1463 /// ```
1464 /// use std::sync::Arc;
1465 ///
1466 /// let five = Arc::new(5);
1467 ///
1468 /// unsafe {
1469 /// let ptr = Arc::into_raw(five);
1470 /// Arc::increment_strong_count(ptr);
1471 ///
1472 /// // This assertion is deterministic because we haven't shared
1473 /// // the `Arc` between threads.
1474 /// let five = Arc::from_raw(ptr);
1475 /// assert_eq!(2, Arc::strong_count(&five));
1476 /// # // Prevent leaks for Miri.
1477 /// # Arc::decrement_strong_count(ptr);
1478 /// }
1479 /// ```
1480 #[inline]
1481 #[stable(feature = "arc_mutate_strong_count", since = "1.51.0")]
1482 pub unsafe fn increment_strong_count(ptr: *const T) {
1483 unsafe { Arc::increment_strong_count_in(ptr, Global) }
1484 }
1485
1486 /// Decrements the strong reference count on the `Arc<T>` associated with the
1487 /// provided pointer by one.
1488 ///
1489 /// # Safety
1490 ///
1491 /// The pointer must have been obtained through `Arc::into_raw`, and the
1492 /// associated `Arc` instance must be valid (i.e. the strong count must be at
1493 /// least 1) when invoking this method, and `ptr` must point to a block of memory
1494 /// allocated by the global allocator. This method can be used to release the final
1495 /// `Arc` and backing storage, but **should not** be called after the final `Arc` has been
1496 /// released.
1497 ///
1498 /// # Examples
1499 ///
1500 /// ```
1501 /// use std::sync::Arc;
1502 ///
1503 /// let five = Arc::new(5);
1504 ///
1505 /// unsafe {
1506 /// let ptr = Arc::into_raw(five);
1507 /// Arc::increment_strong_count(ptr);
1508 ///
1509 /// // Those assertions are deterministic because we haven't shared
1510 /// // the `Arc` between threads.
1511 /// let five = Arc::from_raw(ptr);
1512 /// assert_eq!(2, Arc::strong_count(&five));
1513 /// Arc::decrement_strong_count(ptr);
1514 /// assert_eq!(1, Arc::strong_count(&five));
1515 /// }
1516 /// ```
1517 #[inline]
1518 #[stable(feature = "arc_mutate_strong_count", since = "1.51.0")]
1519 pub unsafe fn decrement_strong_count(ptr: *const T) {
1520 unsafe { Arc::decrement_strong_count_in(ptr, Global) }
1521 }
1522}
1523
1524impl<T: ?Sized, A: Allocator> Arc<T, A> {
1525 /// Returns a reference to the underlying allocator.
1526 ///
1527 /// Note: this is an associated function, which means that you have
1528 /// to call it as `Arc::allocator(&a)` instead of `a.allocator()`. This
1529 /// is so that there is no conflict with a method on the inner type.
1530 #[inline]
1531 #[unstable(feature = "allocator_api", issue = "32838")]
1532 pub fn allocator(this: &Self) -> &A {
1533 &this.alloc
1534 }
1535
1536 /// Consumes the `Arc`, returning the wrapped pointer.
1537 ///
1538 /// To avoid a memory leak the pointer must be converted back to an `Arc` using
1539 /// [`Arc::from_raw`].
1540 ///
1541 /// # Examples
1542 ///
1543 /// ```
1544 /// use std::sync::Arc;
1545 ///
1546 /// let x = Arc::new("hello".to_owned());
1547 /// let x_ptr = Arc::into_raw(x);
1548 /// assert_eq!(unsafe { &*x_ptr }, "hello");
1549 /// # // Prevent leaks for Miri.
1550 /// # drop(unsafe { Arc::from_raw(x_ptr) });
1551 /// ```
1552 #[must_use = "losing the pointer will leak memory"]
1553 #[stable(feature = "rc_raw", since = "1.17.0")]
1554 #[rustc_never_returns_null_ptr]
1555 pub fn into_raw(this: Self) -> *const T {
1556 let this = ManuallyDrop::new(this);
1557 Self::as_ptr(&*this)
1558 }
1559
1560 /// Consumes the `Arc`, returning the wrapped pointer and allocator.
1561 ///
1562 /// To avoid a memory leak the pointer must be converted back to an `Arc` using
1563 /// [`Arc::from_raw_in`].
1564 ///
1565 /// # Examples
1566 ///
1567 /// ```
1568 /// #![feature(allocator_api)]
1569 /// use std::sync::Arc;
1570 /// use std::alloc::System;
1571 ///
1572 /// let x = Arc::new_in("hello".to_owned(), System);
1573 /// let (ptr, alloc) = Arc::into_raw_with_allocator(x);
1574 /// assert_eq!(unsafe { &*ptr }, "hello");
1575 /// let x = unsafe { Arc::from_raw_in(ptr, alloc) };
1576 /// assert_eq!(&*x, "hello");
1577 /// ```
1578 #[must_use = "losing the pointer will leak memory"]
1579 #[unstable(feature = "allocator_api", issue = "32838")]
1580 pub fn into_raw_with_allocator(this: Self) -> (*const T, A) {
1581 let this = mem::ManuallyDrop::new(this);
1582 let ptr = Self::as_ptr(&this);
1583 // Safety: `this` is ManuallyDrop so the allocator will not be double-dropped
1584 let alloc = unsafe { ptr::read(&this.alloc) };
1585 (ptr, alloc)
1586 }
1587
1588 /// Provides a raw pointer to the data.
1589 ///
1590 /// The counts are not affected in any way and the `Arc` is not consumed. The pointer is valid for
1591 /// as long as there are strong counts in the `Arc`.
1592 ///
1593 /// # Examples
1594 ///
1595 /// ```
1596 /// use std::sync::Arc;
1597 ///
1598 /// let x = Arc::new("hello".to_owned());
1599 /// let y = Arc::clone(&x);
1600 /// let x_ptr = Arc::as_ptr(&x);
1601 /// assert_eq!(x_ptr, Arc::as_ptr(&y));
1602 /// assert_eq!(unsafe { &*x_ptr }, "hello");
1603 /// ```
1604 #[must_use]
1605 #[stable(feature = "rc_as_ptr", since = "1.45.0")]
1606 #[rustc_never_returns_null_ptr]
1607 pub fn as_ptr(this: &Self) -> *const T {
1608 let ptr: *mut ArcInner<T> = NonNull::as_ptr(this.ptr);
1609
1610 // SAFETY: This cannot go through Deref::deref or RcInnerPtr::inner because
1611 // this is required to retain raw/mut provenance such that e.g. `get_mut` can
1612 // write through the pointer after the Rc is recovered through `from_raw`.
1613 unsafe { &raw mut (*ptr).data }
1614 }
1615
1616 /// Constructs an `Arc<T, A>` from a raw pointer.
1617 ///
1618 /// The raw pointer must have been previously returned by a call to [`Arc<U,
1619 /// A>::into_raw`][into_raw] with the following requirements:
1620 ///
1621 /// * If `U` is sized, it must have the same size and alignment as `T`. This
1622 /// is trivially true if `U` is `T`.
1623 /// * If `U` is unsized, its data pointer must have the same size and
1624 /// alignment as `T`. This is trivially true if `Arc<U>` was constructed
1625 /// through `Arc<T>` and then converted to `Arc<U>` through an [unsized
1626 /// coercion].
1627 ///
1628 /// Note that if `U` or `U`'s data pointer is not `T` but has the same size
1629 /// and alignment, this is basically like transmuting references of
1630 /// different types. See [`mem::transmute`][transmute] for more information
1631 /// on what restrictions apply in this case.
1632 ///
1633 /// The raw pointer must point to a block of memory allocated by `alloc`
1634 ///
1635 /// The user of `from_raw` has to make sure a specific value of `T` is only
1636 /// dropped once.
1637 ///
1638 /// This function is unsafe because improper use may lead to memory unsafety,
1639 /// even if the returned `Arc<T>` is never accessed.
1640 ///
1641 /// [into_raw]: Arc::into_raw
1642 /// [transmute]: core::mem::transmute
1643 /// [unsized coercion]: https://doc.rust-lang.org/reference/type-coercions.html#unsized-coercions
1644 ///
1645 /// # Examples
1646 ///
1647 /// ```
1648 /// #![feature(allocator_api)]
1649 ///
1650 /// use std::sync::Arc;
1651 /// use std::alloc::System;
1652 ///
1653 /// let x = Arc::new_in("hello".to_owned(), System);
1654 /// let x_ptr = Arc::into_raw(x);
1655 ///
1656 /// unsafe {
1657 /// // Convert back to an `Arc` to prevent leak.
1658 /// let x = Arc::from_raw_in(x_ptr, System);
1659 /// assert_eq!(&*x, "hello");
1660 ///
1661 /// // Further calls to `Arc::from_raw(x_ptr)` would be memory-unsafe.
1662 /// }
1663 ///
1664 /// // The memory was freed when `x` went out of scope above, so `x_ptr` is now dangling!
1665 /// ```
1666 ///
1667 /// Convert a slice back into its original array:
1668 ///
1669 /// ```
1670 /// #![feature(allocator_api)]
1671 ///
1672 /// use std::sync::Arc;
1673 /// use std::alloc::System;
1674 ///
1675 /// let x: Arc<[u32], _> = Arc::new_in([1, 2, 3], System);
1676 /// let x_ptr: *const [u32] = Arc::into_raw(x);
1677 ///
1678 /// unsafe {
1679 /// let x: Arc<[u32; 3], _> = Arc::from_raw_in(x_ptr.cast::<[u32; 3]>(), System);
1680 /// assert_eq!(&*x, &[1, 2, 3]);
1681 /// }
1682 /// ```
1683 #[inline]
1684 #[unstable(feature = "allocator_api", issue = "32838")]
1685 pub unsafe fn from_raw_in(ptr: *const T, alloc: A) -> Self {
1686 unsafe {
1687 let offset = data_offset(ptr);
1688
1689 // Reverse the offset to find the original ArcInner.
1690 let arc_ptr = ptr.byte_sub(offset) as *mut ArcInner<T>;
1691
1692 Self::from_ptr_in(arc_ptr, alloc)
1693 }
1694 }
1695
1696 /// Creates a new [`Weak`] pointer to this allocation.
1697 ///
1698 /// # Examples
1699 ///
1700 /// ```
1701 /// use std::sync::Arc;
1702 ///
1703 /// let five = Arc::new(5);
1704 ///
1705 /// let weak_five = Arc::downgrade(&five);
1706 /// ```
1707 #[must_use = "this returns a new `Weak` pointer, \
1708 without modifying the original `Arc`"]
1709 #[stable(feature = "arc_weak", since = "1.4.0")]
1710 pub fn downgrade(this: &Self) -> Weak<T, A>
1711 where
1712 A: Clone,
1713 {
1714 // This Relaxed is OK because we're checking the value in the CAS
1715 // below.
1716 let mut cur = this.inner().weak.load(Relaxed);
1717
1718 loop {
1719 // check if the weak counter is currently "locked"; if so, spin.
1720 if cur == usize::MAX {
1721 hint::spin_loop();
1722 cur = this.inner().weak.load(Relaxed);
1723 continue;
1724 }
1725
1726 // We can't allow the refcount to increase much past `MAX_REFCOUNT`.
1727 assert!(cur <= MAX_REFCOUNT, "{}", INTERNAL_OVERFLOW_ERROR);
1728
1729 // NOTE: this code currently ignores the possibility of overflow
1730 // into usize::MAX; in general both Rc and Arc need to be adjusted
1731 // to deal with overflow.
1732
1733 // Unlike with Clone(), we need this to be an Acquire read to
1734 // synchronize with the write coming from `is_unique`, so that the
1735 // events prior to that write happen before this read.
1736 match this.inner().weak.compare_exchange_weak(cur, cur + 1, Acquire, Relaxed) {
1737 Ok(_) => {
1738 // Make sure we do not create a dangling Weak
1739 debug_assert!(!is_dangling(this.ptr.as_ptr()));
1740 return Weak { ptr: this.ptr, alloc: this.alloc.clone() };
1741 }
1742 Err(old) => cur = old,
1743 }
1744 }
1745 }
1746
1747 /// Gets the number of [`Weak`] pointers to this allocation.
1748 ///
1749 /// # Safety
1750 ///
1751 /// This method by itself is safe, but using it correctly requires extra care.
1752 /// Another thread can change the weak count at any time,
1753 /// including potentially between calling this method and acting on the result.
1754 ///
1755 /// # Examples
1756 ///
1757 /// ```
1758 /// use std::sync::Arc;
1759 ///
1760 /// let five = Arc::new(5);
1761 /// let _weak_five = Arc::downgrade(&five);
1762 ///
1763 /// // This assertion is deterministic because we haven't shared
1764 /// // the `Arc` or `Weak` between threads.
1765 /// assert_eq!(1, Arc::weak_count(&five));
1766 /// ```
1767 #[inline]
1768 #[must_use]
1769 #[stable(feature = "arc_counts", since = "1.15.0")]
1770 pub fn weak_count(this: &Self) -> usize {
1771 let cnt = this.inner().weak.load(Relaxed);
1772 // If the weak count is currently locked, the value of the
1773 // count was 0 just before taking the lock.
1774 if cnt == usize::MAX { 0 } else { cnt - 1 }
1775 }
1776
1777 /// Gets the number of strong (`Arc`) pointers to this allocation.
1778 ///
1779 /// # Safety
1780 ///
1781 /// This method by itself is safe, but using it correctly requires extra care.
1782 /// Another thread can change the strong count at any time,
1783 /// including potentially between calling this method and acting on the result.
1784 ///
1785 /// # Examples
1786 ///
1787 /// ```
1788 /// use std::sync::Arc;
1789 ///
1790 /// let five = Arc::new(5);
1791 /// let _also_five = Arc::clone(&five);
1792 ///
1793 /// // This assertion is deterministic because we haven't shared
1794 /// // the `Arc` between threads.
1795 /// assert_eq!(2, Arc::strong_count(&five));
1796 /// ```
1797 #[inline]
1798 #[must_use]
1799 #[stable(feature = "arc_counts", since = "1.15.0")]
1800 pub fn strong_count(this: &Self) -> usize {
1801 this.inner().strong.load(Relaxed)
1802 }
1803
1804 /// Increments the strong reference count on the `Arc<T>` associated with the
1805 /// provided pointer by one.
1806 ///
1807 /// # Safety
1808 ///
1809 /// The pointer must have been obtained through `Arc::into_raw`, and the
1810 /// associated `Arc` instance must be valid (i.e. the strong count must be at
1811 /// least 1) for the duration of this method,, and `ptr` must point to a block of memory
1812 /// allocated by `alloc`.
1813 ///
1814 /// # Examples
1815 ///
1816 /// ```
1817 /// #![feature(allocator_api)]
1818 ///
1819 /// use std::sync::Arc;
1820 /// use std::alloc::System;
1821 ///
1822 /// let five = Arc::new_in(5, System);
1823 ///
1824 /// unsafe {
1825 /// let ptr = Arc::into_raw(five);
1826 /// Arc::increment_strong_count_in(ptr, System);
1827 ///
1828 /// // This assertion is deterministic because we haven't shared
1829 /// // the `Arc` between threads.
1830 /// let five = Arc::from_raw_in(ptr, System);
1831 /// assert_eq!(2, Arc::strong_count(&five));
1832 /// # // Prevent leaks for Miri.
1833 /// # Arc::decrement_strong_count_in(ptr, System);
1834 /// }
1835 /// ```
1836 #[inline]
1837 #[unstable(feature = "allocator_api", issue = "32838")]
1838 pub unsafe fn increment_strong_count_in(ptr: *const T, alloc: A)
1839 where
1840 A: Clone,
1841 {
1842 // Retain Arc, but don't touch refcount by wrapping in ManuallyDrop
1843 let arc = unsafe { mem::ManuallyDrop::new(Arc::from_raw_in(ptr, alloc)) };
1844 // Now increase refcount, but don't drop new refcount either
1845 let _arc_clone: mem::ManuallyDrop<_> = arc.clone();
1846 }
1847
1848 /// Decrements the strong reference count on the `Arc<T>` associated with the
1849 /// provided pointer by one.
1850 ///
1851 /// # Safety
1852 ///
1853 /// The pointer must have been obtained through `Arc::into_raw`, the
1854 /// associated `Arc` instance must be valid (i.e. the strong count must be at
1855 /// least 1) when invoking this method, and `ptr` must point to a block of memory
1856 /// allocated by `alloc`. This method can be used to release the final
1857 /// `Arc` and backing storage, but **should not** be called after the final `Arc` has been
1858 /// released.
1859 ///
1860 /// # Examples
1861 ///
1862 /// ```
1863 /// #![feature(allocator_api)]
1864 ///
1865 /// use std::sync::Arc;
1866 /// use std::alloc::System;
1867 ///
1868 /// let five = Arc::new_in(5, System);
1869 ///
1870 /// unsafe {
1871 /// let ptr = Arc::into_raw(five);
1872 /// Arc::increment_strong_count_in(ptr, System);
1873 ///
1874 /// // Those assertions are deterministic because we haven't shared
1875 /// // the `Arc` between threads.
1876 /// let five = Arc::from_raw_in(ptr, System);
1877 /// assert_eq!(2, Arc::strong_count(&five));
1878 /// Arc::decrement_strong_count_in(ptr, System);
1879 /// assert_eq!(1, Arc::strong_count(&five));
1880 /// }
1881 /// ```
1882 #[inline]
1883 #[unstable(feature = "allocator_api", issue = "32838")]
1884 pub unsafe fn decrement_strong_count_in(ptr: *const T, alloc: A) {
1885 unsafe { drop(Arc::from_raw_in(ptr, alloc)) };
1886 }
1887
1888 #[inline]
1889 fn inner(&self) -> &ArcInner<T> {
1890 // This unsafety is ok because while this arc is alive we're guaranteed
1891 // that the inner pointer is valid. Furthermore, we know that the
1892 // `ArcInner` structure itself is `Sync` because the inner data is
1893 // `Sync` as well, so we're ok loaning out an immutable pointer to these
1894 // contents.
1895 unsafe { self.ptr.as_ref() }
1896 }
1897
1898 // Non-inlined part of `drop`.
1899 #[inline(never)]
1900 unsafe fn drop_slow(&mut self) {
1901 // Drop the weak ref collectively held by all strong references when this
1902 // variable goes out of scope. This ensures that the memory is deallocated
1903 // even if the destructor of `T` panics.
1904 // Take a reference to `self.alloc` instead of cloning because 1. it'll last long
1905 // enough, and 2. you should be able to drop `Arc`s with unclonable allocators
1906 let _weak = Weak { ptr: self.ptr, alloc: &self.alloc };
1907
1908 // Destroy the data at this time, even though we must not free the box
1909 // allocation itself (there might still be weak pointers lying around).
1910 // We cannot use `get_mut_unchecked` here, because `self.alloc` is borrowed.
1911 unsafe { ptr::drop_in_place(&mut (*self.ptr.as_ptr()).data) };
1912 }
1913
1914 /// Returns `true` if the two `Arc`s point to the same allocation in a vein similar to
1915 /// [`ptr::eq`]. This function ignores the metadata of `dyn Trait` pointers.
1916 ///
1917 /// # Examples
1918 ///
1919 /// ```
1920 /// use std::sync::Arc;
1921 ///
1922 /// let five = Arc::new(5);
1923 /// let same_five = Arc::clone(&five);
1924 /// let other_five = Arc::new(5);
1925 ///
1926 /// assert!(Arc::ptr_eq(&five, &same_five));
1927 /// assert!(!Arc::ptr_eq(&five, &other_five));
1928 /// ```
1929 ///
1930 /// [`ptr::eq`]: core::ptr::eq "ptr::eq"
1931 #[inline]
1932 #[must_use]
1933 #[stable(feature = "ptr_eq", since = "1.17.0")]
1934 pub fn ptr_eq(this: &Self, other: &Self) -> bool {
1935 ptr::addr_eq(this.ptr.as_ptr(), other.ptr.as_ptr())
1936 }
1937}
1938
1939impl<T: ?Sized> Arc<T> {
1940 /// Allocates an `ArcInner<T>` with sufficient space for
1941 /// a possibly-unsized inner value where the value has the layout provided.
1942 ///
1943 /// The function `mem_to_arcinner` is called with the data pointer
1944 /// and must return back a (potentially fat)-pointer for the `ArcInner<T>`.
1945 #[cfg(not(no_global_oom_handling))]
1946 unsafe fn allocate_for_layout(
1947 value_layout: Layout,
1948 allocate: impl FnOnce(Layout) -> Result<NonNull<[u8]>, AllocError>,
1949 mem_to_arcinner: impl FnOnce(*mut u8) -> *mut ArcInner<T>,
1950 ) -> *mut ArcInner<T> {
1951 let layout = arcinner_layout_for_value_layout(value_layout);
1952
1953 let ptr = allocate(layout).unwrap_or_else(|_| handle_alloc_error(layout));
1954
1955 unsafe { Self::initialize_arcinner(ptr, layout, mem_to_arcinner) }
1956 }
1957
1958 /// Allocates an `ArcInner<T>` with sufficient space for
1959 /// a possibly-unsized inner value where the value has the layout provided,
1960 /// returning an error if allocation fails.
1961 ///
1962 /// The function `mem_to_arcinner` is called with the data pointer
1963 /// and must return back a (potentially fat)-pointer for the `ArcInner<T>`.
1964 unsafe fn try_allocate_for_layout(
1965 value_layout: Layout,
1966 allocate: impl FnOnce(Layout) -> Result<NonNull<[u8]>, AllocError>,
1967 mem_to_arcinner: impl FnOnce(*mut u8) -> *mut ArcInner<T>,
1968 ) -> Result<*mut ArcInner<T>, AllocError> {
1969 let layout = arcinner_layout_for_value_layout(value_layout);
1970
1971 let ptr = allocate(layout)?;
1972
1973 let inner = unsafe { Self::initialize_arcinner(ptr, layout, mem_to_arcinner) };
1974
1975 Ok(inner)
1976 }
1977
1978 unsafe fn initialize_arcinner(
1979 ptr: NonNull<[u8]>,
1980 layout: Layout,
1981 mem_to_arcinner: impl FnOnce(*mut u8) -> *mut ArcInner<T>,
1982 ) -> *mut ArcInner<T> {
1983 let inner = mem_to_arcinner(ptr.as_non_null_ptr().as_ptr());
1984 debug_assert_eq!(unsafe { Layout::for_value_raw(inner) }, layout);
1985
1986 unsafe {
1987 (&raw mut (*inner).strong).write(atomic::AtomicUsize::new(1));
1988 (&raw mut (*inner).weak).write(atomic::AtomicUsize::new(1));
1989 }
1990
1991 inner
1992 }
1993}
1994
1995impl<T: ?Sized, A: Allocator> Arc<T, A> {
1996 /// Allocates an `ArcInner<T>` with sufficient space for an unsized inner value.
1997 #[inline]
1998 #[cfg(not(no_global_oom_handling))]
1999 unsafe fn allocate_for_ptr_in(ptr: *const T, alloc: &A) -> *mut ArcInner<T> {
2000 // Allocate for the `ArcInner<T>` using the given value.
2001 unsafe {
2002 Arc::allocate_for_layout(
2003 Layout::for_value_raw(ptr),
2004 |layout| alloc.allocate(layout),
2005 |mem| mem.with_metadata_of(ptr as *const ArcInner<T>),
2006 )
2007 }
2008 }
2009
2010 #[cfg(not(no_global_oom_handling))]
2011 fn from_box_in(src: Box<T, A>) -> Arc<T, A> {
2012 unsafe {
2013 let value_size = size_of_val(&*src);
2014 let ptr = Self::allocate_for_ptr_in(&*src, Box::allocator(&src));
2015
2016 // Copy value as bytes
2017 ptr::copy_nonoverlapping(
2018 (&raw const *src) as *const u8,
2019 (&raw mut (*ptr).data) as *mut u8,
2020 value_size,
2021 );
2022
2023 // Free the allocation without dropping its contents
2024 let (bptr, alloc) = Box::into_raw_with_allocator(src);
2025 let src = Box::from_raw_in(bptr as *mut mem::ManuallyDrop<T>, alloc.by_ref());
2026 drop(src);
2027
2028 Self::from_ptr_in(ptr, alloc)
2029 }
2030 }
2031}
2032
2033impl<T> Arc<[T]> {
2034 /// Allocates an `ArcInner<[T]>` with the given length.
2035 #[cfg(not(no_global_oom_handling))]
2036 unsafe fn allocate_for_slice(len: usize) -> *mut ArcInner<[T]> {
2037 unsafe {
2038 Self::allocate_for_layout(
2039 Layout::array::<T>(len).unwrap(),
2040 |layout| Global.allocate(layout),
2041 |mem| ptr::slice_from_raw_parts_mut(mem.cast::<T>(), len) as *mut ArcInner<[T]>,
2042 )
2043 }
2044 }
2045
2046 /// Copy elements from slice into newly allocated `Arc<[T]>`
2047 ///
2048 /// Unsafe because the caller must either take ownership or bind `T: Copy`.
2049 #[cfg(not(no_global_oom_handling))]
2050 unsafe fn copy_from_slice(v: &[T]) -> Arc<[T]> {
2051 unsafe {
2052 let ptr = Self::allocate_for_slice(v.len());
2053
2054 ptr::copy_nonoverlapping(v.as_ptr(), (&raw mut (*ptr).data) as *mut T, v.len());
2055
2056 Self::from_ptr(ptr)
2057 }
2058 }
2059
2060 /// Constructs an `Arc<[T]>` from an iterator known to be of a certain size.
2061 ///
2062 /// Behavior is undefined should the size be wrong.
2063 #[cfg(not(no_global_oom_handling))]
2064 unsafe fn from_iter_exact(iter: impl Iterator<Item = T>, len: usize) -> Arc<[T]> {
2065 // Panic guard while cloning T elements.
2066 // In the event of a panic, elements that have been written
2067 // into the new ArcInner will be dropped, then the memory freed.
2068 struct Guard<T> {
2069 mem: NonNull<u8>,
2070 elems: *mut T,
2071 layout: Layout,
2072 n_elems: usize,
2073 }
2074
2075 impl<T> Drop for Guard<T> {
2076 fn drop(&mut self) {
2077 unsafe {
2078 let slice = from_raw_parts_mut(self.elems, self.n_elems);
2079 ptr::drop_in_place(slice);
2080
2081 Global.deallocate(self.mem, self.layout);
2082 }
2083 }
2084 }
2085
2086 unsafe {
2087 let ptr = Self::allocate_for_slice(len);
2088
2089 let mem = ptr as *mut _ as *mut u8;
2090 let layout = Layout::for_value_raw(ptr);
2091
2092 // Pointer to first element
2093 let elems = (&raw mut (*ptr).data) as *mut T;
2094
2095 let mut guard = Guard { mem: NonNull::new_unchecked(mem), elems, layout, n_elems: 0 };
2096
2097 for (i, item) in iter.enumerate() {
2098 ptr::write(elems.add(i), item);
2099 guard.n_elems += 1;
2100 }
2101
2102 // All clear. Forget the guard so it doesn't free the new ArcInner.
2103 mem::forget(guard);
2104
2105 Self::from_ptr(ptr)
2106 }
2107 }
2108}
2109
2110impl<T, A: Allocator> Arc<[T], A> {
2111 /// Allocates an `ArcInner<[T]>` with the given length.
2112 #[inline]
2113 #[cfg(not(no_global_oom_handling))]
2114 unsafe fn allocate_for_slice_in(len: usize, alloc: &A) -> *mut ArcInner<[T]> {
2115 unsafe {
2116 Arc::allocate_for_layout(
2117 Layout::array::<T>(len).unwrap(),
2118 |layout| alloc.allocate(layout),
2119 |mem| ptr::slice_from_raw_parts_mut(mem.cast::<T>(), len) as *mut ArcInner<[T]>,
2120 )
2121 }
2122 }
2123}
2124
2125/// Specialization trait used for `From<&[T]>`.
2126#[cfg(not(no_global_oom_handling))]
2127trait ArcFromSlice<T> {
2128 fn from_slice(slice: &[T]) -> Self;
2129}
2130
2131#[cfg(not(no_global_oom_handling))]
2132impl<T: Clone> ArcFromSlice<T> for Arc<[T]> {
2133 #[inline]
2134 default fn from_slice(v: &[T]) -> Self {
2135 unsafe { Self::from_iter_exact(v.iter().cloned(), v.len()) }
2136 }
2137}
2138
2139#[cfg(not(no_global_oom_handling))]
2140impl<T: Copy> ArcFromSlice<T> for Arc<[T]> {
2141 #[inline]
2142 fn from_slice(v: &[T]) -> Self {
2143 unsafe { Arc::copy_from_slice(v) }
2144 }
2145}
2146
2147#[stable(feature = "rust1", since = "1.0.0")]
2148impl<T: ?Sized, A: Allocator + Clone> Clone for Arc<T, A> {
2149 /// Makes a clone of the `Arc` pointer.
2150 ///
2151 /// This creates another pointer to the same allocation, increasing the
2152 /// strong reference count.
2153 ///
2154 /// # Examples
2155 ///
2156 /// ```
2157 /// use std::sync::Arc;
2158 ///
2159 /// let five = Arc::new(5);
2160 ///
2161 /// let _ = Arc::clone(&five);
2162 /// ```
2163 #[inline]
2164 fn clone(&self) -> Arc<T, A> {
2165 // Using a relaxed ordering is alright here, as knowledge of the
2166 // original reference prevents other threads from erroneously deleting
2167 // the object.
2168 //
2169 // As explained in the [Boost documentation][1], Increasing the
2170 // reference counter can always be done with memory_order_relaxed: New
2171 // references to an object can only be formed from an existing
2172 // reference, and passing an existing reference from one thread to
2173 // another must already provide any required synchronization.
2174 //
2175 // [1]: (www.boost.org/doc/libs/1_55_0/doc/html/atomic/usage_examples.html)
2176 let old_size = self.inner().strong.fetch_add(1, Relaxed);
2177
2178 // However we need to guard against massive refcounts in case someone is `mem::forget`ing
2179 // Arcs. If we don't do this the count can overflow and users will use-after free. This
2180 // branch will never be taken in any realistic program. We abort because such a program is
2181 // incredibly degenerate, and we don't care to support it.
2182 //
2183 // This check is not 100% water-proof: we error when the refcount grows beyond `isize::MAX`.
2184 // But we do that check *after* having done the increment, so there is a chance here that
2185 // the worst already happened and we actually do overflow the `usize` counter. However, that
2186 // requires the counter to grow from `isize::MAX` to `usize::MAX` between the increment
2187 // above and the `abort` below, which seems exceedingly unlikely.
2188 //
2189 // This is a global invariant, and also applies when using a compare-exchange loop to increment
2190 // counters in other methods.
2191 // Otherwise, the counter could be brought to an almost-overflow using a compare-exchange loop,
2192 // and then overflow using a few `fetch_add`s.
2193 if old_size > MAX_REFCOUNT {
2194 abort();
2195 }
2196
2197 unsafe { Self::from_inner_in(self.ptr, self.alloc.clone()) }
2198 }
2199}
2200
2201#[unstable(feature = "ergonomic_clones", issue = "132290")]
2202impl<T: ?Sized, A: Allocator + Clone> UseCloned for Arc<T, A> {}
2203
2204#[stable(feature = "rust1", since = "1.0.0")]
2205impl<T: ?Sized, A: Allocator> Deref for Arc<T, A> {
2206 type Target = T;
2207
2208 #[inline]
2209 fn deref(&self) -> &T {
2210 &self.inner().data
2211 }
2212}
2213
2214#[unstable(feature = "pin_coerce_unsized_trait", issue = "123430")]
2215unsafe impl<T: ?Sized, A: Allocator> PinCoerceUnsized for Arc<T, A> {}
2216
2217#[unstable(feature = "pin_coerce_unsized_trait", issue = "123430")]
2218unsafe impl<T: ?Sized, A: Allocator> PinCoerceUnsized for Weak<T, A> {}
2219
2220#[unstable(feature = "deref_pure_trait", issue = "87121")]
2221unsafe impl<T: ?Sized, A: Allocator> DerefPure for Arc<T, A> {}
2222
2223#[unstable(feature = "legacy_receiver_trait", issue = "none")]
2224impl<T: ?Sized> LegacyReceiver for Arc<T> {}
2225
2226#[cfg(not(no_global_oom_handling))]
2227impl<T: ?Sized + CloneToUninit, A: Allocator + Clone> Arc<T, A> {
2228 /// Makes a mutable reference into the given `Arc`.
2229 ///
2230 /// If there are other `Arc` pointers to the same allocation, then `make_mut` will
2231 /// [`clone`] the inner value to a new allocation to ensure unique ownership. This is also
2232 /// referred to as clone-on-write.
2233 ///
2234 /// However, if there are no other `Arc` pointers to this allocation, but some [`Weak`]
2235 /// pointers, then the [`Weak`] pointers will be dissociated and the inner value will not
2236 /// be cloned.
2237 ///
2238 /// See also [`get_mut`], which will fail rather than cloning the inner value
2239 /// or dissociating [`Weak`] pointers.
2240 ///
2241 /// [`clone`]: Clone::clone
2242 /// [`get_mut`]: Arc::get_mut
2243 ///
2244 /// # Examples
2245 ///
2246 /// ```
2247 /// use std::sync::Arc;
2248 ///
2249 /// let mut data = Arc::new(5);
2250 ///
2251 /// *Arc::make_mut(&mut data) += 1; // Won't clone anything
2252 /// let mut other_data = Arc::clone(&data); // Won't clone inner data
2253 /// *Arc::make_mut(&mut data) += 1; // Clones inner data
2254 /// *Arc::make_mut(&mut data) += 1; // Won't clone anything
2255 /// *Arc::make_mut(&mut other_data) *= 2; // Won't clone anything
2256 ///
2257 /// // Now `data` and `other_data` point to different allocations.
2258 /// assert_eq!(*data, 8);
2259 /// assert_eq!(*other_data, 12);
2260 /// ```
2261 ///
2262 /// [`Weak`] pointers will be dissociated:
2263 ///
2264 /// ```
2265 /// use std::sync::Arc;
2266 ///
2267 /// let mut data = Arc::new(75);
2268 /// let weak = Arc::downgrade(&data);
2269 ///
2270 /// assert!(75 == *data);
2271 /// assert!(75 == *weak.upgrade().unwrap());
2272 ///
2273 /// *Arc::make_mut(&mut data) += 1;
2274 ///
2275 /// assert!(76 == *data);
2276 /// assert!(weak.upgrade().is_none());
2277 /// ```
2278 #[inline]
2279 #[stable(feature = "arc_unique", since = "1.4.0")]
2280 pub fn make_mut(this: &mut Self) -> &mut T {
2281 let size_of_val = size_of_val::<T>(&**this);
2282
2283 // Note that we hold both a strong reference and a weak reference.
2284 // Thus, releasing our strong reference only will not, by itself, cause
2285 // the memory to be deallocated.
2286 //
2287 // Use Acquire to ensure that we see any writes to `weak` that happen
2288 // before release writes (i.e., decrements) to `strong`. Since we hold a
2289 // weak count, there's no chance the ArcInner itself could be
2290 // deallocated.
2291 if this.inner().strong.compare_exchange(1, 0, Acquire, Relaxed).is_err() {
2292 // Another strong pointer exists, so we must clone.
2293
2294 let this_data_ref: &T = &**this;
2295 // `in_progress` drops the allocation if we panic before finishing initializing it.
2296 let mut in_progress: UniqueArcUninit<T, A> =
2297 UniqueArcUninit::new(this_data_ref, this.alloc.clone());
2298
2299 let initialized_clone = unsafe {
2300 // Clone. If the clone panics, `in_progress` will be dropped and clean up.
2301 this_data_ref.clone_to_uninit(in_progress.data_ptr().cast());
2302 // Cast type of pointer, now that it is initialized.
2303 in_progress.into_arc()
2304 };
2305 *this = initialized_clone;
2306 } else if this.inner().weak.load(Relaxed) != 1 {
2307 // Relaxed suffices in the above because this is fundamentally an
2308 // optimization: we are always racing with weak pointers being
2309 // dropped. Worst case, we end up allocated a new Arc unnecessarily.
2310
2311 // We removed the last strong ref, but there are additional weak
2312 // refs remaining. We'll move the contents to a new Arc, and
2313 // invalidate the other weak refs.
2314
2315 // Note that it is not possible for the read of `weak` to yield
2316 // usize::MAX (i.e., locked), since the weak count can only be
2317 // locked by a thread with a strong reference.
2318
2319 // Materialize our own implicit weak pointer, so that it can clean
2320 // up the ArcInner as needed.
2321 let _weak = Weak { ptr: this.ptr, alloc: this.alloc.clone() };
2322
2323 // Can just steal the data, all that's left is Weaks
2324 //
2325 // We don't need panic-protection like the above branch does, but we might as well
2326 // use the same mechanism.
2327 let mut in_progress: UniqueArcUninit<T, A> =
2328 UniqueArcUninit::new(&**this, this.alloc.clone());
2329 unsafe {
2330 // Initialize `in_progress` with move of **this.
2331 // We have to express this in terms of bytes because `T: ?Sized`; there is no
2332 // operation that just copies a value based on its `size_of_val()`.
2333 ptr::copy_nonoverlapping(
2334 ptr::from_ref(&**this).cast::<u8>(),
2335 in_progress.data_ptr().cast::<u8>(),
2336 size_of_val,
2337 );
2338
2339 ptr::write(this, in_progress.into_arc());
2340 }
2341 } else {
2342 // We were the sole reference of either kind; bump back up the
2343 // strong ref count.
2344 this.inner().strong.store(1, Release);
2345 }
2346
2347 // As with `get_mut()`, the unsafety is ok because our reference was
2348 // either unique to begin with, or became one upon cloning the contents.
2349 unsafe { Self::get_mut_unchecked(this) }
2350 }
2351}
2352
2353impl<T: Clone, A: Allocator> Arc<T, A> {
2354 /// If we have the only reference to `T` then unwrap it. Otherwise, clone `T` and return the
2355 /// clone.
2356 ///
2357 /// Assuming `arc_t` is of type `Arc<T>`, this function is functionally equivalent to
2358 /// `(*arc_t).clone()`, but will avoid cloning the inner value where possible.
2359 ///
2360 /// # Examples
2361 ///
2362 /// ```
2363 /// # use std::{ptr, sync::Arc};
2364 /// let inner = String::from("test");
2365 /// let ptr = inner.as_ptr();
2366 ///
2367 /// let arc = Arc::new(inner);
2368 /// let inner = Arc::unwrap_or_clone(arc);
2369 /// // The inner value was not cloned
2370 /// assert!(ptr::eq(ptr, inner.as_ptr()));
2371 ///
2372 /// let arc = Arc::new(inner);
2373 /// let arc2 = arc.clone();
2374 /// let inner = Arc::unwrap_or_clone(arc);
2375 /// // Because there were 2 references, we had to clone the inner value.
2376 /// assert!(!ptr::eq(ptr, inner.as_ptr()));
2377 /// // `arc2` is the last reference, so when we unwrap it we get back
2378 /// // the original `String`.
2379 /// let inner = Arc::unwrap_or_clone(arc2);
2380 /// assert!(ptr::eq(ptr, inner.as_ptr()));
2381 /// ```
2382 #[inline]
2383 #[stable(feature = "arc_unwrap_or_clone", since = "1.76.0")]
2384 pub fn unwrap_or_clone(this: Self) -> T {
2385 Arc::try_unwrap(this).unwrap_or_else(|arc| (*arc).clone())
2386 }
2387}
2388
2389impl<T: ?Sized, A: Allocator> Arc<T, A> {
2390 /// Returns a mutable reference into the given `Arc`, if there are
2391 /// no other `Arc` or [`Weak`] pointers to the same allocation.
2392 ///
2393 /// Returns [`None`] otherwise, because it is not safe to
2394 /// mutate a shared value.
2395 ///
2396 /// See also [`make_mut`][make_mut], which will [`clone`][clone]
2397 /// the inner value when there are other `Arc` pointers.
2398 ///
2399 /// [make_mut]: Arc::make_mut
2400 /// [clone]: Clone::clone
2401 ///
2402 /// # Examples
2403 ///
2404 /// ```
2405 /// use std::sync::Arc;
2406 ///
2407 /// let mut x = Arc::new(3);
2408 /// *Arc::get_mut(&mut x).unwrap() = 4;
2409 /// assert_eq!(*x, 4);
2410 ///
2411 /// let _y = Arc::clone(&x);
2412 /// assert!(Arc::get_mut(&mut x).is_none());
2413 /// ```
2414 #[inline]
2415 #[stable(feature = "arc_unique", since = "1.4.0")]
2416 pub fn get_mut(this: &mut Self) -> Option<&mut T> {
2417 if this.is_unique() {
2418 // This unsafety is ok because we're guaranteed that the pointer
2419 // returned is the *only* pointer that will ever be returned to T. Our
2420 // reference count is guaranteed to be 1 at this point, and we required
2421 // the Arc itself to be `mut`, so we're returning the only possible
2422 // reference to the inner data.
2423 unsafe { Some(Arc::get_mut_unchecked(this)) }
2424 } else {
2425 None
2426 }
2427 }
2428
2429 /// Returns a mutable reference into the given `Arc`,
2430 /// without any check.
2431 ///
2432 /// See also [`get_mut`], which is safe and does appropriate checks.
2433 ///
2434 /// [`get_mut`]: Arc::get_mut
2435 ///
2436 /// # Safety
2437 ///
2438 /// If any other `Arc` or [`Weak`] pointers to the same allocation exist, then
2439 /// they must not be dereferenced or have active borrows for the duration
2440 /// of the returned borrow, and their inner type must be exactly the same as the
2441 /// inner type of this Rc (including lifetimes). This is trivially the case if no
2442 /// such pointers exist, for example immediately after `Arc::new`.
2443 ///
2444 /// # Examples
2445 ///
2446 /// ```
2447 /// #![feature(get_mut_unchecked)]
2448 ///
2449 /// use std::sync::Arc;
2450 ///
2451 /// let mut x = Arc::new(String::new());
2452 /// unsafe {
2453 /// Arc::get_mut_unchecked(&mut x).push_str("foo")
2454 /// }
2455 /// assert_eq!(*x, "foo");
2456 /// ```
2457 /// Other `Arc` pointers to the same allocation must be to the same type.
2458 /// ```no_run
2459 /// #![feature(get_mut_unchecked)]
2460 ///
2461 /// use std::sync::Arc;
2462 ///
2463 /// let x: Arc<str> = Arc::from("Hello, world!");
2464 /// let mut y: Arc<[u8]> = x.clone().into();
2465 /// unsafe {
2466 /// // this is Undefined Behavior, because x's inner type is str, not [u8]
2467 /// Arc::get_mut_unchecked(&mut y).fill(0xff); // 0xff is invalid in UTF-8
2468 /// }
2469 /// println!("{}", &*x); // Invalid UTF-8 in a str
2470 /// ```
2471 /// Other `Arc` pointers to the same allocation must be to the exact same type, including lifetimes.
2472 /// ```no_run
2473 /// #![feature(get_mut_unchecked)]
2474 ///
2475 /// use std::sync::Arc;
2476 ///
2477 /// let x: Arc<&str> = Arc::new("Hello, world!");
2478 /// {
2479 /// let s = String::from("Oh, no!");
2480 /// let mut y: Arc<&str> = x.clone();
2481 /// unsafe {
2482 /// // this is Undefined Behavior, because x's inner type
2483 /// // is &'long str, not &'short str
2484 /// *Arc::get_mut_unchecked(&mut y) = &s;
2485 /// }
2486 /// }
2487 /// println!("{}", &*x); // Use-after-free
2488 /// ```
2489 #[inline]
2490 #[unstable(feature = "get_mut_unchecked", issue = "63292")]
2491 pub unsafe fn get_mut_unchecked(this: &mut Self) -> &mut T {
2492 // We are careful to *not* create a reference covering the "count" fields, as
2493 // this would alias with concurrent access to the reference counts (e.g. by `Weak`).
2494 unsafe { &mut (*this.ptr.as_ptr()).data }
2495 }
2496
2497 /// Determine whether this is the unique reference (including weak refs) to
2498 /// the underlying data.
2499 ///
2500 /// Note that this requires locking the weak ref count.
2501 fn is_unique(&mut self) -> bool {
2502 // lock the weak pointer count if we appear to be the sole weak pointer
2503 // holder.
2504 //
2505 // The acquire label here ensures a happens-before relationship with any
2506 // writes to `strong` (in particular in `Weak::upgrade`) prior to decrements
2507 // of the `weak` count (via `Weak::drop`, which uses release). If the upgraded
2508 // weak ref was never dropped, the CAS here will fail so we do not care to synchronize.
2509 if self.inner().weak.compare_exchange(1, usize::MAX, Acquire, Relaxed).is_ok() {
2510 // This needs to be an `Acquire` to synchronize with the decrement of the `strong`
2511 // counter in `drop` -- the only access that happens when any but the last reference
2512 // is being dropped.
2513 let unique = self.inner().strong.load(Acquire) == 1;
2514
2515 // The release write here synchronizes with a read in `downgrade`,
2516 // effectively preventing the above read of `strong` from happening
2517 // after the write.
2518 self.inner().weak.store(1, Release); // release the lock
2519 unique
2520 } else {
2521 false
2522 }
2523 }
2524}
2525
2526#[stable(feature = "rust1", since = "1.0.0")]
2527unsafe impl<#[may_dangle] T: ?Sized, A: Allocator> Drop for Arc<T, A> {
2528 /// Drops the `Arc`.
2529 ///
2530 /// This will decrement the strong reference count. If the strong reference
2531 /// count reaches zero then the only other references (if any) are
2532 /// [`Weak`], so we `drop` the inner value.
2533 ///
2534 /// # Examples
2535 ///
2536 /// ```
2537 /// use std::sync::Arc;
2538 ///
2539 /// struct Foo;
2540 ///
2541 /// impl Drop for Foo {
2542 /// fn drop(&mut self) {
2543 /// println!("dropped!");
2544 /// }
2545 /// }
2546 ///
2547 /// let foo = Arc::new(Foo);
2548 /// let foo2 = Arc::clone(&foo);
2549 ///
2550 /// drop(foo); // Doesn't print anything
2551 /// drop(foo2); // Prints "dropped!"
2552 /// ```
2553 #[inline]
2554 fn drop(&mut self) {
2555 // Because `fetch_sub` is already atomic, we do not need to synchronize
2556 // with other threads unless we are going to delete the object. This
2557 // same logic applies to the below `fetch_sub` to the `weak` count.
2558 if self.inner().strong.fetch_sub(1, Release) != 1 {
2559 return;
2560 }
2561
2562 // This fence is needed to prevent reordering of use of the data and
2563 // deletion of the data. Because it is marked `Release`, the decreasing
2564 // of the reference count synchronizes with this `Acquire` fence. This
2565 // means that use of the data happens before decreasing the reference
2566 // count, which happens before this fence, which happens before the
2567 // deletion of the data.
2568 //
2569 // As explained in the [Boost documentation][1],
2570 //
2571 // > It is important to enforce any possible access to the object in one
2572 // > thread (through an existing reference) to *happen before* deleting
2573 // > the object in a different thread. This is achieved by a "release"
2574 // > operation after dropping a reference (any access to the object
2575 // > through this reference must obviously happened before), and an
2576 // > "acquire" operation before deleting the object.
2577 //
2578 // In particular, while the contents of an Arc are usually immutable, it's
2579 // possible to have interior writes to something like a Mutex<T>. Since a
2580 // Mutex is not acquired when it is deleted, we can't rely on its
2581 // synchronization logic to make writes in thread A visible to a destructor
2582 // running in thread B.
2583 //
2584 // Also note that the Acquire fence here could probably be replaced with an
2585 // Acquire load, which could improve performance in highly-contended
2586 // situations. See [2].
2587 //
2588 // [1]: (www.boost.org/doc/libs/1_55_0/doc/html/atomic/usage_examples.html)
2589 // [2]: (https://github.com/rust-lang/rust/pull/41714)
2590 acquire!(self.inner().strong);
2591
2592 // Make sure we aren't trying to "drop" the shared static for empty slices
2593 // used by Default::default.
2594 debug_assert!(
2595 !ptr::addr_eq(self.ptr.as_ptr(), &STATIC_INNER_SLICE.inner),
2596 "Arcs backed by a static should never reach a strong count of 0. \
2597 Likely decrement_strong_count or from_raw were called too many times.",
2598 );
2599
2600 unsafe {
2601 self.drop_slow();
2602 }
2603 }
2604}
2605
2606impl<A: Allocator> Arc<dyn Any + Send + Sync, A> {
2607 /// Attempts to downcast the `Arc<dyn Any + Send + Sync>` to a concrete type.
2608 ///
2609 /// # Examples
2610 ///
2611 /// ```
2612 /// use std::any::Any;
2613 /// use std::sync::Arc;
2614 ///
2615 /// fn print_if_string(value: Arc<dyn Any + Send + Sync>) {
2616 /// if let Ok(string) = value.downcast::<String>() {
2617 /// println!("String ({}): {}", string.len(), string);
2618 /// }
2619 /// }
2620 ///
2621 /// let my_string = "Hello World".to_string();
2622 /// print_if_string(Arc::new(my_string));
2623 /// print_if_string(Arc::new(0i8));
2624 /// ```
2625 #[inline]
2626 #[stable(feature = "rc_downcast", since = "1.29.0")]
2627 pub fn downcast<T>(self) -> Result<Arc<T, A>, Self>
2628 where
2629 T: Any + Send + Sync,
2630 {
2631 if (*self).is::<T>() {
2632 unsafe {
2633 let (ptr, alloc) = Arc::into_inner_with_allocator(self);
2634 Ok(Arc::from_inner_in(ptr.cast(), alloc))
2635 }
2636 } else {
2637 Err(self)
2638 }
2639 }
2640
2641 /// Downcasts the `Arc<dyn Any + Send + Sync>` to a concrete type.
2642 ///
2643 /// For a safe alternative see [`downcast`].
2644 ///
2645 /// # Examples
2646 ///
2647 /// ```
2648 /// #![feature(downcast_unchecked)]
2649 ///
2650 /// use std::any::Any;
2651 /// use std::sync::Arc;
2652 ///
2653 /// let x: Arc<dyn Any + Send + Sync> = Arc::new(1_usize);
2654 ///
2655 /// unsafe {
2656 /// assert_eq!(*x.downcast_unchecked::<usize>(), 1);
2657 /// }
2658 /// ```
2659 ///
2660 /// # Safety
2661 ///
2662 /// The contained value must be of type `T`. Calling this method
2663 /// with the incorrect type is *undefined behavior*.
2664 ///
2665 ///
2666 /// [`downcast`]: Self::downcast
2667 #[inline]
2668 #[unstable(feature = "downcast_unchecked", issue = "90850")]
2669 pub unsafe fn downcast_unchecked<T>(self) -> Arc<T, A>
2670 where
2671 T: Any + Send + Sync,
2672 {
2673 unsafe {
2674 let (ptr, alloc) = Arc::into_inner_with_allocator(self);
2675 Arc::from_inner_in(ptr.cast(), alloc)
2676 }
2677 }
2678}
2679
2680impl<T> Weak<T> {
2681 /// Constructs a new `Weak<T>`, without allocating any memory.
2682 /// Calling [`upgrade`] on the return value always gives [`None`].
2683 ///
2684 /// [`upgrade`]: Weak::upgrade
2685 ///
2686 /// # Examples
2687 ///
2688 /// ```
2689 /// use std::sync::Weak;
2690 ///
2691 /// let empty: Weak<i64> = Weak::new();
2692 /// assert!(empty.upgrade().is_none());
2693 /// ```
2694 #[inline]
2695 #[stable(feature = "downgraded_weak", since = "1.10.0")]
2696 #[rustc_const_stable(feature = "const_weak_new", since = "1.73.0")]
2697 #[must_use]
2698 pub const fn new() -> Weak<T> {
2699 Weak { ptr: NonNull::without_provenance(NonZeroUsize::MAX), alloc: Global }
2700 }
2701}
2702
2703impl<T, A: Allocator> Weak<T, A> {
2704 /// Constructs a new `Weak<T, A>`, without allocating any memory, technically in the provided
2705 /// allocator.
2706 /// Calling [`upgrade`] on the return value always gives [`None`].
2707 ///
2708 /// [`upgrade`]: Weak::upgrade
2709 ///
2710 /// # Examples
2711 ///
2712 /// ```
2713 /// #![feature(allocator_api)]
2714 ///
2715 /// use std::sync::Weak;
2716 /// use std::alloc::System;
2717 ///
2718 /// let empty: Weak<i64, _> = Weak::new_in(System);
2719 /// assert!(empty.upgrade().is_none());
2720 /// ```
2721 #[inline]
2722 #[unstable(feature = "allocator_api", issue = "32838")]
2723 pub fn new_in(alloc: A) -> Weak<T, A> {
2724 Weak { ptr: NonNull::without_provenance(NonZeroUsize::MAX), alloc }
2725 }
2726}
2727
2728/// Helper type to allow accessing the reference counts without
2729/// making any assertions about the data field.
2730struct WeakInner<'a> {
2731 weak: &'a atomic::AtomicUsize,
2732 strong: &'a atomic::AtomicUsize,
2733}
2734
2735impl<T: ?Sized> Weak<T> {
2736 /// Converts a raw pointer previously created by [`into_raw`] back into `Weak<T>`.
2737 ///
2738 /// This can be used to safely get a strong reference (by calling [`upgrade`]
2739 /// later) or to deallocate the weak count by dropping the `Weak<T>`.
2740 ///
2741 /// It takes ownership of one weak reference (with the exception of pointers created by [`new`],
2742 /// as these don't own anything; the method still works on them).
2743 ///
2744 /// # Safety
2745 ///
2746 /// The pointer must have originated from the [`into_raw`] and must still own its potential
2747 /// weak reference, and must point to a block of memory allocated by global allocator.
2748 ///
2749 /// It is allowed for the strong count to be 0 at the time of calling this. Nevertheless, this
2750 /// takes ownership of one weak reference currently represented as a raw pointer (the weak
2751 /// count is not modified by this operation) and therefore it must be paired with a previous
2752 /// call to [`into_raw`].
2753 /// # Examples
2754 ///
2755 /// ```
2756 /// use std::sync::{Arc, Weak};
2757 ///
2758 /// let strong = Arc::new("hello".to_owned());
2759 ///
2760 /// let raw_1 = Arc::downgrade(&strong).into_raw();
2761 /// let raw_2 = Arc::downgrade(&strong).into_raw();
2762 ///
2763 /// assert_eq!(2, Arc::weak_count(&strong));
2764 ///
2765 /// assert_eq!("hello", &*unsafe { Weak::from_raw(raw_1) }.upgrade().unwrap());
2766 /// assert_eq!(1, Arc::weak_count(&strong));
2767 ///
2768 /// drop(strong);
2769 ///
2770 /// // Decrement the last weak count.
2771 /// assert!(unsafe { Weak::from_raw(raw_2) }.upgrade().is_none());
2772 /// ```
2773 ///
2774 /// [`new`]: Weak::new
2775 /// [`into_raw`]: Weak::into_raw
2776 /// [`upgrade`]: Weak::upgrade
2777 #[inline]
2778 #[stable(feature = "weak_into_raw", since = "1.45.0")]
2779 pub unsafe fn from_raw(ptr: *const T) -> Self {
2780 unsafe { Weak::from_raw_in(ptr, Global) }
2781 }
2782}
2783
2784impl<T: ?Sized, A: Allocator> Weak<T, A> {
2785 /// Returns a reference to the underlying allocator.
2786 #[inline]
2787 #[unstable(feature = "allocator_api", issue = "32838")]
2788 pub fn allocator(&self) -> &A {
2789 &self.alloc
2790 }
2791
2792 /// Returns a raw pointer to the object `T` pointed to by this `Weak<T>`.
2793 ///
2794 /// The pointer is valid only if there are some strong references. The pointer may be dangling,
2795 /// unaligned or even [`null`] otherwise.
2796 ///
2797 /// # Examples
2798 ///
2799 /// ```
2800 /// use std::sync::Arc;
2801 /// use std::ptr;
2802 ///
2803 /// let strong = Arc::new("hello".to_owned());
2804 /// let weak = Arc::downgrade(&strong);
2805 /// // Both point to the same object
2806 /// assert!(ptr::eq(&*strong, weak.as_ptr()));
2807 /// // The strong here keeps it alive, so we can still access the object.
2808 /// assert_eq!("hello", unsafe { &*weak.as_ptr() });
2809 ///
2810 /// drop(strong);
2811 /// // But not any more. We can do weak.as_ptr(), but accessing the pointer would lead to
2812 /// // undefined behavior.
2813 /// // assert_eq!("hello", unsafe { &*weak.as_ptr() });
2814 /// ```
2815 ///
2816 /// [`null`]: core::ptr::null "ptr::null"
2817 #[must_use]
2818 #[stable(feature = "weak_into_raw", since = "1.45.0")]
2819 pub fn as_ptr(&self) -> *const T {
2820 let ptr: *mut ArcInner<T> = NonNull::as_ptr(self.ptr);
2821
2822 if is_dangling(ptr) {
2823 // If the pointer is dangling, we return the sentinel directly. This cannot be
2824 // a valid payload address, as the payload is at least as aligned as ArcInner (usize).
2825 ptr as *const T
2826 } else {
2827 // SAFETY: if is_dangling returns false, then the pointer is dereferenceable.
2828 // The payload may be dropped at this point, and we have to maintain provenance,
2829 // so use raw pointer manipulation.
2830 unsafe { &raw mut (*ptr).data }
2831 }
2832 }
2833
2834 /// Consumes the `Weak<T>` and turns it into a raw pointer.
2835 ///
2836 /// This converts the weak pointer into a raw pointer, while still preserving the ownership of
2837 /// one weak reference (the weak count is not modified by this operation). It can be turned
2838 /// back into the `Weak<T>` with [`from_raw`].
2839 ///
2840 /// The same restrictions of accessing the target of the pointer as with
2841 /// [`as_ptr`] apply.
2842 ///
2843 /// # Examples
2844 ///
2845 /// ```
2846 /// use std::sync::{Arc, Weak};
2847 ///
2848 /// let strong = Arc::new("hello".to_owned());
2849 /// let weak = Arc::downgrade(&strong);
2850 /// let raw = weak.into_raw();
2851 ///
2852 /// assert_eq!(1, Arc::weak_count(&strong));
2853 /// assert_eq!("hello", unsafe { &*raw });
2854 ///
2855 /// drop(unsafe { Weak::from_raw(raw) });
2856 /// assert_eq!(0, Arc::weak_count(&strong));
2857 /// ```
2858 ///
2859 /// [`from_raw`]: Weak::from_raw
2860 /// [`as_ptr`]: Weak::as_ptr
2861 #[must_use = "losing the pointer will leak memory"]
2862 #[stable(feature = "weak_into_raw", since = "1.45.0")]
2863 pub fn into_raw(self) -> *const T {
2864 ManuallyDrop::new(self).as_ptr()
2865 }
2866
2867 /// Consumes the `Weak<T>`, returning the wrapped pointer and allocator.
2868 ///
2869 /// This converts the weak pointer into a raw pointer, while still preserving the ownership of
2870 /// one weak reference (the weak count is not modified by this operation). It can be turned
2871 /// back into the `Weak<T>` with [`from_raw_in`].
2872 ///
2873 /// The same restrictions of accessing the target of the pointer as with
2874 /// [`as_ptr`] apply.
2875 ///
2876 /// # Examples
2877 ///
2878 /// ```
2879 /// #![feature(allocator_api)]
2880 /// use std::sync::{Arc, Weak};
2881 /// use std::alloc::System;
2882 ///
2883 /// let strong = Arc::new_in("hello".to_owned(), System);
2884 /// let weak = Arc::downgrade(&strong);
2885 /// let (raw, alloc) = weak.into_raw_with_allocator();
2886 ///
2887 /// assert_eq!(1, Arc::weak_count(&strong));
2888 /// assert_eq!("hello", unsafe { &*raw });
2889 ///
2890 /// drop(unsafe { Weak::from_raw_in(raw, alloc) });
2891 /// assert_eq!(0, Arc::weak_count(&strong));
2892 /// ```
2893 ///
2894 /// [`from_raw_in`]: Weak::from_raw_in
2895 /// [`as_ptr`]: Weak::as_ptr
2896 #[must_use = "losing the pointer will leak memory"]
2897 #[unstable(feature = "allocator_api", issue = "32838")]
2898 pub fn into_raw_with_allocator(self) -> (*const T, A) {
2899 let this = mem::ManuallyDrop::new(self);
2900 let result = this.as_ptr();
2901 // Safety: `this` is ManuallyDrop so the allocator will not be double-dropped
2902 let alloc = unsafe { ptr::read(&this.alloc) };
2903 (result, alloc)
2904 }
2905
2906 /// Converts a raw pointer previously created by [`into_raw`] back into `Weak<T>` in the provided
2907 /// allocator.
2908 ///
2909 /// This can be used to safely get a strong reference (by calling [`upgrade`]
2910 /// later) or to deallocate the weak count by dropping the `Weak<T>`.
2911 ///
2912 /// It takes ownership of one weak reference (with the exception of pointers created by [`new`],
2913 /// as these don't own anything; the method still works on them).
2914 ///
2915 /// # Safety
2916 ///
2917 /// The pointer must have originated from the [`into_raw`] and must still own its potential
2918 /// weak reference, and must point to a block of memory allocated by `alloc`.
2919 ///
2920 /// It is allowed for the strong count to be 0 at the time of calling this. Nevertheless, this
2921 /// takes ownership of one weak reference currently represented as a raw pointer (the weak
2922 /// count is not modified by this operation) and therefore it must be paired with a previous
2923 /// call to [`into_raw`].
2924 /// # Examples
2925 ///
2926 /// ```
2927 /// use std::sync::{Arc, Weak};
2928 ///
2929 /// let strong = Arc::new("hello".to_owned());
2930 ///
2931 /// let raw_1 = Arc::downgrade(&strong).into_raw();
2932 /// let raw_2 = Arc::downgrade(&strong).into_raw();
2933 ///
2934 /// assert_eq!(2, Arc::weak_count(&strong));
2935 ///
2936 /// assert_eq!("hello", &*unsafe { Weak::from_raw(raw_1) }.upgrade().unwrap());
2937 /// assert_eq!(1, Arc::weak_count(&strong));
2938 ///
2939 /// drop(strong);
2940 ///
2941 /// // Decrement the last weak count.
2942 /// assert!(unsafe { Weak::from_raw(raw_2) }.upgrade().is_none());
2943 /// ```
2944 ///
2945 /// [`new`]: Weak::new
2946 /// [`into_raw`]: Weak::into_raw
2947 /// [`upgrade`]: Weak::upgrade
2948 #[inline]
2949 #[unstable(feature = "allocator_api", issue = "32838")]
2950 pub unsafe fn from_raw_in(ptr: *const T, alloc: A) -> Self {
2951 // See Weak::as_ptr for context on how the input pointer is derived.
2952
2953 let ptr = if is_dangling(ptr) {
2954 // This is a dangling Weak.
2955 ptr as *mut ArcInner<T>
2956 } else {
2957 // Otherwise, we're guaranteed the pointer came from a nondangling Weak.
2958 // SAFETY: data_offset is safe to call, as ptr references a real (potentially dropped) T.
2959 let offset = unsafe { data_offset(ptr) };
2960 // Thus, we reverse the offset to get the whole RcInner.
2961 // SAFETY: the pointer originated from a Weak, so this offset is safe.
2962 unsafe { ptr.byte_sub(offset) as *mut ArcInner<T> }
2963 };
2964
2965 // SAFETY: we now have recovered the original Weak pointer, so can create the Weak.
2966 Weak { ptr: unsafe { NonNull::new_unchecked(ptr) }, alloc }
2967 }
2968}
2969
2970impl<T: ?Sized, A: Allocator> Weak<T, A> {
2971 /// Attempts to upgrade the `Weak` pointer to an [`Arc`], delaying
2972 /// dropping of the inner value if successful.
2973 ///
2974 /// Returns [`None`] if the inner value has since been dropped.
2975 ///
2976 /// # Examples
2977 ///
2978 /// ```
2979 /// use std::sync::Arc;
2980 ///
2981 /// let five = Arc::new(5);
2982 ///
2983 /// let weak_five = Arc::downgrade(&five);
2984 ///
2985 /// let strong_five: Option<Arc<_>> = weak_five.upgrade();
2986 /// assert!(strong_five.is_some());
2987 ///
2988 /// // Destroy all strong pointers.
2989 /// drop(strong_five);
2990 /// drop(five);
2991 ///
2992 /// assert!(weak_five.upgrade().is_none());
2993 /// ```
2994 #[must_use = "this returns a new `Arc`, \
2995 without modifying the original weak pointer"]
2996 #[stable(feature = "arc_weak", since = "1.4.0")]
2997 pub fn upgrade(&self) -> Option<Arc<T, A>>
2998 where
2999 A: Clone,
3000 {
3001 #[inline]
3002 fn checked_increment(n: usize) -> Option<usize> {
3003 // Any write of 0 we can observe leaves the field in permanently zero state.
3004 if n == 0 {
3005 return None;
3006 }
3007 // See comments in `Arc::clone` for why we do this (for `mem::forget`).
3008 assert!(n <= MAX_REFCOUNT, "{}", INTERNAL_OVERFLOW_ERROR);
3009 Some(n + 1)
3010 }
3011
3012 // We use a CAS loop to increment the strong count instead of a
3013 // fetch_add as this function should never take the reference count
3014 // from zero to one.
3015 //
3016 // Relaxed is fine for the failure case because we don't have any expectations about the new state.
3017 // Acquire is necessary for the success case to synchronise with `Arc::new_cyclic`, when the inner
3018 // value can be initialized after `Weak` references have already been created. In that case, we
3019 // expect to observe the fully initialized value.
3020 if self.inner()?.strong.fetch_update(Acquire, Relaxed, checked_increment).is_ok() {
3021 // SAFETY: pointer is not null, verified in checked_increment
3022 unsafe { Some(Arc::from_inner_in(self.ptr, self.alloc.clone())) }
3023 } else {
3024 None
3025 }
3026 }
3027
3028 /// Gets the number of strong (`Arc`) pointers pointing to this allocation.
3029 ///
3030 /// If `self` was created using [`Weak::new`], this will return 0.
3031 #[must_use]
3032 #[stable(feature = "weak_counts", since = "1.41.0")]
3033 pub fn strong_count(&self) -> usize {
3034 if let Some(inner) = self.inner() { inner.strong.load(Relaxed) } else { 0 }
3035 }
3036
3037 /// Gets an approximation of the number of `Weak` pointers pointing to this
3038 /// allocation.
3039 ///
3040 /// If `self` was created using [`Weak::new`], or if there are no remaining
3041 /// strong pointers, this will return 0.
3042 ///
3043 /// # Accuracy
3044 ///
3045 /// Due to implementation details, the returned value can be off by 1 in
3046 /// either direction when other threads are manipulating any `Arc`s or
3047 /// `Weak`s pointing to the same allocation.
3048 #[must_use]
3049 #[stable(feature = "weak_counts", since = "1.41.0")]
3050 pub fn weak_count(&self) -> usize {
3051 if let Some(inner) = self.inner() {
3052 let weak = inner.weak.load(Acquire);
3053 let strong = inner.strong.load(Relaxed);
3054 if strong == 0 {
3055 0
3056 } else {
3057 // Since we observed that there was at least one strong pointer
3058 // after reading the weak count, we know that the implicit weak
3059 // reference (present whenever any strong references are alive)
3060 // was still around when we observed the weak count, and can
3061 // therefore safely subtract it.
3062 weak - 1
3063 }
3064 } else {
3065 0
3066 }
3067 }
3068
3069 /// Returns `None` when the pointer is dangling and there is no allocated `ArcInner`,
3070 /// (i.e., when this `Weak` was created by `Weak::new`).
3071 #[inline]
3072 fn inner(&self) -> Option<WeakInner<'_>> {
3073 let ptr = self.ptr.as_ptr();
3074 if is_dangling(ptr) {
3075 None
3076 } else {
3077 // We are careful to *not* create a reference covering the "data" field, as
3078 // the field may be mutated concurrently (for example, if the last `Arc`
3079 // is dropped, the data field will be dropped in-place).
3080 Some(unsafe { WeakInner { strong: &(*ptr).strong, weak: &(*ptr).weak } })
3081 }
3082 }
3083
3084 /// Returns `true` if the two `Weak`s point to the same allocation similar to [`ptr::eq`], or if
3085 /// both don't point to any allocation (because they were created with `Weak::new()`). However,
3086 /// this function ignores the metadata of `dyn Trait` pointers.
3087 ///
3088 /// # Notes
3089 ///
3090 /// Since this compares pointers it means that `Weak::new()` will equal each
3091 /// other, even though they don't point to any allocation.
3092 ///
3093 /// # Examples
3094 ///
3095 /// ```
3096 /// use std::sync::Arc;
3097 ///
3098 /// let first_rc = Arc::new(5);
3099 /// let first = Arc::downgrade(&first_rc);
3100 /// let second = Arc::downgrade(&first_rc);
3101 ///
3102 /// assert!(first.ptr_eq(&second));
3103 ///
3104 /// let third_rc = Arc::new(5);
3105 /// let third = Arc::downgrade(&third_rc);
3106 ///
3107 /// assert!(!first.ptr_eq(&third));
3108 /// ```
3109 ///
3110 /// Comparing `Weak::new`.
3111 ///
3112 /// ```
3113 /// use std::sync::{Arc, Weak};
3114 ///
3115 /// let first = Weak::new();
3116 /// let second = Weak::new();
3117 /// assert!(first.ptr_eq(&second));
3118 ///
3119 /// let third_rc = Arc::new(());
3120 /// let third = Arc::downgrade(&third_rc);
3121 /// assert!(!first.ptr_eq(&third));
3122 /// ```
3123 ///
3124 /// [`ptr::eq`]: core::ptr::eq "ptr::eq"
3125 #[inline]
3126 #[must_use]
3127 #[stable(feature = "weak_ptr_eq", since = "1.39.0")]
3128 pub fn ptr_eq(&self, other: &Self) -> bool {
3129 ptr::addr_eq(self.ptr.as_ptr(), other.ptr.as_ptr())
3130 }
3131}
3132
3133#[stable(feature = "arc_weak", since = "1.4.0")]
3134impl<T: ?Sized, A: Allocator + Clone> Clone for Weak<T, A> {
3135 /// Makes a clone of the `Weak` pointer that points to the same allocation.
3136 ///
3137 /// # Examples
3138 ///
3139 /// ```
3140 /// use std::sync::{Arc, Weak};
3141 ///
3142 /// let weak_five = Arc::downgrade(&Arc::new(5));
3143 ///
3144 /// let _ = Weak::clone(&weak_five);
3145 /// ```
3146 #[inline]
3147 fn clone(&self) -> Weak<T, A> {
3148 if let Some(inner) = self.inner() {
3149 // See comments in Arc::clone() for why this is relaxed. This can use a
3150 // fetch_add (ignoring the lock) because the weak count is only locked
3151 // where are *no other* weak pointers in existence. (So we can't be
3152 // running this code in that case).
3153 let old_size = inner.weak.fetch_add(1, Relaxed);
3154
3155 // See comments in Arc::clone() for why we do this (for mem::forget).
3156 if old_size > MAX_REFCOUNT {
3157 abort();
3158 }
3159 }
3160
3161 Weak { ptr: self.ptr, alloc: self.alloc.clone() }
3162 }
3163}
3164
3165#[unstable(feature = "ergonomic_clones", issue = "132290")]
3166impl<T: ?Sized, A: Allocator + Clone> UseCloned for Weak<T, A> {}
3167
3168#[stable(feature = "downgraded_weak", since = "1.10.0")]
3169impl<T> Default for Weak<T> {
3170 /// Constructs a new `Weak<T>`, without allocating memory.
3171 /// Calling [`upgrade`] on the return value always
3172 /// gives [`None`].
3173 ///
3174 /// [`upgrade`]: Weak::upgrade
3175 ///
3176 /// # Examples
3177 ///
3178 /// ```
3179 /// use std::sync::Weak;
3180 ///
3181 /// let empty: Weak<i64> = Default::default();
3182 /// assert!(empty.upgrade().is_none());
3183 /// ```
3184 fn default() -> Weak<T> {
3185 Weak::new()
3186 }
3187}
3188
3189#[stable(feature = "arc_weak", since = "1.4.0")]
3190unsafe impl<#[may_dangle] T: ?Sized, A: Allocator> Drop for Weak<T, A> {
3191 /// Drops the `Weak` pointer.
3192 ///
3193 /// # Examples
3194 ///
3195 /// ```
3196 /// use std::sync::{Arc, Weak};
3197 ///
3198 /// struct Foo;
3199 ///
3200 /// impl Drop for Foo {
3201 /// fn drop(&mut self) {
3202 /// println!("dropped!");
3203 /// }
3204 /// }
3205 ///
3206 /// let foo = Arc::new(Foo);
3207 /// let weak_foo = Arc::downgrade(&foo);
3208 /// let other_weak_foo = Weak::clone(&weak_foo);
3209 ///
3210 /// drop(weak_foo); // Doesn't print anything
3211 /// drop(foo); // Prints "dropped!"
3212 ///
3213 /// assert!(other_weak_foo.upgrade().is_none());
3214 /// ```
3215 fn drop(&mut self) {
3216 // If we find out that we were the last weak pointer, then its time to
3217 // deallocate the data entirely. See the discussion in Arc::drop() about
3218 // the memory orderings
3219 //
3220 // It's not necessary to check for the locked state here, because the
3221 // weak count can only be locked if there was precisely one weak ref,
3222 // meaning that drop could only subsequently run ON that remaining weak
3223 // ref, which can only happen after the lock is released.
3224 let inner = if let Some(inner) = self.inner() { inner } else { return };
3225
3226 if inner.weak.fetch_sub(1, Release) == 1 {
3227 acquire!(inner.weak);
3228
3229 // Make sure we aren't trying to "deallocate" the shared static for empty slices
3230 // used by Default::default.
3231 debug_assert!(
3232 !ptr::addr_eq(self.ptr.as_ptr(), &STATIC_INNER_SLICE.inner),
3233 "Arc/Weaks backed by a static should never be deallocated. \
3234 Likely decrement_strong_count or from_raw were called too many times.",
3235 );
3236
3237 unsafe {
3238 self.alloc.deallocate(self.ptr.cast(), Layout::for_value_raw(self.ptr.as_ptr()))
3239 }
3240 }
3241 }
3242}
3243
3244#[stable(feature = "rust1", since = "1.0.0")]
3245trait ArcEqIdent<T: ?Sized + PartialEq, A: Allocator> {
3246 fn eq(&self, other: &Arc<T, A>) -> bool;
3247 fn ne(&self, other: &Arc<T, A>) -> bool;
3248}
3249
3250#[stable(feature = "rust1", since = "1.0.0")]
3251impl<T: ?Sized + PartialEq, A: Allocator> ArcEqIdent<T, A> for Arc<T, A> {
3252 #[inline]
3253 default fn eq(&self, other: &Arc<T, A>) -> bool {
3254 **self == **other
3255 }
3256 #[inline]
3257 default fn ne(&self, other: &Arc<T, A>) -> bool {
3258 **self != **other
3259 }
3260}
3261
3262/// We're doing this specialization here, and not as a more general optimization on `&T`, because it
3263/// would otherwise add a cost to all equality checks on refs. We assume that `Arc`s are used to
3264/// store large values, that are slow to clone, but also heavy to check for equality, causing this
3265/// cost to pay off more easily. It's also more likely to have two `Arc` clones, that point to
3266/// the same value, than two `&T`s.
3267///
3268/// We can only do this when `T: Eq` as a `PartialEq` might be deliberately irreflexive.
3269#[stable(feature = "rust1", since = "1.0.0")]
3270impl<T: ?Sized + crate::rc::MarkerEq, A: Allocator> ArcEqIdent<T, A> for Arc<T, A> {
3271 #[inline]
3272 fn eq(&self, other: &Arc<T, A>) -> bool {
3273 Arc::ptr_eq(self, other) || **self == **other
3274 }
3275
3276 #[inline]
3277 fn ne(&self, other: &Arc<T, A>) -> bool {
3278 !Arc::ptr_eq(self, other) && **self != **other
3279 }
3280}
3281
3282#[stable(feature = "rust1", since = "1.0.0")]
3283impl<T: ?Sized + PartialEq, A: Allocator> PartialEq for Arc<T, A> {
3284 /// Equality for two `Arc`s.
3285 ///
3286 /// Two `Arc`s are equal if their inner values are equal, even if they are
3287 /// stored in different allocation.
3288 ///
3289 /// If `T` also implements `Eq` (implying reflexivity of equality),
3290 /// two `Arc`s that point to the same allocation are always equal.
3291 ///
3292 /// # Examples
3293 ///
3294 /// ```
3295 /// use std::sync::Arc;
3296 ///
3297 /// let five = Arc::new(5);
3298 ///
3299 /// assert!(five == Arc::new(5));
3300 /// ```
3301 #[inline]
3302 fn eq(&self, other: &Arc<T, A>) -> bool {
3303 ArcEqIdent::eq(self, other)
3304 }
3305
3306 /// Inequality for two `Arc`s.
3307 ///
3308 /// Two `Arc`s are not equal if their inner values are not equal.
3309 ///
3310 /// If `T` also implements `Eq` (implying reflexivity of equality),
3311 /// two `Arc`s that point to the same value are always equal.
3312 ///
3313 /// # Examples
3314 ///
3315 /// ```
3316 /// use std::sync::Arc;
3317 ///
3318 /// let five = Arc::new(5);
3319 ///
3320 /// assert!(five != Arc::new(6));
3321 /// ```
3322 #[inline]
3323 fn ne(&self, other: &Arc<T, A>) -> bool {
3324 ArcEqIdent::ne(self, other)
3325 }
3326}
3327
3328#[stable(feature = "rust1", since = "1.0.0")]
3329impl<T: ?Sized + PartialOrd, A: Allocator> PartialOrd for Arc<T, A> {
3330 /// Partial comparison for two `Arc`s.
3331 ///
3332 /// The two are compared by calling `partial_cmp()` on their inner values.
3333 ///
3334 /// # Examples
3335 ///
3336 /// ```
3337 /// use std::sync::Arc;
3338 /// use std::cmp::Ordering;
3339 ///
3340 /// let five = Arc::new(5);
3341 ///
3342 /// assert_eq!(Some(Ordering::Less), five.partial_cmp(&Arc::new(6)));
3343 /// ```
3344 fn partial_cmp(&self, other: &Arc<T, A>) -> Option<Ordering> {
3345 (**self).partial_cmp(&**other)
3346 }
3347
3348 /// Less-than comparison for two `Arc`s.
3349 ///
3350 /// The two are compared by calling `<` on their inner values.
3351 ///
3352 /// # Examples
3353 ///
3354 /// ```
3355 /// use std::sync::Arc;
3356 ///
3357 /// let five = Arc::new(5);
3358 ///
3359 /// assert!(five < Arc::new(6));
3360 /// ```
3361 fn lt(&self, other: &Arc<T, A>) -> bool {
3362 *(*self) < *(*other)
3363 }
3364
3365 /// 'Less than or equal to' comparison for two `Arc`s.
3366 ///
3367 /// The two are compared by calling `<=` on their inner values.
3368 ///
3369 /// # Examples
3370 ///
3371 /// ```
3372 /// use std::sync::Arc;
3373 ///
3374 /// let five = Arc::new(5);
3375 ///
3376 /// assert!(five <= Arc::new(5));
3377 /// ```
3378 fn le(&self, other: &Arc<T, A>) -> bool {
3379 *(*self) <= *(*other)
3380 }
3381
3382 /// Greater-than comparison for two `Arc`s.
3383 ///
3384 /// The two are compared by calling `>` on their inner values.
3385 ///
3386 /// # Examples
3387 ///
3388 /// ```
3389 /// use std::sync::Arc;
3390 ///
3391 /// let five = Arc::new(5);
3392 ///
3393 /// assert!(five > Arc::new(4));
3394 /// ```
3395 fn gt(&self, other: &Arc<T, A>) -> bool {
3396 *(*self) > *(*other)
3397 }
3398
3399 /// 'Greater than or equal to' comparison for two `Arc`s.
3400 ///
3401 /// The two are compared by calling `>=` on their inner values.
3402 ///
3403 /// # Examples
3404 ///
3405 /// ```
3406 /// use std::sync::Arc;
3407 ///
3408 /// let five = Arc::new(5);
3409 ///
3410 /// assert!(five >= Arc::new(5));
3411 /// ```
3412 fn ge(&self, other: &Arc<T, A>) -> bool {
3413 *(*self) >= *(*other)
3414 }
3415}
3416#[stable(feature = "rust1", since = "1.0.0")]
3417impl<T: ?Sized + Ord, A: Allocator> Ord for Arc<T, A> {
3418 /// Comparison for two `Arc`s.
3419 ///
3420 /// The two are compared by calling `cmp()` on their inner values.
3421 ///
3422 /// # Examples
3423 ///
3424 /// ```
3425 /// use std::sync::Arc;
3426 /// use std::cmp::Ordering;
3427 ///
3428 /// let five = Arc::new(5);
3429 ///
3430 /// assert_eq!(Ordering::Less, five.cmp(&Arc::new(6)));
3431 /// ```
3432 fn cmp(&self, other: &Arc<T, A>) -> Ordering {
3433 (**self).cmp(&**other)
3434 }
3435}
3436#[stable(feature = "rust1", since = "1.0.0")]
3437impl<T: ?Sized + Eq, A: Allocator> Eq for Arc<T, A> {}
3438
3439#[stable(feature = "rust1", since = "1.0.0")]
3440impl<T: ?Sized + fmt::Display, A: Allocator> fmt::Display for Arc<T, A> {
3441 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
3442 fmt::Display::fmt(&**self, f)
3443 }
3444}
3445
3446#[stable(feature = "rust1", since = "1.0.0")]
3447impl<T: ?Sized + fmt::Debug, A: Allocator> fmt::Debug for Arc<T, A> {
3448 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
3449 fmt::Debug::fmt(&**self, f)
3450 }
3451}
3452
3453#[stable(feature = "rust1", since = "1.0.0")]
3454impl<T: ?Sized, A: Allocator> fmt::Pointer for Arc<T, A> {
3455 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
3456 fmt::Pointer::fmt(&(&raw const **self), f)
3457 }
3458}
3459
3460#[cfg(not(no_global_oom_handling))]
3461#[stable(feature = "rust1", since = "1.0.0")]
3462impl<T: Default> Default for Arc<T> {
3463 /// Creates a new `Arc<T>`, with the `Default` value for `T`.
3464 ///
3465 /// # Examples
3466 ///
3467 /// ```
3468 /// use std::sync::Arc;
3469 ///
3470 /// let x: Arc<i32> = Default::default();
3471 /// assert_eq!(*x, 0);
3472 /// ```
3473 fn default() -> Arc<T> {
3474 unsafe {
3475 Self::from_inner(
3476 Box::leak(Box::write(
3477 Box::new_uninit(),
3478 ArcInner {
3479 strong: atomic::AtomicUsize::new(1),
3480 weak: atomic::AtomicUsize::new(1),
3481 data: T::default(),
3482 },
3483 ))
3484 .into(),
3485 )
3486 }
3487 }
3488}
3489
3490/// Struct to hold the static `ArcInner` used for empty `Arc<str/CStr/[T]>` as
3491/// returned by `Default::default`.
3492///
3493/// Layout notes:
3494/// * `repr(align(16))` so we can use it for `[T]` with `align_of::<T>() <= 16`.
3495/// * `repr(C)` so `inner` is at offset 0 (and thus guaranteed to actually be aligned to 16).
3496/// * `[u8; 1]` (to be initialized with 0) so it can be used for `Arc<CStr>`.
3497#[repr(C, align(16))]
3498struct SliceArcInnerForStatic {
3499 inner: ArcInner<[u8; 1]>,
3500}
3501#[cfg(not(no_global_oom_handling))]
3502const MAX_STATIC_INNER_SLICE_ALIGNMENT: usize = 16;
3503
3504static STATIC_INNER_SLICE: SliceArcInnerForStatic = SliceArcInnerForStatic {
3505 inner: ArcInner {
3506 strong: atomic::AtomicUsize::new(1),
3507 weak: atomic::AtomicUsize::new(1),
3508 data: [0],
3509 },
3510};
3511
3512#[cfg(not(no_global_oom_handling))]
3513#[stable(feature = "more_rc_default_impls", since = "1.80.0")]
3514impl Default for Arc<str> {
3515 /// Creates an empty str inside an Arc
3516 ///
3517 /// This may or may not share an allocation with other Arcs.
3518 #[inline]
3519 fn default() -> Self {
3520 let arc: Arc<[u8]> = Default::default();
3521 debug_assert!(core::str::from_utf8(&*arc).is_ok());
3522 let (ptr, alloc) = Arc::into_inner_with_allocator(arc);
3523 unsafe { Arc::from_ptr_in(ptr.as_ptr() as *mut ArcInner<str>, alloc) }
3524 }
3525}
3526
3527#[cfg(not(no_global_oom_handling))]
3528#[stable(feature = "more_rc_default_impls", since = "1.80.0")]
3529impl Default for Arc<core::ffi::CStr> {
3530 /// Creates an empty CStr inside an Arc
3531 ///
3532 /// This may or may not share an allocation with other Arcs.
3533 #[inline]
3534 fn default() -> Self {
3535 use core::ffi::CStr;
3536 let inner: NonNull<ArcInner<[u8]>> = NonNull::from(&STATIC_INNER_SLICE.inner);
3537 let inner: NonNull<ArcInner<CStr>> =
3538 NonNull::new(inner.as_ptr() as *mut ArcInner<CStr>).unwrap();
3539 // `this` semantically is the Arc "owned" by the static, so make sure not to drop it.
3540 let this: mem::ManuallyDrop<Arc<CStr>> =
3541 unsafe { mem::ManuallyDrop::new(Arc::from_inner(inner)) };
3542 (*this).clone()
3543 }
3544}
3545
3546#[cfg(not(no_global_oom_handling))]
3547#[stable(feature = "more_rc_default_impls", since = "1.80.0")]
3548impl<T> Default for Arc<[T]> {
3549 /// Creates an empty `[T]` inside an Arc
3550 ///
3551 /// This may or may not share an allocation with other Arcs.
3552 #[inline]
3553 fn default() -> Self {
3554 if align_of::<T>() <= MAX_STATIC_INNER_SLICE_ALIGNMENT {
3555 // We take a reference to the whole struct instead of the ArcInner<[u8; 1]> inside it so
3556 // we don't shrink the range of bytes the ptr is allowed to access under Stacked Borrows.
3557 // (Miri complains on 32-bit targets with Arc<[Align16]> otherwise.)
3558 // (Note that NonNull::from(&STATIC_INNER_SLICE.inner) is fine under Tree Borrows.)
3559 let inner: NonNull<SliceArcInnerForStatic> = NonNull::from(&STATIC_INNER_SLICE);
3560 let inner: NonNull<ArcInner<[T; 0]>> = inner.cast();
3561 // `this` semantically is the Arc "owned" by the static, so make sure not to drop it.
3562 let this: mem::ManuallyDrop<Arc<[T; 0]>> =
3563 unsafe { mem::ManuallyDrop::new(Arc::from_inner(inner)) };
3564 return (*this).clone();
3565 }
3566
3567 // If T's alignment is too large for the static, make a new unique allocation.
3568 let arr: [T; 0] = [];
3569 Arc::from(arr)
3570 }
3571}
3572
3573#[stable(feature = "rust1", since = "1.0.0")]
3574impl<T: ?Sized + Hash, A: Allocator> Hash for Arc<T, A> {
3575 fn hash<H: Hasher>(&self, state: &mut H) {
3576 (**self).hash(state)
3577 }
3578}
3579
3580#[cfg(not(no_global_oom_handling))]
3581#[stable(feature = "from_for_ptrs", since = "1.6.0")]
3582impl<T> From<T> for Arc<T> {
3583 /// Converts a `T` into an `Arc<T>`
3584 ///
3585 /// The conversion moves the value into a
3586 /// newly allocated `Arc`. It is equivalent to
3587 /// calling `Arc::new(t)`.
3588 ///
3589 /// # Example
3590 /// ```rust
3591 /// # use std::sync::Arc;
3592 /// let x = 5;
3593 /// let arc = Arc::new(5);
3594 ///
3595 /// assert_eq!(Arc::from(x), arc);
3596 /// ```
3597 fn from(t: T) -> Self {
3598 Arc::new(t)
3599 }
3600}
3601
3602#[cfg(not(no_global_oom_handling))]
3603#[stable(feature = "shared_from_array", since = "1.74.0")]
3604impl<T, const N: usize> From<[T; N]> for Arc<[T]> {
3605 /// Converts a [`[T; N]`](prim@array) into an `Arc<[T]>`.
3606 ///
3607 /// The conversion moves the array into a newly allocated `Arc`.
3608 ///
3609 /// # Example
3610 ///
3611 /// ```
3612 /// # use std::sync::Arc;
3613 /// let original: [i32; 3] = [1, 2, 3];
3614 /// let shared: Arc<[i32]> = Arc::from(original);
3615 /// assert_eq!(&[1, 2, 3], &shared[..]);
3616 /// ```
3617 #[inline]
3618 fn from(v: [T; N]) -> Arc<[T]> {
3619 Arc::<[T; N]>::from(v)
3620 }
3621}
3622
3623#[cfg(not(no_global_oom_handling))]
3624#[stable(feature = "shared_from_slice", since = "1.21.0")]
3625impl<T: Clone> From<&[T]> for Arc<[T]> {
3626 /// Allocates a reference-counted slice and fills it by cloning `v`'s items.
3627 ///
3628 /// # Example
3629 ///
3630 /// ```
3631 /// # use std::sync::Arc;
3632 /// let original: &[i32] = &[1, 2, 3];
3633 /// let shared: Arc<[i32]> = Arc::from(original);
3634 /// assert_eq!(&[1, 2, 3], &shared[..]);
3635 /// ```
3636 #[inline]
3637 fn from(v: &[T]) -> Arc<[T]> {
3638 <Self as ArcFromSlice<T>>::from_slice(v)
3639 }
3640}
3641
3642#[cfg(not(no_global_oom_handling))]
3643#[stable(feature = "shared_from_mut_slice", since = "1.84.0")]
3644impl<T: Clone> From<&mut [T]> for Arc<[T]> {
3645 /// Allocates a reference-counted slice and fills it by cloning `v`'s items.
3646 ///
3647 /// # Example
3648 ///
3649 /// ```
3650 /// # use std::sync::Arc;
3651 /// let mut original = [1, 2, 3];
3652 /// let original: &mut [i32] = &mut original;
3653 /// let shared: Arc<[i32]> = Arc::from(original);
3654 /// assert_eq!(&[1, 2, 3], &shared[..]);
3655 /// ```
3656 #[inline]
3657 fn from(v: &mut [T]) -> Arc<[T]> {
3658 Arc::from(&*v)
3659 }
3660}
3661
3662#[cfg(not(no_global_oom_handling))]
3663#[stable(feature = "shared_from_slice", since = "1.21.0")]
3664impl From<&str> for Arc<str> {
3665 /// Allocates a reference-counted `str` and copies `v` into it.
3666 ///
3667 /// # Example
3668 ///
3669 /// ```
3670 /// # use std::sync::Arc;
3671 /// let shared: Arc<str> = Arc::from("eggplant");
3672 /// assert_eq!("eggplant", &shared[..]);
3673 /// ```
3674 #[inline]
3675 fn from(v: &str) -> Arc<str> {
3676 let arc = Arc::<[u8]>::from(v.as_bytes());
3677 unsafe { Arc::from_raw(Arc::into_raw(arc) as *const str) }
3678 }
3679}
3680
3681#[cfg(not(no_global_oom_handling))]
3682#[stable(feature = "shared_from_mut_slice", since = "1.84.0")]
3683impl From<&mut str> for Arc<str> {
3684 /// Allocates a reference-counted `str` and copies `v` into it.
3685 ///
3686 /// # Example
3687 ///
3688 /// ```
3689 /// # use std::sync::Arc;
3690 /// let mut original = String::from("eggplant");
3691 /// let original: &mut str = &mut original;
3692 /// let shared: Arc<str> = Arc::from(original);
3693 /// assert_eq!("eggplant", &shared[..]);
3694 /// ```
3695 #[inline]
3696 fn from(v: &mut str) -> Arc<str> {
3697 Arc::from(&*v)
3698 }
3699}
3700
3701#[cfg(not(no_global_oom_handling))]
3702#[stable(feature = "shared_from_slice", since = "1.21.0")]
3703impl From<String> for Arc<str> {
3704 /// Allocates a reference-counted `str` and copies `v` into it.
3705 ///
3706 /// # Example
3707 ///
3708 /// ```
3709 /// # use std::sync::Arc;
3710 /// let unique: String = "eggplant".to_owned();
3711 /// let shared: Arc<str> = Arc::from(unique);
3712 /// assert_eq!("eggplant", &shared[..]);
3713 /// ```
3714 #[inline]
3715 fn from(v: String) -> Arc<str> {
3716 Arc::from(&v[..])
3717 }
3718}
3719
3720#[cfg(not(no_global_oom_handling))]
3721#[stable(feature = "shared_from_slice", since = "1.21.0")]
3722impl<T: ?Sized, A: Allocator> From<Box<T, A>> for Arc<T, A> {
3723 /// Move a boxed object to a new, reference-counted allocation.
3724 ///
3725 /// # Example
3726 ///
3727 /// ```
3728 /// # use std::sync::Arc;
3729 /// let unique: Box<str> = Box::from("eggplant");
3730 /// let shared: Arc<str> = Arc::from(unique);
3731 /// assert_eq!("eggplant", &shared[..]);
3732 /// ```
3733 #[inline]
3734 fn from(v: Box<T, A>) -> Arc<T, A> {
3735 Arc::from_box_in(v)
3736 }
3737}
3738
3739#[cfg(not(no_global_oom_handling))]
3740#[stable(feature = "shared_from_slice", since = "1.21.0")]
3741impl<T, A: Allocator + Clone> From<Vec<T, A>> for Arc<[T], A> {
3742 /// Allocates a reference-counted slice and moves `v`'s items into it.
3743 ///
3744 /// # Example
3745 ///
3746 /// ```
3747 /// # use std::sync::Arc;
3748 /// let unique: Vec<i32> = vec![1, 2, 3];
3749 /// let shared: Arc<[i32]> = Arc::from(unique);
3750 /// assert_eq!(&[1, 2, 3], &shared[..]);
3751 /// ```
3752 #[inline]
3753 fn from(v: Vec<T, A>) -> Arc<[T], A> {
3754 unsafe {
3755 let (vec_ptr, len, cap, alloc) = v.into_raw_parts_with_alloc();
3756
3757 let rc_ptr = Self::allocate_for_slice_in(len, &alloc);
3758 ptr::copy_nonoverlapping(vec_ptr, (&raw mut (*rc_ptr).data) as *mut T, len);
3759
3760 // Create a `Vec<T, &A>` with length 0, to deallocate the buffer
3761 // without dropping its contents or the allocator
3762 let _ = Vec::from_raw_parts_in(vec_ptr, 0, cap, &alloc);
3763
3764 Self::from_ptr_in(rc_ptr, alloc)
3765 }
3766 }
3767}
3768
3769#[stable(feature = "shared_from_cow", since = "1.45.0")]
3770impl<'a, B> From<Cow<'a, B>> for Arc<B>
3771where
3772 B: ToOwned + ?Sized,
3773 Arc<B>: From<&'a B> + From<B::Owned>,
3774{
3775 /// Creates an atomically reference-counted pointer from a clone-on-write
3776 /// pointer by copying its content.
3777 ///
3778 /// # Example
3779 ///
3780 /// ```rust
3781 /// # use std::sync::Arc;
3782 /// # use std::borrow::Cow;
3783 /// let cow: Cow<'_, str> = Cow::Borrowed("eggplant");
3784 /// let shared: Arc<str> = Arc::from(cow);
3785 /// assert_eq!("eggplant", &shared[..]);
3786 /// ```
3787 #[inline]
3788 fn from(cow: Cow<'a, B>) -> Arc<B> {
3789 match cow {
3790 Cow::Borrowed(s) => Arc::from(s),
3791 Cow::Owned(s) => Arc::from(s),
3792 }
3793 }
3794}
3795
3796#[stable(feature = "shared_from_str", since = "1.62.0")]
3797impl From<Arc<str>> for Arc<[u8]> {
3798 /// Converts an atomically reference-counted string slice into a byte slice.
3799 ///
3800 /// # Example
3801 ///
3802 /// ```
3803 /// # use std::sync::Arc;
3804 /// let string: Arc<str> = Arc::from("eggplant");
3805 /// let bytes: Arc<[u8]> = Arc::from(string);
3806 /// assert_eq!("eggplant".as_bytes(), bytes.as_ref());
3807 /// ```
3808 #[inline]
3809 fn from(rc: Arc<str>) -> Self {
3810 // SAFETY: `str` has the same layout as `[u8]`.
3811 unsafe { Arc::from_raw(Arc::into_raw(rc) as *const [u8]) }
3812 }
3813}
3814
3815#[stable(feature = "boxed_slice_try_from", since = "1.43.0")]
3816impl<T, A: Allocator, const N: usize> TryFrom<Arc<[T], A>> for Arc<[T; N], A> {
3817 type Error = Arc<[T], A>;
3818
3819 fn try_from(boxed_slice: Arc<[T], A>) -> Result<Self, Self::Error> {
3820 if boxed_slice.len() == N {
3821 let (ptr, alloc) = Arc::into_inner_with_allocator(boxed_slice);
3822 Ok(unsafe { Arc::from_inner_in(ptr.cast(), alloc) })
3823 } else {
3824 Err(boxed_slice)
3825 }
3826 }
3827}
3828
3829#[cfg(not(no_global_oom_handling))]
3830#[stable(feature = "shared_from_iter", since = "1.37.0")]
3831impl<T> FromIterator<T> for Arc<[T]> {
3832 /// Takes each element in the `Iterator` and collects it into an `Arc<[T]>`.
3833 ///
3834 /// # Performance characteristics
3835 ///
3836 /// ## The general case
3837 ///
3838 /// In the general case, collecting into `Arc<[T]>` is done by first
3839 /// collecting into a `Vec<T>`. That is, when writing the following:
3840 ///
3841 /// ```rust
3842 /// # use std::sync::Arc;
3843 /// let evens: Arc<[u8]> = (0..10).filter(|&x| x % 2 == 0).collect();
3844 /// # assert_eq!(&*evens, &[0, 2, 4, 6, 8]);
3845 /// ```
3846 ///
3847 /// this behaves as if we wrote:
3848 ///
3849 /// ```rust
3850 /// # use std::sync::Arc;
3851 /// let evens: Arc<[u8]> = (0..10).filter(|&x| x % 2 == 0)
3852 /// .collect::<Vec<_>>() // The first set of allocations happens here.
3853 /// .into(); // A second allocation for `Arc<[T]>` happens here.
3854 /// # assert_eq!(&*evens, &[0, 2, 4, 6, 8]);
3855 /// ```
3856 ///
3857 /// This will allocate as many times as needed for constructing the `Vec<T>`
3858 /// and then it will allocate once for turning the `Vec<T>` into the `Arc<[T]>`.
3859 ///
3860 /// ## Iterators of known length
3861 ///
3862 /// When your `Iterator` implements `TrustedLen` and is of an exact size,
3863 /// a single allocation will be made for the `Arc<[T]>`. For example:
3864 ///
3865 /// ```rust
3866 /// # use std::sync::Arc;
3867 /// let evens: Arc<[u8]> = (0..10).collect(); // Just a single allocation happens here.
3868 /// # assert_eq!(&*evens, &*(0..10).collect::<Vec<_>>());
3869 /// ```
3870 fn from_iter<I: IntoIterator<Item = T>>(iter: I) -> Self {
3871 ToArcSlice::to_arc_slice(iter.into_iter())
3872 }
3873}
3874
3875#[cfg(not(no_global_oom_handling))]
3876/// Specialization trait used for collecting into `Arc<[T]>`.
3877trait ToArcSlice<T>: Iterator<Item = T> + Sized {
3878 fn to_arc_slice(self) -> Arc<[T]>;
3879}
3880
3881#[cfg(not(no_global_oom_handling))]
3882impl<T, I: Iterator<Item = T>> ToArcSlice<T> for I {
3883 default fn to_arc_slice(self) -> Arc<[T]> {
3884 self.collect::<Vec<T>>().into()
3885 }
3886}
3887
3888#[cfg(not(no_global_oom_handling))]
3889impl<T, I: iter::TrustedLen<Item = T>> ToArcSlice<T> for I {
3890 fn to_arc_slice(self) -> Arc<[T]> {
3891 // This is the case for a `TrustedLen` iterator.
3892 let (low, high) = self.size_hint();
3893 if let Some(high) = high {
3894 debug_assert_eq!(
3895 low,
3896 high,
3897 "TrustedLen iterator's size hint is not exact: {:?}",
3898 (low, high)
3899 );
3900
3901 unsafe {
3902 // SAFETY: We need to ensure that the iterator has an exact length and we have.
3903 Arc::from_iter_exact(self, low)
3904 }
3905 } else {
3906 // TrustedLen contract guarantees that `upper_bound == None` implies an iterator
3907 // length exceeding `usize::MAX`.
3908 // The default implementation would collect into a vec which would panic.
3909 // Thus we panic here immediately without invoking `Vec` code.
3910 panic!("capacity overflow");
3911 }
3912 }
3913}
3914
3915#[stable(feature = "rust1", since = "1.0.0")]
3916impl<T: ?Sized, A: Allocator> borrow::Borrow<T> for Arc<T, A> {
3917 fn borrow(&self) -> &T {
3918 &**self
3919 }
3920}
3921
3922#[stable(since = "1.5.0", feature = "smart_ptr_as_ref")]
3923impl<T: ?Sized, A: Allocator> AsRef<T> for Arc<T, A> {
3924 fn as_ref(&self) -> &T {
3925 &**self
3926 }
3927}
3928
3929#[stable(feature = "pin", since = "1.33.0")]
3930impl<T: ?Sized, A: Allocator> Unpin for Arc<T, A> {}
3931
3932/// Gets the offset within an `ArcInner` for the payload behind a pointer.
3933///
3934/// # Safety
3935///
3936/// The pointer must point to (and have valid metadata for) a previously
3937/// valid instance of T, but the T is allowed to be dropped.
3938unsafe fn data_offset<T: ?Sized>(ptr: *const T) -> usize {
3939 // Align the unsized value to the end of the ArcInner.
3940 // Because RcInner is repr(C), it will always be the last field in memory.
3941 // SAFETY: since the only unsized types possible are slices, trait objects,
3942 // and extern types, the input safety requirement is currently enough to
3943 // satisfy the requirements of align_of_val_raw; this is an implementation
3944 // detail of the language that must not be relied upon outside of std.
3945 unsafe { data_offset_align(align_of_val_raw(ptr)) }
3946}
3947
3948#[inline]
3949fn data_offset_align(align: usize) -> usize {
3950 let layout = Layout::new::<ArcInner<()>>();
3951 layout.size() + layout.padding_needed_for(align)
3952}
3953
3954/// A unique owning pointer to an [`ArcInner`] **that does not imply the contents are initialized,**
3955/// but will deallocate it (without dropping the value) when dropped.
3956///
3957/// This is a helper for [`Arc::make_mut()`] to ensure correct cleanup on panic.
3958#[cfg(not(no_global_oom_handling))]
3959struct UniqueArcUninit<T: ?Sized, A: Allocator> {
3960 ptr: NonNull<ArcInner<T>>,
3961 layout_for_value: Layout,
3962 alloc: Option<A>,
3963}
3964
3965#[cfg(not(no_global_oom_handling))]
3966impl<T: ?Sized, A: Allocator> UniqueArcUninit<T, A> {
3967 /// Allocates an ArcInner with layout suitable to contain `for_value` or a clone of it.
3968 fn new(for_value: &T, alloc: A) -> UniqueArcUninit<T, A> {
3969 let layout = Layout::for_value(for_value);
3970 let ptr = unsafe {
3971 Arc::allocate_for_layout(
3972 layout,
3973 |layout_for_arcinner| alloc.allocate(layout_for_arcinner),
3974 |mem| mem.with_metadata_of(ptr::from_ref(for_value) as *const ArcInner<T>),
3975 )
3976 };
3977 Self { ptr: NonNull::new(ptr).unwrap(), layout_for_value: layout, alloc: Some(alloc) }
3978 }
3979
3980 /// Returns the pointer to be written into to initialize the [`Arc`].
3981 fn data_ptr(&mut self) -> *mut T {
3982 let offset = data_offset_align(self.layout_for_value.align());
3983 unsafe { self.ptr.as_ptr().byte_add(offset) as *mut T }
3984 }
3985
3986 /// Upgrade this into a normal [`Arc`].
3987 ///
3988 /// # Safety
3989 ///
3990 /// The data must have been initialized (by writing to [`Self::data_ptr()`]).
3991 unsafe fn into_arc(self) -> Arc<T, A> {
3992 let mut this = ManuallyDrop::new(self);
3993 let ptr = this.ptr.as_ptr();
3994 let alloc = this.alloc.take().unwrap();
3995
3996 // SAFETY: The pointer is valid as per `UniqueArcUninit::new`, and the caller is responsible
3997 // for having initialized the data.
3998 unsafe { Arc::from_ptr_in(ptr, alloc) }
3999 }
4000}
4001
4002#[cfg(not(no_global_oom_handling))]
4003impl<T: ?Sized, A: Allocator> Drop for UniqueArcUninit<T, A> {
4004 fn drop(&mut self) {
4005 // SAFETY:
4006 // * new() produced a pointer safe to deallocate.
4007 // * We own the pointer unless into_arc() was called, which forgets us.
4008 unsafe {
4009 self.alloc.take().unwrap().deallocate(
4010 self.ptr.cast(),
4011 arcinner_layout_for_value_layout(self.layout_for_value),
4012 );
4013 }
4014 }
4015}
4016
4017#[stable(feature = "arc_error", since = "1.52.0")]
4018impl<T: core::error::Error + ?Sized> core::error::Error for Arc<T> {
4019 #[allow(deprecated, deprecated_in_future)]
4020 fn description(&self) -> &str {
4021 core::error::Error::description(&**self)
4022 }
4023
4024 #[allow(deprecated)]
4025 fn cause(&self) -> Option<&dyn core::error::Error> {
4026 core::error::Error::cause(&**self)
4027 }
4028
4029 fn source(&self) -> Option<&(dyn core::error::Error + 'static)> {
4030 core::error::Error::source(&**self)
4031 }
4032
4033 fn provide<'a>(&'a self, req: &mut core::error::Request<'a>) {
4034 core::error::Error::provide(&**self, req);
4035 }
4036}