Implement pin!() using super let.

2025-03-27 18:30:51 +01:00 · 2025-03-27 18:30:51 +01:00 · 1dd77cd24a
commit 1dd77cd24a
parent 58c2dd9a54
7 changed files with 36 additions and 158 deletions
--- a/compiler/rustc_span/src/symbol.rs
+++ b/compiler/rustc_span/src/symbol.rs
@ -2215,7 +2215,6 @@ symbols! {
        unsafe_extern_blocks,
        unsafe_fields,
        unsafe_no_drop_flag,
        unsafe_pin_internals,
        unsafe_pinned,
        unsafe_unpin,
        unsize,
--- a/library/core/src/pin.rs
+++ b/library/core/src/pin.rs
@ -1092,24 +1092,15 @@ pub use self::unsafe_pinned::UnsafePinned;
 #[rustc_pub_transparent]
 #[derive(Copy, Clone)]
 pub struct Pin<Ptr> {
-    // FIXME(#93176): this field is made `#[unstable] #[doc(hidden)] pub` to:
+    /// Only public for bootstrap.
-    //   - deter downstream users from accessing it (which would be unsound!),
+    #[cfg(bootstrap)]
-    //   - let the `pin!` macro access it (such a macro requires using struct
+    pub pointer: Ptr,
-    //     literal syntax in order to benefit from lifetime extension).
+    #[cfg(not(bootstrap))]
-    //
+    pointer: Ptr,
    // However, if the `Deref` impl exposes a field with the same name as this
    // field, then the two will collide, resulting in a confusing error when the
    // user attempts to access the field through a `Pin<Ptr>`. Therefore, the
    // name `__pointer` is designed to be unlikely to collide with any other
    // field. Long-term, macro hygiene is expected to offer a more robust
    // alternative, alongside `unsafe` fields.
    #[unstable(feature = "unsafe_pin_internals", issue = "none")]
    #[doc(hidden)]
    pub __pointer: Ptr,
 }
 // The following implementations aren't derived in order to avoid soundness
-// issues. `&self.__pointer` should not be accessible to untrusted trait
+// issues. `&self.pointer` should not be accessible to untrusted trait
 // implementations.
 //
 // See <https://internals.rust-lang.org/t/unsoundness-in-pin/11311/73> for more details.
@ -1223,7 +1214,7 @@ impl<Ptr: Deref<Target: Unpin>> Pin<Ptr> {
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    #[stable(feature = "pin_into_inner", since = "1.39.0")]
    pub const fn into_inner(pin: Pin<Ptr>) -> Ptr {
-        pin.__pointer
+        pin.pointer
    }
 }
@ -1360,7 +1351,7 @@ impl<Ptr: Deref> Pin<Ptr> {
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    #[stable(feature = "pin", since = "1.33.0")]
    pub const unsafe fn new_unchecked(pointer: Ptr) -> Pin<Ptr> {
-        Pin { __pointer: pointer }
+        Pin { pointer }
    }
    /// Gets a shared reference to the pinned value this [`Pin`] points to.
@ -1374,7 +1365,7 @@ impl<Ptr: Deref> Pin<Ptr> {
    #[inline(always)]
    pub fn as_ref(&self) -> Pin<&Ptr::Target> {
        // SAFETY: see documentation on this function
-        unsafe { Pin::new_unchecked(&*self.__pointer) }
+        unsafe { Pin::new_unchecked(&*self.pointer) }
    }
 }
@ -1418,7 +1409,7 @@ impl<Ptr: DerefMut> Pin<Ptr> {
    #[inline(always)]
    pub fn as_mut(&mut self) -> Pin<&mut Ptr::Target> {
        // SAFETY: see documentation on this function
-        unsafe { Pin::new_unchecked(&mut *self.__pointer) }
+        unsafe { Pin::new_unchecked(&mut *self.pointer) }
    }
    /// Gets `Pin<&mut T>` to the underlying pinned value from this nested `Pin`-pointer.
@ -1485,7 +1476,7 @@ impl<Ptr: DerefMut> Pin<Ptr> {
    where
        Ptr::Target: Sized,
    {
-        *(self.__pointer) = value;
+        *(self.pointer) = value;
    }
 }
@ -1513,7 +1504,7 @@ impl<Ptr: Deref> Pin<Ptr> {
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    #[stable(feature = "pin_into_inner", since = "1.39.0")]
    pub const unsafe fn into_inner_unchecked(pin: Pin<Ptr>) -> Ptr {
-        pin.__pointer
+        pin.pointer
    }
 }
@ -1539,7 +1530,7 @@ impl<'a, T: ?Sized> Pin<&'a T> {
        U: ?Sized,
        F: FnOnce(&T) -> &U,
    {
-        let pointer = &*self.__pointer;
+        let pointer = &*self.pointer;
        let new_pointer = func(pointer);
        // SAFETY: the safety contract for `new_unchecked` must be
@ -1569,7 +1560,7 @@ impl<'a, T: ?Sized> Pin<&'a T> {
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    #[stable(feature = "pin", since = "1.33.0")]
    pub const fn get_ref(self) -> &'a T {
-        self.__pointer
+        self.pointer
    }
 }
@ -1580,7 +1571,7 @@ impl<'a, T: ?Sized> Pin<&'a mut T> {
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    #[stable(feature = "pin", since = "1.33.0")]
    pub const fn into_ref(self) -> Pin<&'a T> {
-        Pin { __pointer: self.__pointer }
+        Pin { pointer: self.pointer }
    }
    /// Gets a mutable reference to the data inside of this `Pin`.
@ -1600,7 +1591,7 @@ impl<'a, T: ?Sized> Pin<&'a mut T> {
    where
        T: Unpin,
    {
-        self.__pointer
+        self.pointer
    }
    /// Gets a mutable reference to the data inside of this `Pin`.
@ -1618,7 +1609,7 @@ impl<'a, T: ?Sized> Pin<&'a mut T> {
    #[stable(feature = "pin", since = "1.33.0")]
    #[rustc_const_stable(feature = "const_pin", since = "1.84.0")]
    pub const unsafe fn get_unchecked_mut(self) -> &'a mut T {
-        self.__pointer
+        self.pointer
    }
    /// Constructs a new pin by mapping the interior value.
@ -1705,21 +1696,21 @@ impl<Ptr: LegacyReceiver> LegacyReceiver for Pin<Ptr> {}
 #[stable(feature = "pin", since = "1.33.0")]
 impl<Ptr: fmt::Debug> fmt::Debug for Pin<Ptr> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        fmt::Debug::fmt(&self.__pointer, f)
+        fmt::Debug::fmt(&self.pointer, f)
    }
 }
 #[stable(feature = "pin", since = "1.33.0")]
 impl<Ptr: fmt::Display> fmt::Display for Pin<Ptr> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        fmt::Display::fmt(&self.__pointer, f)
+        fmt::Display::fmt(&self.pointer, f)
    }
 }
 #[stable(feature = "pin", since = "1.33.0")]
 impl<Ptr: fmt::Pointer> fmt::Pointer for Pin<Ptr> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        fmt::Pointer::fmt(&self.__pointer, f)
+        fmt::Pointer::fmt(&self.pointer, f)
    }
 }
@ -1945,80 +1936,22 @@ unsafe impl<T: ?Sized> PinCoerceUnsized for *mut T {}
 /// constructor.
 ///
 /// [`Box::pin`]: ../../std/boxed/struct.Box.html#method.pin
 #[cfg(not(bootstrap))]
 #[stable(feature = "pin_macro", since = "1.68.0")]
 #[rustc_macro_transparency = "semitransparent"]
-#[allow_internal_unstable(unsafe_pin_internals)]
+#[allow_internal_unstable(super_let)]
 #[rustc_macro_edition_2021]
 pub macro pin($value:expr $(,)?) {
-    // This is `Pin::new_unchecked(&mut { $value })`, so, for starters, let's
+    {
-    // review such a hypothetical macro (that any user-code could define):
+        super let mut pinned = $value;
-    //
+        // SAFETY: The value is pinned: it is the local above which cannot be named outside this macro.
-    // ```rust
+        unsafe { $crate::pin::Pin::new_unchecked(&mut pinned) }
-    // macro_rules! pin {( $value:expr ) => (
+    }
-    //     match &mut { $value } { at_value => unsafe { // Do not wrap `$value` in an `unsafe` block.
+}
-    //         $crate::pin::Pin::<&mut _>::new_unchecked(at_value)
+
-    //     }}
+/// Only for bootstrap.
-    // )}
+#[cfg(bootstrap)]
-    // ```
+#[stable(feature = "pin_macro", since = "1.68.0")]
-    //
+#[rustc_macro_transparency = "semitransparent"]
-    // Safety:
+pub macro pin($value:expr $(,)?) {
-    //   - `type P = &mut _`. There are thus no pathological `Deref{,Mut}` impls
+    $crate::pin::Pin::<&mut _> { pointer: &mut { $value } }
    //     that would break `Pin`'s invariants.
    //   - `{ $value }` is braced, making it a _block expression_, thus **moving**
    //     the given `$value`, and making it _become an **anonymous** temporary_.
    //     By virtue of being anonymous, it can no longer be accessed, thus
    //     preventing any attempts to `mem::replace` it or `mem::forget` it, _etc._
    //
    // This gives us a `pin!` definition that is sound, and which works, but only
    // in certain scenarios:
    //   - If the `pin!(value)` expression is _directly_ fed to a function call:
    //     `let poll = pin!(fut).poll(cx);`
    //   - If the `pin!(value)` expression is part of a scrutinee:
    //     ```rust
    //     match pin!(fut) { pinned_fut => {
    //         pinned_fut.as_mut().poll(...);
    //         pinned_fut.as_mut().poll(...);
    //     }} // <- `fut` is dropped here.
    //     ```
    // Alas, it doesn't work for the more straight-forward use-case: `let` bindings.
    // ```rust
    // let pinned_fut = pin!(fut); // <- temporary value is freed at the end of this statement
    // pinned_fut.poll(...) // error[E0716]: temporary value dropped while borrowed
    //                      // note: consider using a `let` binding to create a longer lived value
    // ```
    //   - Issues such as this one are the ones motivating https://github.com/rust-lang/rfcs/pull/66
    //
    // This makes such a macro incredibly unergonomic in practice, and the reason most macros
    // out there had to take the path of being a statement/binding macro (_e.g._, `pin!(future);`)
    // instead of featuring the more intuitive ergonomics of an expression macro.
    //
    // Luckily, there is a way to avoid the problem. Indeed, the problem stems from the fact that a
    // temporary is dropped at the end of its enclosing statement when it is part of the parameters
    // given to function call, which has precisely been the case with our `Pin::new_unchecked()`!
    // For instance,
    // ```rust
    // let p = Pin::new_unchecked(&mut <temporary>);
    // ```
    // becomes:
    // ```rust
    // let p = { let mut anon = <temporary>; &mut anon };
    // ```
    //
    // However, when using a literal braced struct to construct the value, references to temporaries
    // can then be taken. This makes Rust change the lifespan of such temporaries so that they are,
    // instead, dropped _at the end of the enscoping block_.
    // For instance,
    // ```rust
    // let p = Pin { __pointer: &mut <temporary> };
    // ```
    // becomes:
    // ```rust
    // let mut anon = <temporary>;
    // let p = Pin { __pointer: &mut anon };
    // ```
    // which is *exactly* what we want.
    //
    // See https://doc.rust-lang.org/1.58.1/reference/destructors.html#temporary-lifetime-extension
    // for more info.
    $crate::pin::Pin::<&mut _> { __pointer: &mut { $value } }
 }
--- a/library/coretests/tests/pin_macro.rs
+++ b/library/coretests/tests/pin_macro.rs
@ -38,6 +38,7 @@ fn rust_2024_expr() {
 }
 #[test]
 #[cfg(not(bootstrap))]
 fn temp_lifetime() {
    // Check that temporary lifetimes work as in Rust 2021.
    // Regression test for https://github.com/rust-lang/rust/issues/138596
--- a/tests/ui/feature-gates/feature-gate-unsafe_pin_internals.rs
+++ b/tests/ui/feature-gates/feature-gate-unsafe_pin_internals.rs
@ -1,16 +0,0 @@
 //@ edition:2018
 #![forbid(internal_features, unsafe_code)]
 #![feature(unsafe_pin_internals)]
 //~^ ERROR the feature `unsafe_pin_internals` is internal to the compiler or standard library
 use core::{marker::PhantomPinned, pin::Pin};
 /// The `unsafe_pin_internals` is indeed unsound.
 fn non_unsafe_pin_new_unchecked<T>(pointer: &mut T) -> Pin<&mut T> {
    Pin { __pointer: pointer }
 }
 fn main() {
    let mut self_referential = PhantomPinned;
    let _: Pin<&mut PhantomPinned> = non_unsafe_pin_new_unchecked(&mut self_referential);
 }
--- a/tests/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr
+++ b/tests/ui/feature-gates/feature-gate-unsafe_pin_internals.stderr
@ -1,15 +0,0 @@
 error: the feature `unsafe_pin_internals` is internal to the compiler or standard library
  --> $DIR/feature-gate-unsafe_pin_internals.rs:3:12
   |
 LL | #![feature(unsafe_pin_internals)]
   |            ^^^^^^^^^^^^^^^^^^^^
   |
   = note: using it is strongly discouraged
 note: the lint level is defined here
  --> $DIR/feature-gate-unsafe_pin_internals.rs:2:11
   |
 LL | #![forbid(internal_features, unsafe_code)]
   |           ^^^^^^^^^^^^^^^^^
 error: aborting due to 1 previous error
--- a/tests/ui/pin-macro/cant_access_internals.rs
+++ b/tests/ui/pin-macro/cant_access_internals.rs
@ -1,12 +0,0 @@
 //@ edition:2018
 use core::{
    marker::PhantomPinned,
    mem,
    pin::{pin, Pin},
 };
 fn main() {
    let mut phantom_pinned = pin!(PhantomPinned);
    mem::take(phantom_pinned.__pointer); //~ ERROR use of unstable library feature `unsafe_pin_internals`
 }
--- a/tests/ui/pin-macro/cant_access_internals.stderr
+++ b/tests/ui/pin-macro/cant_access_internals.stderr
@ -1,12 +0,0 @@
 error[E0658]: use of unstable library feature `unsafe_pin_internals`
  --> $DIR/cant_access_internals.rs:11:15
   |
 LL |     mem::take(phantom_pinned.__pointer);
   |               ^^^^^^^^^^^^^^^^^^^^^^^^
   |
   = help: add `#![feature(unsafe_pin_internals)]` to the crate attributes to enable
   = note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date
 error: aborting due to 1 previous error
 For more information about this error, try `rustc --explain E0658`.