diff options
| author | Iain Buclaw <ibuclaw@gdcproject.org> | 2022-10-29 09:05:54 +0200 |
|---|---|---|
| committer | Iain Buclaw <ibuclaw@gdcproject.org> | 2022-10-29 13:02:26 +0200 |
| commit | 7e7ebe3e350fde90fe49ab41ce3b92a811bb6370 (patch) | |
| tree | be7a6dd9ae43a807ff7107d51ed03069a4a336f2 /libphobos/src | |
| parent | cfd85418051e8413e84ae7011cb5cb99cd8e337c (diff) | |
| download | gcc-7e7ebe3e350fde90fe49ab41ce3b92a811bb6370.zip gcc-7e7ebe3e350fde90fe49ab41ce3b92a811bb6370.tar.gz gcc-7e7ebe3e350fde90fe49ab41ce3b92a811bb6370.tar.bz2 | |
d: Merge upstream dmd, druntime e4f8919591, phobos 3ad507b51.
D front-end changes:
- Import dmd v2.101.0-beta.1.
- Add predefined version `D_Optimized' when compiling with `-O'.
- Shortened method syntax (DIP1043) is now enabled by default.
- Array literals assigned to `scope' array variables are now
allocated on the stack.
- Implement `@system' variables (DIP1035), available behind the
preview feature flag `-fpreview=systemvariables'.
D runtime changes:
- Import druntime v2.101.0-beta.1.
Phobos changes:
- Import phobos v2.101.0-beta.1.
- Added `std.typecons.SafeRefCounted', that can be used in `@safe'
code with `-fpreview=dip1000'.
gcc/d/ChangeLog:
* d-attribs.cc (apply_user_attributes): Update for new front-end
interface.
* d-builtins.cc (d_init_versions): Predefine `D_Optimized' with
compiling with optimizations enabled.
* d-lang.cc (d_handle_option): Update for new front-end interface.
Handle new option `-fpreview=systemvariables'.
* dmd/MERGE: Merge upstream dmd e4f8919591.
* dmd/VERSION: Bump version to v2.101.0-beta.1.
* expr.cc (ExprVisitor::visit (AssignExp *)): Treat construction of
static arrays from a call expression as a simple assignment.
(ExprVisitor::visit (ArrayLiteralExp *)): Handle array literals with
`scope' storage.
* gdc.texi: Update documentation of `-fpreview=' options.
* lang.opt (fpreview=shortenedmethods): Remove.
(fpreview=systemvariables): New option.
libphobos/ChangeLog:
* libdruntime/MERGE: Merge upstream druntime e4f8919591.
* src/MERGE: Merge upstream phobos 3ad507b51.
gcc/testsuite/ChangeLog:
* gdc.dg/simd19630.d: Move tests with errors to ...
* gdc.dg/simd19630b.d: ... here. New test.
* gdc.dg/simd19630c.d: New test.
* gdc.dg/simd_ctfe.d: Removed.
* gdc.dg/simd18867.d: New test.
* gdc.dg/simd19788.d: New test.
* gdc.dg/simd21469.d: New test.
* gdc.dg/simd21672.d: New test.
* gdc.dg/simd23077.d: New test.
* gdc.dg/simd23084.d: New test.
* gdc.dg/simd23085.d: New test.
* gdc.dg/torture/simd19632.d: New test.
* gdc.dg/torture/simd20041.d: New test.
* gdc.dg/torture/simd21673.d: New test.
* gdc.dg/torture/simd21676.d: New test.
* gdc.dg/torture/simd22438.d: New test.
* gdc.dg/torture/simd23009.d: New test.
* gdc.dg/torture/simd23077.d: New test.
* gdc.dg/torture/simd8.d: New test.
* gdc.dg/torture/simd9.d: New test.
* gdc.dg/torture/simd_prefetch.d: New test.
Diffstat (limited to 'libphobos/src')
| -rw-r--r-- | libphobos/src/MERGE | 2 | ||||
| -rw-r--r-- | libphobos/src/std/algorithm/iteration.d | 25 | ||||
| -rw-r--r-- | libphobos/src/std/algorithm/mutation.d | 1 | ||||
| -rw-r--r-- | libphobos/src/std/array.d | 3 | ||||
| -rw-r--r-- | libphobos/src/std/ascii.d | 6 | ||||
| -rw-r--r-- | libphobos/src/std/base64.d | 4 | ||||
| -rw-r--r-- | libphobos/src/std/bitmanip.d | 98 | ||||
| -rw-r--r-- | libphobos/src/std/container/binaryheap.d | 2 | ||||
| -rw-r--r-- | libphobos/src/std/digest/murmurhash.d | 10 | ||||
| -rw-r--r-- | libphobos/src/std/exception.d | 203 | ||||
| -rw-r--r-- | libphobos/src/std/experimental/allocator/common.d | 20 | ||||
| -rw-r--r-- | libphobos/src/std/file.d | 55 | ||||
| -rw-r--r-- | libphobos/src/std/format/internal/write.d | 40 | ||||
| -rw-r--r-- | libphobos/src/std/internal/windows/advapi32.d | 4 | ||||
| -rw-r--r-- | libphobos/src/std/json.d | 3 | ||||
| -rw-r--r-- | libphobos/src/std/net/curl.d | 2 | ||||
| -rw-r--r-- | libphobos/src/std/random.d | 24 | ||||
| -rw-r--r-- | libphobos/src/std/stdio.d | 6 | ||||
| -rw-r--r-- | libphobos/src/std/string.d | 1 | ||||
| -rw-r--r-- | libphobos/src/std/traits.d | 8 | ||||
| -rw-r--r-- | libphobos/src/std/typecons.d | 790 | ||||
| -rw-r--r-- | libphobos/src/std/uni/package.d | 11 |
22 files changed, 971 insertions, 347 deletions
diff --git a/libphobos/src/MERGE b/libphobos/src/MERGE index 4d63826..d02f72d 100644 --- a/libphobos/src/MERGE +++ b/libphobos/src/MERGE @@ -1,4 +1,4 @@ -88aa69b14f8a28255a0ac7626f6509a13cfdb67a +3ad507b5125573c5b47736a0913105bfb1249746 The first line of this file holds the git revision number of the last merge done from the dlang/phobos repository. diff --git a/libphobos/src/std/algorithm/iteration.d b/libphobos/src/std/algorithm/iteration.d index 39eff0d..9a365d5 100644 --- a/libphobos/src/std/algorithm/iteration.d +++ b/libphobos/src/std/algorithm/iteration.d @@ -7926,7 +7926,13 @@ if (isRandomAccessRange!Range && hasLength!Range) _indices = iota(size_t(r.length)).array; _empty = r.length == 0; } - + private this(size_t[] indices, size_t[] state, Range r, bool empty_) + { + _indices = indices; + _state = state; + _r = r; + _empty = empty_; + } /// Returns: `true` if the range is empty, `false` otherwise. @property bool empty() const pure nothrow @safe @nogc { @@ -7967,6 +7973,11 @@ if (isRandomAccessRange!Range && hasLength!Range) next(2); } + /// Returns: an independent copy of the permutations range. + auto save() + { + return typeof(this)(_indices.dup, _state.dup, _r.save, _empty); + } } /// @@ -7982,3 +7993,15 @@ if (isRandomAccessRange!Range && hasLength!Range) [1, 2, 0], [2, 1, 0]])); } + +@safe unittest +{ + import std.algorithm.comparison : equal; + import std.range : ElementType; + import std.array : array; + auto p = [1, 2, 3].permutations; + auto x = p.save.front; + p.popFront; + auto y = p.front; + assert(x != y); +} diff --git a/libphobos/src/std/algorithm/mutation.d b/libphobos/src/std/algorithm/mutation.d index b0e7707..839183d 100644 --- a/libphobos/src/std/algorithm/mutation.d +++ b/libphobos/src/std/algorithm/mutation.d @@ -1943,6 +1943,7 @@ if (Offset.length >= 1 && allSatisfy!(isValidIntegralTuple, Offset)) return removeImpl!s(range, offset); } +/// ditto deprecated("Use of non-integral tuples is deprecated. Use remove(tuple(start, end).") Range remove (SwapStrategy s = SwapStrategy.stable, Range, Offset ...) diff --git a/libphobos/src/std/array.d b/libphobos/src/std/array.d index f48602e..3e88200 100644 --- a/libphobos/src/std/array.d +++ b/libphobos/src/std/array.d @@ -586,7 +586,7 @@ if (isInputRange!Range) static assert(isMutable!ValueType, "assocArray: value type must be mutable"); ValueType[KeyType] aa; - foreach (t; r) + foreach (ref t; r) aa[t[0]] = t[1]; return aa; } @@ -4676,6 +4676,7 @@ nothrow pure @safe @nogc unittest assert(a == [0, 1]); } +/// ditto pragma(inline, true) U[n] staticArray(U, T, size_t n)(auto ref T[n] a) if (!is(T == U) && is(T : U)) { diff --git a/libphobos/src/std/ascii.d b/libphobos/src/std/ascii.d index 3b6face..367c981 100644 --- a/libphobos/src/std/ascii.d +++ b/libphobos/src/std/ascii.d @@ -187,7 +187,8 @@ else +/ bool isAlphaNum(dchar c) @safe pure nothrow @nogc { - return c <= 'z' && c >= '0' && (c <= '9' || c >= 'a' || (c >= 'A' && c <= 'Z')); + const hc = c | 0x20; + return ('0' <= c && c <= '9') || ('a' <= hc && hc <= 'z'); } /// @@ -377,7 +378,8 @@ bool isOctalDigit(dchar c) @safe pure nothrow @nogc +/ bool isHexDigit(dchar c) @safe pure nothrow @nogc { - return c <= 'f' && c >= '0' && (c <= '9' || c >= 'a' || (c >= 'A' && c <= 'F')); + const hc = c | 0x20; + return ('0' <= c && c <= '9') || ('a' <= hc && hc <= 'f'); } /// diff --git a/libphobos/src/std/base64.d b/libphobos/src/std/base64.d index d971dba..2f7213b 100644 --- a/libphobos/src/std/base64.d +++ b/libphobos/src/std/base64.d @@ -922,7 +922,7 @@ template Base64Impl(char Map62th, char Map63th, char Padding = '=') * length $(D_PARAM sourceLength). */ @safe - pure nothrow size_t decodeLength(in size_t sourceLength) + pure @nogc nothrow size_t decodeLength(in size_t sourceLength) { static if (Padding == NoPadding) return (sourceLength / 4) * 3 + (sourceLength % 4 < 2 ? 0 : sourceLength % 4 == 2 ? 1 : 2); @@ -946,7 +946,7 @@ template Base64Impl(char Map62th, char Map63th, char Padding = '=') // Used in decode contracts. Calculates the actual size the decoded // result should have, taking into account trailing padding. @safe - pure nothrow private size_t realDecodeLength(R)(R source) + pure @nogc nothrow private size_t realDecodeLength(R)(R source) { auto expect = decodeLength(source.length); static if (Padding != NoPadding) diff --git a/libphobos/src/std/bitmanip.d b/libphobos/src/std/bitmanip.d index de2e0fb..f131257 100644 --- a/libphobos/src/std/bitmanip.d +++ b/libphobos/src/std/bitmanip.d @@ -784,48 +784,6 @@ if (is(T == class)) static assert(!__traits(compiles, bar(s))); } -/** - Allows manipulating the fraction, exponent, and sign parts of a - `float` separately. The definition is: - ----- -struct FloatRep -{ - union - { - float value; - mixin(bitfields!( - uint, "fraction", 23, - ubyte, "exponent", 8, - bool, "sign", 1)); - } - enum uint bias = 127, fractionBits = 23, exponentBits = 8, signBits = 1; -} ----- -*/ -alias FloatRep = FloatingPointRepresentation!float; - -/** - Allows manipulating the fraction, exponent, and sign parts of a - `double` separately. The definition is: - ----- -struct DoubleRep -{ - union - { - double value; - mixin(bitfields!( - ulong, "fraction", 52, - ushort, "exponent", 11, - bool, "sign", 1)); - } - enum uint bias = 1023, signBits = 1, fractionBits = 52, exponentBits = 11; -} ----- -*/ -alias DoubleRep = FloatingPointRepresentation!double; - private struct FloatingPointRepresentation(T) { static if (is(T == float)) @@ -851,6 +809,27 @@ private struct FloatingPointRepresentation(T) } } +/** + Allows manipulating the fraction, exponent, and sign parts of a + `float` separately. The definition is: + +---- +struct FloatRep +{ + union + { + float value; + mixin(bitfields!( + uint, "fraction", 23, + ubyte, "exponent", 8, + bool, "sign", 1)); + } + enum uint bias = 127, fractionBits = 23, exponentBits = 8, signBits = 1; +} +---- +*/ +alias FloatRep = FloatingPointRepresentation!float; + /// @safe unittest { @@ -899,6 +878,27 @@ private struct FloatingPointRepresentation(T) assert(rep.sign); } +/** + Allows manipulating the fraction, exponent, and sign parts of a + `double` separately. The definition is: + +---- +struct DoubleRep +{ + union + { + double value; + mixin(bitfields!( + ulong, "fraction", 52, + ushort, "exponent", 11, + bool, "sign", 1)); + } + enum uint bias = 1023, signBits = 1, fractionBits = 52, exponentBits = 11; +} +---- +*/ +alias DoubleRep = FloatingPointRepresentation!double; + /// @safe unittest { @@ -986,17 +986,17 @@ private: size_t* _ptr; enum bitsPerSizeT = size_t.sizeof * 8; - @property size_t fullWords() const @nogc pure nothrow + @property size_t fullWords() const scope @safe @nogc pure nothrow { return _len / bitsPerSizeT; } // Number of bits after the last full word - @property size_t endBits() const @nogc pure nothrow + @property size_t endBits() const scope @safe @nogc pure nothrow { return _len % bitsPerSizeT; } // Bit mask to extract the bits after the last full word - @property size_t endMask() const @nogc pure nothrow + @property size_t endMask() const scope @safe @nogc pure nothrow { return (size_t(1) << endBits) - 1; } @@ -1440,15 +1440,15 @@ public: /********************************************** * Counts all the set bits in the `BitArray` */ - size_t count() const @nogc pure nothrow + size_t count() const scope @safe @nogc pure nothrow { if (_ptr) { size_t bitCount; foreach (i; 0 .. fullWords) - bitCount += countBitsSet(_ptr[i]); + bitCount += (() @trusted => countBitsSet(_ptr[i]))(); if (endBits) - bitCount += countBitsSet(_ptr[fullWords] & endMask); + bitCount += (() @trusted => countBitsSet(_ptr[fullWords] & endMask))(); return bitCount; } else @@ -4544,7 +4544,7 @@ if (canSwapEndianness!T && isOutputRange!(R, ubyte)) Counts the number of set bits in the binary representation of `value`. For signed integers, the sign bit is included in the count. */ -private uint countBitsSet(T)(const T value) @nogc pure nothrow +private uint countBitsSet(T)(const T value) if (isIntegral!T) { static if (T.sizeof == 8) diff --git a/libphobos/src/std/container/binaryheap.d b/libphobos/src/std/container/binaryheap.d index e763357..723630c 100644 --- a/libphobos/src/std/container/binaryheap.d +++ b/libphobos/src/std/container/binaryheap.d @@ -89,6 +89,8 @@ if (isRandomAccessRange!(Store) || isRandomAccessRange!(typeof(Store.init[]))) Store _store; size_t _length; } + // TODO: migrate to use the SafeRefCounted. The problem is that some member + // functions here become @system with a naive switch. private RefCounted!(Data, RefCountedAutoInitialize.no) _payload; // Comparison predicate private alias comp = binaryFun!(less); diff --git a/libphobos/src/std/digest/murmurhash.d b/libphobos/src/std/digest/murmurhash.d index 533db92..b94042f 100644 --- a/libphobos/src/std/digest/murmurhash.d +++ b/libphobos/src/std/digest/murmurhash.d @@ -38,11 +38,6 @@ $(BR) $(LINK2 https://en.wikipedia.org/wiki/MurmurHash, Wikipedia) */ module std.digest.murmurhash; -version (X86) - version = HaveUnalignedLoads; -else version (X86_64) - version = HaveUnalignedLoads; - /// @safe unittest { @@ -97,6 +92,11 @@ else version (X86_64) assert(hashed == [188, 165, 108, 2]); } +version (X86) + version = HaveUnalignedLoads; +else version (X86_64) + version = HaveUnalignedLoads; + public import std.digest; @safe: diff --git a/libphobos/src/std/exception.d b/libphobos/src/std/exception.d index 94a2e7a..129c05d 100644 --- a/libphobos/src/std/exception.d +++ b/libphobos/src/std/exception.d @@ -799,108 +799,107 @@ enum emptyExceptionMsg = "<Empty Exception Message>"; } /** - * Casts a mutable array to an immutable array in an idiomatic - * manner. Technically, `assumeUnique` just inserts a cast, - * but its name documents assumptions on the part of the - * caller. `assumeUnique(arr)` should only be called when - * there are no more active mutable aliases to elements of $(D - * arr). To strengthen this assumption, `assumeUnique(arr)` - * also clears `arr` before returning. Essentially $(D - * assumeUnique(arr)) indicates commitment from the caller that there - * is no more mutable access to any of `arr`'s elements - * (transitively), and that all future accesses will be done through - * the immutable array returned by `assumeUnique`. - * - * Typically, `assumeUnique` is used to return arrays from - * functions that have allocated and built them. - * - * Params: - * array = The array to cast to immutable. - * - * Returns: The immutable array. - * - * Example: - * - * $(RUNNABLE_EXAMPLE - * ---- - * string letters() - * { - * char[] result = new char['z' - 'a' + 1]; - * foreach (i, ref e; result) - * { - * e = cast(char)('a' + i); - * } - * return assumeUnique(result); - * } - * ---- - * ) - * - * The use in the example above is correct because `result` - * was private to `letters` and is inaccessible in writing - * after the function returns. The following example shows an - * incorrect use of `assumeUnique`. - * - * Bad: - * - * $(RUNNABLE_EXAMPLE - * ---- - * private char[] buffer; - * string letters(char first, char last) - * { - * if (first >= last) return null; // fine - * auto sneaky = buffer; - * sneaky.length = last - first + 1; - * foreach (i, ref e; sneaky) - * { - * e = cast(char)('a' + i); - * } - * return assumeUnique(sneaky); // BAD - * } - * ---- - * ) - * - * The example above wreaks havoc on client code because it is - * modifying arrays that callers considered immutable. To obtain an - * immutable array from the writable array `buffer`, replace - * the last line with: - * - * ---- - * return to!(string)(sneaky); // not that sneaky anymore - * ---- - * - * The call will duplicate the array appropriately. - * - * Note that checking for uniqueness during compilation is - * possible in certain cases, especially when a function is - * marked as a pure function. The following example does not - * need to call assumeUnique because the compiler can infer the - * uniqueness of the array in the pure function: - * - * $(RUNNABLE_EXAMPLE - * ---- - * string letters() pure - * { - * char[] result = new char['z' - 'a' + 1]; - * foreach (i, ref e; result) - * { - * e = cast(char)('a' + i); - * } - * return result; - * } - * ---- - * ) - * - * For more on infering uniqueness see the $(B unique) and - * $(B lent) keywords in the - * $(HTTP www.cs.cmu.edu/~aldrich/papers/aldrich-dissertation.pdf, ArchJava) - * language. - * - * The downside of using `assumeUnique`'s - * convention-based usage is that at this time there is no - * formal checking of the correctness of the assumption; - * on the upside, the idiomatic use of `assumeUnique` is - * simple and rare enough to be tolerable. - * +Casts a mutable array to an immutable array in an idiomatic +manner. Technically, `assumeUnique` just inserts a cast, +but its name documents assumptions on the part of the +caller. `assumeUnique(arr)` should only be called when +there are no more active mutable aliases to elements of $(D +arr). To strengthen this assumption, `assumeUnique(arr)` +also clears `arr` before returning. Essentially $(D +assumeUnique(arr)) indicates commitment from the caller that there +is no more mutable access to any of `arr`'s elements +(transitively), and that all future accesses will be done through +the immutable array returned by `assumeUnique`. + +Typically, `assumeUnique` is used to return arrays from +functions that have allocated and built them. + +Params: + array = The array to cast to immutable. + +Returns: The immutable array. + +Example: + +$(RUNNABLE_EXAMPLE +---- +string letters() +{ + char[] result = new char['z' - 'a' + 1]; + foreach (i, ref e; result) + { + e = cast(char)('a' + i); + } + return assumeUnique(result); +} +---- +) + +The use in the example above is correct because `result` +was private to `letters` and is inaccessible in writing +after the function returns. The following example shows an +incorrect use of `assumeUnique`. + +Bad: + +$(RUNNABLE_EXAMPLE +---- +char[] buffer; +string letters(char first, char last) +{ + if (first >= last) return null; // fine + auto sneaky = buffer; + sneaky.length = last - first + 1; + foreach (i, ref e; sneaky) + { + e = cast(char)('a' + i); + } + return assumeUnique(sneaky); // BAD +} +---- +) + +The example above wreaks havoc on client code because it is +modifying arrays that callers considered immutable. To obtain an +immutable array from the writable array `buffer`, replace +the last line with: + +---- +return to!(string)(sneaky); // not that sneaky anymore +---- + +The call will duplicate the array appropriately. + +Note that checking for uniqueness during compilation is +possible in certain cases, especially when a function is +marked as a pure function. The following example does not +need to call `assumeUnique` because the compiler can infer the +uniqueness of the array in the pure function: + +$(RUNNABLE_EXAMPLE +---- +static string letters() pure +{ + char[] result = new char['z' - 'a' + 1]; + foreach (i, ref e; result) + { + e = cast(char)('a' + i); + } + return result; +} +---- +) + +For more on infering uniqueness see the $(B unique) and +$(B lent) keywords in the +$(HTTP www.cs.cmu.edu/~aldrich/papers/aldrich-dissertation.pdf, ArchJava) +language. + +The downside of using `assumeUnique`'s +convention-based usage is that at this time there is no +formal checking of the correctness of the assumption; +on the upside, the idiomatic use of `assumeUnique` is +simple and rare enough to be tolerable. */ immutable(T)[] assumeUnique(T)(T[] array) pure nothrow { diff --git a/libphobos/src/std/experimental/allocator/common.d b/libphobos/src/std/experimental/allocator/common.d index 8acd763..d2efe33 100644 --- a/libphobos/src/std/experimental/allocator/common.d +++ b/libphobos/src/std/experimental/allocator/common.d @@ -12,6 +12,26 @@ module std.experimental.allocator.common; import std.algorithm.comparison, std.traits; /** +Is `true` iff `A` is an allocator. + */ +enum isAllocator(A) = (is(typeof(A.allocate(size_t.init)) == void[]) && is(typeof(A.alignment) : size_t)); + +/// +@safe @nogc nothrow pure +unittest +{ + import std.experimental.allocator.building_blocks.null_allocator : NullAllocator; + import std.experimental.allocator.mallocator : Mallocator; + import std.experimental.allocator.gc_allocator : GCAllocator; + import std.experimental.allocator.mmap_allocator : MmapAllocator; + static assert(isAllocator!NullAllocator); + static assert(isAllocator!Mallocator); + static assert(isAllocator!GCAllocator); + static assert(isAllocator!MmapAllocator); + static assert(!isAllocator!int); +} + +/** Returns the size in bytes of the state that needs to be allocated to hold an object of type `T`. `stateSize!T` is zero for `struct`s that are not nested and have no nonstatic member variables. diff --git a/libphobos/src/std/file.d b/libphobos/src/std/file.d index 8957089..8d1b431 100644 --- a/libphobos/src/std/file.d +++ b/libphobos/src/std/file.d @@ -4465,9 +4465,10 @@ void rmdirRecurse(ref scope DirEntry de) @safe } else { - // dirEntries is @system because it uses a DirIterator with a - // RefCounted variable, but here, no references to the payload is - // escaped to the outside, so this should be @trusted + // dirEntries is @system without DIP1000 because it uses + // a DirIterator with a SafeRefCounted variable, but here, no + // references to the payload are escaped to the outside, so this should + // be @trusted () @trusted { // all children, recursively depth-first foreach (DirEntry e; dirEntries(de.name, SpanMode.depth, false)) @@ -4863,20 +4864,31 @@ private struct DirIteratorImpl } } -struct DirIterator +// Must be a template, because the destructor is unsafe or safe depending on +// whether `-preview=dip1000` is in use. Otherwise, linking errors would +// result. +struct _DirIterator(bool useDIP1000) { -@safe: + static assert(useDIP1000 == dip1000Enabled, + "Please don't override useDIP1000 to disagree with compiler switch."); + private: - RefCounted!(DirIteratorImpl, RefCountedAutoInitialize.no) impl; + SafeRefCounted!(DirIteratorImpl, RefCountedAutoInitialize.no) impl; + this(string pathname, SpanMode mode, bool followSymlink) @trusted { impl = typeof(impl)(pathname, mode, followSymlink); } public: - @property bool empty() { return impl.empty; } - @property DirEntry front() { return impl.front; } - void popFront() { impl.popFront(); } + @property bool empty() @trusted { return impl.empty; } + @property DirEntry front() @trusted { return impl.front; } + void popFront() @trusted { impl.popFront(); } } + +// This has the client code to automatically use and link to the correct +// template instance +alias DirIterator = _DirIterator!dip1000Enabled; + /++ Returns an $(REF_ALTTEXT input range, isInputRange, std,range,primitives) of `DirEntry` that lazily iterates a given directory, @@ -4890,6 +4902,11 @@ public: operating system / filesystem, and may not follow any particular sorting. Params: + useDIP1000 = used to instantiate this function separately for code with + and without -preview=dip1000 compiler switch, because it + affects the ABI of this function. Set automatically - + don't touch. + path = The directory to iterate over. If empty, the current directory will be iterated. @@ -4955,9 +4972,13 @@ foreach (d; dFiles) writeln(d.name); -------------------- +/ -auto dirEntries(string path, SpanMode mode, bool followSymlink = true) + +// For some reason, doing the same alias-to-a-template trick as with DirIterator +// does not work here. +auto dirEntries(bool useDIP1000 = dip1000Enabled) + (string path, SpanMode mode, bool followSymlink = true) { - return DirIterator(path, mode, followSymlink); + return _DirIterator!useDIP1000(path, mode, followSymlink); } /// Duplicate functionality of D1's `std.file.listdir()`: @@ -4976,13 +4997,14 @@ auto dirEntries(string path, SpanMode mode, bool followSymlink = true) .array; } - void main(string[] args) + // Can be safe only with -preview=dip1000 + @safe void main(string[] args) { import std.stdio; string[] files = listdir(args[1]); writefln("%s", files); - } + } } @system unittest @@ -5057,14 +5079,15 @@ auto dirEntries(string path, SpanMode mode, bool followSymlink = true) } /// Ditto -auto dirEntries(string path, string pattern, SpanMode mode, +auto dirEntries(bool useDIP1000 = dip1000Enabled) + (string path, string pattern, SpanMode mode, bool followSymlink = true) { import std.algorithm.iteration : filter; import std.path : globMatch, baseName; bool f(DirEntry de) { return globMatch(baseName(de.name), pattern); } - return filter!f(DirIterator(path, mode, followSymlink)); + return filter!f(_DirIterator!useDIP1000(path, mode, followSymlink)); } @safe unittest @@ -5145,7 +5168,7 @@ auto dirEntries(string path, string pattern, SpanMode mode, // Make sure that dirEntries does not butcher Unicode file names // https://issues.dlang.org/show_bug.cgi?id=17962 -@system unittest +@safe unittest { import std.algorithm.comparison : equal; import std.algorithm.iteration : map; diff --git a/libphobos/src/std/format/internal/write.d b/libphobos/src/std/format/internal/write.d index 2fd6ff7..8089cfa 100644 --- a/libphobos/src/std/format/internal/write.d +++ b/libphobos/src/std/format/internal/write.d @@ -3017,33 +3017,31 @@ if (is(T == enum)) import std.array : appender; import std.range.primitives : put; - if (f.spec == 's') + if (f.spec != 's') + return formatValueImpl(w, cast(OriginalType!T) val, f); + + static foreach (e; EnumMembers!T) { - foreach (i, e; EnumMembers!T) + if (val == e) { - if (val == e) - { - formatValueImpl(w, __traits(allMembers, T)[i], f); - return; - } + formatValueImpl(w, __traits(identifier, e), f); + return; } + } - auto w2 = appender!string(); + auto w2 = appender!string(); - // val is not a member of T, output cast(T) rawValue instead. - put(w2, "cast("); - put(w2, T.stringof); - put(w2, ")"); - static assert(!is(OriginalType!T == T), "OriginalType!" ~ T.stringof ~ - "must not be equal to " ~ T.stringof); + // val is not a member of T, output cast(T) rawValue instead. + put(w2, "cast("); + put(w2, T.stringof); + put(w2, ")"); + static assert(!is(OriginalType!T == T), "OriginalType!" ~ T.stringof ~ + "must not be equal to " ~ T.stringof); - FormatSpec!Char f2 = f; - f2.width = 0; - formatValueImpl(w2, cast(OriginalType!T) val, f2); - writeAligned(w, w2.data, f); - return; - } - formatValueImpl(w, cast(OriginalType!T) val, f); + FormatSpec!Char f2 = f; + f2.width = 0; + formatValueImpl(w2, cast(OriginalType!T) val, f2); + writeAligned(w, w2.data, f); } @safe unittest diff --git a/libphobos/src/std/internal/windows/advapi32.d b/libphobos/src/std/internal/windows/advapi32.d index 6f999ba..1b26f43 100644 --- a/libphobos/src/std/internal/windows/advapi32.d +++ b/libphobos/src/std/internal/windows/advapi32.d @@ -36,7 +36,9 @@ pragma(lib, "advapi32.lib"); HMODULE hAdvapi32 = null; extern (Windows) { - LONG function(in HKEY hkey, in LPCWSTR lpSubKey, in REGSAM samDesired, in DWORD reserved) pRegDeleteKeyExW; + LONG function( + scope const HKEY hkey, scope const LPCWSTR lpSubKey, + scope const REGSAM samDesired, scope const DWORD reserved) pRegDeleteKeyExW; } void loadAdvapi32() diff --git a/libphobos/src/std/json.d b/libphobos/src/std/json.d index ac397e5..088e77f 100644 --- a/libphobos/src/std/json.d +++ b/libphobos/src/std/json.d @@ -678,6 +678,7 @@ struct JSONValue assert( j["language"].str == "Perl" ); } + /// ditto void opIndexAssign(T)(T arg, size_t i) { auto a = this.arrayNoRef; @@ -754,11 +755,13 @@ struct JSONValue assert(j["author"].str == "Walter"); } + /// bool opEquals(const JSONValue rhs) const @nogc nothrow pure @safe { return opEquals(rhs); } + /// ditto bool opEquals(ref const JSONValue rhs) const @nogc nothrow pure @trusted { // Default doesn't work well since store is a union. Compare only diff --git a/libphobos/src/std/net/curl.d b/libphobos/src/std/net/curl.d index 2318279..8745bbd 100644 --- a/libphobos/src/std/net/curl.d +++ b/libphobos/src/std/net/curl.d @@ -28,7 +28,7 @@ to your $(B dub.json) file if you are using $(LINK2 http://code.dlang.org, DUB). Windows x86 note: A DMD compatible libcurl static library can be downloaded from the dlang.org -$(LINK2 http://downloads.dlang.org/other/index.html, download archive page). +$(LINK2 https://downloads.dlang.org/other/index.html, download archive page). This module is not available for iOS, tvOS or watchOS. diff --git a/libphobos/src/std/random.d b/libphobos/src/std/random.d index 70b87dd..9b3c5ed 100644 --- a/libphobos/src/std/random.d +++ b/libphobos/src/std/random.d @@ -107,18 +107,6 @@ module std.random; import std.range.primitives; import std.traits; -version (OSX) - version = Darwin; -else version (iOS) - version = Darwin; -else version (TVOS) - version = Darwin; -else version (WatchOS) - version = Darwin; - -version (D_InlineAsm_X86) version = InlineAsm_X86_Any; -version (D_InlineAsm_X86_64) version = InlineAsm_X86_Any; - /// @safe unittest { @@ -178,6 +166,18 @@ version (D_InlineAsm_X86_64) version = InlineAsm_X86_Any; assert([0, 1, 2, 4, 5].randomShuffle(rnd2).equal([4, 2, 5, 0, 1])); } +version (OSX) + version = Darwin; +else version (iOS) + version = Darwin; +else version (TVOS) + version = Darwin; +else version (WatchOS) + version = Darwin; + +version (D_InlineAsm_X86) version = InlineAsm_X86_Any; +version (D_InlineAsm_X86_64) version = InlineAsm_X86_Any; + version (StdUnittest) { static import std.meta; diff --git a/libphobos/src/std/stdio.d b/libphobos/src/std/stdio.d index cd1a356..ffd6da8 100644 --- a/libphobos/src/std/stdio.d +++ b/libphobos/src/std/stdio.d @@ -145,8 +145,8 @@ version (Windows) // encoded in CP_ACP on Windows instead of UTF-8. /+ Waiting for druntime pull 299 +/ - extern (C) nothrow @nogc FILE* _wfopen(in wchar* filename, in wchar* mode); - extern (C) nothrow @nogc FILE* _wfreopen(in wchar* filename, in wchar* mode, FILE* fp); + extern (C) nothrow @nogc FILE* _wfopen(scope const wchar* filename, scope const wchar* mode); + extern (C) nothrow @nogc FILE* _wfreopen(scope const wchar* filename, scope const wchar* mode, FILE* fp); import core.sys.windows.basetsd : HANDLE; } @@ -5210,7 +5210,7 @@ enum StdFileHandle: string { with (StdFileHandle) assert(_iob == stdin || _iob == stdout || _iob == stderr); - impl.handle = mixin(_iob); + impl.handle = cast() mixin(_iob); result._p = &impl; atomicOp!"+="(spinlock, uint.max / 2); break; diff --git a/libphobos/src/std/string.d b/libphobos/src/std/string.d index 7ed24f7..b1063ee 100644 --- a/libphobos/src/std/string.d +++ b/libphobos/src/std/string.d @@ -4845,6 +4845,7 @@ if (isForwardRange!Range && isSomeChar!(ElementEncodingType!Range) && assert(detabber(" \n\tx", 9).array == " \n x"); } +/// ditto auto detabber(Range)(auto ref Range r, size_t tabSize = 8) if (isConvertibleToString!Range) { diff --git a/libphobos/src/std/traits.d b/libphobos/src/std/traits.d index cc08ea6..1cbff84 100644 --- a/libphobos/src/std/traits.d +++ b/libphobos/src/std/traits.d @@ -9136,3 +9136,11 @@ package(std) template DeducedParameterType(T) { static assert(is(DeducedParameterType!(inout(int[])) == inout(int)[])); } + +private auto dip1000Test(int x) {return *&x;} +// We don't use isSafe, because betterC client code needs to instantiate +// core.internal.array.comparison.__cmp in the client side. isSafe uses +// __cmp of two strings, so using it would instantate that here instead. That +// won't do because betterC compilations do not link the Phobos binary in. +package(std) enum dip1000Enabled + = is(typeof(&dip1000Test) : int function(int) @safe); diff --git a/libphobos/src/std/typecons.d b/libphobos/src/std/typecons.d index 094628b..231ac93 100644 --- a/libphobos/src/std/typecons.d +++ b/libphobos/src/std/typecons.d @@ -22,8 +22,8 @@ $(TR $(TD Flags) $(TD $(LREF Yes) )) $(TR $(TD Memory allocation) $(TD - $(LREF RefCounted) - $(LREF refCounted) + $(LREF SafeRefCounted) + $(LREF safeRefCounted) $(LREF RefCountedAutoInitialize) $(LREF scoped) $(LREF Unique) @@ -2759,6 +2759,9 @@ Nullable!T) object starts in the null state. Assigning it renders it non-null. Calling `nullify` can nullify it again. Practically `Nullable!T` stores a `T` and a `bool`. + +See also: + $(LREF apply), an alternative way to use the payload. */ struct Nullable(T) { @@ -4178,7 +4181,7 @@ Returns: See also: $(HTTPS en.wikipedia.org/wiki/Monad_(functional_programming)#The_Maybe_monad, The `Maybe` monad) - */ +*/ template apply(alias fun) { import std.functional : unaryFun; @@ -6550,8 +6553,8 @@ package template Bind(alias Template, args1...) /** -Options regarding auto-initialization of a `RefCounted` object (see -the definition of `RefCounted` below). +Options regarding auto-initialization of a `SafeRefCounted` object (see +the definition of `SafeRefCounted` below). */ enum RefCountedAutoInitialize { @@ -6572,6 +6575,27 @@ enum RefCountedAutoInitialize int a = 42; } + SafeRefCounted!(Foo, RefCountedAutoInitialize.yes) rcAuto; + SafeRefCounted!(Foo, RefCountedAutoInitialize.no) rcNoAuto; + + assert(rcAuto.refCountedPayload.a == 42); + + assertThrown!AssertError(rcNoAuto.refCountedPayload); + rcNoAuto.refCountedStore.ensureInitialized; + assert(rcNoAuto.refCountedPayload.a == 42); +} + +// Same the above but for old RefCounted and not documented +@system unittest +{ + import core.exception : AssertError; + import std.exception : assertThrown; + + struct Foo + { + int a = 42; + } + RefCounted!(Foo, RefCountedAutoInitialize.yes) rcAuto; RefCounted!(Foo, RefCountedAutoInitialize.no) rcNoAuto; @@ -6586,16 +6610,16 @@ enum RefCountedAutoInitialize Defines a reference-counted object containing a `T` value as payload. -An instance of `RefCounted` is a reference to a structure, +An instance of `SafeRefCounted` is a reference to a structure, which is referred to as the $(I store), or $(I storage implementation struct) in this documentation. The store contains a reference count -and the `T` payload. `RefCounted` uses `malloc` to allocate -the store. As instances of `RefCounted` are copied or go out of +and the `T` payload. `SafeRefCounted` uses `malloc` to allocate +the store. As instances of `SafeRefCounted` are copied or go out of scope, they will automatically increment or decrement the reference -count. When the reference count goes down to zero, `RefCounted` +count. When the reference count goes down to zero, `SafeRefCounted` will call `destroy` against the payload and call `free` to deallocate the store. If the `T` payload contains any references -to GC-allocated memory, then `RefCounted` will add it to the GC memory +to GC-allocated memory, then `SafeRefCounted` will add it to the GC memory that is scanned for pointers, and remove it from GC scanning before `free` is called on the store. @@ -6607,8 +6631,15 @@ still be valid during the destructor call. This allows the `T` to deallocate or clean up any non-GC resources immediately after the reference count has reached zero. -`RefCounted` is unsafe and should be used with care. No references -to the payload should be escaped outside the `RefCounted` object. +Without -preview=dip1000, `SafeRefCounted` is unsafe and should be +used with care. No references to the payload should be escaped outside +the `SafeRefCounted` object. + +With -preview=dip1000, `SafeRefCounted` is safe if it's payload is accessed only +with the $(LREF borrow) function. Scope semantics can also prevent accidental +escaping of `refCountedPayload`, but it's still up to the user to not destroy +the last counted reference while the payload is in use. Due to that, +`refCountedPayload` remains accessible only in `@system` code. The `autoInit` option makes the object ensure the store is automatically initialized. Leaving $(D autoInit == @@ -6621,8 +6652,11 @@ pointer dereference. If `T.this()` is annotated with `@disable` then `autoInit` must be `RefCountedAutoInitialize.no` in order to compile. + +See_Also: + $(LREF RefCounted) */ -struct RefCounted(T, RefCountedAutoInitialize autoInit = +struct SafeRefCounted(T, RefCountedAutoInitialize autoInit = RefCountedAutoInitialize.yes) if (!is(T == class) && !(is(T == interface))) { @@ -6642,7 +6676,20 @@ if (!is(T == class) && !(is(T == interface))) import core.memory : GC; } - /// `RefCounted` storage implementation. + pragma(inline, true) private void checkInit()() + if (autoInit == RefCountedAutoInitialize.yes) + { + _refCounted.ensureInitialized(); + } + + pragma(inline, true) private void checkInit()() inout + if (autoInit == RefCountedAutoInitialize.no) + { + assert(_refCounted.isInitialized, + "Attempted to use an uninitialized payload."); + } + + /// `SafeRefCounted` storage implementation. struct RefCountedStore { private struct Impl @@ -6658,7 +6705,7 @@ if (!is(T == class) && !(is(T == interface))) import core.lifetime : emplace, forward; allocateStore(); - version (D_Exceptions) scope(failure) deallocateStore(); + version (D_Exceptions) scope(failure) () @trusted { deallocateStore(); }(); emplace(&_store._payload, forward!args); _store._count = 1; } @@ -6668,7 +6715,7 @@ if (!is(T == class) && !(is(T == interface))) import std.algorithm.mutation : moveEmplace; allocateStore(); - moveEmplace(source, _store._payload); + () @trusted { moveEmplace(source, _store._payload); }(); _store._count = 1; } @@ -6678,13 +6725,15 @@ if (!is(T == class) && !(is(T == interface))) static if (enableGCScan) { import std.internal.memory : enforceCalloc; - _store = cast(Impl*) enforceCalloc(1, Impl.sizeof); - GC.addRange(&_store._payload, T.sizeof); + auto ptr = enforceCalloc(1, Impl.sizeof); + _store = () @trusted { return cast(Impl*) ptr; }(); + () @trusted { GC.addRange(&_store._payload, T.sizeof); }(); } else { import std.internal.memory : enforceMalloc; - _store = cast(Impl*) enforceMalloc(Impl.sizeof); + auto ptr = enforceMalloc(Impl.sizeof); + _store = () @trusted { return cast(Impl*) ptr; }(); } } @@ -6725,6 +6774,7 @@ if (!is(T == class) && !(is(T == interface))) This function is unavailable if `T.this()` is annotated with `@disable`. */ + @safe pure nothrow void ensureInitialized()() { // By checking for `@disable this()` and failing early we can @@ -6763,7 +6813,7 @@ Postcondition: `refCountedStore.isInitialized` } /// Ditto - this(T val) + this(return scope T val) { _refCounted.move(val); } @@ -6786,18 +6836,30 @@ to deallocate the corresponding resource. */ ~this() { + import std.traits : dip1000Enabled; + + // This prevents the same reference from decrementing the count twice. + scope(exit) _refCounted = _refCounted.init; + if (!_refCounted.isInitialized) return; assert(_refCounted._store._count > 0); - if (--_refCounted._store._count) - return; + if (--_refCounted._store._count) return; // Done, destroy and deallocate .destroy(_refCounted._store._payload); - _refCounted.deallocateStore(); + + static if (dip1000Enabled) + { + () @trusted { _refCounted.deallocateStore(); }(); + } + else _refCounted.deallocateStore(); } /** -Assignment operators - */ +Assignment operators. + +Note: You may not assign a new payload to an uninitialized SafeRefCounted, if +auto initialization is off. Assigning another counted reference is still okay. +*/ void opAssign(typeof(this) rhs) { import std.algorithm.mutation : swap; @@ -6810,14 +6872,7 @@ Assignment operators { import std.algorithm.mutation : move; - static if (autoInit == RefCountedAutoInitialize.yes) - { - _refCounted.ensureInitialized(); - } - else - { - assert(_refCounted.isInitialized); - } + checkInit(); move(rhs, _refCounted._store._payload); } @@ -6829,20 +6884,20 @@ Assignment operators RefCountedAutoInitialize.yes), calls $(D refCountedStore.ensureInitialized). Otherwise, just issues $(D assert(refCountedStore.isInitialized)). Used with $(D alias - refCountedPayload this;), so callers can just use the `RefCounted` + refCountedPayload this;), so callers can just use the `SafeRefCounted` object as a `T`. $(BLUE The first overload exists only if $(D autoInit == RefCountedAutoInitialize.yes).) So if $(D autoInit == RefCountedAutoInitialize.no) or called for a constant or immutable object, then - `refCountedPayload` will also be qualified as safe and nothrow + `refCountedPayload` will also be qualified as nothrow (but will still assert if not initialized). */ - @property @trusted + @property @system ref T refCountedPayload() return; /// ditto - @property nothrow @safe pure @nogc + @property nothrow @system pure @nogc ref inout(T) refCountedPayload() inout return; } else @@ -6850,19 +6905,21 @@ Assignment operators static if (autoInit == RefCountedAutoInitialize.yes) { //Can't use inout here because of potential mutation - @property + @property @system ref T refCountedPayload() return { - _refCounted.ensureInitialized(); + checkInit(); return _refCounted._store._payload; } } - - @property nothrow @safe pure @nogc - ref inout(T) refCountedPayload() inout return + else { - assert(_refCounted.isInitialized, "Attempted to access an uninitialized payload."); - return _refCounted._store._payload; + @property nothrow @system pure @nogc + ref inout(T) refCountedPayload() inout return + { + checkInit(); + return _refCounted._store._payload; + } } } @@ -6898,7 +6955,7 @@ assert(refCountedStore.isInitialized)). { // A pair of an `int` and a `size_t` - the latter being the // reference count - will be dynamically allocated - auto rc1 = RefCounted!int(5); + auto rc1 = SafeRefCounted!int(5); assert(rc1 == 5); // No more allocation, add just one extra reference count auto rc2 = rc1; @@ -6908,46 +6965,66 @@ assert(refCountedStore.isInitialized)). // the pair will be freed when rc1 and rc2 go out of scope } -pure @system unittest +// This test can't be betterC because the test extractor won't see the private +// `initialize` method accessed here +pure @safe nothrow @nogc unittest { - RefCounted!int* p; - { - auto rc1 = RefCounted!int(5); - p = &rc1; - assert(rc1 == 5); - assert(rc1._refCounted._store._count == 1); - auto rc2 = rc1; - assert(rc1._refCounted._store._count == 2); - // Reference semantics - rc2 = 42; - assert(rc1 == 42); - rc2 = rc2; - assert(rc2._refCounted._store._count == 2); - rc1 = rc2; - assert(rc1._refCounted._store._count == 2); - } - assert(p._refCounted._store == null); + auto rc1 = SafeRefCounted!(int, RefCountedAutoInitialize.no)(5); + rc1._refCounted.initialize(); +} - // RefCounted as a member - struct A +pure @system unittest +{ + foreach (MyRefCounted; AliasSeq!(SafeRefCounted, RefCounted)) { - RefCounted!int x; - this(int y) + MyRefCounted!int* p; { - x._refCounted.initialize(y); + auto rc1 = MyRefCounted!int(5); + p = &rc1; + assert(rc1 == 5); + assert(rc1._refCounted._store._count == 1); + auto rc2 = rc1; + assert(rc1._refCounted._store._count == 2); + // Reference semantics + rc2 = 42; + assert(rc1 == 42); + rc2 = rc2; + assert(rc2._refCounted._store._count == 2); + rc1 = rc2; + assert(rc1._refCounted._store._count == 2); } - A copy() + assert(p._refCounted._store == null); + + // [Safe]RefCounted as a member + struct A { - auto another = this; - return another; + MyRefCounted!int x; + this(int y) + { + x._refCounted.initialize(y); + } + A copy() + { + auto another = this; + return another; + } } - } - auto a = A(4); - auto b = a.copy(); - assert(a.x._refCounted._store._count == 2, - "https://issues.dlang.org/show_bug.cgi?id=4356 still unfixed"); + auto a = A(4); + auto b = a.copy(); + assert(a.x._refCounted._store._count == 2, + "https://issues.dlang.org/show_bug.cgi?id=4356 still unfixed"); + } } +@betterC pure @safe nothrow @nogc unittest +{ + import std.algorithm.mutation : swap; + + SafeRefCounted!int p1, p2; + swap(p1, p2); +} + +// Same as above but for old RefCounted and not @safe @betterC pure @system nothrow @nogc unittest { import std.algorithm.mutation : swap; @@ -6968,25 +7045,52 @@ pure @system unittest U u; } + alias SRC = SafeRefCounted!S; +} + +// Same as above but for old RefCounted and not @safe +@betterC @system pure nothrow @nogc unittest +{ + union U { + size_t i; + void* p; + } + + struct S { + U u; + } + alias SRC = RefCounted!S; } // https://issues.dlang.org/show_bug.cgi?id=6436 @betterC @system pure unittest { + import std.meta : AliasSeq; struct S { this(int rval) { assert(rval == 1); } this(ref int lval) { assert(lval == 3); ++lval; } } - auto s1 = RefCounted!S(1); - int lval = 3; - auto s2 = RefCounted!S(lval); - assert(lval == 4); + foreach (MyRefCounted; AliasSeq!(SafeRefCounted, RefCounted)) + { + auto s1 = MyRefCounted!S(1); + int lval = 3; + auto s2 = MyRefCounted!S(lval); + assert(lval == 4); + } } // gc_addRange coverage +@betterC @safe pure unittest +{ + struct S { int* p; } + + auto s = SafeRefCounted!S(null); +} + +// Same as above but for old RefCounted and not @safe @betterC @system pure unittest { struct S { int* p; } @@ -6996,69 +7100,253 @@ pure @system unittest @betterC @system pure nothrow @nogc unittest { - RefCounted!int a; - a = 5; //This should not assert - assert(a == 5); + import std.meta : AliasSeq; + foreach (MyRefCounted; AliasSeq!(SafeRefCounted, RefCounted)) + { + MyRefCounted!int a; + a = 5; //This should not assert + assert(a == 5); - RefCounted!int b; - b = a; //This should not assert either - assert(b == 5); + MyRefCounted!int b; + b = a; //This should not assert either + assert(b == 5); - RefCounted!(int*) c; + MyRefCounted!(int*) c; + } } // https://issues.dlang.org/show_bug.cgi?id=21638 @betterC @system pure nothrow @nogc unittest { + import std.meta : AliasSeq; static struct NoDefaultCtor { @disable this(); this(int x) @nogc nothrow pure { this.x = x; } int x; } - auto rc = RefCounted!(NoDefaultCtor, RefCountedAutoInitialize.no)(5); - assert(rc.x == 5); + + foreach (MyRefCounted; AliasSeq!(SafeRefCounted, RefCounted)) + { + auto rc = MyRefCounted!(NoDefaultCtor, RefCountedAutoInitialize.no)(5); + assert(rc.x == 5); + } } // https://issues.dlang.org/show_bug.cgi?id=20502 @system unittest { - import std.conv : to; - // Check that string conversion is transparent for refcounted - // structs that do not have either toString or alias this. - static struct A { Object a; } - auto a = A(new Object()); - auto r = refCounted(a); - assert(to!string(r) == to!string(a)); - assert(to!string(cast(const) r) == to!string(cast(const) a)); - // Check that string conversion is still transparent for refcounted - // structs that have alias this. - static struct B { int b; alias b this; } - static struct C { B b; alias b this; } - assert(to!string(refCounted(C(B(123)))) == to!string(C(B(123)))); - // https://issues.dlang.org/show_bug.cgi?id=22093 - // Check that uninitialized refcounted structs that previously could be - // converted to strings still can be. - alias R = typeof(r); - R r2; - cast(void) (((const ref R a) => to!string(a))(r2)); - cast(void) to!string(RefCounted!(A, RefCountedAutoInitialize.no).init); + alias Types = AliasSeq!(SafeRefCounted, RefCounted); + alias funcs = AliasSeq!(safeRefCounted, refCounted); + static foreach (aliasI; 0 .. 2) + {{ + alias MyRefCounted = Types[aliasI]; + alias myRefCounted = funcs[aliasI]; + import std.conv : to; + + // Check that string conversion is transparent for refcounted + // structs that do not have either toString or alias this. + static struct A { Object a; } + auto a = A(new Object()); + auto r = myRefCounted(a); + assert(to!string(r) == to!string(a)); + assert(to!string(cast(const) r) == to!string(cast(const) a)); + // Check that string conversion is still transparent for refcounted + // structs that have alias this. + static struct B { int b; alias b this; } + static struct C { B b; alias b this; } + assert(to!string(myRefCounted(C(B(123)))) == to!string(C(B(123)))); + // https://issues.dlang.org/show_bug.cgi?id=22093 + // Check that uninitialized refcounted structs that previously could be + // converted to strings still can be. + alias R = typeof(r); + R r2; + cast(void) (((const ref R a) => to!string(a))(r2)); + cast(void) to!string(MyRefCounted!(A, RefCountedAutoInitialize.no).init); + }} +} + +// We tried to make `refCountedPayload` `@safe` in +// https://github.com/dlang/phobos/pull/8368 . It proved impossible, but it may +// be possible in the future. This test checks for false `@safe` issues we +// encountered. +@safe unittest +{ + struct Container + { + int[] data; + } + + int[] getArr1 (scope Container local) + { + // allowed because the argument is inferred as return scope. + return local.data; + } + + int[] getArr2 (scope Container local) + { + SafeRefCounted!Container rc = local; + // Escapes a reference to expired reference counted struct + // don't do this! + return rc.refCountedPayload().data; + } + + int destroyFirstAndUseLater() + { + auto rc = SafeRefCounted!int(123); + int* ptr = &rc.refCountedPayload(); + destroy(rc); + return *ptr; + } + + // This is here mainly to test that safety gets inferred correctly for the + // next tests + static assert(isSafe!getArr1); + // https://github.com/dlang/phobos/pull/8101#issuecomment-843017282 + // This got apparently fixed automatically by compiler updates. + static assert(!isSafe!getArr2); + // As of writing, this is the issue that is still preventing payload access + // from being `@safe` + static assert(!isSafe!destroyFirstAndUseLater); +} + +/** +Borrows the payload of $(LREF SafeRefCounted) for use in `fun`. Inferred as `@safe` +if `fun` is `@safe` and does not escape a reference to the payload. +The reference count will be incremented for the duration of the operation, +so destroying the last reference will not leave dangling references in +`fun`. + +Params: + fun = A callable accepting the payload either by value or by reference. + refCount = The counted reference to the payload. +Returns: + The return value of `fun`, if any. `ref` in the return value will be + forwarded. +Issues: + For yet unknown reason, code that uses this function with UFCS syntax + will not be inferred as `@safe`. It will still compile if the code is + explicitly marked `@safe` and nothing in `fun` prevents that. +*/ +template borrow(alias fun) +{ + import std.functional : unaryFun; + + auto ref borrow(RC)(RC refCount) if + ( + isInstanceOf!(SafeRefCounted, RC) + && is(typeof(unaryFun!fun(refCount.refCountedPayload))) + ) + { + refCount.checkInit(); + + // If `fun` escapes a reference to the payload, it will be inferred + // as unsafe due to the scope storage class here. + scope plPtr = &refCount._refCounted._store._payload; + return unaryFun!fun(*plPtr); + + // We destroy our copy of the reference here, automatically destroying + // the payload if `fun` destroyed the last reference outside. + } +} + +/// This example can be marked `@safe` with `-preview=dip1000`. +@safe pure nothrow unittest +{ + auto rcInt = safeRefCounted(5); + assert(rcInt.borrow!(theInt => theInt) == 5); + auto sameInt = rcInt; + assert(sameInt.borrow!"a" == 5); + + // using `ref` in the function + auto arr = [0, 1, 2, 3, 4, 5, 6]; + sameInt.borrow!(ref (x) => arr[x]) = 10; + assert(arr == [0, 1, 2, 3, 4, 10, 6]); + + // modifying the payload via an alias + sameInt.borrow!"a*=2"; + assert(rcInt.borrow!"a" == 10); +} + +// Some memory safety penetration testing. +@system unittest +{ + int* globalPtr; + int torpedoesFired = 0; + struct Destroyer { ~this() @safe { torpedoesFired++; } } + + alias RcInt = typeof(safeRefCounted(0)); + auto standardUsage(RcInt arg) + { + return borrow!((ref x) => x)(arg); + } + ref harmlessRefReturn(RcInt arg) + { + return borrow!(ref (ref x) => *globalPtr = x)(arg); + } + ref problematicRefReturn(RcInt arg) + { + return borrow!(ref (ref x) => x)(arg); + } + auto sideChannelEscape(RcInt arg) + { + return borrow!((ref x) + { + globalPtr = &x; + return x; + })(arg); + } + auto destroyDuringApply() + { + auto rc = safeRefCounted(Destroyer()); + return borrow!((ref x) + { + // Destroys the last reference to the payload, decrementing it's + // reference count. + rc.__dtor(); + // Destroy again! rc should be set to it's init value so that this + // won't decrement the reference count of the original payload. + rc.__dtor(); + // The internal reference count increment done for duration of + // `apply` should make sure that the payload destructor is not yet + // run, and this value thus not incremented. + return torpedoesFired; + })(rc); + } + + // First, let's verify the dangerous functions really do what they are + // supposed to do. + auto testRc = safeRefCounted(42); + assert(sideChannelEscape(testRc) == 42); + assert(&problematicRefReturn(testRc) == globalPtr); + + // Now, are the @safe attributes inferred correctly? + assert(isSafe!standardUsage); + assert(isSafe!harmlessRefReturn); + assert(!isSafe!problematicRefReturn); + assert(!isSafe!sideChannelEscape); + assert(isSafe!destroyDuringApply); + + // Finally, we test protection against early destruction during `apply`. + auto torpedoesUpToReturn = destroyDuringApply(); + assert(torpedoesFired == torpedoesUpToReturn + 1); } /** - * Initializes a `RefCounted` with `val`. The template parameter - * `T` of `RefCounted` is inferred from `val`. + * Initializes a `SafeRefCounted` with `val`. The template parameter + * `T` of `SafeRefCounted` is inferred from `val`. * This function can be used to move non-copyable values to the heap. - * It also disables the `autoInit` option of `RefCounted`. + * It also disables the `autoInit` option of `SafeRefCounted`. * * Params: * val = The value to be reference counted * Returns: - * An initialized `RefCounted` containing `val`. + * An initialized `SafeRefCounted` containing `val`. * See_Also: + * $(LREF refCounted) * $(HTTP en.cppreference.com/w/cpp/memory/shared_ptr/make_shared, C++'s make_shared) */ -RefCounted!(T, RefCountedAutoInitialize.no) refCounted(T)(T val) +SafeRefCounted!(T, RefCountedAutoInitialize.no) safeRefCounted(T)(T val) { typeof(return) res; res._refCounted.move(val); @@ -7083,13 +7371,13 @@ RefCounted!(T, RefCountedAutoInitialize.no) refCounted(T)(T val) assert(File.nDestroyed == 0); - // make the file refcounted to share ownership + // make the file ref counted to share ownership // Note: - // We write a compound statement (brace-delimited scope) in which all `RefCounted!File` handles are created and deleted. + // We write a compound statement (brace-delimited scope) in which all `SafeRefCounted!File` handles are created and deleted. // This allows us to see (after the scope) what happens after all handles have been destroyed. { // We move the content of `file` to a separate (and heap-allocated) `File` object, - // managed-and-accessed via one-or-multiple (initially: one) `RefCounted!File` objects ("handles"). + // managed-and-accessed via one-or-multiple (initially: one) `SafeRefCounted!File` objects ("handles"). // This "moving": // (1) invokes `file`'s destructor (=> `File.nDestroyed` is incremented from 0 to 1 and `file.name` becomes `null`); // (2) overwrites `file` with `File.init` (=> `file.name` becomes `null`). @@ -7097,18 +7385,18 @@ RefCounted!(T, RefCountedAutoInitialize.no) refCounted(T)(T val) // but please note that (2) is only performed if `File` defines a destructor (or post-blit operator), // and in the absence of the `nDestroyed` instrumentation there would have been no reason to define a destructor. import std.algorithm.mutation : move; - auto rcFile = refCounted(move(file)); + auto rcFile = safeRefCounted(move(file)); assert(rcFile.name == "name"); assert(File.nDestroyed == 1); assert(file.name == null); - // We create another `RefCounted!File` handle to the same separate `File` object. + // We create another `SafeRefCounted!File` handle to the same separate `File` object. // While any of the handles is still alive, the `File` object is kept alive (=> `File.nDestroyed` is not modified). auto rcFile2 = rcFile; assert(rcFile.refCountedStore.refCount == 2); assert(File.nDestroyed == 1); } - // The separate `File` object is deleted when the last `RefCounted!File` handle is destroyed + // The separate `File` object is deleted when the last `SafeRefCounted!File` handle is destroyed // (i.e. at the closing brace of the compound statement above, which destroys both handles: `rcFile` and `rcFile2`) // (=> `File.nDestroyed` is incremented again, from 1 to 2): assert(File.nDestroyed == 2); @@ -9823,3 +10111,265 @@ unittest Nullable!S s2 = s1; assert(s2.get().b == 3); } + +/// The old version of $(LREF SafeRefCounted), before $(LREF borrow) existed. +/// Old code may be relying on `@safe`ty of some of the member functions which +/// cannot be safe in the new scheme, and +/// can avoid breakage by continuing to use this. `SafeRefCounted` should be +/// preferred, as this type is outdated and unrecommended for new code. +struct RefCounted(T, RefCountedAutoInitialize autoInit = + RefCountedAutoInitialize.yes) +{ + version (D_BetterC) + { + private enum enableGCScan = false; + } + else + { + private enum enableGCScan = hasIndirections!T; + } + + extern(C) private pure nothrow @nogc static + { + pragma(mangle, "free") void pureFree( void *ptr ); + static if (enableGCScan) + import core.memory : GC; + } + + struct RefCountedStore + { + private struct Impl + { + T _payload; + size_t _count; + } + + private Impl* _store; + + private void initialize(A...)(auto ref A args) + { + import core.lifetime : emplace, forward; + + allocateStore(); + version (D_Exceptions) scope(failure) deallocateStore(); + emplace(&_store._payload, forward!args); + _store._count = 1; + } + + private void move(ref T source) nothrow pure + { + import std.algorithm.mutation : moveEmplace; + + allocateStore(); + moveEmplace(source, _store._payload); + _store._count = 1; + } + + // 'nothrow': can only generate an Error + private void allocateStore() nothrow pure + { + static if (enableGCScan) + { + import std.internal.memory : enforceCalloc; + _store = cast(Impl*) enforceCalloc(1, Impl.sizeof); + GC.addRange(&_store._payload, T.sizeof); + } + else + { + import std.internal.memory : enforceMalloc; + _store = cast(Impl*) enforceMalloc(Impl.sizeof); + } + } + + private void deallocateStore() nothrow pure + { + static if (enableGCScan) + { + GC.removeRange(&this._store._payload); + } + pureFree(_store); + _store = null; + } + + @property nothrow @safe pure @nogc + bool isInitialized() const + { + return _store !is null; + } + + @property nothrow @safe pure @nogc + size_t refCount() const + { + return isInitialized ? _store._count : 0; + } + + void ensureInitialized()() + { + // By checking for `@disable this()` and failing early we can + // produce a clearer error message. + static assert(__traits(compiles, { static T t; }), + "Cannot automatically initialize `" ~ fullyQualifiedName!T ~ + "` because `" ~ fullyQualifiedName!T ~ + ".this()` is annotated with `@disable`."); + if (!isInitialized) initialize(); + } + + } + RefCountedStore _refCounted; + + @property nothrow @safe + ref inout(RefCountedStore) refCountedStore() inout + { + return _refCounted; + } + + this(A...)(auto ref A args) if (A.length > 0) + out + { + assert(refCountedStore.isInitialized); + } + do + { + import core.lifetime : forward; + _refCounted.initialize(forward!args); + } + + this(T val) + { + _refCounted.move(val); + } + + this(this) @safe pure nothrow @nogc + { + if (!_refCounted.isInitialized) return; + ++_refCounted._store._count; + } + + ~this() + { + if (!_refCounted.isInitialized) return; + assert(_refCounted._store._count > 0); + if (--_refCounted._store._count) + return; + // Done, destroy and deallocate + .destroy(_refCounted._store._payload); + _refCounted.deallocateStore(); + } + + void opAssign(typeof(this) rhs) + { + import std.algorithm.mutation : swap; + + swap(_refCounted._store, rhs._refCounted._store); + } + + void opAssign(T rhs) + { + import std.algorithm.mutation : move; + + static if (autoInit == RefCountedAutoInitialize.yes) + { + _refCounted.ensureInitialized(); + } + else + { + assert(_refCounted.isInitialized); + } + move(rhs, _refCounted._store._payload); + } + + static if (autoInit == RefCountedAutoInitialize.yes) + { + //Can't use inout here because of potential mutation + @property + ref T refCountedPayload() return + { + _refCounted.ensureInitialized(); + return _refCounted._store._payload; + } + } + + @property nothrow @safe pure @nogc + ref inout(T) refCountedPayload() inout return + { + assert(_refCounted.isInitialized, "Attempted to access an uninitialized payload."); + return _refCounted._store._payload; + } + + alias refCountedPayload this; + + static if (is(T == struct) && !is(typeof((ref T t) => t.toString()))) + { + string toString(this This)() + { + import std.conv : to; + + static if (autoInit) + return to!string(refCountedPayload); + else + { + if (!_refCounted.isInitialized) + return This.stringof ~ "(RefCountedStore(null))"; + else + return to!string(_refCounted._store._payload); + } + } + } +} + +/// +@betterC pure @system nothrow @nogc unittest +{ + auto rc1 = RefCounted!int(5); + assert(rc1 == 5); + auto rc2 = rc1; + rc2 = 42; + assert(rc1 == 42); +} + +// More unit tests below SafeRefCounted + +/** + * Like $(LREF safeRefCounted) but used to initialize $(LREF RefCounted) + * instead. Intended for backwards compatibility, otherwise it is preferable + * to use `safeRefCounted`. + */ +RefCounted!(T, RefCountedAutoInitialize.no) refCounted(T)(T val) +{ + typeof(return) res; + res._refCounted.move(val); + return res; +} + +/// +@system unittest +{ + static struct File + { + static size_t nDestroyed; + string name; + @disable this(this); // not copyable + ~this() { name = null; ++nDestroyed; } + } + + auto file = File("name"); + assert(file.name == "name"); + static assert(!__traits(compiles, {auto file2 = file;})); + assert(File.nDestroyed == 0); + + { + import std.algorithm.mutation : move; + auto rcFile = refCounted(move(file)); + assert(rcFile.name == "name"); + assert(File.nDestroyed == 1); + assert(file.name == null); + + auto rcFile2 = rcFile; + assert(rcFile.refCountedStore.refCount == 2); + assert(File.nDestroyed == 1); + } + + assert(File.nDestroyed == 2); +} + +// More unit tests below safeRefCounted diff --git a/libphobos/src/std/uni/package.d b/libphobos/src/std/uni/package.d index 8a032aa..81b949e 100644 --- a/libphobos/src/std/uni/package.d +++ b/libphobos/src/std/uni/package.d @@ -10193,16 +10193,7 @@ bool isAlpha(dchar c) // optimization if (c < 0xAA) { - size_t x = c - 'A'; - if (x <= 'Z' - 'A') - return true; - else - { - x = c - 'a'; - if (x <= 'z'-'a') - return true; - } - return false; + return ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z'); } return alphaTrie[c]; |