improve lifetime safety and add more gc branding, done by AI

Author: nickbclifford

crates/dotnet-value/src/layout.rs

@@ -116,7 +116,7 @@ impl LayoutManager {
             LayoutManager::Scalar(Scalar::ManagedPtr) => {
                 // ManagedPtr in memory is 16 bytes: (Owner ObjectRef, Offset).
                 // We need to trace the owner at offset 0.
-                let ptr_size = size_of::<usize>();
+                let ptr_size = ObjectRef::SIZE;
                 unsafe { ObjectRef::read_unchecked(&storage[0..ptr_size]) }.trace(cc);
             }
             LayoutManager::Field(f) => {
@@ -135,18 +135,19 @@ impl LayoutManager {
     pub fn resurrect<'gc>(
         &self,
         storage: &[u8],
-        fc: &gc_arena::Finalization<'gc>,
+        fc: &'gc gc_arena::Finalization<'gc>,
         visited: &mut HashSet<usize>,
     ) {
         match self {
             LayoutManager::Scalar(Scalar::ObjectRef) => {
-                unsafe { ObjectRef::read_unchecked(storage) }.resurrect(fc, visited);
+                unsafe { ObjectRef::read_branded(storage, fc) }.resurrect(fc, visited);
             }
             LayoutManager::Scalar(Scalar::ManagedPtr) => {
                 // ManagedPtr in memory is 16 bytes: (Owner ObjectRef, Offset).
                 // We need to resurrect the owner at offset 0.
                 let ptr_size = size_of::<usize>();
-                unsafe { ObjectRef::read_unchecked(&storage[0..ptr_size]) }.resurrect(fc, visited);
+                unsafe { ObjectRef::read_branded(&storage[0..ptr_size], fc) }
+                    .resurrect(fc, visited);
             }
             LayoutManager::Field(f) => {
                 for field in f.fields.values() {
@@ -266,7 +267,7 @@ impl FieldLayoutManager {
     pub fn resurrect<'gc>(
         &self,
         storage: &[u8],
-        fc: &gc_arena::Finalization<'gc>,
+        fc: &'gc gc_arena::Finalization<'gc>,
         visited: &mut HashSet<usize>,
     ) {
         for field in self.fields.values() {
@@ -310,7 +311,7 @@ impl ArrayLayoutManager {
     pub fn resurrect<'gc>(
         &self,
         storage: &[u8],
-        fc: &gc_arena::Finalization<'gc>,
+        fc: &'gc gc_arena::Finalization<'gc>,
         visited: &mut HashSet<usize>,
     ) {
         let elem_size = self.element_layout.size();

crates/dotnet-value/src/lib.rs

@@ -209,10 +209,9 @@ macro_rules! wrapping_arithmetic_op {
 
 impl<'gc> StackValue<'gc> {
     pub fn unmanaged_ptr(ptr: *mut u8) -> Self {
-        if ptr.is_null() {
-            Self::NativeInt(0)
-        } else {
-            Self::UnmanagedPtr(UnmanagedPtr(NonNull::new(ptr).unwrap()))
+        match NonNull::new(ptr) {
+            Some(p) => Self::UnmanagedPtr(UnmanagedPtr(p)),
+            None => Self::NativeInt(0),
         }
     }
     pub fn managed_ptr(ptr: *mut u8, target_type: TypeDescription, pinned: bool) -> Self {
@@ -288,10 +287,10 @@ impl<'gc> StackValue<'gc> {
         match self {
             Self::NativeInt(i) => *i as *mut u8,
             Self::UnmanagedPtr(UnmanagedPtr(p)) => p.as_ptr(),
-            Self::ManagedPtr(m) => m
-                .pointer()
-                .map(|p| p.as_ptr())
-                .unwrap_or(std::ptr::null_mut()),
+            Self::ManagedPtr(m) => match m.pointer() {
+                Some(p) => p.as_ptr(),
+                None => std::ptr::null_mut(),
+            },
             v => panic!("expected pointer on stack, received {:?}", v),
         }
     }
@@ -413,45 +412,44 @@ impl<'gc> StackValue<'gc> {
     /// Note: This uses `AtomicT::from_ptr` which is supported in recent Rust versions.
     /// Also, it does not ensure that the appropriate locks are held for the memory being accessed.
     pub unsafe fn load_atomic(ptr: *const u8, t: LoadType, ordering: AtomicOrdering) -> Self {
-        unsafe {
-            debug_assert!(!ptr.is_null(), "Attempted to load from a null pointer");
-            let alignment = load_type_alignment(t);
-            debug_assert!(
-                (ptr as usize).is_multiple_of(alignment),
-                "Attempted to load from an unaligned pointer {:?} for type {:?}",
-                ptr,
-                t
-            );
-
-            let size = match t {
-                LoadType::Int8 | LoadType::UInt8 => 1,
-                LoadType::Int16 | LoadType::UInt16 => 2,
-                LoadType::Int32 | LoadType::UInt32 | LoadType::Float32 => 4,
-                LoadType::Int64 | LoadType::Float64 => 8,
-                LoadType::IntPtr => size_of::<isize>(),
-                LoadType::Object => size_of::<usize>(),
-            };
-
-            let val = StandardAtomicAccess::load_atomic(ptr, size, ordering);
-
-            match t {
-                LoadType::Int8 => Self::Int32(val as i8 as i32),
-                LoadType::UInt8 => Self::Int32(val as u8 as i32),
-                LoadType::Int16 => Self::Int32(val as i16 as i32),
-                LoadType::UInt16 => Self::Int32(val as u16 as i32),
-                LoadType::Int32 | LoadType::UInt32 => Self::Int32(val as i32),
-                LoadType::Int64 => Self::Int64(val as i64),
-                LoadType::Float32 => Self::NativeFloat(f32::from_bits(val as u32) as f64),
-                LoadType::Float64 => Self::NativeFloat(f64::from_bits(val)),
-                LoadType::IntPtr => Self::NativeInt(val as isize),
-                LoadType::Object => {
-                    let ptr = val as usize as *const ThreadSafeLock<object::ObjectInner<'gc>>;
-                    if ptr.is_null() {
-                        Self::ObjectRef(ObjectRef(None))
-                    } else {
-                        Self::ObjectRef(ObjectRef(Some(Gc::from_ptr(ptr))))
-                    }
-                }
+        debug_assert!(!ptr.is_null(), "Attempted to load from a null pointer");
+        let alignment = load_type_alignment(t);
+        debug_assert!(
+            (ptr as usize).is_multiple_of(alignment),
+            "Attempted to load from an unaligned pointer {:?} for type {:?}",
+            ptr,
+            t
+        );
+
+        let size = match t {
+            LoadType::Int8 | LoadType::UInt8 => 1,
+            LoadType::Int16 | LoadType::UInt16 => 2,
+            LoadType::Int32 | LoadType::UInt32 | LoadType::Float32 => 4,
+            LoadType::Int64 | LoadType::Float64 => 8,
+            LoadType::IntPtr => size_of::<isize>(),
+            LoadType::Object => size_of::<usize>(),
+        };
+
+        let val = unsafe { StandardAtomicAccess::load_atomic(ptr, size, ordering) };
+
+        match t {
+            LoadType::Int8 => Self::Int32(val as i8 as i32),
+            LoadType::UInt8 => Self::Int32(val as u8 as i32),
+            LoadType::Int16 => Self::Int32(val as i16 as i32),
+            LoadType::UInt16 => Self::Int32(val as u16 as i32),
+            LoadType::Int32 | LoadType::UInt32 => Self::Int32(val as i32),
+            LoadType::Int64 => Self::Int64(val as i64),
+            LoadType::Float32 => Self::NativeFloat(f32::from_bits(val as u32) as f64),
+            LoadType::Float64 => Self::NativeFloat(f64::from_bits(val)),
+            LoadType::IntPtr => Self::NativeInt(val as isize),
+            LoadType::Object => {
+                let ptr = val as usize as *const ThreadSafeLock<object::ObjectInner<'gc>>;
+                let obj = if ptr.is_null() {
+                    None
+                } else {
+                    Some(unsafe { Gc::from_ptr(ptr) })
+                };
+                Self::ObjectRef(ObjectRef(obj))
             }
         }
     }
@@ -470,34 +468,34 @@ impl<'gc> StackValue<'gc> {
     /// Note: This uses `AtomicT::from_ptr` which is supported in recent Rust versions.
     /// Also, it does not ensure that the appropriate locks are held for the memory being accessed.
     pub unsafe fn store_atomic(self, ptr: *mut u8, t: StoreType, ordering: AtomicOrdering) {
-        unsafe {
-            debug_assert!(!ptr.is_null(), "Attempted to store to a null pointer");
-            let alignment = store_type_alignment(t);
-            debug_assert!(
-                (ptr as usize).is_multiple_of(alignment),
-                "Attempted to store to an unaligned pointer {:?} for type {:?}",
-                ptr,
-                t
-            );
-
-            let (val, size) = match t {
-                StoreType::Int8 => (self.as_i32() as u64, 1),
-                StoreType::Int16 => (self.as_i32() as u64, 2),
-                StoreType::Int32 => (self.as_i32() as u64, 4),
-                StoreType::Int64 => (self.as_i64() as u64, 8),
-                StoreType::Float32 => ((self.as_f64() as f32).to_bits() as u64, 4),
-                StoreType::Float64 => (self.as_f64().to_bits(), 8),
-                StoreType::IntPtr => (self.as_isize() as u64, size_of::<isize>()),
-                StoreType::Object => {
-                    let obj = self.as_object_ref();
-                    let val = match obj.0 {
-                        Some(h) => Gc::as_ptr(h) as usize,
-                        None => 0,
-                    };
-                    (val as u64, size_of::<usize>())
-                }
-            };
+        debug_assert!(!ptr.is_null(), "Attempted to store to a null pointer");
+        let alignment = store_type_alignment(t);
+        debug_assert!(
+            (ptr as usize).is_multiple_of(alignment),
+            "Attempted to store to an unaligned pointer {:?} for type {:?}",
+            ptr,
+            t
+        );
+
+        let (val, size) = match t {
+            StoreType::Int8 => (self.as_i32() as u64, 1),
+            StoreType::Int16 => (self.as_i32() as u64, 2),
+            StoreType::Int32 => (self.as_i32() as u64, 4),
+            StoreType::Int64 => (self.as_i64() as u64, 8),
+            StoreType::Float32 => ((self.as_f64() as f32).to_bits() as u64, 4),
+            StoreType::Float64 => (self.as_f64().to_bits(), 8),
+            StoreType::IntPtr => (self.as_isize() as u64, size_of::<isize>()),
+            StoreType::Object => {
+                let obj = self.as_object_ref();
+                let val = match obj.0 {
+                    Some(h) => Gc::as_ptr(h) as usize,
+                    None => 0,
+                };
+                (val as u64, size_of::<usize>())
+            }
+        };
 
+        unsafe {
             StandardAtomicAccess::store_atomic(ptr, size, val, ordering);
         }
     }

crates/dotnet-value/src/object.rs

@@ -132,7 +132,7 @@ impl Hash for ObjectRef<'_> {
 impl<'gc> ObjectRef<'gc> {
     pub const SIZE: usize = size_of::<ObjectRef>();
 
-    pub fn resurrect(&self, fc: &gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
+    pub fn resurrect(&self, fc: &'gc gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
         if let Some(handle) = self.0 {
             let ptr = Gc::as_ptr(handle) as usize;
             if visited.insert(ptr) {
@@ -363,7 +363,7 @@ impl<'gc> HeapStorage<'gc> {
         }
     }
 
-    pub fn resurrect(&self, fc: &gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
+    pub fn resurrect(&self, fc: &'gc gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
         match self {
             HeapStorage::Vec(v) => v.resurrect(fc, visited),
             HeapStorage::Obj(o) => o.resurrect(fc, visited),
@@ -436,7 +436,7 @@ impl<'gc> ValueType<'gc> {
         }
     }
 
-    pub fn resurrect(&self, fc: &gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
+    pub fn resurrect(&self, fc: &'gc gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
         match self {
             ValueType::Pointer(p) => p.resurrect(fc, visited),
             ValueType::Struct(o) => o.resurrect(fc, visited),
@@ -579,7 +579,7 @@ impl<'gc> Vector<'gc> {
         size_of::<Vector>() + self.storage.len() + (self.dims.len() * size_of::<usize>())
     }
 
-    pub fn resurrect(&self, fc: &gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
+    pub fn resurrect(&self, fc: &'gc gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
         self.layout.resurrect(&self.storage, fc, visited);
     }
 
@@ -674,7 +674,7 @@ impl<'gc> Object<'gc> {
         size_of::<Object>() + self.instance_storage.get().len()
     }
 
-    pub fn resurrect(&self, fc: &gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
+    pub fn resurrect(&self, fc: &'gc gc_arena::Finalization<'gc>, visited: &mut HashSet<usize>) {
         self.instance_storage.resurrect(fc, visited);
     }