+
+// Not Clone or Copy
+pub struct NoAlias {
+ _unsafe_to_construct: (),
+}
+
+#[derive(Copy)]
+pub struct Ptr<T> {
+ // invariant over T
+ ptr: NonZero<T>,
+}
+
+impl<T> Ptr<T> {
+ pub fn new(t: T) -> Self { .. }
+
+ /// SAFETY
+ ///
+ /// All copies of the returned `Ptr` become invalid
+ /// when the borrow of `t` ends.
+ /// No-one must use them after that.
+ ///
+ /// You must not call `deallocate` on the return value.
+ pub unsafe fn new_stack<'t>(
+ t: Pin<&'t mut T>,
+ ) -> Self { .. }
+
+ pub fn ref_(self, g: &'a NoAlias) -> &'a T { .. }
+
+ pub fn mut_(self, g: &'a NoAlias) -> &'a mut T {
+ // SAFETY
+ //
+ // 1.
+ ..
+ }
+
+ /// # SAFETY
+ ///
+ /// All copies of `self` will be invalidated.
+ ///
+ /// So either no copies may exist any longer,
+ /// or it is your responsibility to ensure
+ /// that none of them will be used.
+ ///
+ /// ("used" means passed to any method in this library).
+ ///
+ /// (The compiler will check that no borrows
+ pub unsafe fn free<'g: 'a>(self, : &'g mut NoAlias) { .. }
+}
+
+impl NoAlias {
+ /// # SAFETY
+ ///
+ /// You must ensure that there is only ever one
+ /// `NoAlias` within the whole program.
+ pub unsafe fn new() -> Self { .. }
+
+ pub fn scope(f: impl FnOnce(&mut NoAlias) -> R) -> R {
+ /// SAFETY
+ ///
+ /// `f` doesn't control the lifetime -
+ /// as far as it's concerned, is independent from any other
+ /// So it can't mix up *this* NoAlias with any other.
+ let g = unsafe { NoAlias::new() };
+ f(g)
+ }
+
+ pub fn multi_ref<'aa>(
+ &'aa mut self,
+ ref_: [
+
+ pub fn multi<'aa: 'a>(self, arena: &'aa mut NoAlias) -> &mut { .. }
+
pub fn add(left: u64, right: u64) -> u64 {
left + right
}
use super::*;
#[test]
- fn it_works() {
+ fn
let result = add(2, 2);
assert_eq!(result, 4);
}
~ian / manually-boxed / commitdiff