1 // Copyright 2012-2014 The Rust Project Developers. See the COPYRIGHT
2 // file at the top-level directory of this distribution and at
3 // http://rust-lang.org/COPYRIGHT.
5 // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
6 // http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
7 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
8 // option. This file may not be copied, modified, or distributed
9 // except according to those terms.
11 //! Shareable mutable containers.
13 //! Values of the `Cell<T>` and `RefCell<T>` types may be mutated through shared references (i.e.
14 //! the common `&T` type), whereas most Rust types can only be mutated through unique (`&mut T`)
15 //! references. We say that `Cell<T>` and `RefCell<T>` provide 'interior mutability', in contrast
16 //! with typical Rust types that exhibit 'inherited mutability'.
18 //! Cell types come in two flavors: `Cell<T>` and `RefCell<T>`. `Cell<T>` provides `get` and `set`
19 //! methods that change the interior value with a single method call. `Cell<T>` though is only
20 //! compatible with types that implement `Copy`. For other types, one must use the `RefCell<T>`
21 //! type, acquiring a write lock before mutating.
23 //! `RefCell<T>` uses Rust's lifetimes to implement 'dynamic borrowing', a process whereby one can
24 //! claim temporary, exclusive, mutable access to the inner value. Borrows for `RefCell<T>`s are
25 //! tracked 'at runtime', unlike Rust's native reference types which are entirely tracked
26 //! statically, at compile time. Because `RefCell<T>` borrows are dynamic it is possible to attempt
27 //! to borrow a value that is already mutably borrowed; when this happens it results in thread
30 //! # When to choose interior mutability
32 //! The more common inherited mutability, where one must have unique access to mutate a value, is
33 //! one of the key language elements that enables Rust to reason strongly about pointer aliasing,
34 //! statically preventing crash bugs. Because of that, inherited mutability is preferred, and
35 //! interior mutability is something of a last resort. Since cell types enable mutation where it
36 //! would otherwise be disallowed though, there are occasions when interior mutability might be
37 //! appropriate, or even *must* be used, e.g.
39 //! * Introducing mutability 'inside' of something immutable
40 //! * Implementation details of logically-immutable methods.
41 //! * Mutating implementations of `Clone`.
43 //! ## Introducing mutability 'inside' of something immutable
45 //! Many shared smart pointer types, including `Rc<T>` and `Arc<T>`, provide containers that can be
46 //! cloned and shared between multiple parties. Because the contained values may be
47 //! multiply-aliased, they can only be borrowed with `&`, not `&mut`. Without cells it would be
48 //! impossible to mutate data inside of these smart pointers at all.
50 //! It's very common then to put a `RefCell<T>` inside shared pointer types to reintroduce
54 //! use std::collections::HashMap;
55 //! use std::cell::RefCell;
59 //! let shared_map: Rc<RefCell<_>> = Rc::new(RefCell::new(HashMap::new()));
60 //! shared_map.borrow_mut().insert("africa", 92388);
61 //! shared_map.borrow_mut().insert("kyoto", 11837);
62 //! shared_map.borrow_mut().insert("piccadilly", 11826);
63 //! shared_map.borrow_mut().insert("marbles", 38);
67 //! Note that this example uses `Rc<T>` and not `Arc<T>`. `RefCell<T>`s are for single-threaded
68 //! scenarios. Consider using `RwLock<T>` or `Mutex<T>` if you need shared mutability in a
69 //! multi-threaded situation.
71 //! ## Implementation details of logically-immutable methods
73 //! Occasionally it may be desirable not to expose in an API that there is mutation happening
74 //! "under the hood". This may be because logically the operation is immutable, but e.g. caching
75 //! forces the implementation to perform mutation; or because you must employ mutation to implement
76 //! a trait method that was originally defined to take `&self`.
79 //! use std::cell::RefCell;
82 //! edges: Vec<(i32, i32)>,
83 //! span_tree_cache: RefCell<Option<Vec<(i32, i32)>>>
87 //! fn minimum_spanning_tree(&self) -> Vec<(i32, i32)> {
88 //! // Create a new scope to contain the lifetime of the
91 //! // Take a reference to the inside of cache cell
92 //! let mut cache = self.span_tree_cache.borrow_mut();
93 //! if cache.is_some() {
94 //! return cache.as_ref().unwrap().clone();
97 //! let span_tree = self.calc_span_tree();
98 //! *cache = Some(span_tree);
101 //! // Recursive call to return the just-cached value.
102 //! // Note that if we had not let the previous borrow
103 //! // of the cache fall out of scope then the subsequent
104 //! // recursive borrow would cause a dynamic thread panic.
105 //! // This is the major hazard of using `RefCell`.
106 //! self.minimum_spanning_tree()
108 //! # fn calc_span_tree(&self) -> Vec<(i32, i32)> { vec![] }
112 //! ## Mutating implementations of `Clone`
114 //! This is simply a special - but common - case of the previous: hiding mutability for operations
115 //! that appear to be immutable. The `clone` method is expected to not change the source value, and
116 //! is declared to take `&self`, not `&mut self`. Therefore any mutation that happens in the
117 //! `clone` method must use cell types. For example, `Rc<T>` maintains its reference counts within a
121 //! use std::cell::Cell;
124 //! ptr: *mut RcBox<T>
127 //! struct RcBox<T> {
129 //! refcount: Cell<usize>
132 //! impl<T> Clone for Rc<T> {
133 //! fn clone(&self) -> Rc<T> {
135 //! (*self.ptr).refcount.set((*self.ptr).refcount.get() + 1);
136 //! Rc { ptr: self.ptr }
143 #![stable(feature = "rust1", since = "1.0.0")]
146 use cmp::{PartialEq, Eq};
147 use default::Default;
148 use marker::{Copy, Send, Sync, Sized};
149 use ops::{Deref, DerefMut, Drop, FnOnce};
151 use option::Option::{None, Some};
153 /// A mutable memory location that admits only `Copy` data.
155 /// See the [module-level documentation](index.html) for more.
156 #[stable(feature = "rust1", since = "1.0.0")]
158 value: UnsafeCell<T>,
161 impl<T:Copy> Cell<T> {
162 /// Creates a new `Cell` containing the given value.
167 /// use std::cell::Cell;
169 /// let c = Cell::new(5);
171 #[stable(feature = "rust1", since = "1.0.0")]
173 pub const fn new(value: T) -> Cell<T> {
175 value: UnsafeCell::new(value),
179 /// Returns a copy of the contained value.
184 /// use std::cell::Cell;
186 /// let c = Cell::new(5);
188 /// let five = c.get();
191 #[stable(feature = "rust1", since = "1.0.0")]
192 pub fn get(&self) -> T {
193 unsafe{ *self.value.get() }
196 /// Sets the contained value.
201 /// use std::cell::Cell;
203 /// let c = Cell::new(5);
208 #[stable(feature = "rust1", since = "1.0.0")]
209 pub fn set(&self, value: T) {
211 *self.value.get() = value;
215 /// Returns a reference to the underlying `UnsafeCell`.
219 /// This function is `unsafe` because `UnsafeCell`'s field is public.
224 /// #![feature(as_unsafe_cell)]
226 /// use std::cell::Cell;
228 /// let c = Cell::new(5);
230 /// let uc = unsafe { c.as_unsafe_cell() };
233 #[unstable(feature = "as_unsafe_cell", issue = "27708")]
234 pub unsafe fn as_unsafe_cell(&self) -> &UnsafeCell<T> {
239 #[stable(feature = "rust1", since = "1.0.0")]
240 unsafe impl<T> Send for Cell<T> where T: Send {}
242 #[stable(feature = "rust1", since = "1.0.0")]
243 impl<T:Copy> Clone for Cell<T> {
245 fn clone(&self) -> Cell<T> {
246 Cell::new(self.get())
250 #[stable(feature = "rust1", since = "1.0.0")]
251 impl<T:Default + Copy> Default for Cell<T> {
252 #[stable(feature = "rust1", since = "1.0.0")]
254 fn default() -> Cell<T> {
255 Cell::new(Default::default())
259 #[stable(feature = "rust1", since = "1.0.0")]
260 impl<T:PartialEq + Copy> PartialEq for Cell<T> {
262 fn eq(&self, other: &Cell<T>) -> bool {
263 self.get() == other.get()
267 #[stable(feature = "cell_eq", since = "1.2.0")]
268 impl<T:Eq + Copy> Eq for Cell<T> {}
270 /// A mutable memory location with dynamically checked borrow rules
272 /// See the [module-level documentation](index.html) for more.
273 #[stable(feature = "rust1", since = "1.0.0")]
274 pub struct RefCell<T: ?Sized> {
275 borrow: Cell<BorrowFlag>,
276 value: UnsafeCell<T>,
279 /// An enumeration of values returned from the `state` method on a `RefCell<T>`.
280 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
281 #[unstable(feature = "borrow_state", issue = "27733")]
282 pub enum BorrowState {
283 /// The cell is currently being read, there is at least one active `borrow`.
285 /// The cell is currently being written to, there is an active `borrow_mut`.
287 /// There are no outstanding borrows on this cell.
291 // Values [1, MAX-1] represent the number of `Ref` active
292 // (will not outgrow its range since `usize` is the size of the address space)
293 type BorrowFlag = usize;
294 const UNUSED: BorrowFlag = 0;
295 const WRITING: BorrowFlag = !0;
298 /// Creates a new `RefCell` containing `value`.
303 /// use std::cell::RefCell;
305 /// let c = RefCell::new(5);
307 #[stable(feature = "rust1", since = "1.0.0")]
309 pub const fn new(value: T) -> RefCell<T> {
311 value: UnsafeCell::new(value),
312 borrow: Cell::new(UNUSED),
316 /// Consumes the `RefCell`, returning the wrapped value.
321 /// use std::cell::RefCell;
323 /// let c = RefCell::new(5);
325 /// let five = c.into_inner();
327 #[stable(feature = "rust1", since = "1.0.0")]
329 pub fn into_inner(self) -> T {
330 // Since this function takes `self` (the `RefCell`) by value, the
331 // compiler statically verifies that it is not currently borrowed.
332 // Therefore the following assertion is just a `debug_assert!`.
333 debug_assert!(self.borrow.get() == UNUSED);
334 unsafe { self.value.into_inner() }
338 impl<T: ?Sized> RefCell<T> {
339 /// Query the current state of this `RefCell`
341 /// The returned value can be dispatched on to determine if a call to
342 /// `borrow` or `borrow_mut` would succeed.
343 #[unstable(feature = "borrow_state", issue = "27733")]
345 pub fn borrow_state(&self) -> BorrowState {
346 match self.borrow.get() {
347 WRITING => BorrowState::Writing,
348 UNUSED => BorrowState::Unused,
349 _ => BorrowState::Reading,
353 /// Immutably borrows the wrapped value.
355 /// The borrow lasts until the returned `Ref` exits scope. Multiple
356 /// immutable borrows can be taken out at the same time.
360 /// Panics if the value is currently mutably borrowed.
365 /// use std::cell::RefCell;
367 /// let c = RefCell::new(5);
369 /// let borrowed_five = c.borrow();
370 /// let borrowed_five2 = c.borrow();
373 /// An example of panic:
376 /// use std::cell::RefCell;
379 /// let result = thread::spawn(move || {
380 /// let c = RefCell::new(5);
381 /// let m = c.borrow_mut();
383 /// let b = c.borrow(); // this causes a panic
386 /// assert!(result.is_err());
388 #[stable(feature = "rust1", since = "1.0.0")]
390 pub fn borrow(&self) -> Ref<T> {
391 match BorrowRef::new(&self.borrow) {
393 _value: unsafe { &*self.value.get() },
396 None => panic!("RefCell<T> already mutably borrowed"),
400 /// Mutably borrows the wrapped value.
402 /// The borrow lasts until the returned `RefMut` exits scope. The value
403 /// cannot be borrowed while this borrow is active.
407 /// Panics if the value is currently borrowed.
412 /// use std::cell::RefCell;
414 /// let c = RefCell::new(5);
416 /// let borrowed_five = c.borrow_mut();
419 /// An example of panic:
422 /// use std::cell::RefCell;
425 /// let result = thread::spawn(move || {
426 /// let c = RefCell::new(5);
427 /// let m = c.borrow();
429 /// let b = c.borrow_mut(); // this causes a panic
432 /// assert!(result.is_err());
434 #[stable(feature = "rust1", since = "1.0.0")]
436 pub fn borrow_mut(&self) -> RefMut<T> {
437 match BorrowRefMut::new(&self.borrow) {
439 _value: unsafe { &mut *self.value.get() },
442 None => panic!("RefCell<T> already borrowed"),
446 /// Returns a reference to the underlying `UnsafeCell`.
448 /// This can be used to circumvent `RefCell`'s safety checks.
450 /// This function is `unsafe` because `UnsafeCell`'s field is public.
452 #[unstable(feature = "as_unsafe_cell", issue = "27708")]
453 pub unsafe fn as_unsafe_cell(&self) -> &UnsafeCell<T> {
458 #[stable(feature = "rust1", since = "1.0.0")]
459 unsafe impl<T: ?Sized> Send for RefCell<T> where T: Send {}
461 #[stable(feature = "rust1", since = "1.0.0")]
462 impl<T: Clone> Clone for RefCell<T> {
464 fn clone(&self) -> RefCell<T> {
465 RefCell::new(self.borrow().clone())
469 #[stable(feature = "rust1", since = "1.0.0")]
470 impl<T:Default> Default for RefCell<T> {
471 #[stable(feature = "rust1", since = "1.0.0")]
473 fn default() -> RefCell<T> {
474 RefCell::new(Default::default())
478 #[stable(feature = "rust1", since = "1.0.0")]
479 impl<T: ?Sized + PartialEq> PartialEq for RefCell<T> {
481 fn eq(&self, other: &RefCell<T>) -> bool {
482 *self.borrow() == *other.borrow()
486 #[stable(feature = "cell_eq", since = "1.2.0")]
487 impl<T: ?Sized + Eq> Eq for RefCell<T> {}
489 struct BorrowRef<'b> {
490 _borrow: &'b Cell<BorrowFlag>,
493 impl<'b> BorrowRef<'b> {
495 fn new(borrow: &'b Cell<BorrowFlag>) -> Option<BorrowRef<'b>> {
500 Some(BorrowRef { _borrow: borrow })
506 impl<'b> Drop for BorrowRef<'b> {
509 let borrow = self._borrow.get();
510 debug_assert!(borrow != WRITING && borrow != UNUSED);
511 self._borrow.set(borrow - 1);
515 impl<'b> Clone for BorrowRef<'b> {
517 fn clone(&self) -> BorrowRef<'b> {
518 // Since this Ref exists, we know the borrow flag
519 // is not set to WRITING.
520 let borrow = self._borrow.get();
521 debug_assert!(borrow != WRITING && borrow != UNUSED);
522 self._borrow.set(borrow + 1);
523 BorrowRef { _borrow: self._borrow }
527 /// Wraps a borrowed reference to a value in a `RefCell` box.
528 /// A wrapper type for an immutably borrowed value from a `RefCell<T>`.
530 /// See the [module-level documentation](index.html) for more.
531 #[stable(feature = "rust1", since = "1.0.0")]
532 pub struct Ref<'b, T: ?Sized + 'b> {
533 // FIXME #12808: strange name to try to avoid interfering with
534 // field accesses of the contained type via Deref
536 _borrow: BorrowRef<'b>,
539 #[stable(feature = "rust1", since = "1.0.0")]
540 impl<'b, T: ?Sized> Deref for Ref<'b, T> {
544 fn deref(&self) -> &T {
549 impl<'b, T: ?Sized> Ref<'b, T> {
552 /// The `RefCell` is already immutably borrowed, so this cannot fail.
554 /// This is an associated function that needs to be used as
555 /// `Ref::clone(...)`. A `Clone` implementation or a method would interfere
556 /// with the widespread use of `r.borrow().clone()` to clone the contents of
558 #[unstable(feature = "cell_extras",
559 reason = "likely to be moved to a method, pending language changes",
562 pub fn clone(orig: &Ref<'b, T>) -> Ref<'b, T> {
565 _borrow: orig._borrow.clone(),
569 /// Make a new `Ref` for a component of the borrowed data.
571 /// The `RefCell` is already immutably borrowed, so this cannot fail.
573 /// This is an associated function that needs to be used as `Ref::map(...)`.
574 /// A method would interfere with methods of the same name on the contents
575 /// of a `RefCell` used through `Deref`.
580 /// #![feature(cell_extras)]
582 /// use std::cell::{RefCell, Ref};
584 /// let c = RefCell::new((5, 'b'));
585 /// let b1: Ref<(u32, char)> = c.borrow();
586 /// let b2: Ref<u32> = Ref::map(b1, |t| &t.0);
587 /// assert_eq!(*b2, 5)
589 #[unstable(feature = "cell_extras", reason = "recently added",
592 pub fn map<U: ?Sized, F>(orig: Ref<'b, T>, f: F) -> Ref<'b, U>
593 where F: FnOnce(&T) -> &U
596 _value: f(orig._value),
597 _borrow: orig._borrow,
601 /// Make a new `Ref` for an optional component of the borrowed data, e.g. an
604 /// The `RefCell` is already immutably borrowed, so this cannot fail.
606 /// This is an associated function that needs to be used as
607 /// `Ref::filter_map(...)`. A method would interfere with methods of the
608 /// same name on the contents of a `RefCell` used through `Deref`.
613 /// # #![feature(cell_extras)]
614 /// use std::cell::{RefCell, Ref};
616 /// let c = RefCell::new(Ok(5));
617 /// let b1: Ref<Result<u32, ()>> = c.borrow();
618 /// let b2: Ref<u32> = Ref::filter_map(b1, |o| o.as_ref().ok()).unwrap();
619 /// assert_eq!(*b2, 5)
621 #[unstable(feature = "cell_extras", reason = "recently added",
624 pub fn filter_map<U: ?Sized, F>(orig: Ref<'b, T>, f: F) -> Option<Ref<'b, U>>
625 where F: FnOnce(&T) -> Option<&U>
627 f(orig._value).map(move |new| Ref {
629 _borrow: orig._borrow,
634 impl<'b, T: ?Sized> RefMut<'b, T> {
635 /// Make a new `RefMut` for a component of the borrowed data, e.g. an enum
638 /// The `RefCell` is already mutably borrowed, so this cannot fail.
640 /// This is an associated function that needs to be used as
641 /// `RefMut::map(...)`. A method would interfere with methods of the same
642 /// name on the contents of a `RefCell` used through `Deref`.
647 /// # #![feature(cell_extras)]
648 /// use std::cell::{RefCell, RefMut};
650 /// let c = RefCell::new((5, 'b'));
652 /// let b1: RefMut<(u32, char)> = c.borrow_mut();
653 /// let mut b2: RefMut<u32> = RefMut::map(b1, |t| &mut t.0);
654 /// assert_eq!(*b2, 5);
657 /// assert_eq!(*c.borrow(), (42, 'b'));
659 #[unstable(feature = "cell_extras", reason = "recently added",
662 pub fn map<U: ?Sized, F>(orig: RefMut<'b, T>, f: F) -> RefMut<'b, U>
663 where F: FnOnce(&mut T) -> &mut U
666 _value: f(orig._value),
667 _borrow: orig._borrow,
671 /// Make a new `RefMut` for an optional component of the borrowed data, e.g.
674 /// The `RefCell` is already mutably borrowed, so this cannot fail.
676 /// This is an associated function that needs to be used as
677 /// `RefMut::filter_map(...)`. A method would interfere with methods of the
678 /// same name on the contents of a `RefCell` used through `Deref`.
683 /// # #![feature(cell_extras)]
684 /// use std::cell::{RefCell, RefMut};
686 /// let c = RefCell::new(Ok(5));
688 /// let b1: RefMut<Result<u32, ()>> = c.borrow_mut();
689 /// let mut b2: RefMut<u32> = RefMut::filter_map(b1, |o| {
692 /// assert_eq!(*b2, 5);
695 /// assert_eq!(*c.borrow(), Ok(42));
697 #[unstable(feature = "cell_extras", reason = "recently added",
700 pub fn filter_map<U: ?Sized, F>(orig: RefMut<'b, T>, f: F) -> Option<RefMut<'b, U>>
701 where F: FnOnce(&mut T) -> Option<&mut U>
703 let RefMut { _value, _borrow } = orig;
704 f(_value).map(move |new| RefMut {
711 struct BorrowRefMut<'b> {
712 _borrow: &'b Cell<BorrowFlag>,
715 impl<'b> Drop for BorrowRefMut<'b> {
718 let borrow = self._borrow.get();
719 debug_assert!(borrow == WRITING);
720 self._borrow.set(UNUSED);
724 impl<'b> BorrowRefMut<'b> {
726 fn new(borrow: &'b Cell<BorrowFlag>) -> Option<BorrowRefMut<'b>> {
730 Some(BorrowRefMut { _borrow: borrow })
737 /// A wrapper type for a mutably borrowed value from a `RefCell<T>`.
739 /// See the [module-level documentation](index.html) for more.
740 #[stable(feature = "rust1", since = "1.0.0")]
741 pub struct RefMut<'b, T: ?Sized + 'b> {
742 // FIXME #12808: strange name to try to avoid interfering with
743 // field accesses of the contained type via Deref
745 _borrow: BorrowRefMut<'b>,
748 #[stable(feature = "rust1", since = "1.0.0")]
749 impl<'b, T: ?Sized> Deref for RefMut<'b, T> {
753 fn deref(&self) -> &T {
758 #[stable(feature = "rust1", since = "1.0.0")]
759 impl<'b, T: ?Sized> DerefMut for RefMut<'b, T> {
761 fn deref_mut(&mut self) -> &mut T {
766 /// The core primitive for interior mutability in Rust.
768 /// `UnsafeCell<T>` is a type that wraps some `T` and indicates unsafe interior operations on the
769 /// wrapped type. Types with an `UnsafeCell<T>` field are considered to have an 'unsafe interior'.
770 /// The `UnsafeCell<T>` type is the only legal way to obtain aliasable data that is considered
771 /// mutable. In general, transmuting an `&T` type into an `&mut T` is considered undefined behavior.
773 /// Types like `Cell<T>` and `RefCell<T>` use this type to wrap their internal data.
778 /// use std::cell::UnsafeCell;
779 /// use std::marker::Sync;
781 /// struct NotThreadSafe<T> {
782 /// value: UnsafeCell<T>,
785 /// unsafe impl<T> Sync for NotThreadSafe<T> {}
787 #[lang = "unsafe_cell"]
788 #[stable(feature = "rust1", since = "1.0.0")]
789 pub struct UnsafeCell<T: ?Sized> {
793 impl<T: ?Sized> !Sync for UnsafeCell<T> {}
795 impl<T> UnsafeCell<T> {
796 /// Constructs a new instance of `UnsafeCell` which will wrap the specified
799 /// All access to the inner value through methods is `unsafe`.
804 /// use std::cell::UnsafeCell;
806 /// let uc = UnsafeCell::new(5);
808 #[stable(feature = "rust1", since = "1.0.0")]
810 pub const fn new(value: T) -> UnsafeCell<T> {
811 UnsafeCell { value: value }
814 /// Unwraps the value.
818 /// This function is unsafe because this thread or another thread may currently be
819 /// inspecting the inner value.
824 /// use std::cell::UnsafeCell;
826 /// let uc = UnsafeCell::new(5);
828 /// let five = unsafe { uc.into_inner() };
831 #[stable(feature = "rust1", since = "1.0.0")]
832 pub unsafe fn into_inner(self) -> T {
837 impl<T: ?Sized> UnsafeCell<T> {
838 /// Gets a mutable pointer to the wrapped value.
843 /// use std::cell::UnsafeCell;
845 /// let uc = UnsafeCell::new(5);
847 /// let five = uc.get();
850 #[stable(feature = "rust1", since = "1.0.0")]
851 pub fn get(&self) -> *mut T {
852 &self.value as *const T as *mut T