diff --git a/Cargo.lock b/Cargo.lock index 720fc934a297d2..0060a6b0a9a8a5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4736,6 +4736,7 @@ dependencies = [ "byteorder", "libsecp256k1", "log", + "memoffset 0.8.0", "rand 0.7.3", "solana-measure", "solana-metrics", diff --git a/program-runtime/src/invoke_context.rs b/program-runtime/src/invoke_context.rs index 86c740585ba22a..8dd4c17952d760 100644 --- a/program-runtime/src/invoke_context.rs +++ b/program-runtime/src/invoke_context.rs @@ -20,11 +20,12 @@ use { cap_accounts_data_len, enable_early_verification_of_account_modifications, FeatureSet, }, hash::Hash, - instruction::{AccountMeta, Instruction, InstructionError}, + instruction::{AccountMeta, InstructionError}, native_loader, pubkey::Pubkey, rent::Rent, saturating_add_assign, + stable_layout::stable_instruction::StableInstruction, transaction_context::{InstructionAccount, TransactionAccount, TransactionContext}, }, std::{ @@ -563,7 +564,7 @@ impl<'a> InvokeContext<'a> { /// Entrypoint for a cross-program invocation from a builtin program pub fn native_invoke( &mut self, - instruction: Instruction, + instruction: StableInstruction, signers: &[Pubkey], ) -> Result<(), InstructionError> { let (instruction_accounts, program_indices) = @@ -583,7 +584,7 @@ impl<'a> InvokeContext<'a> { #[allow(clippy::type_complexity)] pub fn prepare_instruction( &mut self, - instruction: &Instruction, + instruction: &StableInstruction, signers: &[Pubkey], ) -> Result<(Vec, Vec), InstructionError> { // Finds the index of each account in the instruction by its pubkey. @@ -1111,7 +1112,7 @@ mod tests { super::*, crate::compute_budget, serde::{Deserialize, Serialize}, - solana_sdk::account::WritableAccount, + solana_sdk::{account::WritableAccount, instruction::Instruction}, }; #[derive(Debug, Serialize, Deserialize)] @@ -1231,7 +1232,7 @@ mod tests { assert_eq!(result, Err(InstructionError::UnbalancedInstruction)); result?; invoke_context - .native_invoke(inner_instruction, &[]) + .native_invoke(inner_instruction.into(), &[]) .and(invoke_context.pop())?; } MockInstruction::UnbalancedPop => instruction_context @@ -1384,7 +1385,7 @@ mod tests { let inner_instruction = Instruction::new_with_bincode(callee_program_id, &case.0, metas.clone()); let result = invoke_context - .native_invoke(inner_instruction, &[]) + .native_invoke(inner_instruction.into(), &[]) .and(invoke_context.pop()); assert_eq!(result, case.1); } @@ -1404,6 +1405,7 @@ mod tests { }, metas.clone(), ); + let inner_instruction = StableInstruction::from(inner_instruction); let (inner_instruction_accounts, program_indices) = invoke_context .prepare_instruction(&inner_instruction, &[]) .unwrap(); diff --git a/program-test/src/lib.rs b/program-test/src/lib.rs index fe9eba15a84df5..0968417c08ca34 100644 --- a/program-test/src/lib.rs +++ b/program-test/src/lib.rs @@ -37,6 +37,7 @@ use { pubkey::Pubkey, rent::Rent, signature::{Keypair, Signer}, + stable_layout::stable_instruction::StableInstruction, sysvar::{Sysvar, SysvarId}, }, solana_vote_program::vote_state::{VoteState, VoteStateVersions}, @@ -226,6 +227,7 @@ impl solana_sdk::program_stubs::SyscallStubs for SyscallStubs { account_infos: &[AccountInfo], signers_seeds: &[&[&[u8]]], ) -> ProgramResult { + let instruction = StableInstruction::from(instruction.clone()); let invoke_context = get_invoke_context(); let log_collector = invoke_context.get_log_collector(); let transaction_context = &invoke_context.transaction_context; @@ -248,7 +250,7 @@ impl solana_sdk::program_stubs::SyscallStubs for SyscallStubs { .collect::>(); let (instruction_accounts, program_indices) = invoke_context - .prepare_instruction(instruction, &signers) + .prepare_instruction(&instruction, &signers) .unwrap(); // Copy caller's account_info modifications into invoke_context accounts diff --git a/programs/address-lookup-table/src/processor.rs b/programs/address-lookup-table/src/processor.rs index 39d36b988c1ae1..fb73f1b8915cbe 100644 --- a/programs/address-lookup-table/src/processor.rs +++ b/programs/address-lookup-table/src/processor.rs @@ -125,18 +125,18 @@ impl Processor { if required_lamports > 0 { invoke_context.native_invoke( - system_instruction::transfer(&payer_key, &table_key, required_lamports), + system_instruction::transfer(&payer_key, &table_key, required_lamports).into(), &[payer_key], )?; } invoke_context.native_invoke( - system_instruction::allocate(&table_key, table_account_data_len as u64), + system_instruction::allocate(&table_key, table_account_data_len as u64).into(), &[table_key], )?; invoke_context.native_invoke( - system_instruction::assign(&table_key, &crate::id()), + system_instruction::assign(&table_key, &crate::id()).into(), &[table_key], )?; @@ -313,7 +313,7 @@ impl Processor { drop(payer_account); invoke_context.native_invoke( - system_instruction::transfer(&payer_key, &table_key, required_lamports), + system_instruction::transfer(&payer_key, &table_key, required_lamports).into(), &[payer_key], )?; } diff --git a/programs/bpf_loader/Cargo.toml b/programs/bpf_loader/Cargo.toml index 45b79811fd3872..074b81f1fa6688 100644 --- a/programs/bpf_loader/Cargo.toml +++ b/programs/bpf_loader/Cargo.toml @@ -23,6 +23,7 @@ solana_rbpf = "=0.2.31" thiserror = "1.0" [dev-dependencies] +memoffset = "0.8" rand = "0.7.3" solana-runtime = { path = "../../runtime", version = "=1.14.24" } diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs index bcf7776cc2f6ac..a3e6667f482a94 100644 --- a/programs/bpf_loader/src/lib.rs +++ b/programs/bpf_loader/src/lib.rs @@ -652,7 +652,7 @@ fn process_loader_upgradeable_instruction( .iter() .map(|seeds| Pubkey::create_program_address(*seeds, caller_program_id)) .collect::, solana_sdk::pubkey::PubkeyError>>()?; - invoke_context.native_invoke(instruction, signers.as_slice())?; + invoke_context.native_invoke(instruction.into(), signers.as_slice())?; // Load and verify the program bits let executor = create_executor( @@ -1146,7 +1146,8 @@ fn process_loader_upgradeable_instruction( )?; invoke_context.native_invoke( - system_instruction::transfer(&payer_key, &programdata_key, required_payment), + system_instruction::transfer(&payer_key, &programdata_key, required_payment) + .into(), &[], )?; } diff --git a/programs/bpf_loader/src/syscalls/cpi.rs b/programs/bpf_loader/src/syscalls/cpi.rs index bf65d47d0402d3..f5ed05c37f1b83 100644 --- a/programs/bpf_loader/src/syscalls/cpi.rs +++ b/programs/bpf_loader/src/syscalls/cpi.rs @@ -3,6 +3,7 @@ use { crate::declare_syscall, solana_sdk::syscalls::{ MAX_CPI_ACCOUNT_INFOS, MAX_CPI_INSTRUCTION_ACCOUNTS, MAX_CPI_INSTRUCTION_DATA_LEN, + stable_layout::stable_instruction::StableInstruction, }, }; @@ -27,7 +28,7 @@ trait SyscallInvokeSigned<'a, 'b> { addr: u64, memory_mapping: &mut MemoryMapping, invoke_context: &mut InvokeContext, - ) -> Result>; + ) -> Result>; fn translate_accounts<'c>( &'c self, instruction_accounts: &[InstructionAccount], @@ -84,7 +85,7 @@ impl<'a, 'b> SyscallInvokeSigned<'a, 'b> for SyscallInvokeSignedRust<'a, 'b> { addr: u64, memory_mapping: &mut MemoryMapping, invoke_context: &mut InvokeContext, - ) -> Result> { + ) -> Result> { let ix = translate_type::( memory_mapping, addr, @@ -121,10 +122,11 @@ impl<'a, 'b> SyscallInvokeSigned<'a, 'b> for SyscallInvokeSignedRust<'a, 'b> { invoke_context.get_check_size(), )? .to_vec(); - Ok(Instruction { + + Ok(StableInstruction { + accounts: accounts.into(), + data: data.into(), program_id: ix.program_id, - accounts, - data, }) } @@ -394,7 +396,7 @@ impl<'a, 'b> SyscallInvokeSigned<'a, 'b> for SyscallInvokeSignedC<'a, 'b> { addr: u64, memory_mapping: &mut MemoryMapping, invoke_context: &mut InvokeContext, - ) -> Result> { + ) -> Result> { let ix_c = translate_type::( memory_mapping, addr, @@ -454,10 +456,10 @@ impl<'a, 'b> SyscallInvokeSigned<'a, 'b> for SyscallInvokeSignedC<'a, 'b> { }) .collect::, EbpfError>>()?; - Ok(Instruction { + Ok(StableInstruction { + accounts: accounts.into(), + data: data.into(), program_id: *program_id, - accounts, - data, }) } diff --git a/programs/bpf_loader/src/syscalls/mod.rs b/programs/bpf_loader/src/syscalls/mod.rs index a012813bbbba5c..36f479da78ccca 100644 --- a/programs/bpf_loader/src/syscalls/mod.rs +++ b/programs/bpf_loader/src/syscalls/mod.rs @@ -41,7 +41,7 @@ use { }, hash::{Hasher, HASH_BYTES}, instruction::{ - AccountMeta, Instruction, InstructionError, ProcessedSiblingInstruction, + AccountMeta, InstructionError, ProcessedSiblingInstruction, TRANSACTION_LEVEL_STACK_HEIGHT, }, keccak, native_loader, @@ -2073,7 +2073,9 @@ mod tests { bpf_loader, fee_calculator::FeeCalculator, hash::hashv, + instruction::Instruction, program::check_type_assumptions, + stable_layout::stable_instruction::StableInstruction, sysvar::{clock::Clock, epoch_schedule::EpochSchedule, rent::Rent}, transaction_context::TransactionContext, }, @@ -2191,11 +2193,12 @@ mod tests { &"foobar", vec![AccountMeta::new(solana_sdk::pubkey::new_rand(), false)], ); + let instruction = StableInstruction::from(instruction); let addr = &instruction as *const _ as u64; let mut memory_region = MemoryRegion { host_addr: addr, vm_addr: 0x100000000, - len: std::mem::size_of::() as u64, + len: std::mem::size_of::() as u64, vm_gap_shift: 63, is_writable: false, }; @@ -2205,13 +2208,13 @@ mod tests { ) .unwrap(); let translated_instruction = - translate_type::(&memory_mapping, 0x100000000, true).unwrap(); + translate_type::(&memory_mapping, 0x100000000, true).unwrap(); assert_eq!(instruction, *translated_instruction); memory_region.len = 1; memory_mapping .replace_region::(1, memory_region) .unwrap(); - assert!(translate_type::(&memory_mapping, 0x100000000, true).is_err()); + assert!(translate_type::(&memory_mapping, 0x100000000, true).is_err()); } #[test] diff --git a/sdk/program/src/lib.rs b/sdk/program/src/lib.rs index e224f2abd4248e..2d3e2ce1a0a324 100644 --- a/sdk/program/src/lib.rs +++ b/sdk/program/src/lib.rs @@ -602,6 +602,7 @@ pub mod serialize_utils; pub mod short_vec; pub mod slot_hashes; pub mod slot_history; +pub mod stable_layout; pub mod stake; pub mod stake_history; pub mod syscalls; diff --git a/sdk/program/src/program.rs b/sdk/program/src/program.rs index d9de4188342025..424a388b5220a3 100644 --- a/sdk/program/src/program.rs +++ b/sdk/program/src/program.rs @@ -10,6 +10,7 @@ use crate::{ account_info::AccountInfo, entrypoint::ProgramResult, instruction::Instruction, pubkey::Pubkey, + stable_layout::stable_instruction::StableInstruction, }; /// Invoke a cross-program instruction. @@ -290,9 +291,10 @@ pub fn invoke_signed_unchecked( ) -> ProgramResult { #[cfg(target_os = "solana")] { + let instruction = StableInstruction::from(instruction.clone()); let result = unsafe { crate::syscalls::sol_invoke_signed_rust( - instruction as *const _ as *const u8, + &instruction as *const _ as *const u8, account_infos as *const _ as *const u8, account_infos.len() as u64, signers_seeds as *const _ as *const u8, @@ -430,17 +432,18 @@ pub fn check_type_assumptions() { accounts: vec![account_meta1.clone(), account_meta2.clone()], data: data.clone(), }; + let instruction = StableInstruction::from(instruction); let instruction_addr = &instruction as *const _ as u64; // program id - assert_eq!(offset_of!(Instruction, program_id), 48); + assert_eq!(offset_of!(StableInstruction, program_id), 48); let pubkey_ptr = (instruction_addr + 48) as *const Pubkey; unsafe { assert_eq!(*pubkey_ptr, pubkey1); } // accounts - assert_eq!(offset_of!(Instruction, accounts), 0); + assert_eq!(offset_of!(StableInstruction, accounts), 0); let accounts_ptr = (instruction_addr) as *const *const AccountMeta; let accounts_cap = (instruction_addr + 8) as *const usize; let accounts_len = (instruction_addr + 16) as *const usize; @@ -453,7 +456,7 @@ pub fn check_type_assumptions() { } // data - assert_eq!(offset_of!(Instruction, data), 24); + assert_eq!(offset_of!(StableInstruction, data), 24); let data_ptr = (instruction_addr + 24) as *const *const [u8; 5]; let data_cap = (instruction_addr + 24 + 8) as *const usize; let data_len = (instruction_addr + 24 + 16) as *const usize; diff --git a/sdk/program/src/stable_layout.rs b/sdk/program/src/stable_layout.rs new file mode 100644 index 00000000000000..37d3d8bf20ccb5 --- /dev/null +++ b/sdk/program/src/stable_layout.rs @@ -0,0 +1,10 @@ +#![doc(hidden)] +//! Types with stable memory layouts +//! +//! Internal use only; here be dragons! + +pub mod stable_instruction; +pub mod stable_rc; +pub mod stable_ref_cell; +pub mod stable_slice; +pub mod stable_vec; diff --git a/sdk/program/src/stable_layout/stable_instruction.rs b/sdk/program/src/stable_layout/stable_instruction.rs new file mode 100644 index 00000000000000..e01bd37477b5f7 --- /dev/null +++ b/sdk/program/src/stable_layout/stable_instruction.rs @@ -0,0 +1,96 @@ +//! `Instruction`, with a stable memory layout + +use { + crate::{ + instruction::{AccountMeta, Instruction}, + pubkey::Pubkey, + stable_layout::stable_vec::StableVec, + }, + std::fmt::Debug, +}; + +/// `Instruction`, with a stable memory layout +/// +/// This is used within the runtime to ensure memory mapping and memory accesses are valid. We +/// rely on known addresses and offsets within the runtime, and since `Instruction`'s layout is +/// allowed to change, we must provide a way to lock down the memory layout. `StableInstruction` +/// reimplements the bare minimum of `Instruction`'s API sufficient only for the runtime's needs. +/// +/// # Examples +/// +/// Creating a `StableInstruction` from an `Instruction` +/// +/// ``` +/// # use solana_program::{instruction::Instruction, pubkey::Pubkey, stable_layout::stable_instruction::StableInstruction}; +/// # let program_id = Pubkey::default(); +/// # let accounts = Vec::default(); +/// # let data = Vec::default(); +/// let instruction = Instruction { program_id, accounts, data }; +/// let instruction = StableInstruction::from(instruction); +/// ``` +#[derive(Debug, PartialEq)] +#[repr(C)] +pub struct StableInstruction { + pub accounts: StableVec, + pub data: StableVec, + pub program_id: Pubkey, +} + +impl From for StableInstruction { + fn from(other: Instruction) -> Self { + Self { + accounts: other.accounts.into(), + data: other.data.into(), + program_id: other.program_id, + } + } +} + +#[cfg(test)] +mod tests { + use { + super::*, + memoffset::offset_of, + std::mem::{align_of, size_of}, + }; + + #[test] + fn test_memory_layout() { + assert_eq!(offset_of!(StableInstruction, accounts), 0); + assert_eq!(offset_of!(StableInstruction, data), 24); + assert_eq!(offset_of!(StableInstruction, program_id), 48); + assert_eq!(align_of::(), 8); + assert_eq!(size_of::(), 24 + 24 + 32); + + let program_id = Pubkey::new_unique(); + let account_meta1 = AccountMeta { + pubkey: Pubkey::new_unique(), + is_signer: true, + is_writable: false, + }; + let account_meta2 = AccountMeta { + pubkey: Pubkey::new_unique(), + is_signer: false, + is_writable: true, + }; + let accounts = vec![account_meta1, account_meta2]; + let data = vec![1, 2, 3, 4, 5]; + let instruction = Instruction { + program_id, + accounts: accounts.clone(), + data: data.clone(), + }; + let instruction = StableInstruction::from(instruction); + + let instruction_addr = &instruction as *const _ as u64; + + let accounts_ptr = instruction_addr as *const StableVec; + assert_eq!(unsafe { &*accounts_ptr }, &accounts); + + let data_ptr = (instruction_addr + 24) as *const StableVec; + assert_eq!(unsafe { &*data_ptr }, &data); + + let pubkey_ptr = (instruction_addr + 48) as *const Pubkey; + assert_eq!(unsafe { *pubkey_ptr }, program_id); + } +} diff --git a/sdk/program/src/stable_layout/stable_rc.rs b/sdk/program/src/stable_layout/stable_rc.rs new file mode 100644 index 00000000000000..5865eda3e8c700 --- /dev/null +++ b/sdk/program/src/stable_layout/stable_rc.rs @@ -0,0 +1,29 @@ +//! Ensure Rc has a stable memory layout + +#[cfg(test)] +mod tests { + use std::{ + mem::{align_of, size_of}, + rc::Rc, + }; + + #[test] + fn test_memory_layout() { + assert_eq!(align_of::>(), 8); + assert_eq!(size_of::>(), 8); + + let value = 42; + let rc = Rc::new(value); + let _rc2 = Rc::clone(&rc); // used to increment strong count + + let addr_rc = &rc as *const _ as usize; + let addr_ptr = addr_rc; + let addr_rcbox = unsafe { *(addr_ptr as *const *const i32) } as usize; + let addr_strong = addr_rcbox; + let addr_weak = addr_rcbox + 8; + let addr_value = addr_rcbox + 16; + assert_eq!(unsafe { *(addr_strong as *const usize) }, 2); + assert_eq!(unsafe { *(addr_weak as *const usize) }, 1); + assert_eq!(unsafe { *(addr_value as *const i32) }, 42); + } +} diff --git a/sdk/program/src/stable_layout/stable_ref_cell.rs b/sdk/program/src/stable_layout/stable_ref_cell.rs new file mode 100644 index 00000000000000..c5741acac0bf9d --- /dev/null +++ b/sdk/program/src/stable_layout/stable_ref_cell.rs @@ -0,0 +1,25 @@ +//! Ensure RefCell has a stable layout + +#[cfg(test)] +mod tests { + use std::{ + cell::RefCell, + mem::{align_of, size_of}, + }; + + #[test] + fn test_memory_layout() { + assert_eq!(align_of::>(), 8); + assert_eq!(size_of::>(), 8 + 4 + /* padding */4); + + let value = 42; + let refcell = RefCell::new(value); + let _borrow = refcell.borrow(); // used to increment borrow count + + let addr_refcell = &refcell as *const _ as usize; + let addr_borrow = addr_refcell; + let addr_value = addr_refcell + 8; + assert_eq!(unsafe { *(addr_borrow as *const isize) }, 1); + assert_eq!(unsafe { *(addr_value as *const i32) }, 42); + } +} diff --git a/sdk/program/src/stable_layout/stable_slice.rs b/sdk/program/src/stable_layout/stable_slice.rs new file mode 100644 index 00000000000000..55b9dca1515f46 --- /dev/null +++ b/sdk/program/src/stable_layout/stable_slice.rs @@ -0,0 +1,27 @@ +//! Ensure slice has a stable memory layout + +#[cfg(test)] +mod tests { + use std::mem::{align_of, size_of}; + + #[test] + fn test_memory_layout() { + assert_eq!(align_of::<&[i32]>(), 8); + assert_eq!(size_of::<&[i32]>(), /*ptr*/ 8 + /*len*/8); + + let array = [11, 22, 33, 44, 55]; + let slice = array.as_slice(); + + let addr_slice = &slice as *const _ as usize; + let addr_ptr = addr_slice; + let addr_len = addr_slice + 8; + assert_eq!(unsafe { *(addr_len as *const usize) }, 5); + + let ptr_data = addr_ptr as *const *const i32; + assert_eq!(unsafe { *((*ptr_data).offset(0)) }, 11); + assert_eq!(unsafe { *((*ptr_data).offset(1)) }, 22); + assert_eq!(unsafe { *((*ptr_data).offset(2)) }, 33); + assert_eq!(unsafe { *((*ptr_data).offset(3)) }, 44); + assert_eq!(unsafe { *((*ptr_data).offset(4)) }, 55); + } +} diff --git a/sdk/program/src/stable_layout/stable_vec.rs b/sdk/program/src/stable_layout/stable_vec.rs new file mode 100644 index 00000000000000..5322520859a172 --- /dev/null +++ b/sdk/program/src/stable_layout/stable_vec.rs @@ -0,0 +1,181 @@ +//! `Vec`, with a stable memory layout + +use std::{marker::PhantomData, mem::ManuallyDrop, ptr::NonNull}; + +/// `Vec`, with a stable memory layout +/// +/// This container is used within the runtime to ensure memory mapping and memory accesses are +/// valid. We rely on known addresses and offsets within the runtime, and since `Vec`'s layout +/// is allowed to change, we must provide a way to lock down the memory layout. `StableVec` +/// reimplements the bare minimum of `Vec`'s API sufficient only for the runtime's needs. +/// +/// To ensure memory allocation and deallocation is handled correctly, it is only possible to +/// create a new `StableVec` from an existing `Vec`. This way we ensure all Rust invariants are +/// upheld. +/// +/// # Examples +/// +/// Creating a `StableVec` from a `Vec` +/// +/// ``` +/// # use solana_program::stable_layout::stable_vec::StableVec; +/// let vec = vec!["meow", "woof", "moo"]; +/// let vec = StableVec::from(vec); +/// ``` +#[repr(C)] +pub struct StableVec { + pub ptr: NonNull, + pub cap: usize, + pub len: usize, + _marker: PhantomData, +} + +impl StableVec { + #[inline] + pub fn as_ptr(&self) -> *const T { + // We shadow the slice method of the same name to avoid going through + // `deref`, which creates an intermediate reference. + self.ptr.as_ptr() + } + + #[inline] + pub fn as_mut_ptr(&mut self) -> *mut T { + // We shadow the slice method of the same name to avoid going through + // `deref_mut`, which creates an intermediate reference. + self.ptr.as_ptr() + } +} + +impl AsRef<[T]> for StableVec { + fn as_ref(&self) -> &[T] { + self + } +} + +impl AsMut<[T]> for StableVec { + fn as_mut(&mut self) -> &mut [T] { + self + } +} + +impl std::ops::Deref for StableVec { + type Target = [T]; + + #[inline] + fn deref(&self) -> &[T] { + unsafe { core::slice::from_raw_parts(self.as_ptr(), self.len) } + } +} + +impl std::ops::DerefMut for StableVec { + #[inline] + fn deref_mut(&mut self) -> &mut [T] { + unsafe { core::slice::from_raw_parts_mut(self.as_mut_ptr(), self.len) } + } +} + +impl std::fmt::Debug for StableVec { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + std::fmt::Debug::fmt(&**self, f) + } +} + +macro_rules! impl_partial_eq { + ([$($vars:tt)*] $lhs:ty, $rhs:ty) => { + impl PartialEq<$rhs> for $lhs + where + T: PartialEq, + { + #[inline] + fn eq(&self, other: &$rhs) -> bool { self[..] == other[..] } + } + } +} +impl_partial_eq! { [] StableVec, StableVec } +impl_partial_eq! { [] StableVec, Vec } +impl_partial_eq! { [] Vec, StableVec } +impl_partial_eq! { [] StableVec, &[U] } +impl_partial_eq! { [] StableVec, &mut [U] } +impl_partial_eq! { [] &[T], StableVec } +impl_partial_eq! { [] &mut [T], StableVec } +impl_partial_eq! { [] StableVec, [U] } +impl_partial_eq! { [] [T], StableVec } +impl_partial_eq! { [const N: usize] StableVec, [U; N] } +impl_partial_eq! { [const N: usize] StableVec, &[U; N] } + +impl From> for StableVec { + fn from(other: Vec) -> Self { + // NOTE: This impl is basically copied from `Vec::into_raw_parts()`. Once that fn is + // stabilized, use it here. + // + // We are going to pilfer `other`'s guts, and we don't want it to be dropped when it goes + // out of scope. + let mut other = ManuallyDrop::new(other); + Self { + // SAFETY: We have a valid Vec, so its ptr is non-null. + ptr: unsafe { NonNull::new_unchecked(other.as_mut_ptr()) }, + cap: other.capacity(), + len: other.len(), + _marker: PhantomData, + } + } +} + +impl From> for Vec { + fn from(other: StableVec) -> Self { + // We are going to pilfer `other`'s guts, and we don't want it to be dropped when it goes + // out of scope. + let other = ManuallyDrop::new(other); + // SAFETY: We have a valid StableVec, which we can only get from a Vec. Therefore it is + // safe to convert back to Vec. + unsafe { Vec::from_raw_parts(other.ptr.as_ptr(), other.len, other.cap) } + } +} + +impl Drop for StableVec { + fn drop(&mut self) { + // We only allow creating a StableVec through creating a Vec. To ensure we are dropped + // correctly, convert ourselves back to a Vec and let Vec's drop handling take over. + // + // SAFETY: We have a valid StableVec, which we can only get from a Vec. Therefore it is + // safe to convert back to Vec. + let _vec = unsafe { Vec::from_raw_parts(self.ptr.as_ptr(), self.len, self.cap) }; + } +} + +#[cfg(test)] +mod tests { + use { + super::*, + memoffset::offset_of, + std::mem::{align_of, size_of}, + }; + + #[test] + fn test_memory_layout() { + assert_eq!(offset_of!(StableVec, ptr), 0); + assert_eq!(offset_of!(StableVec, cap), 8); + assert_eq!(offset_of!(StableVec, len), 16); + assert_eq!(align_of::>(), 8); + assert_eq!(size_of::>(), 8 + 8 + 8); + + // create a vec with different values for cap and len + let vec = { + let mut vec = Vec::with_capacity(3); + vec.push(11); + vec.push(22); + vec + }; + let vec = StableVec::from(vec); + + let addr_vec = &vec as *const _ as usize; + let addr_ptr = addr_vec; + let addr_cap = addr_vec + 8; + let addr_len = addr_vec + 16; + assert_eq!(unsafe { *(addr_cap as *const usize) }, 3); + assert_eq!(unsafe { *(addr_len as *const usize) }, 2); + + let ptr_data = addr_ptr as *const &[i32; 2]; + assert_eq!(unsafe { *ptr_data }, &[11, 22]); + } +}