Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Don’t mark flow_ref::deref_mut as unsafe.

Browse source 
See discussion in https://github.com/servo/servo/pull/7237
This commit is contained in:
Simon Sapin 2015-08-18 19:37:15 +02:00
parent 649250130b
commit 21d69314d4
10 changed files with 53 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

28
components/layout/construct.rs
View file

@ -415,7 +415,6 @@ impl<'a> FlowConstructor<'a> {
/// `#[inline(always)]` because this is performance critical and LLVM will not inline it
/// otherwise.
#[inline(always)]
#[allow(unsafe_code)]
fn flush_inline_fragments_to_flow_or_list(&mut self,
fragment_accumulator: InlineFragmentsAccumulator,
flow: &mut FlowRef,
@ -481,7 +480,7 @@ impl<'a> FlowConstructor<'a> {
{
// FIXME(#6503): Use Arc::get_mut().unwrap() here.
let inline_flow = unsafe { flow_ref::deref_mut(&mut inline_flow_ref) }.as_mut_inline();
let inline_flow = flow_ref::deref_mut(&mut inline_flow_ref).as_mut_inline();
let (ascent, descent) =
@ -1283,7 +1282,6 @@ impl<'a> FlowConstructor<'a> {
///
/// TODO(pcwalton): Add some more fast paths, like toggling `display: none`, adding block kids
/// to block parents with no {ib} splits, adding out-of-flow kids, etc.
#[allow(unsafe_code)]
pub fn repair_if_possible(&mut self, node: &ThreadSafeLayoutNode) -> bool {
// We can skip reconstructing the flow if we don't have to reconstruct and none of our kids
// did either.
@ -1314,7 +1312,7 @@ impl<'a> FlowConstructor<'a> {
if !flow.is_block_flow() {
return false
}
let flow = unsafe { flow_ref::deref_mut(flow) };
let flow = flow_ref::deref_mut(flow);
flow::mut_base(flow).restyle_damage.insert(damage);
flow.repair_style_and_bubble_inline_sizes(&style);
true
@ -1339,26 +1337,22 @@ impl<'a> FlowConstructor<'a> {
match fragment.specific {
SpecificFragmentInfo::InlineBlock(ref mut inline_block_fragment) => {
let flow_ref = unsafe {
flow_ref::deref_mut(&mut inline_block_fragment.flow_ref)
};
let flow_ref = flow_ref::deref_mut(&mut inline_block_fragment.flow_ref);
flow::mut_base(flow_ref).restyle_damage.insert(damage);
// FIXME(pcwalton): Fragment restyle damage too?
flow_ref.repair_style_and_bubble_inline_sizes(&style);
}
SpecificFragmentInfo::InlineAbsoluteHypothetical(
ref mut inline_absolute_hypothetical_fragment) => {
let flow_ref = unsafe {
flow_ref::deref_mut(&mut inline_absolute_hypothetical_fragment.flow_ref)
};
let flow_ref = flow_ref::deref_mut(
&mut inline_absolute_hypothetical_fragment.flow_ref);
flow::mut_base(flow_ref).restyle_damage.insert(damage);
// FIXME(pcwalton): Fragment restyle damage too?
flow_ref.repair_style_and_bubble_inline_sizes(&style);
}
SpecificFragmentInfo::InlineAbsolute(ref mut inline_absolute_fragment) => {
let flow_ref = unsafe {
flow_ref::deref_mut(&mut inline_absolute_fragment.flow_ref)
};
let flow_ref = flow_ref::deref_mut(
&mut inline_absolute_fragment.flow_ref);
flow::mut_base(flow_ref).restyle_damage.insert(damage);
// FIXME(pcwalton): Fragment restyle damage too?
flow_ref.repair_style_and_bubble_inline_sizes(&style);
@ -1655,14 +1649,13 @@ impl FlowConstructionUtils for FlowRef {
/// Adds a new flow as a child of this flow. Fails if this flow is marked as a leaf.
///
/// This must not be public because only the layout constructor can do this.
#[allow(unsafe_code)]
fn add_new_child(&mut self, mut new_child: FlowRef) {
{
let kid_base = flow::mut_base(unsafe { flow_ref::deref_mut(&mut new_child) });
let kid_base = flow::mut_base(flow_ref::deref_mut(&mut new_child));
kid_base.parallel.parent = parallel::mut_owned_flow_to_unsafe_flow(self);
}
let base = flow::mut_base(unsafe { flow_ref::deref_mut(self) });
let base = flow::mut_base(flow_ref::deref_mut(self));
base.children.push_back(new_child);
let _ = base.parallel.children_count.fetch_add(1, Ordering::Relaxed);
}
@ -1675,10 +1668,9 @@ impl FlowConstructionUtils for FlowRef {
/// properly computed. (This is not, however, a memory safety problem.)
///
/// This must not be public because only the layout constructor can do this.
#[allow(unsafe_code)]
fn finish(&mut self) {
if !opts::get().bubble_inline_sizes_separately {
unsafe { flow_ref::deref_mut(self) }.bubble_inline_sizes()
flow_ref::deref_mut(self).bubble_inline_sizes()
}
}
}

7
components/layout/display_list_builder.rs
View file

@ -1771,7 +1771,6 @@ pub trait InlineFlowDisplayListBuilding {
}
impl InlineFlowDisplayListBuilding for InlineFlow {
#[allow(unsafe_code)]
fn build_display_list_for_inline(&mut self, layout_context: &LayoutContext) {
// TODO(#228): Once we form lines and have their cached bounds, we can be smarter and
// not recurse on a line if nothing in it can intersect the dirty region.
@ -1798,17 +1797,17 @@ impl InlineFlowDisplayListBuilding for InlineFlow {
match fragment.specific {
SpecificFragmentInfo::InlineBlock(ref mut block_flow) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut block_flow.flow_ref) };
let block_flow = flow_ref::deref_mut(&mut block_flow.flow_ref);
flow::mut_base(block_flow).display_list_building_result
.add_to(&mut *display_list)
}
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut block_flow) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut block_flow.flow_ref) };
let block_flow = flow_ref::deref_mut(&mut block_flow.flow_ref);
flow::mut_base(block_flow).display_list_building_result
.add_to(&mut *display_list)
}
SpecificFragmentInfo::InlineAbsolute(ref mut block_flow) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut block_flow.flow_ref) };
let block_flow = flow_ref::deref_mut(&mut block_flow.flow_ref);
flow::mut_base(block_flow).display_list_building_result
.add_to(&mut *display_list)
}

6
components/layout/flow.rs
View file

@ -771,9 +771,8 @@ pub struct AbsoluteDescendantIter<'a> {
impl<'a> Iterator for AbsoluteDescendantIter<'a> {
type Item = &'a mut Flow;
#[allow(unsafe_code)]
fn next(&mut self) -> Option<&'a mut Flow> {
self.iter.next().map(|info| unsafe { flow_ref::deref_mut(&mut info.flow) })
self.iter.next().map(|info| flow_ref::deref_mut(&mut info.flow))
}
}
@ -1353,10 +1352,9 @@ impl MutableOwnedFlowUtils for FlowRef {
/// This is called during flow construction, so nothing else can be accessing the descendant
/// flows. This is enforced by the fact that we have a mutable `FlowRef`, which only flow
/// construction is allowed to possess.
#[allow(unsafe_code)]
fn set_absolute_descendants(&mut self, abs_descendants: AbsoluteDescendants) {
let this = self.clone();
let base = mut_base(unsafe { flow_ref::deref_mut(self) });
let base = mut_base(flow_ref::deref_mut(self));
base.abs_descendants = abs_descendants;
for descendant_link in base.abs_descendants.iter() {
let descendant_base = mut_base(descendant_link);

7
components/layout/flow_list.rs
View file

@ -33,7 +33,7 @@ impl FlowList {
#[inline]
#[allow(unsafe_code)]
pub unsafe fn front_mut<'a>(&'a mut self) -> Option<&'a mut Flow> {
self.flows.front_mut().map(|head| flow_ref::deref_mut(head))
self.flows.front_mut().map(flow_ref::deref_mut)
}
/// Provide a reference to the back element, or None if the list is empty
@ -46,7 +46,7 @@ impl FlowList {
#[inline]
#[allow(unsafe_code)]
pub unsafe fn back_mut<'a>(&'a mut self) -> Option<&'a mut Flow> {
self.flows.back_mut().map(|tail| flow_ref::deref_mut(tail))
self.flows.back_mut().map(flow_ref::deref_mut)
}
/// Add an element first in the list
@ -123,9 +123,8 @@ impl<'a> Iterator for FlowListIterator<'a> {
impl<'a> Iterator for MutFlowListIterator<'a> {
type Item = &'a mut Flow;
#[inline]
#[allow(unsafe_code)]
fn next(&mut self) -> Option<&'a mut Flow> {
self.it.next().map(|x| unsafe { flow_ref::deref_mut(x) })
self.it.next().map(flow_ref::deref_mut)
}
#[inline]

14
components/layout/flow_ref.rs
View file

@ -8,7 +8,6 @@
//! be superfluous. This design is largely duplicating logic of Arc<T> and
//! Weak<T>; please see comments there for details.
#![allow(unsafe_code)]
use flow::Flow;
use std::sync::{Arc, Weak};
@ -16,9 +15,14 @@ use std::sync::{Arc, Weak};
pub type FlowRef = Arc<Flow>;
pub type WeakFlowRef = Weak<Flow>;
// FIXME(https://github.com/servo/servo/issues/6503) This introduces unsound mutable aliasing.
// Try to replace it with Arc::get_mut (which checks that the reference count is 1).
pub unsafe fn deref_mut<'a>(r: &'a mut FlowRef) -> &'a mut Flow {
/// WARNING: This should only be used when there is no aliasing:
/// when the traversal ensures that no other threads accesses the same flow at the same time.
/// See https://github.com/servo/servo/issues/6503
/// Use Arc::get_mut instead when possible (e.g. on an Arc that was just created).
#[allow(unsafe_code)]
pub fn deref_mut<'a>(r: &'a mut FlowRef) -> &'a mut Flow {
let ptr: *const Flow = &**r;
&mut *(ptr as *mut Flow)
unsafe {
&mut *(ptr as *mut Flow)
}
}

24
components/layout/fragment.rs
View file

@ -1248,7 +1248,6 @@ impl Fragment {
}
/// Computes the intrinsic inline-sizes of this fragment.
#[allow(unsafe_code)]
pub fn compute_intrinsic_inline_sizes(&mut self) -> IntrinsicISizesContribution {
let mut result = self.style_specified_intrinsic_inline_size();
match self.specific {
@ -1620,7 +1619,6 @@ impl Fragment {
/// Assigns replaced inline-size, padding, and margins for this fragment only if it is replaced
/// content per CSS 2.1 § 10.3.2.
#[allow(unsafe_code)]
pub fn assign_replaced_inline_size_if_necessary<'a>(&'a mut self, container_inline_size: Au) {
match self.specific {
SpecificFragmentInfo::Generic |
@ -1649,7 +1647,7 @@ impl Fragment {
match self.specific {
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut info) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_mut_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_mut_block();
block_flow.base.position.size.inline =
block_flow.base.intrinsic_inline_sizes.preferred_inline_size;
@ -1657,7 +1655,7 @@ impl Fragment {
self.border_box.size.inline = Au(0);
}
SpecificFragmentInfo::InlineBlock(ref mut info) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_mut_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_mut_block();
self.border_box.size.inline =
max(block_flow.base.intrinsic_inline_sizes.minimum_inline_size,
block_flow.base.intrinsic_inline_sizes.preferred_inline_size);
@ -1665,7 +1663,7 @@ impl Fragment {
block_flow.base.block_container_writing_mode = self.style.writing_mode;
}
SpecificFragmentInfo::InlineAbsolute(ref mut info) => {
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_mut_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_mut_block();
self.border_box.size.inline =
max(block_flow.base.intrinsic_inline_sizes.minimum_inline_size,
block_flow.base.intrinsic_inline_sizes.preferred_inline_size);
@ -1713,7 +1711,6 @@ impl Fragment {
/// been assigned first.
///
/// Ideally, this should follow CSS 2.1 § 10.6.2.
#[allow(unsafe_code)]
pub fn assign_replaced_block_size_if_necessary(&mut self, containing_block_block_size: Option<Au>) {
match self.specific {
SpecificFragmentInfo::Generic |
@ -1770,18 +1767,18 @@ impl Fragment {
}
SpecificFragmentInfo::InlineBlock(ref mut info) => {
// Not the primary fragment, so we do not take the noncontent size into account.
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_block();
self.border_box.size.block = block_flow.base.position.size.block +
block_flow.fragment.margin.block_start_end()
}
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut info) => {
// Not the primary fragment, so we do not take the noncontent size into account.
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_block();
self.border_box.size.block = block_flow.base.position.size.block;
}
SpecificFragmentInfo::InlineAbsolute(ref mut info) => {
// Not the primary fragment, so we do not take the noncontent size into account.
let block_flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) }.as_block();
let block_flow = flow_ref::deref_mut(&mut info.flow_ref).as_block();
self.border_box.size.block = block_flow.base.position.size.block +
block_flow.fragment.margin.block_start_end()
}
@ -1907,10 +1904,9 @@ impl Fragment {
/// Determines the inline sizes of inline-block fragments. These cannot be fully computed until
/// inline size assignment has run for the child flow: thus it is computed "late", during
/// block size assignment.
#[allow(unsafe_code)]
pub fn update_late_computed_replaced_inline_size_if_necessary(&mut self) {
if let SpecificFragmentInfo::InlineBlock(ref mut inline_block_info) = self.specific {
let block_flow = unsafe { flow_ref::deref_mut(&mut inline_block_info.flow_ref) }.as_block();
let block_flow = flow_ref::deref_mut(&mut inline_block_info.flow_ref).as_block();
let margin = block_flow.fragment.style.logical_margin();
self.border_box.size.inline = block_flow.fragment.border_box.size.inline +
MaybeAuto::from_style(margin.inline_start, Au(0)).specified_or_zero() +
@ -1918,24 +1914,22 @@ impl Fragment {
}
}
#[allow(unsafe_code)]
pub fn update_late_computed_inline_position_if_necessary(&mut self) {
match self.specific {
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut info) => {
let position = self.border_box.start.i;
unsafe { flow_ref::deref_mut(&mut info.flow_ref) }
flow_ref::deref_mut(&mut info.flow_ref)
.update_late_computed_inline_position_if_necessary(position)
}
_ => {}
}
}
#[allow(unsafe_code)]
pub fn update_late_computed_block_position_if_necessary(&mut self) {
match self.specific {
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut info) => {
let position = self.border_box.start.b;
unsafe { flow_ref::deref_mut(&mut info.flow_ref) }
flow_ref::deref_mut(&mut info.flow_ref)
.update_late_computed_block_position_if_necessary(position)
}
_ => {}

7
components/layout/inline.rs
View file

@ -1597,7 +1597,6 @@ impl Flow for InlineFlow {
self.base.restyle_damage.remove(REFLOW_OUT_OF_FLOW | REFLOW);
}
#[allow(unsafe_code)]
fn compute_absolute_position(&mut self, _: &LayoutContext) {
// First, gather up the positions of all the containing blocks (if any).
//
@ -1658,7 +1657,7 @@ impl Flow for InlineFlow {
let is_positioned = fragment.is_positioned();
match fragment.specific {
SpecificFragmentInfo::InlineBlock(ref mut info) => {
let flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) };
let flow = flow_ref::deref_mut(&mut info.flow_ref);
flow::mut_base(flow).clip = clip;
let block_flow = flow.as_mut_block();
@ -1679,7 +1678,7 @@ impl Flow for InlineFlow {
self.base.stacking_relative_position_of_display_port;
}
SpecificFragmentInfo::InlineAbsoluteHypothetical(ref mut info) => {
let flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) };
let flow = flow_ref::deref_mut(&mut info.flow_ref);
flow::mut_base(flow).clip = clip;
let block_flow = flow.as_mut_block();
block_flow.base.absolute_position_info = self.base.absolute_position_info;
@ -1690,7 +1689,7 @@ impl Flow for InlineFlow {
self.base.stacking_relative_position_of_display_port;
}
SpecificFragmentInfo::InlineAbsolute(ref mut info) => {
let flow = unsafe { flow_ref::deref_mut(&mut info.flow_ref) };
let flow = flow_ref::deref_mut(&mut info.flow_ref);
flow::mut_base(flow).clip = clip;
let block_flow = flow.as_mut_block();

18
components/layout/layout_task.rs
View file

@ -781,7 +781,7 @@ impl LayoutTask {
_ => return None,
};
unsafe { flow_ref::deref_mut(&mut flow) }.mark_as_root();
flow_ref::deref_mut(&mut flow).mark_as_root();
Some(flow)
}
@ -999,11 +999,11 @@ impl LayoutTask {
self.profiler_metadata(),
self.time_profiler_chan.clone(),
|| {
flow::mut_base(unsafe { flow_ref::deref_mut(layout_root) }).stacking_relative_position =
flow::mut_base(flow_ref::deref_mut(layout_root)).stacking_relative_position =
LogicalPoint::zero(writing_mode).to_physical(writing_mode,
rw_data.screen_size);
flow::mut_base(unsafe { flow_ref::deref_mut(layout_root) }).clip =
flow::mut_base(flow_ref::deref_mut(layout_root)).clip =
ClippingRegion::from_rect(&data.page_clip_rect);
match (&mut rw_data.parallel_traversal, opts::get().parallel_display_list_building) {
@ -1024,13 +1024,13 @@ impl LayoutTask {
debug!("Done building display list.");
let root_background_color = get_root_flow_background_color(
unsafe { flow_ref::deref_mut(layout_root) });
flow_ref::deref_mut(layout_root));
let root_size = {
let root_flow = flow::base(&**layout_root);
root_flow.position.size.to_physical(root_flow.writing_mode)
};
let mut display_list = box DisplayList::new();
flow::mut_base(unsafe { flow_ref::deref_mut(layout_root) })
flow::mut_base(flow_ref::deref_mut(layout_root))
.display_list_building_result
.add_to(&mut *display_list);
let paint_layer = PaintLayer::new(layout_root.layer_id(0),
@ -1130,7 +1130,7 @@ impl LayoutTask {
}
if needs_reflow {
if let Some(mut flow) = self.try_get_layout_root(*node) {
LayoutTask::reflow_all_nodes(unsafe { flow_ref::deref_mut(&mut flow) });
LayoutTask::reflow_all_nodes(flow_ref::deref_mut(&mut flow));
}
}
@ -1291,7 +1291,7 @@ impl LayoutTask {
self.profiler_metadata(),
self.time_profiler_chan.clone(),
|| {
animation::recalc_style_for_animations(unsafe { flow_ref::deref_mut(&mut root_flow) },
animation::recalc_style_for_animations(flow_ref::deref_mut(&mut root_flow),
animations)
});
}
@ -1311,10 +1311,10 @@ impl LayoutTask {
self.profiler_metadata(),
self.time_profiler_chan.clone(),
|| {
if opts::get().nonincremental_layout || unsafe { flow_ref::deref_mut(&mut root_flow) }
if opts::get().nonincremental_layout || flow_ref::deref_mut(&mut root_flow)
.compute_layout_damage()
.contains(REFLOW_ENTIRE_DOCUMENT) {
unsafe { flow_ref::deref_mut(&mut root_flow) }.reflow_entire_document()
flow_ref::deref_mut(&mut root_flow).reflow_entire_document()
}
});

2
components/layout/parallel.rs
View file

@ -470,7 +470,7 @@ pub fn traverse_flow_tree_preorder(
if opts::get().bubble_inline_sizes_separately {
let layout_context = LayoutContext::new(shared_layout_context);
let bubble_inline_sizes = BubbleISizes { layout_context: &layout_context };
unsafe { flow_ref::deref_mut(root) }.traverse_postorder(&bubble_inline_sizes);
flow_ref::deref_mut(root).traverse_postorder(&bubble_inline_sizes);
}
run_queue_with_custom_work_data_type(queue, |queue| {

12
components/layout/sequential.rs
View file

@ -40,7 +40,6 @@ pub fn traverse_dom_preorder(root: LayoutNode,
doit(root, recalc_style, construct_flows);
}
#[allow(unsafe_code)]
pub fn resolve_generated_content(root: &mut FlowRef, shared_layout_context: &SharedLayoutContext) {
fn doit(flow: &mut Flow, level: u32, traversal: &mut ResolveGeneratedContent) {
if !traversal.should_process(flow) {
@ -56,10 +55,9 @@ pub fn resolve_generated_content(root: &mut FlowRef, shared_layout_context: &Sha
let layout_context = LayoutContext::new(shared_layout_context);
let mut traversal = ResolveGeneratedContent::new(&layout_context);
doit(unsafe { flow_ref::deref_mut(root) }, 0, &mut traversal)
doit(flow_ref::deref_mut(root), 0, &mut traversal)
}
#[allow(unsafe_code)]
pub fn traverse_flow_tree_preorder(root: &mut FlowRef,
shared_layout_context: &SharedLayoutContext) {
fn doit(flow: &mut Flow,
@ -80,7 +78,7 @@ pub fn traverse_flow_tree_preorder(root: &mut FlowRef,
let layout_context = LayoutContext::new(shared_layout_context);
let root = unsafe { flow_ref::deref_mut(root) };
let root = flow_ref::deref_mut(root);
if opts::get().bubble_inline_sizes_separately {
let bubble_inline_sizes = BubbleISizes { layout_context: &layout_context };
@ -96,7 +94,6 @@ pub fn traverse_flow_tree_preorder(root: &mut FlowRef,
doit(root, assign_inline_sizes, assign_block_sizes);
}
#[allow(unsafe_code)]
pub fn build_display_list_for_subtree(root: &mut FlowRef,
shared_layout_context: &SharedLayoutContext) {
fn doit(flow: &mut Flow,
@ -119,10 +116,9 @@ pub fn build_display_list_for_subtree(root: &mut FlowRef,
let compute_absolute_positions = ComputeAbsolutePositions { layout_context: &layout_context };
let build_display_list = BuildDisplayList { layout_context: &layout_context };
doit(unsafe { flow_ref::deref_mut(root) }, compute_absolute_positions, build_display_list);
doit(flow_ref::deref_mut(root), compute_absolute_positions, build_display_list);
}
#[allow(unsafe_code)]
pub fn iterate_through_flow_tree_fragment_border_boxes(root: &mut FlowRef,
iterator: &mut FragmentBorderBoxIterator) {
fn doit(flow: &mut Flow,
@ -145,5 +141,5 @@ pub fn iterate_through_flow_tree_fragment_border_boxes(root: &mut FlowRef,
}
}
doit(unsafe { flow_ref::deref_mut(root) }, 0, iterator, &ZERO_POINT);
doit(flow_ref::deref_mut(root), 0, iterator, &ZERO_POINT);
}