Add rc::Allocated

objc2/CHANGELOG.md

@@ -35,6 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   through `&Object`.
 * Added `VerificationError` as more specific return type from
   `Class::verify_sel`.
+* Added `rc::Allocated` struct which is used within `msg_send_id!`.
 
 ### Changed
 * **BREAKING**: `Sel` is now required to be non-null, which means that you

objc2/src/__macro_helpers.rs

@@ -1,4 +1,4 @@
-use crate::rc::{Id, Ownership};
+use crate::rc::{Allocated, Id, Ownership};
 use crate::runtime::{Class, Sel};
 use crate::{Message, MessageArguments, MessageReceiver};
 
@@ -68,8 +68,8 @@ impl<T: ?Sized + Message, O: Ownership> MsgSendId<&'_ Class, Id<T, O>>
     }
 }
 
-// `alloc`, should mark the return value as "allocated, not initialized" somehow
-impl<T: ?Sized + Message, O: Ownership> MsgSendId<&'_ Class, Id<T, O>>
+// `alloc`
+impl<T: ?Sized + Message, O: Ownership> MsgSendId<&'_ Class, Id<Allocated<T>, O>>
     for RetainSemantics<false, true, false, false>
 {
     #[inline]
@@ -78,26 +78,26 @@ impl<T: ?Sized + Message, O: Ownership> MsgSendId<&'_ Class, Id<T, O>>
         cls: &Class,
         sel: Sel,
         args: A,
-    ) -> Option<Id<T, O>> {
+    ) -> Option<Id<Allocated<T>, O>> {
         // SAFETY: Checked by caller
         let obj = unsafe { MessageReceiver::send_message(cls, sel, args) };
         // SAFETY: The selector is `alloc`, so this has +1 retain count
-        unsafe { Id::new(obj) }
+        unsafe { Id::new_allocated(obj) }
     }
 }
 
-// `init`, should mark the input value as "allocated, not initialized" somehow
-impl<T: ?Sized + Message, O: Ownership> MsgSendId<Option<Id<T, O>>, Id<T, O>>
+// `init`
+impl<T: ?Sized + Message, O: Ownership> MsgSendId<Option<Id<Allocated<T>, O>>, Id<T, O>>
     for RetainSemantics<false, false, true, false>
 {
     #[inline]
     #[track_caller]
     unsafe fn send_message_id<A: MessageArguments>(
-        obj: Option<Id<T, O>>,
+        obj: Option<Id<Allocated<T>, O>>,
         sel: Sel,
         args: A,
     ) -> Option<Id<T, O>> {
-        let ptr = Id::option_into_ptr(obj);
+        let ptr = Id::option_into_ptr(obj.map(|obj| unsafe { Id::assume_init(obj) }));
         // SAFETY: `ptr` may be null here, but that's fine since the return
         // is `*mut T`, which is one of the few types where messages to nil is
         // allowed.
@@ -191,7 +191,7 @@ mod tests {
 
     use core::ptr;
 
-    use crate::rc::{Owned, RcTestObject, Shared, ThreadTestData};
+    use crate::rc::{Allocated, Owned, RcTestObject, Shared, ThreadTestData};
     use crate::runtime::Object;
     use crate::{Encoding, RefEncode};
 
@@ -200,7 +200,7 @@ mod tests {
         let mut expected = ThreadTestData::current();
         let cls = RcTestObject::class();
 
-        let obj: Id<RcTestObject, Shared> = unsafe { msg_send_id![cls, alloc].unwrap() };
+        let obj: Id<Allocated<RcTestObject>, Shared> = unsafe { msg_send_id![cls, alloc].unwrap() };
         expected.alloc += 1;
         expected.assert_current();
 
@@ -230,7 +230,7 @@ mod tests {
         let cls = RcTestObject::class();
 
         let zone: *const _NSZone = ptr::null();
-        let _obj: Id<RcTestObject, Owned> =
+        let _obj: Id<Allocated<RcTestObject>, Owned> =
             unsafe { msg_send_id![cls, allocWithZone: zone].unwrap() };
         // `+[NSObject alloc]` delegates to `+[NSObject allocWithZone:]`, but
         // `RcTestObject` only catches `alloc`.
@@ -243,14 +243,14 @@ mod tests {
         let mut expected = ThreadTestData::current();
         let cls = RcTestObject::class();
 
-        let obj: Option<Id<RcTestObject, Shared>> = unsafe { msg_send_id![cls, alloc] };
+        let obj: Option<Id<Allocated<RcTestObject>, Shared>> = unsafe { msg_send_id![cls, alloc] };
         expected.alloc += 1;
         // Don't check allocation error
         let _obj: Id<RcTestObject, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
         expected.init += 1;
         expected.assert_current();
 
-        let obj: Option<Id<RcTestObject, Shared>> = unsafe { msg_send_id![cls, alloc] };
+        let obj: Option<Id<Allocated<RcTestObject>, Shared>> = unsafe { msg_send_id![cls, alloc] };
         expected.alloc += 1;
         // Check allocation error before init
         let obj = obj.unwrap();

objc2/src/macros.rs

@@ -590,11 +590,12 @@ macro_rules! msg_send_bool {
 ///   is a generic `Option<Id<T, O>>`.
 ///
 /// - The `alloc` family: The receiver must be `&Class`, and the return type
-///   is a generic `Option<Id<T, O>>`. (This will change, see [#172]).
+///   is a generic `Option<Id<Allocated<T>, O>>`.
 ///
-/// - The `init` family: The receiver must be `Option<Id<T, O>>` as returned
-///   from `alloc`. The receiver is consumed, and a the now-initialized
-///   `Option<Id<T, O>>` (with the same `T` and `O`) is returned.
+/// - The `init` family: The receiver must be `Option<Id<Allocated<T>, O>>`
+///   as returned from `alloc`. The receiver is consumed, and a the
+///   now-initialized `Option<Id<T, O>>` (with the same `T` and `O`) is
+///   returned.
 ///
 /// - The `copy` family: The receiver may be anything that implements
 ///   [`MessageReceiver`] and the return type is a generic `Option<Id<T, O>>`.
@@ -615,7 +616,6 @@ macro_rules! msg_send_bool {
 /// [`Id::retain`], [`Id::drop`] and [`Id::autorelease`] for that.
 ///
 /// [sel-families]: https://clang.llvm.org/docs/AutomaticReferenceCounting.html#arc-method-families
-/// [#172]: https://github.com/madsmtm/objc2/pull/172
 /// [`MessageReceiver`]: crate::MessageReceiver
 /// [`Id::retain_autoreleased`]: crate::rc::Id::retain_autoreleased
 /// [arc-retainable]: https://clang.llvm.org/docs/AutomaticReferenceCounting.html#retainable-object-pointers-as-operands-and-arguments

objc2/src/rc/allocated.rs

@@ -0,0 +1,15 @@
+/// A marker type that can be used within [`Id`] to indicate that the object
+/// has been allocated but not initialized.
+///
+/// The reason we use `Option<Id<Allocated<T>, O>>` instead of just `*mut T`
+/// is:
+/// - To allow releasing allocated objects, e.g. in the face of panics.
+/// - To safely know the object is valid (albeit uninitialized).
+/// - To allow specifying ownership.
+///
+/// [`Id`]: crate::rc::Id
+#[repr(transparent)]
+#[derive(Debug)]
+pub struct Allocated<T: ?Sized>(T);
+
+// Explicitly don't implement `Deref`, `Message` nor `RefEncode`!

objc2/src/rc/id.rs

@@ -5,6 +5,7 @@ use core::ops::{Deref, DerefMut};
 use core::panic::{RefUnwindSafe, UnwindSafe};
 use core::ptr::NonNull;
 
+use super::Allocated;
 use super::AutoreleasePool;
 use super::{Owned, Ownership, Shared};
 use crate::ffi;
@@ -124,6 +125,39 @@ pub struct Id<T: ?Sized, O: Ownership> {
     notunwindsafe: PhantomData<&'static mut ()>,
 }
 
+impl<T: ?Sized, O: Ownership> Id<T, O> {
+    #[inline]
+    unsafe fn new_nonnull(ptr: NonNull<T>) -> Self {
+        Self {
+            ptr,
+            item: PhantomData,
+            own: PhantomData,
+            notunwindsafe: PhantomData,
+        }
+    }
+}
+
+impl<T: Message + ?Sized, O: Ownership> Id<Allocated<T>, O> {
+    #[inline]
+    pub(crate) unsafe fn new_allocated(ptr: *mut T) -> Option<Self> {
+        // SAFETY: Upheld by the caller
+        NonNull::new(ptr as *mut Allocated<T>).map(|ptr| unsafe { Self::new_nonnull(ptr) })
+    }
+
+    #[inline]
+    pub(crate) unsafe fn assume_init(this: Self) -> Id<T, O> {
+        let ptr = ManuallyDrop::new(this).ptr;
+
+        // NonNull::cast
+        let ptr = ptr.as_ptr() as *mut T;
+        let ptr = unsafe { NonNull::new_unchecked(ptr) };
+
+        // SAFETY: The pointer is valid.
+        // Caller verifies that the object is allocated.
+        unsafe { Id::new_nonnull(ptr) }
+    }
+}
+
 impl<T: Message + ?Sized, O: Ownership> Id<T, O> {
     /// Constructs an [`Id`] to an object that already has +1 retain count.
     ///
@@ -181,16 +215,6 @@ impl<T: Message + ?Sized, O: Ownership> Id<T, O> {
         NonNull::new(ptr).map(|ptr| unsafe { Id::new_nonnull(ptr) })
     }
 
-    #[inline]
-    unsafe fn new_nonnull(ptr: NonNull<T>) -> Id<T, O> {
-        Self {
-            ptr,
-            item: PhantomData,
-            own: PhantomData,
-            notunwindsafe: PhantomData,
-        }
-    }
-
     /// Returns a raw pointer to the object.
     ///
     /// The pointer is valid for at least as long as the `Id` is held.

objc2/src/rc/mod.rs

@@ -55,6 +55,7 @@
 //! assert!(weak.load().is_none());
 //! ```
 
+mod allocated;
 mod autorelease;
 mod id;
 mod id_forwarding_impls;
@@ -65,6 +66,7 @@ mod weak_id;
 #[cfg(test)]
 mod test_object;
 
+pub use self::allocated::Allocated;
 pub use self::autorelease::{autoreleasepool, AutoreleasePool, AutoreleaseSafe};
 pub use self::id::Id;
 pub use self::id_traits::{DefaultId, SliceId, SliceIdMut};

tests/assembly/test_msg_send_id/lib.rs

@@ -1,15 +1,18 @@
 //! Test assembly output of `msg_send_id!` internals.
 use objc2::__macro_helpers::{MsgSendId, RetainSemantics};
-use objc2::rc::{Id, Shared};
+use objc2::rc::{Allocated, Id, Shared};
 use objc2::runtime::{Class, Object, Sel};
 
 #[no_mangle]
-unsafe fn handle_alloc(obj: &Class, sel: Sel) -> Option<Id<Object, Shared>> {
+unsafe fn handle_alloc(obj: &Class, sel: Sel) -> Option<Id<Allocated<Object>, Shared>> {
     <RetainSemantics<false, true, false, false>>::send_message_id(obj, sel, ())
 }
 
 #[no_mangle]
-unsafe fn handle_init(obj: Option<Id<Object, Shared>>, sel: Sel) -> Option<Id<Object, Shared>> {
+unsafe fn handle_init(
+    obj: Option<Id<Allocated<Object>, Shared>>,
+    sel: Sel,
+) -> Option<Id<Object, Shared>> {
     <RetainSemantics<false, false, true, false>>::send_message_id(obj, sel, ())
 }
 
@@ -21,7 +24,7 @@ unsafe fn handle_alloc_init(obj: &Class, sel1: Sel, sel2: Sel) -> Option<Id<Obje
 
 #[no_mangle]
 unsafe fn handle_alloc_release(cls: &Class, sel: Sel) {
-    let _obj: Id<Object, Shared> =
+    let _obj: Id<Allocated<Object>, Shared> =
         <RetainSemantics<false, true, false, false>>::send_message_id(cls, sel, ())
             .unwrap_unchecked();
 }

tests/ui/msg_send_id_invalid_receiver.rs

@@ -1,16 +1,20 @@
 //! Test compiler output with invalid msg_send_id receivers.
 use objc2::msg_send_id;
 use objc2::runtime::{Class, Object};
-use objc2::rc::{Id, Shared};
+use objc2::rc::{Allocated, Id, Shared};
 
 fn main() {
     let obj: &Object;
     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, new].unwrap() };
-    let _: Id<Object, Shared> = unsafe { msg_send_id![obj, alloc].unwrap() };
+    let _: Id<Allocated<Object>, Shared> = unsafe { msg_send_id![obj, alloc].unwrap() };
     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
 
     let cls: &Class;
     let _: Id<Object, Shared> = unsafe { msg_send_id![cls, init].unwrap() };
+    let obj: Id<Object, Shared>;
+    let _: Id<Object, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
+    let obj: Option<Id<Object, Shared>>;
+    let _: Id<Object, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
 
     let obj: Id<Object, Shared>;
     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, copy].unwrap() };

tests/ui/msg_send_id_invalid_receiver.stderr

@@ -16,13 +16,13 @@ note: associated function defined here
    |               ^^^^^^^^^^^^^^^
 
 error[E0308]: mismatched types
-  --> ui/msg_send_id_invalid_receiver.rs:9:55
+  --> ui/msg_send_id_invalid_receiver.rs:9:66
    |
-9  |     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, alloc].unwrap() };
-   |                                          -------------^^^--------
-   |                                          |            |
-   |                                          |            expected struct `objc2::runtime::Class`, found struct `objc2::runtime::Object`
-   |                                          arguments to this function are incorrect
+9  |     let _: Id<Allocated<Object>, Shared> = unsafe { msg_send_id![obj, alloc].unwrap() };
+   |                                                     -------------^^^--------
+   |                                                     |            |
+   |                                                     |            expected struct `objc2::runtime::Class`, found struct `objc2::runtime::Object`
+   |                                                     arguments to this function are incorrect
    |
    = note: expected reference `&objc2::runtime::Class`
               found reference `&objc2::runtime::Object`
@@ -41,7 +41,7 @@ error[E0308]: mismatched types
    |                                          |            expected enum `Option`, found `&objc2::runtime::Object`
    |                                          arguments to this function are incorrect
    |
-   = note:   expected enum `Option<Id<_, _>>`
+   = note:   expected enum `Option<Id<Allocated<_>, _>>`
            found reference `&objc2::runtime::Object`
 note: associated function defined here
   --> $WORKSPACE/objc2/src/__macro_helpers.rs
@@ -58,18 +58,52 @@ error[E0308]: mismatched types
    |                                          |            expected enum `Option`, found `&objc2::runtime::Class`
    |                                          arguments to this function are incorrect
    |
-   = note:   expected enum `Option<Id<_, _>>`
+   = note:   expected enum `Option<Id<Allocated<_>, _>>`
            found reference `&objc2::runtime::Class`
 note: associated function defined here
   --> $WORKSPACE/objc2/src/__macro_helpers.rs
    |
    |     unsafe fn send_message_id<A: MessageArguments>(obj: T, sel: Sel, args: A) -> Option<U>;
    |               ^^^^^^^^^^^^^^^
 
+error[E0308]: mismatched types
+  --> ui/msg_send_id_invalid_receiver.rs:15:55
+   |
+15 |     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
+   |                                          -------------^^^-------
+   |                                          |            |
+   |                                          |            expected enum `Option`, found struct `Id`
+   |                                          arguments to this function are incorrect
+   |
+   = note: expected enum `Option<Id<Allocated<_>, _>>`
+            found struct `Id<objc2::runtime::Object, Shared>`
+note: associated function defined here
+  --> $WORKSPACE/objc2/src/__macro_helpers.rs
+   |
+   |     unsafe fn send_message_id<A: MessageArguments>(obj: T, sel: Sel, args: A) -> Option<U>;
+   |               ^^^^^^^^^^^^^^^
+
+error[E0308]: mismatched types
+  --> ui/msg_send_id_invalid_receiver.rs:17:55
+   |
+17 |     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
+   |                                          -------------^^^-------
+   |                                          |            |
+   |                                          |            expected struct `Allocated`, found struct `objc2::runtime::Object`
+   |                                          arguments to this function are incorrect
+   |
+   = note: expected enum `Option<Id<Allocated<_>, _>>`
+              found enum `Option<Id<objc2::runtime::Object, Shared>>`
+note: associated function defined here
+  --> $WORKSPACE/objc2/src/__macro_helpers.rs
+   |
+   |     unsafe fn send_message_id<A: MessageArguments>(obj: T, sel: Sel, args: A) -> Option<U>;
+   |               ^^^^^^^^^^^^^^^
+
 error[E0277]: the trait bound `Id<objc2::runtime::Object, Shared>: MessageReceiver` is not satisfied
-  --> ui/msg_send_id_invalid_receiver.rs:16:42
+  --> ui/msg_send_id_invalid_receiver.rs:20:42
    |
-16 |     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, copy].unwrap() };
+20 |     let _: Id<Object, Shared> = unsafe { msg_send_id![obj, copy].unwrap() };
    |                                          ^^^^^^^^^^^^^^^^^^^^^^^ the trait `MessageReceiver` is not implemented for `Id<objc2::runtime::Object, Shared>`
    |
    = help: the following other types implement trait `MessageReceiver`:

tests/ui/msg_send_id_invalid_return.rs

@@ -1,23 +1,24 @@
 //! Test compiler output with invalid msg_send_id receivers.
 use objc2::msg_send_id;
 use objc2::runtime::{Class, Object};
-use objc2::rc::{Id, Owned, Shared};
+use objc2::rc::{Allocated, Id, Owned, Shared};
 use objc2_foundation::NSObject;
 
 fn main() {
     let cls: &Class;
     let _: &Object = unsafe { msg_send_id![cls, new].unwrap() };
     let _: Id<Class, Shared> = unsafe { msg_send_id![cls, new].unwrap() };
     let _: &Object = unsafe { msg_send_id![cls, alloc].unwrap() };
-    let _: Id<Class, Shared> = unsafe { msg_send_id![cls, alloc].unwrap() };
+    let _: Id<Allocated<Class>, Shared> = unsafe { msg_send_id![cls, alloc].unwrap() };
+    let _: Id<Object, Shared> = unsafe { msg_send_id![cls, alloc].unwrap() };
 
-    let obj: Option<Id<Object, Shared>>;
+    let obj: Option<Id<Allocated<Object>, Shared>>;
     let _: &Object = unsafe { msg_send_id![obj, init].unwrap() };
-    let obj: Option<Id<Object, Shared>>;
+    let obj: Option<Id<Allocated<Object>, Shared>>;
     let _: Id<Class, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
-    let obj: Option<Id<Object, Shared>>;
+    let obj: Option<Id<Allocated<Object>, Shared>>;
     let _: Id<NSObject, Shared> = unsafe { msg_send_id![obj, init].unwrap() };
-    let obj: Option<Id<Object, Shared>>;
+    let obj: Option<Id<Allocated<Object>, Shared>>;
     let _: Id<Object, Owned> = unsafe { msg_send_id![obj, init].unwrap() };
 
     let obj: Id<Object, Shared>;