Feature: Allow pattern-matching of a pointer

Mokuz · March 28, 2021, 6:02pm

Currently there is no easy and safe way to get a pointer to a field from a pointer to an enum or struct. There has been a lot of talk adding C like arrow operator ->

which solves the problem:

struct Baz {
    a: u32,
    b: f32,
}

let baz: *const Baz = /* .. */; // not-a-valid-Baz

// let baz_a: *const u32 = &baz.a as *const u32; // danger! UB

let baz_a: *const u32 = baz->a;

However similar would not work for enums (probably, at least I have not herd of such proposals)

let foo: *const Option<u32> = /* .. */;

let foo_: *const u32 = foo.Some->0; // best I can think of

Feature: Allow pattern-matching of a pointer

This is similar to how &raw [const | mut] allows taking pointers to fields without going trough an intermediate references.

github.com/rust-lang/rust

Tracking issue for RFC 2582, `&raw [mut | const] $place` (raw_ref_op)

opened 04:13PM - 15 Sep 19 UTC

Centril

B-RFC-approved T-lang C-tracking-issue requires-nightly F-raw_ref_op S-tracking-needs-summary

This is a tracking issue for the RFC "an operator to take a raw reference" (rust…-lang/rfcs#2582), feature(raw_ref_op). **Steps:** - [ ] Implement the RFC (see [this comment](https://github.com/rust-lang/rust/issues/64490#issuecomment-531579111) for a detailed checklist) - [ ] Adjust documentation ([see instructions on rustc-guide][doc-guide]) - [ ] Stabilization PR ([see instructions on rustc-guide][stabilization-guide]) [stabilization-guide]: https://rust-lang.github.io/rustc-guide/stabilization_guide.html#stabilization-pr [doc-guide]: https://rust-lang.github.io/rustc-guide/stabilization_guide.html#documentation-prs **Unresolved questions:** - [ ] Maybe the lint should also cover cases that look like `&[mut] <place> as *[mut|const] ?T` in the surface syntax but had a method call inserted, thus manifesting a reference (with the associated guarantees). The lint as described would not fire because the reference actually gets used as such (being passed to `deref`). However, what would the lint suggest to do instead? There just is no way to write this code without creating a reference. **Implementation history:** * Initial implementation: https://github.com/rust-lang/rust/pull/64588

Dereferencing a `ptr` to an `enum`

let foo: *const Option<u32> = /* .. */;

// the deref of `foo` is unsafe since the tag of the enum must be valid
unsafe {
    match *foo {
        // new syntax, similar to `&raw [const | mut]` and does not go trough reference
        Some(raw ref ptr) => {
    
            let val: &u32 = &*ptr,
        
        },
        None => {},
    }
}

Dereferencing a `ptr` to a `struct`

let baz: *const Baz = /* .. */; // totally-not-safe-Baz

// the deref of `baz` is safe since we only bind to pointers
match *baz { 
    Baz { 
        raw ref a,
        raw ref b,
    } => {
        let a: &u32 = unsafe { *a };
        let b: &f32 = unsafe { *b };    
    }
}

// allow mismatching references and pointers? 
// SAFETY:
// foo.b must be valid
unsafe {
    match *baz {
        Baz { 
            raw ref a,
            ref b,
        } => {
            let a: &u32 = *a;
            let b: &f32 = b;    
        }
    }
}

One of the benefits of this feature is to allow building large structs piece by piece onto the heap

let mut uninit: Box<MaybeUninit<Baz>> = Box::new_uninit();

let ptr: *mut Baz = (&mut *uninit as *mut MaybeUninit<Baz> as *mut Baz);

let Baz { raw ref a, raw ref b } = *ptr;

unsafe {
    core::ptr::write(a, 0);
    core::ptr::write(b, 0.0);
}

let mut baz = unsafe { baz.assume_init() };

EDIT: Fixed unsafe blocks to make more sense

steffahn · March 28, 2021, 6:12pm

The scope of the unsafe blocks in your examples wouldn’t work. E.g. look at this example of how match works with references

fn main() {
    let x = Some("hi".to_string());
    let y = &x;
    match *y {
        Some(_) => {}
        _ => {}
    }
    // doesn’t work, since using a block means that `*y` would be moved
    match {*y} {
        Some(_) => {}
        _ => {}
    }
}

(playground)

Since an unsafe {} block is still a block, something like

Mokuz:

let foo: *const Option<u32> = /* .. */;

// the deref of `foo` is unsafe since the tag of the enum must be valid
match unsafe { *foo } {
    // new syntax, similar to `&raw [const | mut]` and does not go trough reference
    Some(raw ref ptr) => {
    
        let val: &u32 = unsafe { &*ptr },
        
    },
    None => {},
}

doesn’t make too much sense. Furthermore the fact that the pattern outside of the unsafe block determine whether unsafe is needed for the dereference operation in the first place seems weird anyways.

So it would instead need to be

let foo: *const Option<u32> = /* .. */;

// the deref of `foo` is unsafe since the tag of the enum must be valid
unsafe {
    match *foo {
        // new syntax, similar to `&raw [const | mut]` and does not go trough reference
        Some(raw ref ptr) => {

            let val: &u32 = unsafe { &*ptr },

        },
        None => {},
    }
}

A bit unfortunate since now the whole right-hand-side of every match arm is inside of the unsafe block, too, and you can’t do much to make the use of unsafe more fine-grained.

Mokuz · March 28, 2021, 6:18pm

Ah I see, such a shame

HeroicKatora · March 28, 2021, 7:25pm

Previously: RFC for a match based surface syntax to get pointer-to-field by HeroicKatora · Pull Request #2666 · rust-lang/rfcs · GitHub

CAD97 · March 28, 2021, 9:09pm

If this is to be specified, you'll need to specify how it interacts with default binding modes (as this is basically a new raw ref binding mode). Seeing as it's safe, can you match on a pointer directly and bind pointers to its fields without & and raw ref? Does & in the pattern deref the raw pointer?

That, as this is a feature for unsafe code, it doesn't have a default binding mode would be an arguable position, but there needs to be a position explicitly taken and supported.

Mokuz · March 28, 2021, 11:12pm

I now think you should only be allowed to go from pointer to pointer, so allowing default binding modes should not cause any sneaky unsoundess. (as far as I can come up with)

beepster · April 11, 2021, 11:37pm

Maybe you should be able to do unsafe match to do a pointer match without making the branches automatically be allowed to do unsafe operations?

system · July 10, 2021, 11:37pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need for -> operator for Unsafe Code Guidelines	65	6229	September 2, 2019
[Idea] Pointer to Field Unsafe Code Guidelines	81	4904	September 3, 2019
Computing raw pointers to fields Unsafe Code Guidelines	2	4366	October 21, 2019
Pre-RFC: Struct/union raw pointer field access language design	11	2105	April 2, 2020
Pre-RFC: raw pointer cleanup	8	3966	March 25, 2019

Feature: Allow pattern-matching of a pointer

Feature: Allow pattern-matching of a pointer

Dereferencing a ptr to an enum

Dereferencing a ptr to a struct

Related topics

Dereferencing a `ptr` to an `enum`

Dereferencing a `ptr` to a `struct`