Skip to content

Commit

Permalink
Undo revert of "Add Default bound to Clearable"
Browse files Browse the repository at this point in the history
This might address the concerns exlained in
cesarb#3 (comment) and
cesarb#7

This reverts commit 88b4c4f.

Conflicts:
	src/clearable.rs
  • Loading branch information
burdges committed Jan 18, 2017
1 parent 3d58d16 commit 5a1dbd1
Showing 1 changed file with 20 additions and 14 deletions.
34 changes: 20 additions & 14 deletions src/clearable.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ use hide::hide_mem;

/// Types that can safely be dropped after first being overwritten by zeros.
///
/// There is a default implementation for all `Copy` types and all unsized
/// arrays `[T]` where `T: Clerable`. You need to implement `Clerable`
/// yourself for unsized structs, or if your type could be `Copy` but you
/// do not want it to be, but do so by calling `Clerable::clear` on their
/// component `Copy` types and arrays.
/// There is a default implementation for all `Copy+Default` types and all
/// unsized arrays `[T]` where `T: Clerable`. You may implement `Clerable`
/// yourself for unsized structs, or if your type could be `Copy+Default`
/// but you do not want it to be, but do so by calling `Clerable::clear` on
/// their component `Copy+Default` types and `Clearable` arrays.
///
/// ```
/// # type SomeCopyType = [u8; 128];
Expand All @@ -20,19 +20,22 @@ use hide::hide_mem;
/// }
/// ```
///
/// Warning: `Shared<T>` is `Copy` and hence `Clearable`. At present, no
/// other pointer types are `Copy`, but future abstractions built using
/// `Shared<T>` might be `Copy` and hence `Clearable`, including perhaps
/// garbage collected abstractions. Using these could result in memory
/// leaks or calling `drop` with a null pointer.
/// We need `Copy` to prevent pointer types like `&mut T` `Box<T>`,
/// `Arc<T>`, etc. from being `Clearable`. We need `Default` bound only
/// because `Shared<T>` is `Copy`. At present, `Shared<T>` is the only
/// "bad" `Copy` type, but future abstractions built using `Shared<T>`
/// might be `Copy`, including perhaps garbage collected abstractions.
/// Using these could result in memory leaks or calling `drop` with a
/// null pointer.

pub unsafe trait Clearable {
/// Clear data by dropping it and overwriting it with zeros,
/// possibly leaving in an unusable state. The object must
/// be safe to drop again after being overwritten with zeros.
/// Clear data by dropping it and overwriting it with fixed data,
/// possibly leaving in an unusable state. The object must be
/// safe to drop again after being overwritten with zeros however.
unsafe fn clear(&mut self);
}

unsafe impl<T> Clearable for T where T: Copy {
unsafe impl<T> Clearable for T where T: Copy+Default {
#[inline(always)]
unsafe fn clear(&mut self) {
*self = ::std::mem::zeroed::<Self>();
Expand All @@ -41,6 +44,9 @@ unsafe impl<T> Clearable for T where T: Copy {
// ::std::ptr::write_unaligned::<T>(self, ::std::mem::zeroed::<Self>())
// because the safety notes on ptr::read say it drops the value
// previously at *self.
::std::ptr::write::<Self>(self, Default::default());
// Should this be ::std::ptr::write_unaligned?
// see https://github.com/rust-lang/rust/issues/37955
hide_mem::<T>(self);
}
}
Expand Down

0 comments on commit 5a1dbd1

Please sign in to comment.