1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

use ::core::ops::{Deref, DerefMut};

use crate::{GhostRef, Singleton, Slot, Unique};

/// A type that can lease access to a type without any context.
pub trait Static {
    /// The unique type that can be used to lease this static memory location.
    type Unique: Unique;
    /// The type that a reference can be created to.
    type Target: 'static;

    /// Returns a mutable reference to a slot of the target type.
    ///
    /// # Safety
    ///
    /// The caller must hold a mutable borrow of the `Unique`.
    unsafe fn slot() -> Slot<'static, Self::Target>;
}

/// A lease on a static memory location for a statically-checked lifetime.
#[repr(transparent)]
pub struct Lease<'scope, S: Static>(GhostRef<&'scope mut S::Unique>);

// SAFETY: `Lease<'scope, S>` contains a `GhostRef<&'scope mut S::Unique>`, so
// if that field is `Unique` then the `Lease` is also `Unique`.
unsafe impl<'scope, S: Static> Unique for Lease<'scope, S> where
    GhostRef<&'scope mut S::Unique>: Unique
{
}

impl<'scope, S: Static> Drop for Lease<'scope, S> {
    fn drop(&mut self) {
        // SAFETY:
        // - We hold a mutable borrow of `S::Unique`.
        // - Because the `Lease` is being dropped, there are no other references
        //   to the value in the static variable. Therefore, we may consume the
        //   value by dropping it.
        unsafe { S::slot().assume_init_drop() }
    }
}

impl<'scope, S: Static> Lease<'scope, S> {
    /// Creates a new scope from a unique borrow and an initial value.
    pub fn new(x: &'scope mut S::Unique, value: S::Target) -> Self {
        // SAFETY:
        // - We hold a mutable borrow of `S::Unique`.
        // - Because we are the only holders of the mutable borrow, we may treat
        //   the slot as owned.
        let mut slot = unsafe { S::slot() };
        slot.write(value);
        Self(GhostRef::leak(x))
    }

    /// Creates a shared borrow of this scoped static.
    pub fn borrow(&self) -> StaticRef<&Self> {
        StaticRef::leak(self)
    }

    /// Creates a mutable borrow of this scoped static.
    pub fn borrow_mut(&mut self) -> StaticRef<&mut Self> {
        StaticRef::leak(self)
    }
}

/// A reference to some static value.
#[derive(Clone, Copy)]
#[repr(transparent)]
pub struct StaticRef<T>(GhostRef<T>);

// SAFETY: `StaticRef<T>` contains a `GhostRef<&'scope mut S::Unique>`, so if
// that field is `Unique` then the `StaticRef` is also `Singleton`.
unsafe impl<T> Unique for StaticRef<T> where GhostRef<T>: Unique {}

// SAFETY: `StaticRef<T>` contains only a `GhostRef<T>`, so if that field is
// `Singleton` then the `StaticRef` is also `Singleton`.
unsafe impl<T> Singleton for StaticRef<T> where GhostRef<T>: Singleton {}

impl<T> StaticRef<T> {
    /// Creates a new `StaticRef`.
    pub fn leak(x: T) -> Self {
        StaticRef(GhostRef::leak(x))
    }
}

impl<'borrow, 'scope, S> Deref for StaticRef<&'borrow Lease<'scope, S>>
where
    'scope: 'borrow,
    S: Static,
{
    type Target = S::Target;

    fn deref(&self) -> &Self::Target {
        // SAFETY:
        // - `StaticRef` transitively holds a mutable borrow of `S::Unique`.
        // - The borrowed `Lease` initialized the slot when it was created.
        // - Because the borrow of `Lease` is shared, we treat the slot as
        //   shared.
        unsafe { S::slot().assume_init_ref() }
    }
}

impl<'borrow, 'scope, S> Deref for StaticRef<&'borrow mut Lease<'scope, S>>
where
    'scope: 'borrow,
    S: Static,
{
    type Target = S::Target;

    fn deref(&self) -> &Self::Target {
        // SAFETY:
        // - `StaticRef` transitively holds a mutable borrow of `S::Unique`.
        // - The borrowed `Lease` initialized the slot when it was created.
        // - Because the borrow of `Lease` is unique, we may treat the slot as
        //   shared or mutable.
        unsafe { S::slot().assume_init_ref() }
    }
}

impl<'borrow, 'scope, S> DerefMut for StaticRef<&'borrow mut Lease<'scope, S>>
where
    'scope: 'borrow,
    S: Static,
{
    fn deref_mut(&mut self) -> &mut Self::Target {
        // SAFETY:
        // - `StaticRef` transitively holds a mutable borrow of `S::Unique`.
        // - The borrowed `Lease` initialized the slot when it was created.
        // - Because the borrow of `Lease` is unique, we may treat the slot as
        //   shared or mutable.
        unsafe { S::slot().assume_init_mut() }
    }
}

/// Creates a type that provides safe access to a static variable using a unique
/// value.
#[macro_export]
macro_rules! lease_static {
    ($unique:ty => $name:ident: $ty:ty) => {
        $crate::lease_static!(@declare $name);
        $crate::lease_static!(@impl $unique => $name: $ty)
    };
    ($unique:ty => pub $name:ident: $ty:ty) => {
        $crate::lease_static!(@declare $name pub);
        $crate::lease_static!(@impl $unique => $name: $ty)
    };
    ($unique:ty => pub ($($vis:tt)*) $name:ident: $ty:ty) => {
        $crate::lease_static!(@declare $name pub($($vis)*));
        $crate::lease_static!(@impl $unique => $name: $ty)
    };
    (@declare $name:ident $($vis:tt)*) => {
        $($vis)* struct $name(::core::marker::PhantomData<()>);
    };
    (@impl $unique:ty => $name:ident: $target:ty) => {
        const _: () = {
            use ::core::mem::MaybeUninit;
            static mut VALUE: MaybeUninit<$target> = MaybeUninit::uninit();

            impl $crate::Static for $name {
                type Unique = $unique;
                type Target = $target;

                unsafe fn slot() -> $crate::Slot<'static, Self::Target> {
                    // SAFETY: Only one `Lease` can have access to the slot at a
                    // time.
                    unsafe { $crate::Slot::new(&mut VALUE) }
                }
            }
        };
    };
}

#[cfg(test)]
mod tests {
    #[test]
    fn vend() {
        use crate::{runtime_token, Lease};

        struct Gumball {
            size: i32,
        }

        runtime_token!(Quarter);
        lease_static!(Quarter => Vend: Gumball);

        let mut quarter = Quarter::acquire();
        let mut vend = Lease::<Vend>::new(&mut quarter, Gumball { size: 100 });

        assert_eq!(::core::mem::size_of_val(&vend.borrow()), 0);

        let mut gumball = vend.borrow_mut();
        gumball.size = 6;

        assert_eq!(vend.borrow().size, 6);

        let mut gumball_2 = vend.borrow_mut();
        gumball_2.size = 4;

        assert_eq!(vend.borrow().size, 4);
    }
}