[workerd-cxx] add kj::Maybe to kj-rs and workerd-cxx

Author: LordGoatius

gen/src/write.rs

@@ -233,7 +233,7 @@ fn pick_includes_and_builtins(out: &mut OutFile, apis: &[Api]) {
             Type::SliceRef(_) => out.builtin.rust_slice = true,
             Type::Array(_) => out.include.array = true,
             Type::Ref(_) | Type::Void(_) | Type::Ptr(_) => {}
-            Type::Future(_) | Type::Own(_) => out.include.kj_rs = true,
+            Type::Future(_) | Type::Maybe(_) | Type::Own(_) => out.include.kj_rs = true,
         }
     }
 }
@@ -1263,6 +1263,11 @@ fn write_type(out: &mut OutFile, ty: &Type) {
             write_type(out, &ptr.inner);
             write!(out, ">");
         }
+        Type::Maybe(ptr) => {
+            write!(out, "::kj::Maybe<");
+            write_type(out, &ptr.inner);
+            write!(out, ">");
+        }
         Type::CxxVector(ty) => {
             write!(out, "::std::vector<");
             write_type(out, &ty.inner);
@@ -1357,6 +1362,7 @@ fn write_space_after_type(out: &mut OutFile, ty: &Type) {
         | Type::SharedPtr(_)
         | Type::WeakPtr(_)
         | Type::Str(_)
+        | Type::Maybe(_)
         | Type::CxxVector(_)
         | Type::RustVec(_)
         | Type::SliceRef(_)
@@ -1431,6 +1437,7 @@ fn write_generic_instantiations(out: &mut OutFile) {
             ImplKey::RustVec(ident) => write_rust_vec_extern(out, ident),
             ImplKey::UniquePtr(ident) => write_unique_ptr(out, ident),
             ImplKey::Own(ident) => write_kj_own(out, ident),
+            ImplKey::Maybe(ident) => write_kj_maybe(out, ident),
             ImplKey::SharedPtr(ident) => write_shared_ptr(out, ident),
             ImplKey::WeakPtr(ident) => write_weak_ptr(out, ident),
             ImplKey::CxxVector(ident) => write_cxx_vector(out, ident),
@@ -1669,6 +1676,17 @@ fn write_kj_own(out: &mut OutFile, key: NamedImplKey) {
     );
 }
 
+// cxx boilerplate function for possible drop trait
+// TODO: Add asserts and function generation
+fn write_kj_maybe(out: &mut OutFile, key: NamedImplKey) {
+    let ident = key.rust;
+    let resolve = out.types.resolve(ident);
+    let _inner = resolve.name.to_fully_qualified();
+
+    out.include.utility = true;
+    out.include.kj_rs = true;
+}
+
 fn write_unique_ptr(out: &mut OutFile, key: NamedImplKey) {
     let ty = UniquePtr::Ident(key.rust);
     write_unique_ptr_common(out, ty);

kj-rs/lib.rs

@@ -4,6 +4,7 @@ use awaiter::WakerRef;
 pub use crate::ffi::KjWaker;
 pub use awaiter::PromiseAwaiter;
 pub use future::FuturePollStatus;
+pub use maybe::repr::Maybe;
 pub use own::repr::Own;
 pub use promise::KjPromise;
 pub use promise::KjPromiseNodeImpl;
@@ -13,12 +14,14 @@ pub use promise::new_callbacks_promise_future;
 
 mod awaiter;
 mod future;
+pub mod maybe;
 mod own;
 mod promise;
 mod waker;
 
 pub mod repr {
     pub use crate::future::repr::*;
+    pub use crate::maybe::repr::*;
     pub use crate::own::repr::*;
 }
 

kj-rs/maybe.rs

@@ -0,0 +1,245 @@
+use repr::Maybe;
+use std::mem::MaybeUninit;
+
+/// # Safety
+/// This trait should only be implemented in `workerd-cxx` on types
+/// which contain a specialization of `kj::Maybe` that needs to be represented in
+/// Rust.
+unsafe trait HasNiche: Sized {
+    fn is_niche(value: &MaybeUninit<Self>) -> bool;
+}
+
+unsafe impl<T> HasNiche for *const T {
+    fn is_niche(value: &MaybeUninit<*const T>) -> bool {
+        unsafe { value.assume_init().is_null() }
+    }
+}
+
+unsafe impl<T> HasNiche for *mut T {
+    fn is_niche(value: &MaybeUninit<*mut T>) -> bool {
+        unsafe { value.assume_init().is_null() }
+    }
+}
+
+unsafe impl<T> HasNiche for &T {
+    fn is_niche(value: &MaybeUninit<&T>) -> bool {
+        unsafe {
+            std::mem::transmute_copy::<MaybeUninit<&T>, MaybeUninit<*const T>>(value)
+                // This is to avoid potentially zero-initalizing a reference, which is always undefined behavior
+                .assume_init()
+                .is_null()
+        }
+    }
+}
+
+unsafe impl<T> HasNiche for &mut T {
+    fn is_niche(value: &MaybeUninit<&mut T>) -> bool {
+        unsafe {
+            std::mem::transmute_copy::<MaybeUninit<&mut T>, MaybeUninit<*mut T>>(value)
+                // This is to avoid potentially zero-initalizing a reference, which is always undefined behavior
+                .assume_init()
+                .is_null()
+        }
+    }
+}
+
+unsafe impl<T> HasNiche for crate::repr::Own<T> {
+    fn is_niche(value: &MaybeUninit<crate::repr::Own<T>>) -> bool {
+        unsafe { value.assume_init_ref().as_ptr().is_null() }
+    }
+}
+
+/// Trait that is used as the bounds for what can be in a Maybe
+///
+/// # Safety
+/// This trait should always be automatically implemented and should
+/// never be manually implemented
+pub unsafe trait MaybeItem: Sized {
+    type Discriminant: Copy;
+    fn is_some(value: &Maybe<Self>) -> bool;
+    fn is_none(value: &Maybe<Self>) -> bool;
+    fn from_option(value: Option<Self>) -> Maybe<Self>;
+    fn drop_in_place(value: &mut Maybe<Self>) {
+        if <Self as MaybeItem>::is_some(value) {
+            unsafe {
+                value.some.assume_init_drop();
+            }
+        }
+    }
+}
+
+macro_rules! impl_maybe_item_for_has_niche {
+    () => {};
+    ($ty:ty) => {
+        unsafe impl<T> MaybeItem for $ty {
+            type Discriminant = ();
+
+            fn is_some(value: &Maybe<Self>) -> bool {
+                !<$ty as HasNiche>::is_niche(&value.some)
+            }
+
+            fn is_none(value: &Maybe<Self>) -> bool {
+                <$ty as HasNiche>::is_niche(&value.some)
+            }
+
+            fn from_option(value: Option<Self>) -> Maybe<Self> {
+                match value {
+                    None => Maybe {
+                        is_set: (),
+                        some: MaybeUninit::zeroed(),
+                    },
+                    Some(val) => Maybe {
+                        is_set: (),
+                        some: MaybeUninit::new(val),
+                    }
+                }
+            }
+        }
+    };
+    ($ty:ty, $($tail:ty),+) => {
+        impl_maybe_item_for_has_niche!($ty);
+        impl_maybe_item_for_has_niche!($($tail),*);
+    };
+}
+
+macro_rules! impl_maybe_item_for_primitive {
+    () => {};
+    ($ty:ty) => {
+        unsafe impl MaybeItem for $ty {
+            type Discriminant = bool;
+
+            fn is_some(value: &Maybe<Self>) -> bool {
+                value.is_set
+            }
+
+            fn is_none(value: &Maybe<Self>) -> bool {
+                !value.is_set
+            }
+
+            fn from_option(value: Option<Self>) -> Maybe<Self> {
+                match value {
+                    None => Maybe {
+                        is_set: false,
+                        some: MaybeUninit::zeroed(),
+                    },
+                    Some(val) => Maybe {
+                        is_set: true,
+                        some: MaybeUninit::new(val),
+                    }
+                }
+            }
+        }
+    };
+    ($ty:ty, $($tail:ty),+) => {
+        impl_maybe_item_for_primitive!($ty);
+        impl_maybe_item_for_primitive!($($tail),*);
+    };
+}
+
+impl_maybe_item_for_has_niche!(crate::Own<T>, &T, &mut T, *const T, *mut T);
+impl_maybe_item_for_primitive!(
+    u8, u16, u32, u64, u128, i8, i16, i32, i64, i128, usize, isize, bool
+);
+
+pub(crate) mod repr {
+    use super::MaybeItem;
+    use static_assertions::assert_eq_size;
+    use std::fmt::{Debug, Display};
+    use std::mem::MaybeUninit;
+
+    /// A [`Maybe`] represents bindings to the `kj::Maybe` class.
+    /// It is an optional type, but represented using a struct, for alignment with kj.
+    ///
+    /// # Layout
+    /// In kj, `Maybe` has 3 specializations, one without niche value optimization, and
+    /// two with it. In order to maintain an identical layout in Rust, we include a second
+    /// generic argument with a default value of `bool`, which functions as a flag for whether
+    /// the `Maybe` is some or none.
+    ///
+    /// ## Niche Value Optimization
+    /// In kj, however, references which may be null are stored using a `kj::Maybe`, and utilize
+    /// the niche value optimization. To accomplish this in Rust, we create a struct, [`Niche`],
+    /// which has zero size, and is used as both the generic value of the discriminant, and as
+    /// a typestate generic to specify that our [`Maybe`] utilizes niche value optimization.
+    #[repr(C)]
+    pub struct Maybe<T: MaybeItem> {
+        pub(super) is_set: T::Discriminant,
+        pub(super) some: MaybeUninit<T>,
+    }
+
+    assert_eq_size!(Maybe<isize>, [usize; 2]);
+    assert_eq_size!(Maybe<&isize>, usize);
+    assert_eq_size!(Maybe<crate::Own<isize>>, [usize; 2]);
+    assert_eq_size!(Maybe<*const isize>, usize);
+
+    impl<T: MaybeItem> Maybe<T> {
+        /// # Safety
+        /// This function shouldn't be used except by macro generation.
+        pub unsafe fn is_set(&self) -> T::Discriminant {
+            self.is_set
+        }
+
+        /// # Safety
+        /// This function shouldn't be used except by macro generation.
+        pub unsafe fn from_parts_unchecked(
+            is_set: T::Discriminant,
+            some: MaybeUninit<T>,
+        ) -> Maybe<T> {
+            Maybe { is_set, some }
+        }
+
+        pub fn is_some(&self) -> bool {
+            T::is_some(self)
+        }
+
+        pub fn is_none(&self) -> bool {
+            T::is_none(self)
+        }
+    }
+
+    impl<T: MaybeItem> From<Maybe<T>> for Option<T> {
+        fn from(value: Maybe<T>) -> Self {
+            if value.is_some() {
+                // We can't move out of value so we copy it and forget it in
+                // order to perform a "manual" move out of value
+                let ret = unsafe { Some(value.some.assume_init_read()) };
+                std::mem::forget(value);
+                ret
+            } else {
+                None
+            }
+        }
+    }
+
+    impl<T: MaybeItem> From<Option<T>> for Maybe<T> {
+        fn from(value: Option<T>) -> Self {
+            <T as MaybeItem>::from_option(value)
+        }
+    }
+
+    impl<T: MaybeItem + Debug> Debug for Maybe<T> {
+        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+            if self.is_none() {
+                write!(f, "kj::None")
+            } else {
+                write!(f, "kj::Some({:?})", unsafe { self.some.assume_init_ref() })
+            }
+        }
+    }
+
+    impl<T: MaybeItem + Display> Display for Maybe<T> {
+        fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+            if self.is_none() {
+                write!(f, "kj::None")
+            } else {
+                write!(f, "kj::Some({})", unsafe { self.some.assume_init_ref() })
+            }
+        }
+    }
+
+    impl<T: MaybeItem> Drop for Maybe<T> {
+        fn drop(&mut self) {
+            T::drop_in_place(self);
+        }
+    }
+}

kj-rs/own.rs

@@ -1,18 +1,51 @@
 //! The `workerd-cxx` module containing the [`Own<T>`] type, which is bindings to the `kj::Own<T>` C++ type
 
 use static_assertions::{assert_eq_align, assert_eq_size};
+use std::{fmt, marker::PhantomData};
 
 assert_eq_size!(repr::Own<()>, [*const (); 2]);
 assert_eq_align!(repr::Own<()>, *const ());
 
+/// When we want to use an `Own`, we want the guarantee of being not null only
+/// in direct `Own<T>`, not Maybe<Own<T>>, and using a [`NonNull`] in `Own`
+/// but allowing Nulls for Niche Value Optimization is undefined behavior.
+#[repr(transparent)]
+pub(crate) struct NonNullExceptMaybe<T>(pub(crate) *mut T, PhantomData<T>);
+
+impl<T> NonNullExceptMaybe<T> {
+    pub fn as_ptr(&self) -> *const T {
+        self.0.cast()
+    }
+
+    pub unsafe fn as_ref(&self) -> &T {
+        // Safety:
+        //     This value will only be null when in a [`Maybe<T>`], which does niche value optimization
+        //     for a null pointer, so the inner [`Own<T>`] can never be accessed if it is null
+        unsafe { self.0.as_ref().unwrap() }
+    }
+
+    pub unsafe fn as_mut(&mut self) -> &mut T {
+        // Safety:
+        //     This value will only be null when in a [`Maybe<T>`], which does niche value optimization
+        //     for a null pointer, so the inner [`Own<T>`] can never be accessed if it is null
+        unsafe { self.0.as_mut().unwrap() }
+    }
+}
+
+impl<T> fmt::Pointer for NonNullExceptMaybe<T> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        fmt::Pointer::fmt(&self.0, f)
+    }
+}
+
 pub mod repr {
+    use super::NonNullExceptMaybe;
     use std::ffi::c_void;
     use std::fmt::{self, Debug, Display};
     use std::hash::{Hash, Hasher};
     use std::ops::Deref;
     use std::ops::DerefMut;
     use std::pin::Pin;
-    use std::ptr::NonNull;
 
     /// A [`Own<T>`] represents the `kj::Own<T>`. It is a smart pointer to an opaque C++ type.
     /// Safety:
@@ -22,10 +55,11 @@ pub mod repr {
     ///   to Rust
     #[repr(C)]
     pub struct Own<T> {
-        disposer: *const c_void,
-        ptr: NonNull<T>,
+        pub(crate) disposer: *const c_void,
+        pub(crate) ptr: NonNullExceptMaybe<T>,
     }
 
+    /// This type allows me to expose the same API that [`NonNull`] does while maintaining the invariant
     /// Public-facing Own api
     impl<T> Own<T> {
         /// Returns a mutable pinned reference to the object owned by this [`Own`]