(almost) get rid of the unsound #[rustc_unsafe_specialization_marker] on Copy, introduce TrivialClone

Author: joboet

library/alloc/src/boxed/convert.rs

@@ -1,4 +1,6 @@
 use core::any::Any;
+#[cfg(not(no_global_oom_handling))]
+use core::clone::TrivialClone;
 use core::error::Error;
 use core::mem;
 use core::pin::Pin;
@@ -75,11 +77,13 @@ impl<T: Clone> BoxFromSlice<T> for Box<[T]> {
 }
 
 #[cfg(not(no_global_oom_handling))]
-impl<T: Copy> BoxFromSlice<T> for Box<[T]> {
+impl<T: TrivialClone> BoxFromSlice<T> for Box<[T]> {
     #[inline]
     fn from_slice(slice: &[T]) -> Self {
         let len = slice.len();
         let buf = RawVec::with_capacity(len);
+        // SAFETY: since `T` implements `TrivialClone`, this is sound and
+        // equivalent to the above.
         unsafe {
             ptr::copy_nonoverlapping(slice.as_ptr(), buf.ptr(), len);
             buf.into_box(slice.len()).assume_init()

library/alloc/src/lib.rs

@@ -147,6 +147,7 @@
 #![feature(std_internals)]
 #![feature(str_internals)]
 #![feature(temporary_niche_types)]
+#![feature(trivial_clone)]
 #![feature(trusted_fused)]
 #![feature(trusted_len)]
 #![feature(trusted_random_access)]

library/alloc/src/rc.rs

@@ -243,9 +243,9 @@
 
 use core::any::Any;
 use core::cell::Cell;
-#[cfg(not(no_global_oom_handling))]
-use core::clone::CloneToUninit;
 use core::clone::UseCloned;
+#[cfg(not(no_global_oom_handling))]
+use core::clone::{CloneToUninit, TrivialClone};
 use core::cmp::Ordering;
 use core::hash::{Hash, Hasher};
 use core::intrinsics::abort;
@@ -2150,7 +2150,8 @@ impl<T> Rc<[T]> {
 
     /// Copy elements from slice into newly allocated `Rc<[T]>`
     ///
-    /// Unsafe because the caller must either take ownership or bind `T: Copy`
+    /// Unsafe because the caller must either take ownership, bind `T: Copy` or
+    /// bind `T: TrivialClone`.
     #[cfg(not(no_global_oom_handling))]
     unsafe fn copy_from_slice(v: &[T]) -> Rc<[T]> {
         unsafe {
@@ -2240,9 +2241,11 @@ impl<T: Clone> RcFromSlice<T> for Rc<[T]> {
 }
 
 #[cfg(not(no_global_oom_handling))]
-impl<T: Copy> RcFromSlice<T> for Rc<[T]> {
+impl<T: TrivialClone> RcFromSlice<T> for Rc<[T]> {
     #[inline]
     fn from_slice(v: &[T]) -> Self {
+        // SAFETY: `T` implements `TrivialClone`, so this is sound and equivalent
+        // to the above.
         unsafe { Rc::copy_from_slice(v) }
     }
 }

library/alloc/src/slice.rs

@@ -11,6 +11,8 @@
 
 use core::borrow::{Borrow, BorrowMut};
 #[cfg(not(no_global_oom_handling))]
+use core::clone::TrivialClone;
+#[cfg(not(no_global_oom_handling))]
 use core::cmp::Ordering::{self, Less};
 #[cfg(not(no_global_oom_handling))]
 use core::mem::MaybeUninit;
@@ -440,7 +442,7 @@ impl<T> [T] {
             }
         }
 
-        impl<T: Copy> ConvertVec for T {
+        impl<T: TrivialClone> ConvertVec for T {
             #[inline]
             fn to_vec<A: Allocator>(s: &[Self], alloc: A) -> Vec<Self, A> {
                 let mut v = Vec::with_capacity_in(s.len(), alloc);
@@ -825,7 +827,7 @@ impl<T: Clone, A: Allocator> SpecCloneIntoVec<T, A> for [T] {
 }
 
 #[cfg(not(no_global_oom_handling))]
-impl<T: Copy, A: Allocator> SpecCloneIntoVec<T, A> for [T] {
+impl<T: TrivialClone, A: Allocator> SpecCloneIntoVec<T, A> for [T] {
     fn clone_into(&self, target: &mut Vec<T, A>) {
         target.clear();
         target.extend_from_slice(self);

library/alloc/src/sync.rs

@@ -11,6 +11,8 @@
 use core::any::Any;
 #[cfg(not(no_global_oom_handling))]
 use core::clone::CloneToUninit;
+#[cfg(not(no_global_oom_handling))]
+use core::clone::TrivialClone;
 use core::clone::UseCloned;
 use core::cmp::Ordering;
 use core::hash::{Hash, Hasher};
@@ -2057,7 +2059,8 @@ impl<T> Arc<[T]> {
 
     /// Copy elements from slice into newly allocated `Arc<[T]>`
     ///
-    /// Unsafe because the caller must either take ownership or bind `T: Copy`.
+    /// Unsafe because the caller must either take ownership, bind `T: Copy` or
+    /// bind `T: TrivialClone`.
     #[cfg(not(no_global_oom_handling))]
     unsafe fn copy_from_slice(v: &[T]) -> Arc<[T]> {
         unsafe {
@@ -2149,9 +2152,11 @@ impl<T: Clone> ArcFromSlice<T> for Arc<[T]> {
 }
 
 #[cfg(not(no_global_oom_handling))]
-impl<T: Copy> ArcFromSlice<T> for Arc<[T]> {
+impl<T: TrivialClone> ArcFromSlice<T> for Arc<[T]> {
     #[inline]
     fn from_slice(v: &[T]) -> Self {
+        // SAFETY: `T` implements `TrivialClone`, so this is sound and equivalent
+        // to the above.
         unsafe { Arc::copy_from_slice(v) }
     }
 }

library/alloc/src/vec/mod.rs

@@ -53,6 +53,8 @@
 
 #![stable(feature = "rust1", since = "1.0.0")]
 
+#[cfg(not(no_global_oom_handling))]
+use core::clone::TrivialClone;
 #[cfg(not(no_global_oom_handling))]
 use core::cmp;
 use core::cmp::Ordering;
@@ -3250,7 +3252,7 @@ impl<T: Clone, A: Allocator> ExtendFromWithinSpec for Vec<T, A> {
 }
 
 #[cfg(not(no_global_oom_handling))]
-impl<T: Copy, A: Allocator> ExtendFromWithinSpec for Vec<T, A> {
+impl<T: TrivialClone, A: Allocator> ExtendFromWithinSpec for Vec<T, A> {
     unsafe fn spec_extend_from_within(&mut self, src: Range<usize>) {
         let count = src.len();
         {
@@ -3263,8 +3265,8 @@ impl<T: Copy, A: Allocator> ExtendFromWithinSpec for Vec<T, A> {
             // SAFETY:
             // - Both pointers are created from unique slice references (`&mut [_]`)
             //   so they are valid and do not overlap.
-            // - Elements are :Copy so it's OK to copy them, without doing
-            //   anything with the original values
+            // - Elements implement `TrivialClone` so this is equivalent to calling
+            //   `clone` on every one of them.
             // - `count` is equal to the len of `source`, so source is valid for
             //   `count` reads
             // - `.reserve(count)` guarantees that `spare.len() >= count` so spare

library/alloc/src/vec/spec_extend.rs

@@ -1,3 +1,4 @@
+use core::clone::TrivialClone;
 use core::iter::TrustedLen;
 use core::slice::{self};
 
@@ -53,7 +54,7 @@ where
 
 impl<'a, T: 'a, A: Allocator> SpecExtend<&'a T, slice::Iter<'a, T>> for Vec<T, A>
 where
-    T: Copy,
+    T: TrivialClone,
 {
     #[track_caller]
     fn spec_extend(&mut self, iterator: slice::Iter<'a, T>) {

library/core/src/array/mod.rs

@@ -5,10 +5,10 @@
 #![stable(feature = "core_array", since = "1.35.0")]
 
 use crate::borrow::{Borrow, BorrowMut};
+use crate::clone::TrivialClone;
 use crate::cmp::Ordering;
 use crate::convert::Infallible;
 use crate::error::Error;
-use crate::fmt;
 use crate::hash::{self, Hash};
 use crate::intrinsics::transmute_unchecked;
 use crate::iter::{UncheckedIterator, repeat_n};
@@ -18,6 +18,7 @@ use crate::ops::{
 };
 use crate::ptr::{null, null_mut};
 use crate::slice::{Iter, IterMut};
+use crate::{fmt, ptr};
 
 mod ascii;
 mod drain;
@@ -426,6 +427,9 @@ impl<T: Clone, const N: usize> Clone for [T; N] {
     }
 }
 
+#[unstable(feature = "trivial_clone", issue = "none")]
+unsafe impl<T: TrivialClone, const N: usize> TrivialClone for [T; N] {}
+
 trait SpecArrayClone: Clone {
     fn clone<const N: usize>(array: &[Self; N]) -> [Self; N];
 }
@@ -437,10 +441,12 @@ impl<T: Clone> SpecArrayClone for T {
     }
 }
 
-impl<T: Copy> SpecArrayClone for T {
+impl<T: TrivialClone> SpecArrayClone for T {
     #[inline]
     fn clone<const N: usize>(array: &[T; N]) -> [T; N] {
-        *array
+        // SAFETY: `TrivialClone` implies that this is equivalent to calling
+        // `Clone` on every element.
+        unsafe { ptr::read(array) }
     }
 }
 

library/core/src/clone.rs

@@ -176,6 +176,32 @@ pub trait Clone: Sized {
     }
 }
 
+/// Indicates that the `Clone` implementation is identical to copying the value.
+///
+/// This is used for some optimizations in the standard library, which specializes
+/// on this trait to select faster implementations of functions such as
+/// [`clone_from_slice`](slice::clone_from_slice). It is automatically implemented
+/// when using `#[derive(Clone, Copy)]`.
+///
+/// Note that this trait does not imply that the type is `Copy`, because e.g.
+/// `core::ops::Range<i32>` could soundly implement this trait.
+///
+/// # Safety
+/// `Clone::clone` must be equivalent to copying the value, otherwise calling functions
+/// such as `slice::clone_from_slice` can have undefined behaviour.
+#[unstable(
+    feature = "trivial_clone",
+    reason = "this isn't part of any API guarantee",
+    issue = "none"
+)]
+// SAFETY:
+// It is sound to specialize on this because the `clone` implementation cannot be
+// lifetime-dependent. Therefore, if `TrivialClone` is implemented for any lifetime,
+// its invariant holds whenever `Clone` is implemented, even if the actual
+// `TrivialClone` bound would not be satisfied because of lifetime bounds.
+#[rustc_unsafe_specialization_marker]
+pub unsafe trait TrivialClone: Clone {}
+
 /// Derive macro generating an impl of the trait `Clone`.
 #[rustc_builtin_macro]
 #[stable(feature = "builtin_macro_prelude", since = "1.38.0")]
@@ -495,6 +521,8 @@ unsafe impl CloneToUninit for crate::bstr::ByteStr {
 /// are implemented in `traits::SelectionContext::copy_clone_conditions()`
 /// in `rustc_trait_selection`.
 mod impls {
+    use super::TrivialClone;
+
     macro_rules! impl_clone {
         ($($t:ty)*) => {
             $(
@@ -505,6 +533,9 @@ mod impls {
                         *self
                     }
                 }
+
+                #[unstable(feature = "trivial_clone", issue = "none")]
+                unsafe impl TrivialClone for $t {}
             )*
         }
     }
@@ -524,6 +555,12 @@ mod impls {
         }
     }
 
+    #[unstable(feature = "trivial_clone", issue = "none")]
+    unsafe impl TrivialClone for ! {}
+
+    #[unstable(feature = "trivial_clone", issue = "none")]
+    unsafe impl TrivialClone for () {}
+
     #[stable(feature = "rust1", since = "1.0.0")]
     impl<T: ?Sized> Clone for *const T {
         #[inline(always)]
@@ -532,6 +569,9 @@ mod impls {
         }
     }
 
+    #[unstable(feature = "trivial_clone", issue = "none")]
+    unsafe impl<T: ?Sized> TrivialClone for *const T {}
+
     #[stable(feature = "rust1", since = "1.0.0")]
     impl<T: ?Sized> Clone for *mut T {
         #[inline(always)]
@@ -540,6 +580,9 @@ mod impls {
         }
     }
 
+    #[unstable(feature = "trivial_clone", issue = "none")]
+    unsafe impl<T: ?Sized> TrivialClone for *mut T {}
+
     /// Shared references can be cloned, but mutable references *cannot*!
     #[stable(feature = "rust1", since = "1.0.0")]
     impl<T: ?Sized> Clone for &T {
@@ -550,6 +593,9 @@ mod impls {
         }
     }
 
+    #[unstable(feature = "trivial_clone", issue = "none")]
+    unsafe impl<T: ?Sized> TrivialClone for &T {}
+
     /// Shared references can be cloned, but mutable references *cannot*!
     #[stable(feature = "rust1", since = "1.0.0")]
     impl<T: ?Sized> !Clone for &mut T {}

library/core/src/clone/uninit.rs

@@ -1,3 +1,4 @@
+use super::TrivialClone;
 use crate::mem::{self, MaybeUninit};
 use crate::ptr;
 
@@ -49,9 +50,9 @@ unsafe impl<T: Clone> CopySpec for T {
     }
 }
 
-// Specialized implementation for types that are [`Copy`], not just [`Clone`],
+// Specialized implementation for types that are [`TrivialClone`], not just [`Clone`],
 // and can therefore be copied bitwise.
-unsafe impl<T: Copy> CopySpec for T {
+unsafe impl<T: TrivialClone> CopySpec for T {
     #[inline]
     unsafe fn clone_one(src: &Self, dst: *mut Self) {
         // SAFETY: The safety conditions of clone_to_uninit() are a superset of those of

library/core/src/marker.rs

@@ -14,6 +14,7 @@ pub use self::variance::{
     PhantomInvariant, PhantomInvariantLifetime, Variance, variance,
 };
 use crate::cell::UnsafeCell;
+use crate::clone::TrivialClone;
 use crate::cmp;
 use crate::fmt::Debug;
 use crate::hash::{Hash, Hasher};
@@ -409,12 +410,8 @@ marker_impls! {
 /// [impls]: #implementors
 #[stable(feature = "rust1", since = "1.0.0")]
 #[lang = "copy"]
-// FIXME(matthewjasper) This allows copying a type that doesn't implement
-// `Copy` because of unsatisfied lifetime bounds (copying `A<'_>` when only
-// `A<'static>: Copy` and `A<'_>: Clone`).
-// We have this attribute here for now only because there are quite a few
-// existing specializations on `Copy` that already exist in the standard
-// library, and there's no way to safely have this behavior right now.
+// This is unsound, but required by `hashbrown`
+// FIXME(joboet): change `hashbrown` to use `TrivialClone`
 #[rustc_unsafe_specialization_marker]
 #[rustc_diagnostic_item = "Copy"]
 pub trait Copy: Clone {
@@ -816,6 +813,9 @@ impl<T: ?Sized> Clone for PhantomData<T> {
     }
 }
 
+#[unstable(feature = "trivial_clone", issue = "none")]
+unsafe impl<T: ?Sized> TrivialClone for PhantomData<T> {}
+
 #[stable(feature = "rust1", since = "1.0.0")]
 impl<T: ?Sized> Default for PhantomData<T> {
     fn default() -> Self {

library/core/src/marker/variance.rs

@@ -2,6 +2,7 @@
 
 use super::PhantomData;
 use crate::any::type_name;
+use crate::clone::TrivialClone;
 use crate::cmp::Ordering;
 use crate::fmt;
 use crate::hash::{Hash, Hasher};
@@ -60,6 +61,8 @@ macro_rules! phantom_type {
 
         impl<T> Copy for $name<T> where T: ?Sized {}
 
+        unsafe impl<T> TrivialClone for $name<T> where T: ?Sized {}
+
         impl<T> PartialEq for $name<T>
             where T: ?Sized
         {