wlan_common::sequestered

Struct Sequestered

Source 
pub struct Sequestered<T>(/* private fields */);
Expand description

Isolates data such that it is inaccessible without explicitly releasing it.

Sequestered data cannot be directly read nor written while contained (though it can be trivially replaced). This is useful for data that must be “ferried” through a system but should not generally be examined nor inspected, in particular when inspection of the data would otherwise seem innocuous but implicitly violates a design contract or introduces an unwanted data dependency.

This type cannot completely prevent reads and writes. Rather, it makes reads and writes very explicit and more obvious in order to avoid mistakes in data APIs.

Sequestering data is trivial and is done via the core From and Into traits. Releasing data is intentionally more explicit and requires the use of fully-qualified syntax that names the Sequestered type.

As sequestered data is considered a “black box”, Sequestered only implements the Clone and Debug traits (so long as the type T provides implementations). Note that Copy is not implemented, because releasing data would not be strictly affine and data could be implicitly copied out of fields via release. This is not only implicit, but can be counterintuitive in some contexts, because release moves a copy of the Sequestered.

Sequestered also implements PartialEq largely for testing. See https://fxbug.dev/42067751.

Implementations§

Source§

impl<T> Sequestered<T>

Source

pub fn release(sequestered: Self) -> T

Releases the sequestered data.

Releasing should be performed sparingly, carefully, and typically at API boundaries where there is no longer a need to prevent reads of the data. Releases, which are explicit, should be given extra scrutiny, somewhat like unsafe code.

This function does not use a receiver and so requires fully-qualified syntax in order to make releases more explicit and obvious.

§Examples
// Sequester data.
let text: Sequestered<&'static str> = "lorem ipsum".into();
// Release data. The fully-qualified syntax is required.
let text = Sequestered::release(text);

Trait Implementations§

Source§

impl<T: Clone> Clone for Sequestered<T>

Source§

fn clone(&self) -> Sequestered<T>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Debug> Debug for Sequestered<T>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T> From<T> for Sequestered<T>

Source§

fn from(inner: T) -> Self

Converts to this type from the input type.
Source§

impl<T: PartialEq> PartialEq for Sequestered<T>

Source§

fn eq(&self, other: &Sequestered<T>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<T> StructuralPartialEq for Sequestered<T>

Auto Trait Implementations§

§

impl<T> Freeze for Sequestered<T>
where T: Freeze,

§

impl<T> RefUnwindSafe for Sequestered<T>
where T: RefUnwindSafe,

§

impl<T> Send for Sequestered<T>
where T: Send,

§

impl<T> Sync for Sequestered<T>
where T: Sync,

§

impl<T> Unpin for Sequestered<T>
where T: Unpin,

§

impl<T> UnwindSafe for Sequestered<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
§

impl<T, D> Encode<Ambiguous1, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
§

impl<T, D> Encode<Ambiguous2, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
Source§

impl<T> From<!> for T

Source§

fn from(t: !) -> T

Converts to this type from the input type.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> OptionalField for T
where T: ?Sized,

Source§

const PRESENT: Presence<Self> = _

Source§

const ABSENT: Presence<Self> = _

§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V