Merge pull request #827 from jsheard/nonnull

dhardy · web-flow · commit 535ef93b3a5a · 2019-06-18T16:25:36.000+01:00
Use NonNull inside ThreadRng handles
diff --git a/src/rngs/thread.rs b/src/rngs/thread.rs
@@ -9,6 +9,7 @@
 //! Thread-local random number generator
 
 use std::cell::UnsafeCell;
+use std::ptr::NonNull;
 
 use {RngCore, CryptoRng, SeedableRng, Error};
 use rngs::adapter::ReseedingRng;
@@ -28,9 +29,6 @@ use super::std::Core;
 // completely under our control. We just have to ensure none of them use
 // `ThreadRng` internally, which is nonsensical anyway. We should also never run
 // `ThreadRng` in destructors of its implementation, which is also nonsensical.
-//
-// The additional `Rc` is not strictly neccesary, and could be removed. For now
-// it ensures `ThreadRng` stays `!Send` and `!Sync`, and implements `Clone`.
 
 
 // Number of generated bytes after which to reseed `ThreadRng`.
@@ -52,13 +50,13 @@ const THREAD_RNG_RESEED_THRESHOLD: u64 = 1024 * 64;
 /// Note that the reseeding is done as an extra precaution against side-channel
 /// attacks and mis-use (e.g. if somehow weak entropy were supplied initially).
 /// The PRNG algorithms used are assumed to be secure.
-/// 
+///
 /// [`ReseedingRng`]: crate::rngs::adapter::ReseedingRng
 /// [`StdRng`]: crate::rngs::StdRng
 #[derive(Copy, Clone, Debug)]
 pub struct ThreadRng {
-    // use of raw pointer implies type is neither Send nor Sync
-    rng: *mut ReseedingRng<Core, OsRng>,
+    // inner raw pointer implies type is neither Send nor Sync
+    rng: NonNull<ReseedingRng<Core, OsRng>>,
 }
 
 thread_local!(
@@ -80,7 +78,9 @@ thread_local!(
 ///
 /// For more information see [`ThreadRng`].
 pub fn thread_rng() -> ThreadRng {
-    ThreadRng { rng: THREAD_RNG_KEY.with(|t| t.get()) }
+    let raw = THREAD_RNG_KEY.with(|t| t.get());
+    let nn = NonNull::new(raw).unwrap();
+    ThreadRng { rng: nn }
 }
 
 impl Default for ThreadRng {
@@ -92,20 +92,20 @@ impl Default for ThreadRng {
 impl RngCore for ThreadRng {
     #[inline(always)]
     fn next_u32(&mut self) -> u32 {
-        unsafe { (*self.rng).next_u32() }
+        unsafe { self.rng.as_mut().next_u32() }
     }
 
     #[inline(always)]
     fn next_u64(&mut self) -> u64 {
-        unsafe { (*self.rng).next_u64() }
+        unsafe { self.rng.as_mut().next_u64() }
     }
 
     fn fill_bytes(&mut self, dest: &mut [u8]) {
-        unsafe { (*self.rng).fill_bytes(dest) }
+        unsafe { self.rng.as_mut().fill_bytes(dest) }
     }
 
     fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
-        unsafe { (*self.rng).try_fill_bytes(dest) }
+        unsafe { self.rng.as_mut().try_fill_bytes(dest) }
     }
 }
 
