Skip to content

Commit

Permalink
Get rid of ThreadRng::rng
Browse files Browse the repository at this point in the history
This method must be used correctly to avoid undefined behavior.
Therefore, it should be `unsafe`. Instead, we just inline it and add a
comment why the code is safe.
  • Loading branch information
vks committed Sep 3, 2020
1 parent 050c1af commit 54b77d8
Showing 1 changed file with 16 additions and 11 deletions.
27 changes: 16 additions & 11 deletions src/rngs/thread.rs
Original file line number Diff line number Diff line change
Expand Up @@ -95,30 +95,35 @@ impl Default for ThreadRng {
}
}

impl ThreadRng {
#[inline(always)]
fn rng(&mut self) -> &mut ReseedingRng<Core, OsRng> {
unsafe { &mut *self.rng.get() }
}
}

impl RngCore for ThreadRng {
#[inline(always)]
fn next_u32(&mut self) -> u32 {
self.rng().next_u32()
// SAFETY: We must make sure to stop using `rng` before anyone else
// creates another mutable reference
let rng = unsafe { &mut *self.rng.get() };
rng.next_u32()
}

#[inline(always)]
fn next_u64(&mut self) -> u64 {
self.rng().next_u64()
// SAFETY: We must make sure to stop using `rng` before anyone else
// creates another mutable reference
let rng = unsafe { &mut *self.rng.get() };
rng.next_u64()
}

fn fill_bytes(&mut self, dest: &mut [u8]) {
self.rng().fill_bytes(dest)
// SAFETY: We must make sure to stop using `rng` before anyone else
// creates another mutable reference
let rng = unsafe { &mut *self.rng.get() };
rng.fill_bytes(dest)
}

fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
self.rng().try_fill_bytes(dest)
// SAFETY: We must make sure to stop using `rng` before anyone else
// creates another mutable reference
let rng = unsafe { &mut *self.rng.get() };
rng.try_fill_bytes(dest)
}
}

Expand Down

0 comments on commit 54b77d8

Please sign in to comment.