-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exclude mutable references to !Unpin types from uniqueness guarantees #1952
Conversation
It looks like indeed almost all types are fn check_unpin<T: Unpin>() {}
fn main() {
check_unpin::<Vec<i32>>();
check_unpin::<std::collections::HashMap<i32, i32>>();
check_unpin::<std::collections::BTreeMap<i32, i32>>();
check_unpin::<std::cell::Cell<i32>>();
check_unpin::<std::cell::RefCell<i32>>();
check_unpin::<std::rc::Rc<i32>>();
check_unpin::<std::sync::Mutex<i32>>();
check_unpin::<std::sync::Arc<i32>>();
check_unpin::<std::sync::atomic::AtomicI32>();
} |
I don't think libstd contains self referential types ^^ |
There is one (but it's likely not useful to test any behaviour with): |
So does that mean we can finally have #[repr(transparent)]
struct Aliasable<T : ?Sized>(T);
impl<T : ?Sized> !Unpin for AliasedCell<T> {} as done in https://docs.rs/pinned-aliasable 's |
But can an |
Well, this might silence Miri, but note that making
But |
Well, a |
No. (Assuming by "coexist" you mean both pointers are actually being used.) If any exception was permitted, then the compiler (seeing some The special property of |
To add to @RalfJung's last point: IIUC, whilst a That being said, let's consider: let rw = &UnsafeCell::new(42);
let uniq = unsafe { &mut *rw.get() };
let r2 = rw; // or some other dummy use of `&UnsafeCell<T>`
*uniq = 0; // use &mut
unsafe { *r2.get() = 42; } I'd say that snippet showcases well-defined behavior. All that to say that "coexisting" is quite a fuzzy word: maybe we should be showcasing actual snippets with |
Yes, though this is subtle. If this were a read or write though, it would invalidate
Indeed. I tried to clarify but I guess using the verb "used" is still quite fuzzy. |
Given the feedback above I'll go ahead and land this. The fact that the compile-fail tests still work make me reasonable confident that this will not lead to huge amounts of false negatives, and without something like this Stacked Borrows is entirely unusable for self-referential generators. This is not a commitment that @bors r+ |
📌 Commit 77cec81 has been approved by |
☀️ Test successful - checks-actions |
This basically works around rust-lang/unsafe-code-guidelines#148 by not requiring uniqueness any more for mutable references to self-referential generators. That corresponds to the same work-around that was applied in rustc itself.
I am not entirely sure if this is a good idea since it might hide too many errors in case types are "accidentally"
!Unpin
. OTOH, our test suite still passes, and to my knowledge the vast majority of types isUnpin
. (place.layout.ty
is monomorphic, we should always exactly know which type this is.)