Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stacked borrows 2 (alpha 1) #695

Merged
merged 16 commits into from
Apr 18, 2019
Merged

Conversation

RalfJung
Copy link
Member

This is a first "alpha version" of Stacked Borrows 2. I'll write a blog post about this eventually...

The "stack" part is more of a guideline than a strict discipline at this point, unfortunately. I have some idead for how to make it more stack-like again but I decided to go with this first.

Fixes #615: References into unions with interior mutability work now.
Fixes rust-lang/unsafe-code-guidelines#87: Creating a shared reference does not "leak" the pointee to unknown code; shared references are tracked as precisely as mutable references. (This incurs a performance cost of around 20%.)
Provides one possible answer to rust-lang/unsafe-code-guidelines#85: Two-phase borrows with outstanding loans work with this. Whether they behave the way we want to with unsafe code, I don't know.

@RalfJung RalfJung force-pushed the stacked-borrows-2 branch from 2f9c825 to e1ed855 Compare April 17, 2019 14:03
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
src/stacked_borrows.rs Outdated Show resolved Hide resolved
// Unfortunately this does not trigger the problem of creating a
// raw ponter from a pointer that had a two-phase borrow derived from
// it because of the implicit &mut reborrow.
let raw = x as *mut _;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will {x} skip that reborrow? Or just move the reborrow to a temporary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'll replace the reborrow by some reborrows and a move. The move then also becomes a reborrow because of retagging, but that doesn't even make a different any more.

@oli-obk
Copy link
Contributor

oli-obk commented Apr 17, 2019

I'm not gonna pretend I grok the new concept, even if I think I understand each part individually. So I don't know how whether I can review this PR well enough to see deeper issues.

@RalfJung
Copy link
Member Author

I don't know how whether I can review this PR well enough to see deeper issues.

That's fine, I didn't expect you to. All issues with this code are entirely my fault. ;)

I ran the libcore/liballoc test suites with this, and they came back green. So in terms of test coverage I am fairly confident that at least it accepts all the code it should accept. For negative tests, the fact that every single prior error is reproduced in the same line (just with a different message) hopefully means things are good here as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants