This repository was archived by the owner on Nov 3, 2025. It is now read-only.
[WIP] Experiment with a safe adoption API #47
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lopopolo
added
A-adopt
lopopolo
commented
Jun 15, 2021
lopopolo
commented
Jun 15, 2021
src/adopt.rs
Outdated
| /// | ||
| /// [`adopt_unchecked`]: Adopt::adopt_unchecked | ||
| /// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html | ||
| pub unsafe trait Adopt: sealed::Sealed { |
Member
Author
There was a problem hiding this comment.
adopt's trait-level documentation will need to be significantly reworked.
lopopolo
commented
Jun 15, 2021
src/trace.rs
Outdated
| /// TODO: document me! | ||
| fn yield_owned_rcs<F>(&self, mark: F) | ||
| where | ||
| F: for<'a> FnMut(&'a mut Rc<Self>); |
Member
Author
There was a problem hiding this comment.
I'm not sure if the higher ranked lifetime bound is correct here. Do we want to enforce that the lifetime of the yielded &mut Rc<T> is the same as &self? Removing the for<'a> would disallow non-static T that have &mut Rc<T> fields which would be a good thing.
lopopolo
commented
Jun 15, 2021
src/adopt.rs
Outdated
| type Inner = T; | ||
|
|
||
| /// TODO: document me! | ||
| fn adopt(this: &mut Self, other: &Self) |
Member
Author
There was a problem hiding this comment.
maybe adopt should return Result<(), &Self> where the error variant contains other if the adoption failed?
Member
Author
There was a problem hiding this comment.
Or maybe there is try_adopt and adopt which unwraps try_adopt.
There was a problem hiding this comment.
- The
Etype inResultshould implementError, otherwise it won't compose well with existing error-handling mechanisms, such as the?sugar. try_adoptthat returns aResultandadoptthat unwraps the former is indeed a good, ergonomic API. The standard library does that a lot too, I think.- Why would you want to return
otherin case of a failure, if it's a reference and the callee already has it anyway?
lopopolo
commented
Jun 15, 2021
…_rcs This ensures that yielded Rcs have the same lifetime as self, which is what we want to assert that self owns the Rc.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR experiments with a safe
Adopt::adoptAPI.The API requires that the inner
Tof andRc<T>implement a new trait,Trace.Tracehas a single required method:Trace::mark.Rc::<T>::adoptis only available whenTimplsTrace.Trace::markallows aTto use internal iteration to mark all of theRc<T>s that are immediately reachable.Rc::<T>::adoptdetermines whether an adoption ofotheris safe based on whetherTyields a&mut Rc<T>that points to the same allocation as the given otherRcto adopt.By yielding a
&mut Rc<T>,Tproves that it owns anRc<T>that points to the same allocation asother, which satisfies the safety invariants ofAdopt::adopt_unchecked.Practically,
Ts that implementTracemust use some sort of interior mutability, sinceTrace::marktakes&self.The doubly linked list integration test is updated to use this new safe
adoptAPI and implsTrace. The orphan rule for trait impls complicates implementingTraceforRc<RefCell<T>>and requires the introduction of a wrapper type. The doubly linked list test now has#![forbid(unsafe_code)].r? @tummychow