user0/rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
rust/library
History
Matthias Krüger b4513ce6f8
Rollup merge of #101310 - zachs18:rc_get_unchecked_mut_docs_soundness, r=Mark-Simulacrum 
Clarify and restrict when `{Arc,Rc}::get_unchecked_mut` is allowed.

(Tracking issue for `{Arc,Rc}::get_unchecked_mut`: #63292)

(I'm using `Rc` in this comment, but it applies for `Arc` all the same).

As currently documented, `Rc::get_unchecked_mut` can lead to unsoundness when multiple `Rc`/`Weak` pointers to the same allocation exist. The current documentation only requires that other `Rc`/`Weak` pointers to the same allocation "must not be dereferenced for the duration of the returned borrow". This can lead to unsoundness in (at least) two ways: variance, and `Rc<str>`/`Rc<[u8]>` aliasing. ([playground link](https://play.rust-lang.org/?version=nightly&mode=debug&edition=2021&gist=d7e2d091c389f463d121630ab0a37320)).

This PR changes the documentation of `Rc::get_unchecked_mut` to restrict usage to when all `Rc<T>`/`Weak<T>` have the exact same `T` (including lifetimes). I believe this is sufficient to prevent unsoundness, while still allowing `get_unchecked_mut` to be called on an aliased `Rc` as long as the safety contract is upheld by the caller.

## Alternatives

* A less strict, but still sound alternative would be to say that the caller must only write values which are valid for all aliased `Rc`/`Weak` inner types. (This was [mentioned](https://github.com/rust-lang/rust/issues/63292#issuecomment-568284090) in the tracking issue). This may be too complicated to clearly express in the documentation.
* A more strict alternative would be to say that there must not be any aliased `Rc`/`Weak` pointers, i.e. it is required that get_mut would return `Some(_)`. (This was also mentioned in the tracking issue). There is at least one codebase that this would cause to become unsound ([here](be5a164d77/src/memtable.rs (L166)), where additional locking is used to ensure unique access to an aliased `Rc<T>`;  I saw this because it was linked on the tracking issue).
2022-11-20 23:50:26 +01:00
..
alloc Rollup merge of #101310 - zachs18:rc_get_unchecked_mut_docs_soundness, r=Mark-Simulacrum 2022-11-20 23:50:26 +01:00
backtrace@07872f28cd Update backtrace 2022-09-02 16:09:58 -04:00
core Rollup merge of #104568 - RalfJung:realloc, r=Amanieu 2022-11-20 18:21:48 +01:00
panic_abort Remove std's transitive dependency on cfg-if 0.1 2022-11-02 18:01:20 -04:00
panic_unwind Rollup merge of #103989 - arlosi:arm32-panic, r=Amanieu 2022-11-19 15:35:20 +01:00
portable-simd Fix rustdoc lints 2022-11-06 17:21:22 -05:00
proc_macro Bump version placeholders to release 2022-11-06 17:11:02 -05:00
profiler_builtins Fully stabilize NLL 2022-06-03 17:16:41 -04:00
rtstartup Remove custom frame info registration on i686-pc-windows-gnu 2022-08-23 16:12:58 +08:00
rustc-std-workspace-alloc Switch all libraries to the 2021 edition 2021-12-23 19:03:47 +08:00
rustc-std-workspace-core Switch all libraries to the 2021 edition 2021-12-23 19:03:47 +08:00
rustc-std-workspace-std Switch all libraries to the 2021 edition 2021-12-23 19:03:47 +08:00
std Rollup merge of #104558 - thomcc:unalign-diriter, r=ChrisDenton 2022-11-20 18:21:47 +01:00
stdarch@790411f93c library: update stdarch submodule 2022-10-13 09:41:16 +08:00
test Rollup merge of #103681 - RalfJung:libtest-thread, r=thomcc 2022-11-04 18:52:26 +01:00
unwind Move most of unwind's build script to lib.rs 2022-11-14 14:24:12 +00:00