You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: text/0000-maybe-dangling.md
+8-4Lines changed: 8 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -94,8 +94,10 @@ The examples described above are far from artificial, here are some real-world c
94
94
To handle situations like this, Rust has a special type called `MaybeDangling<P>`:
95
95
references and boxes in `P` do *not* have to be dereferenceable or follow aliasing guarantees.
96
96
This applies inside nested references/boxes inside `P` as well.
97
-
They still have to be non-null and aligned, and it has to at least be *possible* that there exists valid data behind that reference (i.e., `MaybeDangling<&!>` is still invalid), but the rules are relaxed when compared with just a plain `P`.
97
+
They still have to be non-null and aligned, and it has to at least be *possible* that there exists valid data behind that reference (i.e., `MaybeDangling<&!>` is still invalid).
98
98
Also note that safe code can still generally assume that every `MaybeDangling<P>` it encounters is a valid `P`, but within unsafe code this makes it possible to store data of arbitrary type without making reference guarantees (this is similar to `ManuallyDrop`).
99
+
In other words, `MaybeDangling<P>` is entirely like `P`, except that the rules that relate to the contents of memory that pointers in `P` point to (dereferencability and aliasing restrictions) are suspended when the pointers are not being actively used.
100
+
You can think of the `P` as being "suspended" or "inert".
99
101
100
102
The `ManuallyDrop<T>` type internally wraps `T` in a `MaybeDangling`.
101
103
@@ -129,7 +131,7 @@ As long as the `buffer` field is not used, the pointer stored in `ref_` will rem
The standard library contains a type `MaybeDangling<P>` that is safely convertible with `P` (i.e., the safety invariant is the same), and that has all the same niches as `P`, but that does allow passing around dangling boxes and references within unsafe code.
132
-
`MaybeDangling` propagates auto traits and has (at least) `derive(Copy, Clone, Debug)`.
134
+
`MaybeDangling<P>` propagates auto traits, drops the `P` when it is dropped, and has (at least) `derive(Copy, Clone, Debug)`.
133
135
134
136
"Behavior considered undefined" is adjusted as follows:
135
137
@@ -200,6 +202,7 @@ Miri is adjusted as follows:
200
202
- The most obvious alternative is to declare `ManuallyDrop` to be that magic type with the memory model exception.
201
203
This has the disadvantage that one risks memory leaks when all one wants to do is pass around data of some `T` without upholding reference liveness.
202
204
For instance, the third example would have to remember to call `drop` on the `buffer`.
205
+
This alternative has the advantage that we avoid introducing another type, and it is future-compatible with factoring that aspect of `ManuallyDrop` into a dedicated type in the future.
203
206
- The other alternative is to change the memory model such that the example code is fine as-is.
204
207
There are several variants of this:
205
208
-[Make all examples legal] All newtype wrappers behave the way `MaybeDangling` is specified in this RFC.
@@ -248,10 +251,11 @@ Notice that `UnsafeCell` acts "behind references" while `MaybeDangling`, like `M
-Should `MaybeDangling` implement `Deref` and `DerefMut` like `ManuallyDrop` does, orshouldaccessingtheinnerdatabemoreexplicitsincethatiswhenthealiasingandvalidityrequirementsdocomebackinfullforce?
257
+
Otherpossiblenamesmightbethingslike `InertPointers` or `SuspendedPointers`.
258
+
-Should `MaybeDangling` implement `Deref` and `DerefMut` like `ManuallyDrop` does, orshouldaccessingtheinnerdatabemoreexplicitsincethatiswhenthealiasinganddereferencabilityrequirementsdocomebackinfullforce?
0 commit comments