Why does Error require Send (and Sync)?

[d-e-s-o]

See title. It's not clear to me. The documentation says:

Error requires that the error is Send, Sync, and 'static.

I can see that ;) But there is no explanation. I haven't found one in the source code either.

In a different issue where the suggestions was made that

anyhow could do something on it's end via specialisation or using ?Send and ?Sync or something

The response was:

I would prefer not to make a change for this

Again, no explanation. May I ask why this requirement exists?

I am asking because I am dealing with an error type that -- legitimately, in my opinion -- has a variant that contains a PoisonError which in turn wraps a MutexGuard. The latter does not implement Send, rendering anyhow useless with those error types, from what I can tell.

[dtolnay]

It makes anyhow::Error usable in async code. Without this, it would not be usable in async code. For example:

// Not Send or Sync
struct Error(Box<dyn std::error::Error>);

async fn f() -> Result<(), Error> {
    Ok(())
}

#[tokio::main]
async fn main() {
    tokio::spawn(f()).await;
}

error[E0277]: `(dyn std::error::Error + 'static)` cannot be sent between threads safely
   --> src/main.rs:10:5
    |
10  |     tokio::spawn(f()).await;
    |     ^^^^^^^^^^^^ `(dyn std::error::Error + 'static)` cannot be sent between threads safely

[dtolnay]

Regarding PoisonError, that is not intended to be stored in an error variant. It signals that some other thread panicked while holding the same Mutex or RwLock and that the current thread should either recover (via into_inner) or panic also (via unwrap). Either way the PoisonError should never end up passed around in return types.

[d-e-s-o]

Ah, the explanation about async makes sense to me. Thanks!

I didn't understand the argument against PoisonError, though. It's also not PoisonError that is not Send, but the inner guard. So even if the error variant does not contain the PoisonError directly but the inner guard, the problem would still exist.

Are you suggesting that the pattern of allowing for recovery from such cases is bad? This error is from a library that does not necessarily control what is done with a mutex held, so it seems legitimate to allow clients of the code to recover by passing out the guard.

I understand we are off topic now, but can you please elaborate some more?

[dtolnay]

Regarding poisons:
Panics are for signifying a bug in the program (only). They are the mechanism for safely bringing down a program that has identified itself as buggy. Consequently a lock is only poisoned if the program has discovered it is buggy and must safely shut down. PoisonError is how a thread finds out that another thread has identified that the program must shut down, thus the correct response is usually to panic the current thread as well because the program is buggy and the runtime state is unknowable. The only exception would be inside specialized abstractions whose purpose is bug isolation, such as a server architecture that isolates all state to individual requests.

Regarding guards:
It would be extremely unusual for an error enum to need to contain a mutex guard. An error is only for identifying a runtime failure in a correct program, and we wouldn't need to hold the lock beyond what it takes to figure out what failed. You haven't described that much about the use case but if there is more complicated threading around of mutex guards going on, it would be better not to use errors or Result but instead a dedicated enum to represent that state machine.

[d-e-s-o]

Thanks for the explanation!