Stacked borrows 2 (alpha 1) #695
Conversation
This also passes miri-test-libstd!
…e implicit reborrow that's not currently possible
…wo-phase borrows!
…ing interior mutability
RalfJung
force-pushed
the
stacked-borrows-2
branch
from
2f9c825
to
e1ed855
Compare
| // Unfortunately this does not trigger the problem of creating a | ||
| // raw ponter from a pointer that had a two-phase borrow derived from | ||
| // it because of the implicit &mut reborrow. | ||
| let raw = x as *mut _; |
There was a problem hiding this comment.
will {x} skip that reborrow? Or just move the reborrow to a temporary?
There was a problem hiding this comment.
It'll replace the reborrow by some reborrows and a move. The move then also becomes a reborrow because of retagging, but that doesn't even make a different any more.
|
I'm not gonna pretend I grok the new concept, even if I think I understand each part individually. So I don't know how whether I can review this PR well enough to see deeper issues. |
Co-Authored-By: RalfJung <post@ralfj.de>
That's fine, I didn't expect you to. All issues with this code are entirely my fault. ;) I ran the libcore/liballoc test suites with this, and they came back green. So in terms of test coverage I am fairly confident that at least it accepts all the code it should accept. For negative tests, the fact that every single prior error is reproduced in the same line (just with a different message) hopefully means things are good here as well. |
This is a first "alpha version" of Stacked Borrows 2. I'll write a blog post about this eventually...
The "stack" part is more of a guideline than a strict discipline at this point, unfortunately. I have some idead for how to make it more stack-like again but I decided to go with this first.
Fixes #615: References into unions with interior mutability work now.
Fixes rust-lang/unsafe-code-guidelines#87: Creating a shared reference does not "leak" the pointee to unknown code; shared references are tracked as precisely as mutable references. (This incurs a performance cost of around 20%.)
Provides one possible answer to rust-lang/unsafe-code-guidelines#85: Two-phase borrows with outstanding loans work with this. Whether they behave the way we want to with unsafe code, I don't know.