Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upDestructure drop structs #2061
Conversation
added some commits
Jul 8, 2017
sfackler
reviewed
Jul 9, 2017
| 2. only owned structs can be destructured. | ||
|
|
||
| # Detailed design | ||
| [design]: #detailed-design |
This comment has been minimized.
This comment has been minimized.
sfackler
Jul 9, 2017
Member
The level of detail here seems low. Which solution is this RFC proposing? What are the pros and cons of the various options?
This comment has been minimized.
This comment has been minimized.
ghost
Jul 9, 2017
Author
I have added more details and tried to explain the pros/cons. I have also suggested to use the first approach (using an unsafe block).
added some commits
Jul 9, 2017
oli-obk
reviewed
Jul 10, 2017
| # How We Teach This | ||
| [how-we-teach-this]: #how-we-teach-this | ||
|
|
||
| Probably with a small section in the Nomicon, that explains why destrcuturing might be dangerous and under what circumstances it is allowed. |
This comment has been minimized.
This comment has been minimized.
| Why should we *not* do this? | ||
|
|
||
| # Alternatives | ||
| [alternatives]: #alternatives |
This comment has been minimized.
This comment has been minimized.
oli-obk
Jul 10, 2017
Contributor
Another alternative is yet another automatically derived unsafe marker trait. Let's call it IndependentDrop for now (bikeshed welcome). Any type without an explicit Drop (autogenerated is fine) impl will be IndependentDrop iff all its fields are IndependentDrop. Destructuring of Drop types is only possible if the type is also IndependentDrop. Types like Vec will unsafe impl<T> IndependentDrop for Vec<T> {}.
This comment has been minimized.
This comment has been minimized.
ghost
Jul 10, 2017
Author
After reading it three times, it doesn't actually sound that bad.
Are all fields required to implement IndependentDrop?
struct MyData {
i: InteriorUnsafe,
buf: Vec<u8>
}MyData should be safe to destructure into InteriorUnsafe and Vec<u8>. The only thing that isn't save to destructure is InteriorUnsafe.
This comment has been minimized.
This comment has been minimized.
oli-obk
Jul 10, 2017
Contributor
Are all fields required to implement IndependentDrop?
If MyData implements Drop, then its fields need to implement IndependentDrop or you need to unsafe impl IndependentDrop for MyData {} and thus guaranteeing that your destructor doesn't do shenigans with its inner types during the invocation of Drop::drop.
This comment has been minimized.
This comment has been minimized.
added some commits
Jul 10, 2017
This comment has been minimized.
This comment has been minimized.
camlorn
commented
Jul 10, 2017
|
This is going to require runtime tracking like drop flags, I think. What happens if you only move some fields out of the struct? |
This comment has been minimized.
This comment has been minimized.
|
Oh. I was assuming that would not be allowed. |
This comment has been minimized.
This comment has been minimized.
We already do this tracking for the fields of non- |
withoutboats
added
the
T-lang
label
Jul 12, 2017
This comment has been minimized.
This comment has been minimized.
brianchin
commented
Jul 13, 2017
|
Is there a particular reason that you discarded Approach 2/1+2 here? It seems to me that if there is a custom In addition, it seems that an approach including #2 would open up some other possibilities for making more flexible safe APIs. For example, I'm thinking there is a way that drop-by-value semantics could be added compatibly to the language in that case. |
This comment has been minimized.
This comment has been minimized.
|
I've wanted this since forever, but I also think that approach 2 is the best option. If you want to destructure a type outside of its defining module, then the module author should have given you a method to consume the value and return the parts that you want (something they can only safely do using approach 2). |
This comment has been minimized.
This comment has been minimized.
I don't think it's a good idea to have different semantics depending on the place of implementation. @canndrew Any arguments against Approach 2? |
aturon
self-assigned this
Jul 20, 2017
This comment has been minimized.
This comment has been minimized.
|
I have changed the preferred approach of the RFC to Approach 2. |
This comment has been minimized.
This comment has been minimized.
|
I think I prefer a trait based approach, though approach 2 would be better than nothing. Approach 3 isn't designed correctly, however. Try this:
|
This comment has been minimized.
This comment has been minimized.
whataloadofwhat
commented
Aug 18, 2017
|
Do we have a solid answer as to whether the let mut i = InteriorUnsafe::new();
take_mut::take(&mut i.m, |m| {
drop(m); // Oh no
panic!();
});Therefore I don't feel like there needs to be any restrictions on destructuring |
petrochenkov
reviewed
Sep 3, 2017
| # Summary | ||
| [summary]: #summary | ||
|
|
||
| Allow destructuring of structs that implement Drop. |
This comment has been minimized.
This comment has been minimized.
petrochenkov
Sep 3, 2017
•
Contributor
It would be nice if the RFC actually said what is destructuring before proceeding to motivation.
Especially given that the problem is not only about destructuring (in patterns), but about moving out individual fields in general. It can be done through any field access.
struct NonCopy;
let ds = DropStruct { individual_field: NonCopy, other_individual_field: NonCopy };
let f = ds.individual_field; // Moving out without destructuring.
// f is initialized, DROPPED
// ds is uninitialized, NOT DROPPED
// ds.individual_field is uninitialized, NOT DROPPED
// ds.other_individual_field is still initialized, DROPPED
This comment has been minimized.
This comment has been minimized.
ghost
Sep 3, 2017
•
Author
@petrochenkov
I did not intend to allow moving out individual fields, as that makes it too easy to forget the others.
(Will clarify this in the rfc)
This comment has been minimized.
This comment has been minimized.
|
I'd rather say the unsafety is |
Ericson2314
referenced this pull request
Sep 12, 2017
Open
[borrowck] handling of drops invalidating borrows #40
This comment has been minimized.
This comment has been minimized.
|
I run into this fairly frequently, and the workarounds are usually very ugly. |
This comment has been minimized.
This comment has been minimized.
burdges
commented
Oct 8, 2017
|
There are several competing scenarios for here, including : If you want to expose destructuring, then a If you just want to take apart your own type to avoid it's drop method, then you want to destructure it like any other type ala approach 2 :
I'm suspicious the ergonomics initiative "reforms" have broken this second usage by making some |
This comment has been minimized.
This comment has been minimized.
|
@rfcbot fcp postpone I could imagine wanting to do something like this eventually, but my feeling is that this is not the time. =) We are currently in the midst of a "from scratch" rewrite of the borrow checker to be basd on MIR, and so I am reluctant to make changes that would extend that task. Moreover, this particular task seems to get a bit harder in the MIR environment, because the distinction between I think I'd be open to revisiting this question once the MIR-based borrow checker is more stable, presuming that the proposal were rewritten to be based on MIR. |
This comment has been minimized.
This comment has been minimized.
rfcbot
commented
Jan 26, 2018
•
|
Team member @nikomatsakis has proposed to postpone this. The next step is review by the rest of the tagged teams: No concerns currently listed. Once these reviewers reach consensus, this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rfcbot
added
the
proposed-final-comment-period
label
Jan 26, 2018
rfcbot
added
the
final-comment-period
label
Jan 31, 2018
This comment has been minimized.
This comment has been minimized.
rfcbot
commented
Jan 31, 2018
|
|
rfcbot
removed
the
proposed-final-comment-period
label
Jan 31, 2018
This comment has been minimized.
This comment has been minimized.
rfcbot
commented
Jan 31, 2018
|
|
rfcbot
added
the
final-comment-period
label
Jan 31, 2018
This comment has been minimized.
This comment has been minimized.
rfcbot
commented
Feb 10, 2018
|
The final comment period is now complete. |
This comment has been minimized.
This comment has been minimized.
|
Closing as postponed. Thanks @s3bk for the RFC! |
ghost commentedJul 9, 2017
•
edited by ghost
Rendered