Pinned synchronization primitives

[nicbn]

This RFC aims to provide std::sync::pinned module, with synchronization primitives which are !Unpin. These are better used when something like Arc<Mutex<T>> is needed, as they avoid an extra allocation on some platforms, e.g. Linux.

Previous discussion on internals forum

Rendered

[thomcc]

It would be nice if there were an unsafe way of initializing them without requiring &mut, since they already have interior mutability, and fabricating a &mut Mutex<T> would be unsound if you e.g. only have a static Mutex.

[shepmaster]

Can this be done in a crate to prove it out first, and allow people to start using it?

[nicbn]

@thomcc (editted) Sorry, I made confusion. The structure does contain interior mutability for platforms such as posix.

So I guess this is up for debate, but in my opinion it makes more sense to use a wrapper with UnsafeCell or static mut still, as the flag for the initialization itself does not need interior mutability.

struct Mutex {
    inner: UnsafeCell<libc::pthread_mutex_t>,
    initialized: bool,
}

In the example above, initialized does not need interior mutability if we don't have unsafe unchecked_init(&self). I think not having interior mutability here could help for optimizations but I'm not sure.

Also, there is a third solution, which is to make a safe init(&self) that works by keeping track of initialization via an atomic flag and panicking in double initialization as well as usage before initialization.

@shepmaster I will write a crate for this.

[nicbn]

While writing the tests, I realized that by making init take a mutable reference, it is impossible to initialize e.g. Pin<Arc<(Mutex<T>, Condvar)>> safely.

unsafe {
    let mut this = Arc::new((Mutex::uninit(value), Condvar::uninit()));
    let this_ref = Arc::get_mut(&mut this).unwrap();
    Pin::new_unchecked(&mut this_ref.0).init();
    Pin::new_unchecked(&mut this_ref.1).init();
    Pin::new_unchecked(this) // Pin<Arc<(Mutex<T>, Condvar)>>
}

This is pretty much a dealbreaker, as it locks the major benefit of the change behind unsafety. Therefore, I will change the RFC so that initialization is done by shared references.

[nicbn]

The RFC has been updated to reflect the change in init.

New rationale and alternatives have been added as well.

Sorry for taking this long, I'm finishing the crate and will update here when it's done

[nikomatsakis]

I agree that exploring this in the crates.io ecosystem first seems like a good idea.

[nicbn]

So, there's another problem with the initialization pattern. Initializing Pin<Arc<(Mutex<T>, Condvar)>> safely is not possible even if init takes Pin<&Self>. That's because there's no way to get a projection using safe code only.

This breaks the argument I made above for init taking a exclusive reference being a dealbreaker, however I'll be keeping it for the added ergonomics of initializing static and Arc easily.

The crate has been published and is available at https://github.com/nicbn/pinned-sync

[nicbn]

From rust-lang/rust#93740, currently we are moving towards another approach for sync primitives. As of now, I personally prefer the new approach, as it will address the problem (boxing the primitives) without the cons of Pin ergonomics - therefore I will be closing this RFC. But if anyone else takes interest, feel free to use anything of the text you'd like.