Objects can be dropped an arbitrary number of times in safe code

[Thiez]

The following function can drop any object arbitrary number of times, using only safe code:

fn drop_n_times<T: Drop>(val: T, times: u32) {
    struct Holder<T: ?Sized>(T);
    let container = Holder(val);
    for _ in 0..times {
        &(*(&container as &Holder<Drop>)).0;
    }
}

struct Foo;
impl Drop for Foo {
    fn drop(&mut self) { println!("dropping"); }
}

fn main() {
    drop_n_times(Foo, 3);
}

dropping
dropping
dropping
dropping

Probably bad :)
Found while researching #25515

[sfackler]

Nominating for P-high

[Manishearth]

cc @pnkfelix

[Manishearth]

Too bad this doesn't just cancel out the Leakocalypse 😛

[pnkfelix]

The following function can drop any object arbitrary number of times, using only safe code:

(well, any object that implements Drop. But yes, I see the point being made here.)

[Thiez]

@pnkfelix look, no Drop required. I guess it doesn't work for types that are already unsized.

fn drop_n_times<T>(val: T, times: u32) {
    struct Holder<T: ?Sized>(T);
    let container = Holder([val]);
    for _ in 0..times {
        &(*(&container as &Holder<[T]>)).0;
    }
}

[pnkfelix]

to be clear, I am looking at this now as well. :)

[dotdash]

I guess #22815 is related.

[pnkfelix]

@dotdash I hope it is unrelated. In particular I wrote this on that ticket:

My hope is that the cases listed on this ticket (#22815) do not reflect cases where we have unsound behavior, but merely cases where we can in some cases produce lower quality code than we would otherwise.

[dotdash]

@pnkfelix Yeah, it's unrelated. The type_needs_drop call happens for Drop, which does need drop.