librustc: lifetimes in values-with-dtors must outlive such values themselves #16154
Conversation
| @@ -1 +1 @@ | |||
| Subproject commit 0d999e5b315b6ff78fcea772466d985ce53fd8dc | |||
| Subproject commit cd24b5c6633b27df2b84249a65a46a610b734494 | |||
|
That's pretty awesome to see |
|
Has this been fixed in the meantime? struct Foo<T> { a: T }
impl Drop for Foo<int> {
fn drop(&mut self) {}
} |
| parent.module().external_module_children.borrow_mut() | ||
| .insert(name.name, external_module.clone()); | ||
| self.build_reduced_graph_for_external_crate(external_module); | ||
| { |
There was a problem hiding this comment.
So I don't quite understand why all these indirections are needed, actually. It could be I'm just not thinking through the ramifications of the rule, but it seems like the rvalue with a dtor (the RefMut, presumably) is live for the enclosing statement. Therefore, it must only be able to reach lifetime points that outlive the statement (i.e., are live for the enclosing block). I feel like this condition should be met. If you are getting errors, it seems likely to be an error in inference or somewhere else.
|
ping @pcwalton, any updates on this? |
|
Niko and I are planning to go over this at the work week. |
|
What's the status of this? |
|
@sfackler Rebasing now |
to have strictly greater lifetime than the values themselves.
Additionally, remove `#[unsafe_destructor]` in favor of these new
restrictions.
This broke a fair amount of code that had to do with `RefCell`s. We will
probably need to do some work to improve the resulting ergonomics. Most
code that broke looked like:
match foo.bar.borrow().baz { ... }
use_foo(&mut foo);
Change this code to:
{
let bar = foo.bar.borrow();
match bar.baz { ... }
}
use_foo(&mut foo);
This fixes an important memory safety hole relating to destructors,
represented by issue rust-lang#8861.
[breaking-change]
pcwalton
force-pushed
the
new-dtor-semantics
branch
from
c46953a
to
1b9a16c
Compare
|
ping @pcwalton |
|
i'm going to try to help shepherd this PR (or some variant of it) through. I plan to keep my working area at: https://github.com/pnkfelix/rust/commits/new-dtor-semantics (e.g. I just finished factoring it into distinct commits to ease review.) |
pnkfelix
changed the title
| @@ -458,9 +458,26 @@ impl Clean<TyParam> for ast::TyParam { | |||
| } | |||
|
|
|||
| impl Clean<TyParam> for ty::TypeParameterDef { | |||
| <<<<<<< HEAD | |||
There was a problem hiding this comment.
(I'll make sure to clean this up.)
|
Closing due to inactivity (and @bors's queue is quite full!). |
librustc: Require lifetimes within the types of values with destructors to have strictly greater lifetime than the values themselves.
Additionally, remove
#[unsafe_destructor]in favor of these newrestrictions.
This broke a fair amount of code that had to do with
RefCells. We willprobably need to do some work to improve the resulting ergonomics. Most
code that broke looked like:
Change this code to:
This fixes an important memory safety hole relating to destructors,
represented by issue #8861.
[breaking-change]
r? @nikomatsakis
If you want I can talk about the followups to improve ergonomics of RefCell that I want to do, but this is the BC change.