Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Move PhantomData<T> from Shared<T> to users of both Shared and #[may_dangle] #46749
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @joshtriplett (or someone else) soon.
If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.
Please see the contribution instructions for more information.
The code as written looks to me like a correct implementation of the change the commit message describes.
Apart from that, the Travis build seems to have failed. Looks like the tidy check failed? @SimonSapin, can you please take a look at that and make sure it passes?
So our meeting with @arielby boiled down to the following:
PhantomData does 3 things:
If you make
If you use *mut T, you get invariance and opt out of all autotraits. Safe, good! But you don’t get owns.
If you opt to do *const and then cast to mut, then you get covariance but this is so very unergenomic that the only reason to do this is to explicitly get covariance. So that’s fine.
In either case you get no warning to use PhantomData. So dropck is fundamentally very easy to get wrong while also being incredibly obscure.
However this unsafety has been temporarily resolved by the fact that the non-parametric dropck rfc moved to safe defaults, where the presence of a generic argument implies “owns T”. And there’s no way to sneak in interesting lifetimes without being generic over them!
Now “owns T” only matters if you use the unsafe eyepatch, which is a great place to teach the user “hey if you do this, you should add a bunch of “owns” annotations.
So Shared owning T potentially blocks using it with the eyepatch (or its replacement) and shared not owning T isn’t really a major footgun.
All that remained was to agree that we weren’t willing to take a 5th shot at trying to make a “smart and safe” dropck. Everyone in the meeting agreed it was time to give up on such an endeavour.
“Eyepatch” refers to the
Thanks @joshtriplett, I pushed an amended commit that should fix the build.
I'm not sure what level of "governance r+" is needed here, but given that this is an unstable feature, it seems like relatively minimal, and I think all the key stakeholders have been involved here. I'll r+ -- if anyone objects, we could do some sort of FCP period I suppose.