Add Shared pointer and have {Arc, Rc} use it
#29110
Conversation
|
If there isn't sufficient motivation to expose |
| // option. This file may not be copied, modified, or distributed | ||
| // except according to those terms. | ||
|
|
||
| use std::rc::Rc; |
There was a problem hiding this comment.
please add a comment explaining what this is testing.
(I know it is testing that for each of the P<X> types, P is covariant in X, just write a comment saying as much, so that someone doesn't have to go looking up the issue.)
|
This may also count as a breaking change, though I'll wait for someone else to chime in before amending the commit message. |
|
lgtm, r=me after above comment is addressed. I don't have much of an opinion on the It probably is a good idea to add the |
This change has two consequences: 1. It makes `Arc<T>` and `Rc<T>` covariant in `T`. 2. It causes the compiler to reject code that was unsound with respect to dropck. See compile-fail/issue-29106.rs for an example of code that no longer compiles. Because of this, this is a [breaking-change]. Fixes #29037. Fixes #29106.
|
Updated to address @pnkfelix's comments. |
| @@ -293,6 +293,7 @@ impl<T: ?Sized> Mutex<T> { | |||
|
|
|||
| #[stable(feature = "rust1", since = "1.0.0")] | |||
| impl<T: ?Sized> Drop for Mutex<T> { | |||
| #[unsafe_destructor_blind_to_params] | |||
There was a problem hiding this comment.
Were this and the rwlock changes needed for this PR? I have a feeling this probably isn't too bad, but I just want to make sure that this wasn't something super subtle that came up when fixing Rc and Arc
There was a problem hiding this comment.
Aha I see it was needed to make the tests pass, makes sense to me!
There was a problem hiding this comment.
These were necessary to keep the run-pass/dropck_legal_cycles.rs test passing. From what I understand, it was an oversight that the attribute wasn't applied in these locations when the same changes were made to the collection types' destructors in #28861.
There was a problem hiding this comment.
yeah they are needed; otherwise the dropck-legal-cycles test won't pass. @apasel422 mentioned this on the other ticket, but not here.
There was a problem hiding this comment.
@apasel422 yeah the oversight was that I shouldn't have said "boy that was easy, didn't have to add that attribute in too many places"; I should have said "hmm, why are these tests passing currently without that attribute ... ooh, missing PhantomData"
|
I'm fine with |
|
@alexcrichton I suspect that this fix won't actually break very much code in the wild. But I can wait to pull the r=me trigger in a bors msg if you want to wait for a crater run first. (However I have yet to successfully run crater myself -- niko had to do it for me the last time I had something to pass through it ... and that was before my machine started acting up on me :( ) |
|
OK, in that case this seems like it pretty clearly falls into the category of "this is a soundness fix", so I'm fine letting this through. The standard crater runs should alert us to any breakage if it comes up. I don't think this can be backported either, right? It looks like the support for the Thanks @apasel422! |
|
@alexcrichton I'm on the fence about it, just because I don't like injecting too much divergence between the code bases. But they are unsound today without that, as one can see by running @apasel422 's test case from this ticket against stable. Or if you prefer seeing one that drives the point home a bit more obviously: http://is.gd/lvcTmN Update: OH, yeah, the |
| type Target = *mut T; | ||
|
|
||
| #[inline] | ||
| fn deref(&self) -> &*mut T { |
There was a problem hiding this comment.
This interface feels a little off to me, but since this isn't a stable API it can be bikeshedded later.
There was a problem hiding this comment.
It's the same interface exposed by Unique.
There was a problem hiding this comment.
It's a bad interface because it removes the optimizations NonZero can trigger (the control-flow one, not the layout optimizations which are unaffected).
NonZero and wrappers such as Unique and Shared (which seem superfluous to me, btw, especially with all this extra boiler plating), should use a Cell-like API, allowing LLVM to reason about their non-nullability.
|
Looks good, thanks for fixing this. |
|
I'm wondering if this makes the two |
|
Or maybe it doesn't matter, because there would be no way to obtain a |
| // | ||
| // For details, see: | ||
| // https://github.com/rust-lang/rfcs/blob/master/text/0769-sound-generic-drop.md#phantom-data | ||
| _marker: PhantomData<T>, |
There was a problem hiding this comment.
How does this not affect variance? Or are you saying that it has the same effect owning *const T above has, therefore it doesn't have additional consequences for variance?
There was a problem hiding this comment.
This is the same note that is in Unique above.
bluss
added
the
relnotes
|
Is this more likely to be stabilized than |
|
@SimonSapin yes, I would recommend this API for stabilization fast-track. |
|
@bstrie yes, eddyb made that comment after mine. |
Fixes #29037.
Fixes #29106.
r? @pnkfelix
CC @gankro