-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does Box
contain any UnsafeCell
s?
#492
Comments
I'm not even sure I understand the question.
|
Specifically, the question is whether it'd be sound to implement As an example of how this could break, imagine that #[repr(C)]
struct Box<T> {
ptr: UnsafeCell<*mut T>,
} IIUC, this definition would be consistent with the |
Box is not a structure that has a pointer field internally. Box is the pointer, directly. So your example struct wouldn't be correct. Also Box does already implement Freeze if you Ctrl+F to go way way down the impls list. |
I agree that that's true in practice, but is that fact guaranteed by the docs?
Sure, but |
Well it says
Which seems true enough |
Sure, but since |
By that argument, Trying to be more helpful, looking again at your example code, I can't understand how the presence or absence of secret UnsafeCell would affect the code in any way. I don't understand what aliasing concerns you're referring to. You're basically just doing transmute_copy with extra steps to make a Box into a const pointer without dropping the box, and that's fine because it's always safe to make pointers it's just not always safe to use pointers. EDIT: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=0cd093c0cc8083a5e6a90e26fe7d5988 and you can even write your example fn without any unsafe code, just reborrowing. |
I think there's no way that |
FWIW, the ability to There is a stable way to observe the const fn works(x: Box<i32>) -> Box<i32> {
&x; // no error
x
}
const fn error(x: Cell<i32>) -> Cell<i32> {
&x; //~ error[E0658]: cannot borrow here, since the borrowed element may contain interior mutability
x
} I've offhandedly suggested unhiding the If we were to add anything for this into the std docs, I think it would be wording along the lines of "doesn't do any synchronization" rather than anything about containing |
Obviously it doesn't in practice, but is this guaranteed? In particular, is the following code guaranteed to be sound?
In particular, this would be unsound if
Box
contained anyUnsafeCell
s because it would run afoul of aliasing rules. Thestd::boxed
docs guarantee that, forT: Sized
,Box<T>
is ABI-compatible with*const T
, but this could in principle just be talking about value transmutations, which don't technically rule outUnsafeCell
.Specifically, my question is: Is it consistent to read the
std::boxed
docs as logically implying thatBox
does not contain anyUnsafeCell
s? If not, I'll put up a PR 😃The text was updated successfully, but these errors were encountered: