Add yoke crate

[Manishearth]

This implements the data structure described in #667 (comment)

The Yoke abstraction allows us to "yoke" Cows and similar types (ZeroVecs, and data structures using Cow/ZeroVec) to their backing storage, allowing us to turn the lifetimes into dynamic ones that can be managed by Rcs and caches.

Carried over from #696 because my WIP force pushes made the bot leave a million comments.

[Manishearth]

As far as the soundness of the unsafe code is concerned I've asked @mcy and @tmandry to take a look at it.

[codecov-commenter]

Codecov Report

Merging #705 (c3d15ef) into main (478c4a9) will increase coverage by 0.50%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #705      +/-   ##
==========================================
+ Coverage   74.18%   74.69%   +0.50%     
==========================================
  Files         171      176       +5     
  Lines       10802    10712      -90     
==========================================
- Hits         8014     8001      -13     
+ Misses       2788     2711      -77     

Impacted Files	Coverage Δ
utils/zerovec/src/lib.rs	100.00% <ø> (ø)
utils/yoke/src/lib.rs	100.00% <100.00%> (ø)
components/datetime/src/error.rs	9.09% <0.00%> (-10.91%)	⬇️
components/datetime/src/pattern/error.rs	25.00% <0.00%> (-10.72%)	⬇️
components/plurals/src/rules/lexer.rs	88.17% <0.00%> (-1.94%)	⬇️
components/datetime/src/fields/symbols.rs	68.06% <0.00%> (-0.53%)	⬇️
utils/fixed_decimal/src/lib.rs	50.00% <0.00%> (ø)
components/provider/src/error.rs	0.00% <0.00%> (ø)
components/capi/src/pluralrules.rs	0.00% <0.00%> (ø)
components/plurals/src/operands.rs	91.95% <0.00%> (ø)
... and 21 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 478c4a9...c3d15ef. Read the comment docs.

[coveralls]

Pull Request Test Coverage Report for Build bfae49cd313f5f6272658048f463e61c0484060d-PR-705

• 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.002%) to 74.118%

---

Totals
Change from base Build c6582ccddf87d49a44e2d4e54604543365c76bff:	0.002%
Covered Lines:	8127
Relevant Lines:	10965

---

💛 - Coveralls

[mcy]

Manish asked me to perform an unsafe code review. I am not confident this is correct yet, so I've asked for some language clarifications to make sure my understanding is sound.

[mcy]

Are you sure? What if it accesses a thread-local?

I don't believe this is an issue but it's worth explicitly checking this case. (Also, I wonder if there is evil to be done with global mutices...)

[Manishearth]

You can't borrow from a thread local or a global mutex, you can only do scoped operations on them.

[mcy]

Oh, what about

let empty: &'static mut [u8] = &mut [];

Similarly, Box::leak? I don't think these should be an issue either, because those are truly 'static and that lifetime is covariant. Just trying to nail down every source of borrowed data I can think of.

[Manishearth]

Yeah, those are truly 'static. And static mut is unsafe to work with anyway.

[mcy]

Ok, I think I'm mostly? confident that this is ok. I haven't managed to think of a way to break out of the "sandbox" so to speak. I'd like to see what Tyler says before formally calling this safe.

[mcy]

So, again to clarify, this sounds very strongly like a "pinned as long as a &T is reachable", but I'm not certain that's what you're saying.

[Manishearth]

Pinned as long as &T::Inner is reachable, yes.

[mcy]

Right, and then this means that as a corollary, Rc<Vec<RefCell<u8>>> is ok but the transposition Rc<RefCell<Vec<u8>> is not, because you might cause the Vec's pointee address to change?

[Manishearth]

Actually thinking about it more both are probably okay: if you have a refcell you can't take longer-lived references to its contents anyway. Neither are useful types since you can't zero copy deserialize (or whatever) from either.

The goal is basically avoiding this pattern:

yoke.attach_to_cart(cart, |data| { do_something_that_borrows_from_data(data) });
yoke.backing_cart().mutate_the_borrowed_thing();

the danger is that I'm not 100% sure there's no way to use interior mutability here where the lifetime escapes, because we are casting the lifetime a bunch of times.

[mcy]

Oh, what about

let empty: &'static mut [u8] = &mut [];

Similarly, Box::leak? I don't think these should be an issue either, because those are truly 'static and that lifetime is covariant. Just trying to nail down every source of borrowed data I can think of.

[sffc]

Suggestion: use CloneStableDeref here to make this a bit more general. It works for Rc, Arc, and &'a T.

[Manishearth]

Hmm, so this works, but then you can no longer have the impl on Option<Rc<T>> (since stable_deref_trait could potentially introduce a impl CloneStableDeref for Option<T> -- it wouldn't make sense but the compiler doesn't know that)

[sffc]

Okay, can you at least add the missing impls? Consider using macro_rules to make it shorter.

[Manishearth]

retriggering docs