Implement Manually Drop #40559
Implement Manually Drop #40559
Conversation
|
r? @brson (rust_highfive has picked a reviewer for you, use r? to override) |
src/libcore/mem.rs
Outdated
| impl<T: ::fmt::Debug> ::fmt::Debug for ManuallyDrop<T> { | ||
| fn fmt(&self, fmt: &mut ::fmt::Formatter) -> ::fmt::Result { | ||
| unsafe { | ||
| fmt.debug_tuple("ManuallyDrop").field(&self.value).finish() |
There was a problem hiding this comment.
I'd probably recommend just printing ManuallyDrop { .. } here (but retain the T: Debug bound) to be maximally conservative.
There was a problem hiding this comment.
Why? The data inside ManuallyDrop is guaranteed to be valid, just like any other wrapper.
There was a problem hiding this comment.
I kind of disagree. Since the value can be logically uninhabited, I think we either need to state up front that this will access the inner value and cannot be called after drop, or that it will not. While we could leave the door open to going from not printing to printing, that seems like something I would not be comfortable actually doing in practice.
There was a problem hiding this comment.
@gereeter Isn't the entire point of this type that that is not the case?
There was a problem hiding this comment.
@sfackler No - the point of this type is that it modifies the behavior on drop - instead of dropping the wrapped value, it just doesn't do anything. However, aside from behavior on drop, ManuallyDrop has no implications on accessing the data.
This is why ManuallyDrop implements Deref and DerefMut.
There was a problem hiding this comment.
~Every usage of ManuallyDrop will involve calling ManuallyDrop::drop at some point. It's then up to the developer to ensure that the inner value is never accessed past that call. If Debug does not access that value, and then all of the sudden starts doing so, that seems bad.
There was a problem hiding this comment.
I'm not so certain that most uses of ManuallyDrop will involve calling ManuallyDrop::drop. The one use I know of currently in the standard library, for example, never drops the contained value. Looking at the three commonly-downloaded users of nodrop, arrayvec doesn't drop the inside of the wrapper (since it only wants to drop some elements), quickersort just replaces the elements instead of dropping them, and generic-array doesn't drop the array inside NoDrop because it, like arrayvec, needs to only drop some of the elements.
That said, I completely agree that changing the behavior of Debug is not a good idea. I just think there isn't a good reason to not print the contained value.
There was a problem hiding this comment.
ManuallyDrop::drop() is unsafe with a warning that it is the responsibility of the user not to access the field after it is dropped. Is there a reason to look at Debug as different from the other methods/traits provided by ManuallyDrop which expect it's contents to be valid?
The user has already been warned about use-after-drop, I'd consider that enough to allow the default Debug impl for ManuallyDrop to remain useful (and print the value).
|
Cross linking rust-lang/rfcs#1860 |
src/libcore/mem.rs
Outdated
|
|
||
| /// Extract the value from the ManuallyDrop container. | ||
| #[unstable(feature = "manually_drop", issue = "0")] | ||
| pub fn into_inner(self) -> T { |
There was a problem hiding this comment.
This should be a static method.
There was a problem hiding this comment.
Yep, commented over there as well.
src/libcore/mem.rs
Outdated
| /// } | ||
| /// } | ||
| /// ``` | ||
| pub union ManuallyDrop<T>{ value: T } |
There was a problem hiding this comment.
Union fields are private by default, right?
src/libcore/mem.rs
Outdated
| impl<T: ::fmt::Debug> ::fmt::Debug for ManuallyDrop<T> { | ||
| fn fmt(&self, fmt: &mut ::fmt::Formatter) -> ::fmt::Result { | ||
| unsafe { | ||
| fmt.debug_tuple("ManuallyDrop").field(&self.value).finish() |
There was a problem hiding this comment.
I kind of disagree. Since the value can be logically uninhabited, I think we either need to state up front that this will access the inner value and cannot be called after drop, or that it will not. While we could leave the door open to going from not printing to printing, that seems like something I would not be comfortable actually doing in practice.
src/libcore/mem.rs
Outdated
| @@ -736,3 +736,99 @@ pub fn discriminant<T>(v: &T) -> Discriminant<T> { | |||
| } | |||
| } | |||
|
|
|||
|
|
|||
| #[unstable(feature = "manually_drop", issue = "0")] | |||
There was a problem hiding this comment.
Nit: can you move these attributes below documentation? The established ordering convention is "docs, attributes, implementation".
|
Would it make sense to have another union field to "mark" the value as dropped? Something like: Then a hypothetical "union sanitizer" could flag any future uses of (But of course that depends on future events or uncertainties, so may well not be worth doing now.) |
|
@rust-lang/libs thoughts on the It was brought up on the RFC that the likelihood of shadowing a legitimate method is very small because deref traits don't allow movement. @sfackler, however, brings up that trying to be clever here may mean it's just more difficult to understand in general. I personally am sympathetic to what @sfackler is saying and would lean a bit towards a static method instead of an inherent method myself at this point. |
src/libcore/mem.rs
Outdated
| /// } | ||
| /// } | ||
| /// ``` | ||
| pub union ManuallyDrop<T>{ value: T } |
There was a problem hiding this comment.
Missing space before {, and value should likely be on its own line (although I don't mind it like this).
|
@scottmcm I believe that might actually be needed in some interpretations of |
alexcrichton
added
the
T-libs-api
Seems reasonable if this will help some future sanitizer. This is an implementation detail though and can be changed later.
|
|
☔ The latest upstream changes (presumably #40601) made this pull request unmergeable. Please resolve the merge conflicts. |
|
Good job getting rid of I see there is one more similar struct left, namely in |
Sure! |
|
Another random thought:
|
|
Intrinsic replaced. The PR has been open for a while. I haven’t seen any opinions on |
|
@nagisa want to switch to a static method instead of an inherent function? I'll r+ w/ that |
nagisa
force-pushed
the
manually-drop
branch
2 times, most recently
from
87a5096
to
4090a97
Compare
|
r=me, but I'd recommend squashing the commits as well Looks like travis is also failing? |
|
@nagisa looks like compile-fail/forget-init-unsafe.rs is using the intrinsic that 4f494c9 removed. |
nagisa
force-pushed
the
manually-drop
branch
2 times, most recently
from
23b8527
to
99f995b
Compare
|
☔ The latest upstream changes (presumably #41121) made this pull request unmergeable. Please resolve the merge conflicts. |
|
@bors: r+ |
|
📌 Commit c337b99 has been approved by |
|
⌛ Testing commit c337b99 with merge 5ad9e49... |
|
💔 Test failed - status-appveyor |
|
… On Tue, Apr 11, 2017 at 11:45 AM, bors ***@***.***> wrote:
💔 Test failed - status-appveyor
<https://ci.appveyor.com/project/rust-lang/rust/build/1.0.2882>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#40559 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAD95KbmXsd4yUGPrfK0uvC0Uq7ma_S6ks5ru64SgaJpZM4MemKl>
.
|
Implement Manually Drop As the RFC has been from approx a week in FCP without any major comments, I’m taking the opportunity to submit the PR early.
Implement Manually Drop As the RFC has been from approx a week in FCP without any major comments, I’m taking the opportunity to submit the PR early.
|
☔ The latest upstream changes (presumably #41237) made this pull request unmergeable. Please resolve the merge conflicts. |
ghost
mentioned this pull request
…xcrichton Add mem::forget_unsized() for forgetting unsized values ~~Allows passing values of `T: ?Sized` types to `mem::drop` and `mem::forget`.~~ Adds `mem::forget_unsized()` that accepts `T: ?Sized`. I had to revert the PR that removed the `forget` intrinsic and replaced it with `ManuallyDrop`: rust-lang#40559 We can't use `ManuallyDrop::new()` here because it needs `T: Sized` and we don't have support for unsized return values yet (will we ever?). r? @eddyb
…xcrichton Add mem::forget_unsized() for forgetting unsized values ~~Allows passing values of `T: ?Sized` types to `mem::drop` and `mem::forget`.~~ Adds `mem::forget_unsized()` that accepts `T: ?Sized`. I had to revert the PR that removed the `forget` intrinsic and replaced it with `ManuallyDrop`: rust-lang#40559 We can't use `ManuallyDrop::new()` here because it needs `T: Sized` and we don't have support for unsized return values yet (will we ever?). r? @eddyb
As the RFC has been from approx a week in FCP without any major comments, I’m taking the opportunity to submit the PR early.