-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
weak-into-raw: Clarify some details in Safety #66710
Conversation
(rust_highfive has picked a reviewer for you, use r? to override) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple small notes, this is a good clarification otherwise.
src/liballoc/rc.rs
Outdated
/// is or *was* managed by an [`Rc`] and the weak count of that [`Rc`] must not have reached | ||
/// 0. It is allowed for the strong count to be 0. | ||
/// The pointer must have originated from the [`from_raw`] (or [`as_raw`], provided there was | ||
/// corresponding [`forget`] on the `Weak<T>`) and must still own its potential weak reference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't perfectly accurate, as you don't have to forget the original weak in the past, you can forget this weak if the pointer is from as_raw.
I'm not sure how to reword this note, though. Probably something along the lines of "only as many Weak
are dropped as are created by non-raw methods".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically yes, but only as long as some other Weak<T>
or Strong<T>
pointing to the same thing exists. If you created it after the weak count dropped to 0 and then forgot it, it would be UB, because it would play with the weak count field that no longer exists.
But if you hold a Weak<T>
somewhere, then you probably don't really need to create and forget it. So I believe this might be good enough ‒ especially because this safety section errs on the safe side ‒ it's more restrictive than needs to be.
Anyway, I don't see how to make it more accurate, still readable and not ramble about it over two pages :-(.
I've added a fixup. That one should be squashed before merging ‒ I'll do so once it gets completely reviewed. |
r? @RalfJung perhaps |
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
I can add this to my queue but given that my next free week-end is sometime in January, don't expect a quick review -- sorry. |
There's no code changed, it's just documentation changes to avoid people getting confused by it. I believe quite anyone should be able to review this, following the discussion in the linked ticket. It's not really about some deep unsafe magic. |
It's less about being able to and more about finding the time. I only have 1-2 hours of time for Rust per day (taking up almost my entire free time) and there are quite a few things that are already waiting in my queue for more than a week. |
My point was that I don't think it has to be you, @RalfJung, that anyone else could take it instead. |
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
What about r? @SimonSapin |
Sorry, I’m in a similar situation as Ralf. I’ve removed myself (a while ago) from the review auto-assignment because of limited bandwidth. I don’t really have a suggestion for more precise wording here. r? @Centril |
Also, can you squash the commits? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me once squashed, r=me.
3acb622
to
f201e89
Compare
Thank you. I've included the suggestions and squashed. |
The job Click to expand the log.
I'm a bot! I can only do what humans tell me to, so if this was not helpful or you have suggestions for improvements, please ping or otherwise contact |
Ups, I've force-pushed an older version ☹. I'll fix it once I get to the other computer where the right version still lives. |
Looks good to me also, but r? @dtolnay |
f201e89
to
196cbfb
Compare
I've just squashed and force-pushed the correct version including all the link fixes. 🤞 |
Thanks! @bors r+ rollup |
📌 Commit 196cbfb4a6d75b5f6a01d2d33b2e41e02a1ba5f5 has been approved by |
Let's fix those typos before landing. @bors r- |
196cbfb
to
4731510
Compare
Clarify it is OK to pass a pointer that never owned a weak count (one from Weak::new) back into it as it was created from it. Relates to discussion in rust-lang#60728.
Thanks! @bors r=dtolnay |
📌 Commit 4731510 has been approved by |
…tolnay weak-into-raw: Clarify some details in Safety Clarify it is OK to pass a pointer that never owned a weak count (one from Weak::new) back into it as it was created from it. Relates to discussion in rust-lang#60728. @CAD97 Do you want to have a look at the new docs?
Rollup of 9 pull requests Successful merges: - #66710 (weak-into-raw: Clarify some details in Safety) - #66863 (Check break target availability when checking breaks with values) - #67002 (Fix documentation of pattern for str::matches()) - #67005 (capitalize Rust) - #67010 (Accurately portray raw identifiers in error messages) - #67011 (Include a span in more `expected...found` notes) - #67044 (E0023: handle expected != tuple pattern type) - #67045 (rustc_parser: cleanup imports) - #67055 (Make const-qualification look at more `const fn`s) Failed merges: r? @ghost
Clarify it is OK to pass a pointer that never owned a weak count (one
from Weak::new) back into it as it was created from it. Relates to
discussion in #60728.
@CAD97 Do you want to have a look at the new docs?