Revamp the Reconstruct/ReconstructUnchecked traits, and add a construct.
#92
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nstruct`. After this CL, the state of affairs is that there's a safe and unsafe way to reconstruct a value in-place (without running assignment operators): **Unsafe:** `ctor::reconstruct(bar, c);`\ **Safe:** `*var = ctor::construct(c);` Where, in the unsafe version, `var : Pin<&mut T>`, and in the safe version,`var: &mut T`. This corresponds with the notion that `&mut T` is always safe to Rust-move to/from, but `Pin<&mut T>` has potentially difficult safety preconditions, which depend on the exact value in question. --- `Reconstruct` and `ReconstructUnchecked` were added during the design process for `ctor`, and don't make as much sense now. `Reconstruct` was designed, initially, so that you could safely reconstruct types which are never potentially-overlapping. Before C++20, it would be safe to do this for any `final` type. But as of C++20, the cat is completely out of the bag, and it is a property of _values_, not types. Even `final` types can be potentially-overlapping. So there is no completely safe interface dealing with `Pin<&mut T>`. (The completely safe interface uses `&mut T`, and it's called "rust assignment"! :]) So: it no longer makes sense as an `unsafe` trait. It should be removed from the trait definition. That means that `unsafe` should likely go on the method itself. That's what the `ReconstructUnchecked` trait does. It's the moral equivalent of `*p.into_inner_unchecked() = x`, but where `x` is a lazily-constructed value. So: this CL deletes `Reconstruct`, and for that matter removes `ReconstructUnchecked` and replaces it with a bare function. Also, this adds a basic `construct()` function, which you need to use for safe code dealing with bare values, and makes it easier to document what `reconstruct` does. In effect, `reconstruct` is the pinful version of `*p.as_mut().into_inner() = construct(c);`, which works even if the value is not Rust-movable. PiperOrigin-RevId: 836358194
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Revamp the
Reconstruct/ReconstructUncheckedtraits, and add aconstruct.After this CL, the state of affairs is that there's a safe and unsafe way to reconstruct a value in-place (without running assignment operators):
Unsafe:
ctor::reconstruct(bar, c);Safe:
*var = ctor::construct(c);Where, in the unsafe version,
var : Pin<&mut T>, and in the safe version,var: &mut T. This corresponds with the notion that&mut Tis always safe to Rust-move to/from, butPin<&mut T>has potentially difficult safety preconditions, which depend on the exact value in question.ReconstructandReconstructUncheckedwere added during the design process forctor, and don't make as much sense now.Reconstructwas designed, initially, so that you could safely reconstruct types which are never potentially-overlapping. Before C++20, it would be safe to do this for anyfinaltype.But as of C++20, the cat is completely out of the bag, and it is a property of values, not types. Even
finaltypes can be potentially-overlapping. So there is no completely safe interface dealing withPin<&mut T>. (The completely safe interface uses&mut T, and it's called "rust assignment"! :])So: it no longer makes sense as an
unsafetrait. It should be removed from the trait definition.That means that
unsafeshould likely go on the method itself. That's what theReconstructUncheckedtrait does. It's the moral equivalent of*p.into_inner_unchecked() = x, but wherexis a lazily-constructed value.So: this CL deletes
Reconstruct, and for that matter removesReconstructUncheckedand replaces it with a bare function.Also, this adds a basic
construct()function, which you need to use for safe code dealing with bare values, and makes it easier to document whatreconstructdoes. In effect,reconstructis the pinful version of*p.as_mut().into_inner() = construct(c);, which works even if the value is not Rust-movable.