Track more safety invariants in the type system #279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change creates several wrappers around `unsafe` operations to better track the safety invariants. While not perfect, which should reduce the number of footguns in the code. It focuses on locking - using primitives like mutex guards known from `std`. The locked state is tracked in those guards. This crate needs some special features however. It needs to lock all locks in a slice and unlock them in the same order. Similarly it needs to lock a queue inside a `Bucket` while keeping reference to the bucket. Additional specialized wrappers maintain safety of these advanced operations similarly to guards. They are implemented in their own modules to avoid access from other parts of code. This change comes with two more side effects: * `Cell` was removed from the bucket as now locking provides required safety. * Bucket pair uses `Option` to represent same buckets. This adds a slight performance penalty but it's in slow path and may be optimized out by the compiler. It's even possible that absence of `Cell` will enable even more optimizations.
|
Ah, this has lower MSRV. I'm too exhausted to fix it now. Will come back later. Some more ideas to consider:
|
`Cell::from_mut()` was stabilized in 1.37 but the MSRV of this crate is 1.36.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Meta - about this PR
This is a byproduct of attempting to figure out #278 by "asking the compiler if it sees a problem".
The idea seemed to be possibly useful, so this should be viewed almost like a draft/suggestion.
Description
This change creates several wrappers around
unsafeoperations tobetter track the safety invariants. While not perfect, which should
reduce the number of footguns in the code.
It focuses on locking - using primitives like mutex guards known from
std. The locked state is tracked in those guards. This crate needssome special features however. It needs to lock all locks in a slice and
unlock them in the same order. Similarly it needs to lock a queue inside
a
Bucketwhile keeping reference to the bucket.Additional specialized wrappers maintain safety of these advanced
operations similarly to guards. They are implemented in their own
modules to avoid access from other parts of code.
This change comes with two more side effects:
Cellwas removed from the bucket as now locking provides requiredsafety.
Optionto represent same buckets. This adds aslight performance penalty but it's in slow path and may be optimized
out by the compiler. It's even possible that absence of
Cellwillenable even more optimizations.