Open
Description
This is one of the successors to #77. The question is: for a reference to be valid, do we require that all the data it points to is equally valid, fully recursively?
I think the answer is "no", and my impression is most people agree, so let me collect some arguments here (and I will open some other issues that only make sense discussing after the answer here is "no"):
- Full recursive validity is super fragile: to reason about why the reference you are creating does not cause UB, you have to reason about all code that might mutate any memory transitively reachable (via references).
- The benefit is questionable: having deeply nested references cause UB is very unlikely to ever benefit compiler optimizations.
- Allowing mutable references to uninit data (between consenting APIs) is (unfortunately) how the
io::Read
trait often works, and while better solutions are being developed, there's a long tail of copies of this API and a lot of old code to port, that we should have good reasons to consider UB. - For shared references with interior mutability specifically, even determining whether an
&Mutex<bool>
is valid would cause a conceptual data race with another thread holding the lock and mutating thatbool
. - Some of the arguments in Document current justification for not requiring recursive reference validity (in particular,
&mut uninit
not being immediate UB) #346 also apply, though some are more specific and a lot of the discussion focuses not on "full recursive validity: yes or know" but various weaker validity variants. - Also see this post
Note that the Rust reference currently answers this question with "yes", but in my view this is mostly because we haven't yet figured out what exactly the weaker requirement is that we actually want to impose.
Metadata
Metadata
Assignees
Labels
No labels