RFC: remove syntactic sugar for @mut borrows

[thestinger]

Using @mut won't lead to dynamic failures until it ends up borrowed as & or &mut. I think this has proven to be a very confusing feature, and explaining it is a regular activity in #rust. It's very hard to reason about the failure cases until you actually run into one, especially if there are a lot of shallow copies which is the use case for managed pointers. It's usually a better idea to pass it by-value for the sake of robustness.

Resorting to @mut should already be a last resort and dynamic freezes should be a very obvious opt-in feature, with appropriately named methods + docstrings.

let x = @mut 5;
do x.borrow |r| {
    ...
}

The current behaviour would also be incredibly hard to reproduce in a library type meant to be used in the same way like RcMut. We would need a very special trait able to run code at the end of the scope without an object + destructor involved.

In the future, this will allow us to add back the sugared borrows to @mut for the subset of cases that we can prove are safe without dynamic freezes. By putting the dynamic failure strategy in a library, we leave open the possibility of better solutions as the language evolves.

I know doing this would be a painful change, but it can be done gradually with a lint check set to deny the old implicit dynamic borrows by default.

[emberian]

+1, very much agree. Avoiding dynamic failure is one of the reasons I am attracted to Rust, and it should definitely be explicitly opt-in. It will make code much easier to reason about, I think.

[pcwalton]

+1 in general, but I actually think that we don't need a closure here: we can possibly just return the reference you get from mutate() as part of an object with a destructor.

[nikomatsakis]

If we move away from @mut and over to Mut, I guess this happens by default

[brson]

cc #9796

[thestinger]

This is completed.