-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify layout of Cell
and UnsafeCell
#79303
Comments
@rustbot modify labels to T-doc, T-lang, C-enhancement. Also, here’s the link to the relevant URLO discussion. |
From a libs perspective, a |
What does that tell a user though? Its field is not part of the public API thus one can't know in relation to what it is transparent. In other words there could in theory be yet another wrapper inside and the |
Add documentation about the memory layout of `Cell` rust-lang/rust#101717 guaranteed the memory layout of `UnsafeCell<T>`. This property (a guaranteed memory layout) can be useful to have on `Cell<T>` as well. (Note that `Cell<u8>` [already doesn't trigger the `improper_ctypes` lint](https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=34af59ef60b96d8a8bdaec1d52cb5420) since it is `#[repr(transparent)]`). The concrete use-case is for the crate [`objc2`](https://github.com/madsmtm/objc2) to specify that `Cell<T>` is safe to use as an instance variable when `T` is. Fixes rust-lang/rust#79303. --- I'm unsure if we should specify less, for example say that the `Cell` may have extra restrictions on when it may be accessed, or if that's implicit in the (deliberately minimal) way I've worded it here?
Add documentation about the memory layout of `Cell` rust-lang/rust#101717 guaranteed the memory layout of `UnsafeCell<T>`. This property (a guaranteed memory layout) can be useful to have on `Cell<T>` as well. (Note that `Cell<u8>` [already doesn't trigger the `improper_ctypes` lint](https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=34af59ef60b96d8a8bdaec1d52cb5420) since it is `#[repr(transparent)]`). The concrete use-case is for the crate [`objc2`](https://github.com/madsmtm/objc2) to specify that `Cell<T>` is safe to use as an instance variable when `T` is. Fixes rust-lang/rust#79303. --- I'm unsure if we should specify less, for example say that the `Cell` may have extra restrictions on when it may be accessed, or if that's implicit in the (deliberately minimal) way I've worded it here?
Currently,
Cell<T>
andUnsafeCell<T>
are both#[repr(transparent)]
. However, it is unclear whether this is stable or just an implementation detail. This line in the implementation of UnsafeCell notes that "there is no guarantee for user code that this [casting a*const UnsafeCell<T>
to*mut T
] will work in future versions of the compiler"; but it is unclear whether this applies to the casting of*const UnsafeCell<T>
to*const T
or the casting of*const T
to*mut T
.as_slice_of_cells
also relies on the layout ofUnsafeCell
, but makes no mention of it being exclusive to std.Even if they do stably have a transparent layout, there are also some questions to be resolved around whether creating
UnsafeCell
s from references is UB; conversions like*const T
to*const UnsafeCell<T>
,&T
to&UnsafeCell<T>
,&mut T
to&UnsafeCell<T>
,&[UnsafeCell<T>]
to&UnsafeCell<[T]>
should all probably be specified.The text was updated successfully, but these errors were encountered: