Gym*_*ore 6 lifetime rust borrow-checker
假设我想写这样的代码:
struct Inspector<'a>(&'a u8);
struct Foo<'a> {
value: Box<u8>,
inspector: Option<Inspector<'a>>,
}
fn main() {
let mut foo = Foo { value: Box::new(0), inspector: None };
foo.inspector = Some(Inspector(&foo.value));
}
目前,Rust 编译器允许我这样做,只要我不Drop为Inspector.
如果我添加一个,则会出现以下编译时错误:
foo.value还借的时候掉了。Borrow 可能会在
foo被删除并运行析构函数时使用Foo<'_>
这显然是正确的。事实上,我已经从nomicon 中提取了这个例子。
现在,这是我的问题。假设我有一个奇怪的 a 实现,它的类型参数中Box没有任何T参数。
/// An heap-allocated `T` without generic parameters.
struct MyBox {
data: NonNull<u8>,
/// SAFETY:
/// Caller must ensure the value will not be
/// used again.
drop_fn: unsafe fn(*mut u8),
layout: Layout,
}
impl MyBox {
fn new<T>(val: T) -> Self {
if mem::size_of::<T>() == 0 {
panic!("T is a ZST");
}
let layout = Layout::new::<T>();
let data = NonNull::new(unsafe { alloc(layout) })
.unwrap_or_else(|| handle_alloc_error(layout));
// pointer refers to uninit owned memory
unsafe { data.cast::<T>().as_ptr().write(val) };
Self {
data,
// SAFETY: See `drop_fn` field for safety guarantees
drop_fn: |data| unsafe { drop_in_place(data as *mut T) },
layout,
}
}
/// Caller must ensure that this box owns a `T`.
unsafe fn trust_mut<T>(&mut self) -> &mut T {
&mut *self.data.cast().as_ptr()
}
}
impl Drop for MyBox {
fn drop(&mut self) {
// SAFETY: Value will not be used again
unsafe { (self.drop_fn)(self.data.as_ptr()) }
unsafe { dealloc(self.data.as_ptr(), self.layout) };
}
}
但这一次,Rust 的 drop checker 不知道在调用其析构函数时MyBox会丢弃 a T。这使我能够编写这个不健全的代码:
pub struct Inspector<'a>(&'a u8);
impl Drop for Inspector<'_> {
fn drop(&mut self) {
/* Could try to inspect `self.0` here which might have been dropped */
}
}
pub struct Foo<'a> {
value: Box<u8>,
inspector: Option<Inspector<'a>>,
}
fn main() {
let mut b = MyBox::new(Foo {
value: Box::new(0),
inspector: None,
});
let foo: &mut Foo = unsafe { b.trust_mut() };
foo.inspector = Some(Inspector(&foo.value)); // No error occurs here
}
由此,我的问题很简单:有没有办法告诉丢弃检查器,当它被丢弃时,将生命周期限制在对象上是不行的?因为我基本上需要的是PhantomData<T>没有T.
MyBox我可以用这个做其他与无关的令人讨厌的事情Drop......
fn main() {
let mut vec: Vec<i32> = vec![42];
let mut b = MyBox::new(&vec[0]); // T is &i32
{
let val: &mut &i32 = unsafe { b.trust_mut() };
println!("{}", *val);
}
vec[0] = 1337; // I can mutate `vec[0]` even though `vec[0]` is borrowed by `b`
{
let val: &mut &i32 = unsafe { b.trust_mut() };
println!("{}", *val);
}
}
问题是MyBox完全删除了有关 中借用的任何信息T。有两种方法可以解决此问题:
<T>为<T: 'static>inMyBox::new和MyBox::trust_mut。这将防止值T借用任何非'static数据。MyBox,然后更改<T>为<T: 'a>inMyBox::new和MyBox::trust_mut。如果您想要严格选项的效果,只需使用MyBox<'static>。use std::alloc::{Layout, alloc, dealloc, handle_alloc_error};
use std::marker::PhantomData;
use std::mem::size_of;
use std::ptr::{self, NonNull};
/// An heap-allocated `T` without generic parameters.
struct MyBox<'a> {
data: NonNull<u8>,
/// SAFETY:
/// Caller must ensure the value will not be
/// used again.
drop_fn: unsafe fn(*mut u8),
layout: Layout,
_borrow: PhantomData<&'a ()>,
}
impl<'a> MyBox<'a> {
fn new<T: 'a>(val: T) -> Self {
if size_of::<T>() == 0 {
panic!("T is a ZST");
}
let layout = Layout::new::<T>();
let data = NonNull::new(unsafe { alloc(layout) })
.unwrap_or_else(|| handle_alloc_error(layout));
// pointer refers to uninit owned memory
unsafe { data.cast::<T>().as_ptr().write(val) };
Self {
data,
// SAFETY: The caller must ensure that the value will not
// be using the value again.
drop_fn: |data| unsafe { ptr::drop_in_place(data as *mut T) },
layout,
_borrow: PhantomData,
}
}
/// Caller must ensure that this box owns a `T`.
unsafe fn trust_mut<T: 'a>(&mut self) -> &mut T {
&mut *self.data.cast().as_ptr()
}
}