Add Box::leak<'a>(Box<T>) -> &'a mut T where T: 'a

[Centril]

Adds:

impl<T: ?Sized> Box<T> {
    pub fn leak<'a>(b: Box<T>) -> &'a mut T where T: 'a {
        unsafe { &mut *Box::into_raw(b) }
    }
}

which is useful for when you just want to put some stuff on the heap and then have a reference to it for the remainder of the program.

r? @sfackler
cc @durka

[durka]

N.B. this exists in the ecosystem: https://crates.io/crates/leak

Is &'static mut T useful? It's unsafe to do anything with that, right? Maybe &'static T is better.

[mattico]

See also: rust-lang/rfcs#1233

[oli-obk]

It's not unsafe. There's a single mutable reference, the lifetime is irrelevant

[Centril]

Hmm, so @alexcrichton said then in rust-lang/rfcs#1233:

While this is indeed a pattern that could be added to the standard library, it's currently not greatly motivated in terms of use cases that require this sort of functionality to be in the standard library itself.

Since then the leak crate has been used: 12,959 times, but has one immediate dependent crate.

[cramertj]

Since then the leak crate has been used: 12,959 times, but has one immediate dependent crate.

And that crate is transitively depended on by skia and servo-skia-- I'd be that's where many of the downloads are coming from.

[Centril]

@cramertj So I can't judge if this means that the feature is used very little or not... =)

[sfackler]

I think this is a nice addition. &'static mut T seems like the right type, but 'static mutability is a bit subtle. @alexcrichton do you know if this'll run into any safety issues?

@rfcbot fcp merge

[rfcbot]

Team member @sfackler has proposed to merge this. The next step is review by the rest of the tagged teams:

• @BurntSushi
• @Kimundi
• @alexcrichton
• @aturon
• @dtolnay
• @sfackler

No concerns currently listed.

Once these reviewers reach consensus, this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

[alexcrichton]

AFAIK there's no soundness holes from this, but we can always double check during stabilization!

[KamilaBorowska]

I wonder if there is no risk of BC break in event this function would be replaced with this. It may turn out that the API may be expanded in the future to allow other lifetimes than 'static.

fn leak<'a>(b: Box<T>) -> &'a mut T
where
    T: 'a,
{
    unsafe { &mut *Box::into_raw(b) }
}

[retep998]

I have two points that people may be concerned about and it would be nice to have clear answers about them:

• What if T is not 'static? Will the returned &mut 'static T still respect the lifetime of T itself?
• What happens when Box gains the ability to be parametric over the allocator and that allocator has a lifetime so when the allocator dies, it takes all its allocations with it including any "leaked" allocations.

[Centril]

@xfix So; talked it over on #rust-lang and it seems strictly more powerful - so I'll change it to your proposal fn leak<'a, T: 'a>(b: Box<T>) -> &'a mut T instead, if @sfackler agrees. In any case, 'static should be backwards-compatible since you may pick any lifetime you wish for 'a including 'static.

@retep998

What if T is not 'static? Will the returned &mut 'static T still respect the lifetime of T itself?

Given this program:

fn leak<T>(b: Box<T>) -> &'static mut T {
    unsafe { &mut *Box::into_raw(b) }
}

fn main() {
    let static_ref: &'static mut &mut usize = {
        let mut local_variable = 41;
        let boxed: Box<&mut usize> = Box::new(&mut local_variable);
        leak(boxed)
    };
    **static_ref += 1;
    assert_eq!(**static_ref, 42);
}

we, rightly, get:

error[E0597]: `local_variable` does not live long enough

So a bound T: 'static is magically there.

What happens when Box gains the ability to be parametric over the allocator...

Well, then leak does not exist for that Box<T, Alloc> yet, but can be defined later by Alloc: 'a.

[Centril]

Updated to fn leak<'a, T: 'a>(b: Box<T>) -> &'a mut T after OKing with @sfackler.

[carols10cents]

ping @BurntSushi for your ticky box here!

[KamilaBorowska]

Is a documentation line simply saying "Simple usage" before an example needed?

[Centril]

I used it to differentiate between "simple usage" and "unsized data" - I think it makes it a bit more readable - but I can always remove it.

[BurntSushi]

If 'static is there implicitly, does it make sense to make it explicit with T: 'static in the function signature?

[rfcbot]

🔔 This is now entering its final comment period, as per the review above. 🔔

[Centril]

@BurntSushi I generalized it to any lifetime 'a and made it explicit after popular demand, so yes =)

[BurntSushi]

@Centril Ah great!

[alexcrichton]

@Centril mind updating the issue number reference in the unstable tag? After that this should be good to go!

[Centril]

@alexcrichton Done, issue is #46179 .

[kennytm]

@bors r=alexcrichton

[bors]

📌 Commit bc18d99 has been approved by alexcrichton

[bors]

⌛ Testing commit bc18d99 with merge 246a6d1...

[bors]

☀️ Test successful - status-appveyor, status-travis
Approved by: alexcrichton
Pushing 246a6d1 to master...