BTreeMap: prevent tree from ever being owned by non-root node #81073
Conversation
rust-highfive
added
the
S-waiting-on-review
Mark-Simulacrum
added
S-waiting-on-author
ssomers
force-pushed
the
btree_owned_root_vs_dying
branch
from
5ddf49c
to
1d3e5ce
Compare
|
Apart from the comment, a major tweak is to have only one trait and a kind of static assert instead of a trait blocking access to |
|
☔ The latest upstream changes (presumably #81159) made this pull request unmergeable. Please resolve the merge conflicts. |
ssomers
force-pushed
the
btree_owned_root_vs_dying
branch
from
1d3e5ce
to
a546401
Compare
|
@rustbot modify labels: -S-waiting-on-author +S-waiting-on-review |
rustbot
added
S-waiting-on-review
| const PINNED: bool = false; | ||
| } | ||
| impl BorrowType for Owned { | ||
| const PINNED: bool = true; // Owned node references are always at the root node. |
There was a problem hiding this comment.
Can we explain this more? I'm not sure what you mean by pinned. It would probably also be good to find a different name, as Pin carries a pretty specific meaning in Rust. (Of course, if we match that meaning, then the name is fine; I am not sure we do).
There was a problem hiding this comment.
The link with Pin is rather loose. For the particular safety problem at hand, "descendible" would be enough, but I think it's more clear and useful to say "neither ascendable nor descendable", which implies "unmovable", "locked", "fixed", "frozen", "stuck", "constant". It seems somewhat fuzzy because it's not the borrow that is "unmovable", but the NodeRef that the borrow type qualifies. I think the language's equivalent difference is between a mut and an immutable variable of a reference type, but "immutable" is definitely not better than "pinned" because the borrow type Immut would not have the "immutable" property.
There was a problem hiding this comment.
I admit that I don't really follow what you wrote. What precisely do we need? It seems like this is really just saying that you cannot descend from owned nodes? Can we call this "permits traversal" or something like that?
There was a problem hiding this comment.
Oops, I mixed up value semantics with variable semantics. All NodeRef are immutable already, luckily. I like "PERMITS_TRAVERSAL", that really… pins it down.
|
Overall I think this seems fine. |
|
It would be good to update the description of the PR to summarize the current diff -- I think there was a pretty major reworking since you wrote it. |
Mark-Simulacrum
added
S-waiting-on-author
It's still the same goal in my book. The fact it requires a distinction between dying and living ownership is., I think, useful on its own and could be another PR to jump in front. |
ssomers
force-pushed
the
btree_owned_root_vs_dying
branch
from
a546401
to
3e45f17
Compare
ssomers
changed the title
|
☔ The latest upstream changes (presumably #81217) made this pull request unmergeable. Please resolve the merge conflicts. |
ssomers
force-pushed
the
btree_owned_root_vs_dying
branch
from
3e45f17
to
417eefe
Compare
|
@rustbot label: +S-waiting-on-review -S-waiting-on-author |
rustbot
added
S-waiting-on-review
|
@bors r+ rollup=never |
|
📌 Commit 417eefe has been approved by |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
This introduces a new marker type,
Dying, which is used to note trees which are in the process of deallocation. On such trees, some fields may be in an inconsistent state as we are deallocating the tree. Unfortunately, there's not a great way to express conditional unsafety, so the methods for traversal can cause UB if not invoked correctly, but not marked as such. This is not a regression from the previous state, but rather isolates the destructive methods to solely being called on the dying state.