search

fitzgen / bumpalo

A fast bump allocation arena for Rust
https://docs.rs/bumpalo
Apache License 2.0
1.41k stars 111 forks source link

`Box::pin_in` violates pin's drop guarantee #226

Open zetanumbers opened 8 months ago

zetanumbers commented 8 months ago

This is incorrect and violates pin's drop guarantee which in turn breaks existing correct code assuming this rule. For this reason std::box::Box::pin_in has A: 'static bound over the allocator generic type argument.

zetanumbers commented 8 months ago

https://github.com/rust-lang/rust/pull/79327#issue-748392410

Allocators has to retain their validity until the instance and all of its clones are dropped. When pinning a value, it must live forever, thus, the allocator requires a 'static lifetime for pinning a value. Example from reddit:

let alloc = MyAlloc(/* ... */);
let pinned = Box::pin_in(42, alloc);
mem::forget(pinned); // Now `value` must live forever
// Otherwise `Pin`'s invariants are violated, storage invalidated
// before Drop was called.
// borrow of `memory` can end here, there is no value keeping it.
drop(alloc); // Oh, value doesn't live forever.