search

rust-lang / libs-team

The home of the library team
Apache License 2.0
116 stars 18 forks source link

Remove `MaybeUninit::slice_as_(mut_)ptr` and optionally add `*const/*mut MaybeUninit<T> -> *const/*mut T` type safe conversions #245

Closed SUPERCILEX closed 1 year ago

SUPERCILEX commented 1 year ago

Proposal

This ACP breaks off a small piece of https://github.com/rust-lang/libs-team/issues/122 that wasn't discussed in depth.

Problem statement

The MaybeUninit::slice_as_(mut_)ptr methods force you to elide bounds checks to go from MaybeUninit<T> to T.

fn slice_as_ptr(this: &[MaybeUninit<T>]) -> *const T

Motivating examples or use cases

There is evidence of unnecessary bounds elision occurring in the stdlib: notice the places that were switched to using array indexing in https://github.com/rust-lang/rust/pull/103133/commits/f2e9b40b8a2cca1c6a4c28eeac0eb5cfdfb1a3f3.

Solution sketch

Remove MaybeUninit::slice_as_(mut_)ptr.

Optionally, I'd like to add methods for *const/*mut MaybeUninit<T> -> *const/*mut T. This restores the type safety provided by slice_as_ptr and enables improved type safety in other cases where one has a raw pointer to a MaybeUninit and wishes to get at the wrapped type. Without these methods, you'd just have to do the cast manually which isn't the end of the world.

impl<T> *const MaybeUninit<T> {
    pub const fn raw_as_ptr(self) -> *const T
}

impl<T> *mut MaybeUninit<T> {
    pub const fn raw_as_mut_ptr(self) -> *mut T
}

Links and related work

https://github.com/rust-lang/rust/pull/103133

m-ou-se commented 1 year ago

We discussed this in the libs-api meeting. We're on board with removing MaybeUninit::slice_as_ptr.

We did not reach consensus on adding the newly proposed methods, so that part of this ACP is not accepted.

SUPERCILEX commented 1 year ago

Sounds good! Will update the PR.