uazu / qcell

Statically-checked alternatives to RefCell and RwLock
Apache License 2.0
356 stars 22 forks source link

Translations of T #8

Open uazu opened 4 years ago

uazu commented 4 years ago

Some possible additions to the API (contributed by pythonesque):

I also proved that the translations Lcell<T> -> T, &LCell<[T]> -> &[LCell<T>], and &mut T <-> &mut LCell<T>, are sound for all T, which I don't think your code has yet.

pitdicker commented 4 years ago

I don't think &LCell<[T]>&[LCell<T>] is sound. LCellOwner::rw2 would then allow you to take a mutable reference of both the entire slice LCell<[T]> and the slice element LCell<T>.

Btw. I wrote a post that compares interior mutability types, and some possible extensions that also mentions your crate.

uazu commented 4 years ago

Thanks. I think @pythonesque didn't include rw2 in his analysis, because he had doubts about it. GhostCell doesn't have rw2. I believe rw2 is sound however as things stand (see issue #7). Thanks for the heads up about potential problems if we mix these features.

pitdicker commented 4 years ago

Sorry, I remember typing a second reply two days ago. I was too soon to call it unsound.

If LCellOwner::rw2 not only checks the pointers are not equal, but also that the pointers don't fall within the memory of another type (pointer of size_of::<T>()), it is sound.

uazu commented 4 years ago

Right now all the three types of cells work the same. However only QCell needs to be referred to exclusively by the cell starting address, due to the cell-ID. So yes perhaps the other types could diverge and allow these kinds of operations (with the overlap test you mentioned). I prefer to implement stuff when I have a clear use-case in front of me, so I'm not going to implement this myself for now. If someone shows how this would help them in their project, then I'll look at implementing it, or else support them in making the change.