Fix soundness issues with covariant Q argument#21
Conversation
|
Technically a breaking change, but also a soundness-bug fix (and it only breaks code that’s very close to exploiting the unsoundness that's being fixed, anyways; in other words, it shouldn't affect sane users of this crate); so a new minor version seems appropriate when releasing this. Also consider yanking old versions with an unsound API (once a version containing this PR is published) |
by using Invariant<Q> for Id<'id> as-well
|
Added some commits that use |
|
Thanks for the PR. I've read the Rustonomicon to understand things better and thought it all through. This all makes sense. Just one thing: I think using a tuple in I think there are two options: Either I accept the PR as it is and I fix up things as above, or if you have time you could do it. I don't mind either way. I will add further changes afterwards anyway to add comments referencing the Rustonomicon and justifying it in my own way, to make things clearer for anyone who looks at this later on. Locally I have also added a couple of tests for the problem situation you documented in the bug report, which I will also check in later. These fail before the change and succeed afterwards, as expected, so that is all fine. As you suggest, I will probably yank all versions back to the first release with TCell in it, once this is published. |
Ah, right… I guess I compared to
Let me take another look at those comments. |
|
Just noticing that |
|
Nevermind, |
|
The comment regarding UnwindSafe-ty is comparing |
|
The question of While |
|
So you're suggesting returning to using My own priorities are making the behaviour clear and have comments documenting why things are done as they are. I think the comment about UnwindSafe above uses of Invariant is not relevant to those places. Perhaps it could go on the Invariant definition to explain why that particular implementation of Invariant is used. TLCell will need similar changes to TCell. I will add tests after you finish so that the behaviour regarding auto-traits is well-defined and can be tested as Rust updates. Thanks |
|
So I’ve added a few commits now 😃 |
right… I forgot that… |
|
I think TCell needs to be like TLCell now, i.e. put back in the manual implementation of Send, because that gave a better error message. |
|
right, the error message would be slightly better for |
… in an appropriate place
|
I personally feel a bit reluctant about adding an additional marker fields and a manual Actually, I guess the marker fields aren't necessary even with the manual impl. Nonetheless, I feel like Also, the handling of |
|
Yes, that part is all fine. I will add tests to make sure that all the auto-traits come out as expected, so that won't get broken and we'll pick up on anything weird that occurs in Rust's implementation (or they'll pick it up in a crater run). I was just reading a bit more on the drop checker (since I think things are all pretty much fine to merge now. I'll just go over it all again to be sure though. |
|
Thanks for putting back in those comments, BTW. I was going to do the same, but you've already done it so that's great. |
|
I'll finish checking things over after lunch and merge then. Thanks! |
|
Thanks again for this. I've added a changelog to the release now, and I've put all the credits for contributions in there. |
Closes #20
I didn’t see any good common place to putEdit: Changed in additional commit.Invariant<Q>struct, so I put a copy of it in both modules.