Append potential logic error observation

Bitflogger · August 21, 2023, 9:16pm

Using a vector after emptying it with append, is possible, but probably a logic error. Would it be better for append to take ownership of its argument?

tbfleming · August 21, 2023, 9:49pm

It takes an &mut, which does signal it's modifying other. Changing it now would break existing code. Changing it would also prevent reusing its memory (optimization technique).

quinedot · August 21, 2023, 9:55pm

Not taking ownership lets the caller reuse the allocation, and lets an exclusive borrower perform the operation ergonomically/efficiently. The chance of a logic error is somewhat mitigated by Rust's mut binding requirements and calling conventions as well. (If you own the Vec, you have to declare it mut and pass a &mut. If you don't, you have to have a &mut Vec<_> and not a &mut [_], i.e., being able to change the length was probably intentional / is probably communicated by the API.)

In any case, too late to change it now (it has to stick around forever for backwards compatibility, and it'd be too much churn for not enough reason to deprecate it).

An ownership-taking alternative already exists by the way.

fn example<T>(sink: &mut Vec<T>, source: Vec<T>) {
    sink.extend(source);
    // errors
    // let _ = source;
}

(Incidentally, "safety" has UB-related meaning in Rust that doesn't cover potential logic errors like this topic.)

Bitflogger · August 21, 2023, 9:58pm

Well, a different method could do it, it would need a good name. If you want to reuse an empty vector, it should be easy to just init one. In my project, I have some structs that have an append method, so I can take ownership of the argument at that level.

Bitflogger · August 21, 2023, 10:06pm

If anyone who can, wants to improve the title, I have no objection.

kornel · August 21, 2023, 11:49pm

extend() does exactly this.

fn main() {
    let mut one = vec![1,2,3];
    let two = vec![4,5,6];
    
    one.extend(two);
}

Bitflogger · August 22, 2023, 12:35am

OK, extend does it.

H2CO3 · August 22, 2023, 7:09am

No, why?

H2CO3 · August 22, 2023, 7:14am

Actually, no. Extend is generic (it takes any iterator), so this works:

one.extend(two.drain(..));

I guess this sort of usage pattern can't be prevented unless the RHS is concretely Vec<T> (ie., Self), at which point there's no benefit to such a by-value method.

Bitflogger · August 22, 2023, 2:58pm

It seems easy to me to use a vector thinking it is not empty, so leaving the vector around, when you could easily init a new one, seems risky to me.

Bitflogger · August 22, 2023, 3:01pm

If extend takes ownership of the argument, which I think it does, its out of scope from the caller. The caller will not use it again.

H2CO3 · August 22, 2023, 3:15pm

Did you check my example code above? It looks like you are not right.

H2CO3 · August 22, 2023, 3:16pm

But what if you do want to re-use it? Shouldn't that be allowed? It's a common pattern, and I experienced exactly zero such bugs during the 15+ years I've been using any language with dynamic arrays.

jumpnbrownweasel · August 22, 2023, 9:19pm

I don't think transferring ownership (move) of an object in Rust is ever used just to avoid confusion, e.g., when the object may be unlikely to be needed any longer, or is empty. At least I can't think of any cases of this. I only see ownership transfer being used when truly necessary to avoid undefined behavior.

H2CO3 · August 23, 2023, 5:59am

That's not really true; the ownership model is often used for describing semantics (eg. MutexGuard unlocks on drop, and database transaction handlers can rollback or commit automatically). But the "vector is empty after appending" is not one of these cases.