Mutable borrow from immutable input(s)

saarshah · April 16, 2019, 4:22am

what is the problem with Clippy on if we return mutable from immutable . see the the following code...

pub unsafe fn get_unchecked_mut(&self, key: usize) -> &mut T {

self.get_element_at(key).get_occupied_mut()

}

I means above code is working properly , but clippy suggesting us its as error (Clippy Lints)

Cerber-Ursi · April 16, 2019, 4:58am

Simply stated, this is an UB if you somehow transform immutable reference to a variable into mutable one. Clippy doesn't try to look at the function's body to determine whether it is the case or two references are unrelated, it just throws a warning in. And, so to say, your code in fact contains an UB: if some optimisation assumes that the object is immutable, but it was in fact mutated (through the reference acquired by this function), you'll easily can get anything wrong.

RustyYato · April 16, 2019, 4:59am

Even if you are using interior mutability, this is almost always UB.
Note: The only way to use interior mutability is by using UnsafeCell or types that use UnsafeCell, like Cell, Mutex, or Atomic*.

saarshah · April 16, 2019, 8:23am

thanks for your reply.. its means rust compiler allow UB.. if yes, in this case, compiler , at least , must warn us.

saarshah · April 16, 2019, 8:26am

If we use UnsafeCell , there is also get function of UnsafeCell (UnsafeCell in std::cell - Rust), which doing the same thing.. So, what is the difference between doing manually or using UnsafeCell.

Cerber-Ursi · April 16, 2019, 8:50am

UnsafeCell is treated specially (more about it and the similar cases here). It is marked as the only thing which can be modified while being behind shared reference.

kornel · April 16, 2019, 9:54am

When you use unsafe {}, you take responsibility for ensuring the safety rules are upheld, as otherwise the unsafety can spread beyond the block.

Hyeonu · April 16, 2019, 12:02pm

UnsafeCell is a language item. It is allowed to be modified under shared reference in the same sense as ManuallyDrop will not run destructor of its content.

Unsafe Rust is much more unsafe than unsafe C/++ as Rust restricts far much more things for the sake of performance. Those restrictions are automatically proven by compiler in safe context. But in unsafe { } it is you who has responsibility to guarantee ALL those restrictions. That's why I always (half-seriously) shout that the unsafe keyword should be renamed to unsafe_but_trust_me_i_know_what_im_doing_here

Yandros · April 16, 2019, 12:34pm

https://danielhenrymantilla.github.io/posts/2019-02-24-mutation-part-2-to-mut-or-not-to-mut#why-transmuting-to-mut-is-ub:

Why transmuting & to &mut is UB

Well, because for any type T :

The only* way to mutate a T is through a unique handle on that value; i.e. , a straight-owned T , a &mut T , a &mut &mut T , etc.

This implies that it is not possible mutate a T through a &T shared reference .

Actually, the very existence of a &T shared reference prevents the existence of any other &mut T or straight-owned T handle that would allow us to mutate that data!!

In other words, whenever a & _ exists, the pointee is guaranteed to be immutable for the lifetime of the reference .

This is a very interesting invariant that the compiler can use and ( does use! ) to aggressively optimize your code.

So if the data turned out not to be immutable, these assumptions would be invalidated making the optimized code wrong. Such contract violation is the very definition of Undefined Behavior.

TL,DR

Once a reference reaches the “potentially shared” state ( &_ ), Rust asserts that the pointee is immutable (during the lifetime of the reference).

system · July 15, 2019, 12:34pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Any remotely safe way to mutate a &T?	13	746	October 15, 2019
UnsafeCell behavior details help	6	1036	January 12, 2023
UnsafeCell: what exactly does it do, and when do I need it? help	5	5459	January 12, 2023
Re-interpreting a Repr-C'd struct's bytes as a certain type	41	1639	November 8, 2019
Casting a ref to writable mem to &mut: UB or not? help	11	1532	September 15, 2019

Mutable borrow from immutable input(s)

Related topics