I'm working on an (as yet unreleased) document tree structure implementation that uses a vector of nodes, where each node contain indexes to parent, child, sibling nodes. Including memory footprint and access efficiency and ergonomics, the Vector/index approach seems to be working better than an Rc<…

One possibility is to move/copy the item being modified out of the Palette, and then move it back in afterwards: let mut color = self.colors[i].clone(); let result = f(self, &mut color); self.colors[i] = color; result Or instead of passing the filter predicate a ref…

Thanks much for this suggestion as it helps me narrow in on the nature of the borrow-checker's issue with the interface. Certainly for the above minimized example, yours is a perfectly valid alternative. For my real tree implementation, with existing benchmarks, if I replace the unsafe with your s…

[image] dekellum: ives me more reason to believe that the unsafe version is perfectly safe. How so? They are doing completely different things. The whole point of borrow checking is that having other references to a value while also holding a mutable reference to it is not safe. If the 10% pe…

[image] dekellum: Is this a common case where people resort to unsafe? Very much no. This already can be quite clearly used to invoke UB: fn adjust_color(p: &Palette, c: &mut Color) -> bool { *c = Color::Blue; let s1 = format!("{:?}", p); *c = Color::Red; let s2 = format!("{…

[image] dekellum: the fact that it works as safe code then, gives me more reason to believe that the unsafe version is perfectly safe That fact that it works as safe code means that LLVM was constrained by Rust's semantics for the safe code to NOT mis-optimize your program logic. You remove t…

Thanks all for the comments, and I hope this doesn't sound unthankful. Really, I did ask for and greatly appreciate the feedback! For me the unsafe dark side was tempting enough at least to leave in place while I prototyped other aspects of my library. But I can't actually replicate @ExpHP 's expec…

Try running it with miri. You can find it under the tools on the playground. It will detect the UB.

Here's an example of UB in safe code ( playground ): fn adjust_color(p: &Palette, c: &mut Color) -> bool { let c1 = &p.colors[0]; let c2 = c1.clone(); *c = Color::Blue; assert_eq!(c1, &c2); true } c and c1 clearly violate the aliasing rules, and the value behind c1 …

Thanks @mbrubeck , I can repro that UB, and not just as a Miri warning. While I think it would be an unusual implementation (didn't appear in the 7 filters I wrote in real library) I certainly don't want to inflict such a possibility on myself or others!

It doesn't matter whether you can "reproduce" it; if it's UB, it's UB. In the case of my example, the compiler simply isn't smart enough yet to make this optimization. That doesn't mean it couldn't become smarter in the future. It was unclear to me what the public API was (since nothing is marked…

Save me from going `unsafe` here?

help

alice February 26, 2020, 10:39pm 12

To reiterate the point: Undefined behaviour means that although the compiler is allowed to do what you wanted, it also has permission to do something else. Sometimes you just get lucky.

TWiR quote of the week

FFI Safety of Box<T>

A problem with Box<dyn> type returned by FFI

Memory layout introspection

Topic		Replies	Views
Binary Search Tree Node Removal without unsafe code help	14	2593	May 29, 2021
Collecting a vector of references through recursive descent	72	4162	January 9, 2022
How to avoid write almost the same code due to borrow checking help	11	777	May 21, 2022
Help with writing a custom tree iterator help	10	304	September 4, 2025
How to share &mut via unsafe code if uniqueness is guaranteed otherwise help	38	1466	October 2, 2023

Save me from going `unsafe` here?

Related topics