static scope-shadowing restriction #11
Comments
|
I think this doesn't work except possibly with non-lexical borrows. Code like let mut array = Array::new(scope, 3);
array.set(0, Integer::new(scope, 0));
array.set(1, Integer::new(scope, 1));
array.set(2, Integer::new(scope, 2));is going to be rejected for (purportedly) attempting multiple simultaneous mutable borrows. |
|
OK, nonlexical borrows won't really help enough. It's fundamental in Rust that you can't have multiple live &mut borrows tied to the same source. So for this to work we'd have to impose a mental model that you can only have one live handle at a time. (And it would require nonlexical borrows to be ergonomic, I think.) But this is just too weird and restrictive a mental model. |
|
Stop press! Niko suggested a trick to circumvent the &mut restrictions that could work: create a shadow lifetime "behind" the Scope object's lifetime, and have the allocators return handles with the shadow lifetime. |
|
Thanks to rust-lang PR 29188, my branch works in the latest Rust Nightly! Landing soon. |
If we think of storing locals as "updating" a scope, we can rationalize changing the APIs to take an
&mut impl Scopeinstead of an&impl Scope. From there we can use the borrow checker rules to "freeze" a scope when we shadow it with.nestedand.chained, which lets us enforce most of the invariants of v8'sHandleScopeabstraction statically. For example:The only thing it doesn't prevent statically is shadowing a frozen scope:
The dynamic checks could be implemented with the same approach as today, but they would be rarer and possibly quite a bit less costly: instead of an extra branch on every creation of a local, they only have an extra branch on every shadowing of a scope.
One final thought: I wonder if this whole API is a fit for the future emplacement syntax.
The text was updated successfully, but these errors were encountered: