Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That would make the lifetime last forever, preventing you from ever getting the mutable reference back and causing any safety issues. (Your intuition serves you well, though: graphics APIs designed to commit on a guard type's Drop::drop are prone to panicking, since the GPU driver does not care about Rust lifetimes. To implement that properly, you usually need ersatz typestates.)


The crucial bit for Vec::drain is in these two lines of code, which the article lists but does not discuss:

        // set self.vec length's to start, to be safe in case Drain is leaked
        self.set_len(start);
You cannot rely on Drop alone for safety, you need a fallback strategy in case of a leak (mem::forget or Rc cycle). Rust lifetimes only ensure that there is no use after free; there is no guarantee that Drop is called before the end of the lifetime. It's possible to mutably access the original Vec after leaking a Drain.


Thanks to the feedback in this discussion, the article now does discuss 5at line; much obliged to all the folks who helped me fix a substantial error.


Yeah that's the "pre" in "pre-pooping your pants"


This is misleading. `std::mem::forget(&'a mut v)` does not imply `'a: 'static`.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: