logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: erasable

https://lib.rs/crates/erasable/

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

Add the last reviewed version to Cargo.toml / [dependencies]:

erasable = "1.0.0"

Please, use mobile in landscape.

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
crate
1
2
2
1
1.0.0
1
2
2
1
crate version
rating
date
reviewer
thoroughness, understanding
erasable 1.0.0
positive
2020-02-10
cad97
high, high

I am the author of this crate. As such, I obviously trust it and believe it is useful.
So this review will instead point at the trickiest parts and try to rationalize them.

ErasedPtr is a trivial typedef.
Erasable is an unsafe trait, but an obvious one.

ErasablePtr is a tricky trait, as it encodes the requirements to make Thin work properly.
The methods functionality it provides is self-evident, but the Thin requirements are subtle.
Specifically, ErasablePtr requires Deref and DerefMut to "behave" to make Thin::with(_mut) sound.
It needs to be sound to take an erased pointer, convert it back to the real pointer temporarily,
dereference the real pointer, trash the temporary real pointer, and then use the resulting ref.
This is the requirement laid out by usage with Thin and described generally by the documentation.

Because of the simplicity of the actual functionality, the actual implementations of ErasablePtr
(as well as Erasable) are almost trivially correct, just type erasing and casting the type back.

Thin is the real scary unsafe involved. It relies on the guarantees promised by ErasablePtr
to treat an ErasedPtr as if it were the real, invariant-holding pointer.
The unsafe points are Thin::with, Thin::with_mut, Thin::deref, and Thin::deref_mut.
Thin::with is sound because of the no-shared-mutability-before-indirection requirement,
meaning that the created undropped temporary is a fine substitue for the real pointer.
Thin::with_mut adds the possiblity of mutability-before-indirection, and uses a scope guard
to ensure that the potentially mutated pointer is re-erased and re-stored as the thin pointer.
The Deref and DerefMut impls then rely on the address-independent-deref semantics to tie the
lifetime of the deref'd reference to the erased pointer rather than the temporary real pointer.
The only chance for mutability-before-indirection is in the pointer's own DerefMut impl,
and the use of Thin::with_mut to deref the real pointer ensures that this is properly respected.
The remaining impls on Thin just forward trait impls, as is done for pointers in std.

Note, however, that Thin actually provides little/no actual benefits without an additional
library (slice-dst), because all erasable pointers provided by this crate are already thin.

Smoke tests are run under miri, but the crate could potentially do with some more examples
as well as some more tests to ensure that all of the functionality works as advertised.

Some completely dead code was left in, but has been patched out of the git head,
and a patch version will be released that removes the unneeded dead code.

I've only put this review as positive rather than strong because of a lack of real-world use.
As of yet, the library is just of theoretical use, and has yet to be stress tested for real.
However, I feel perfectly fine recommending it for any/all use case that wants to make working
with type-erased pointers simpler, or uses slice-dst and wants thin pointers to those structures.

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/