pub struct Bound<'a, T: BoundExt<'a>> { /* private fields */ }
Expand description
Workaround for rust not having generic associated lifetimes (GAT/GAL).
General Safety Aspects
Bound<'a, T>
binds a lifetimes 'a
to a instance of a type T
.
It guarantees on a safety level that rebinding to any lifetimes which
is not a subset of the original lifetime requires unsafe code (as it
is unsafe).
This guarantee allows libraries to accept a Bound<'a, ThereType>
instead of self an rely on the 'a
lifetime for unsafe code.
For example ThereType
could contain a Transaction<'static>
which
was transmuted from a Transaction<'a>
but due to it needing to use
it as a associated type it can’t have the lifetime 'a
. Still as
the method accepts a Bound<'a, ThereType>
they can rely on the
'a
not having been changed from the original construction and
as such know that they can use it after casting/transmuting it
to a Transaction<'a>
;
Drop
This method will call pre_drop(&mut Bound<'a, Self>)
when the wrapper is
dropped (which will be followed by a call to Self::drop
is Self impl. drop).
As Self
might contain a type with a wrong lifetime ('static
) and rust will/might
have the feature to specialize Drop on 'static
. We can not drop that inner value
on Drop
safely (we can’t turn it to “any” shorter lifetime either as it might have
been static and as such might need to run the specialized code). So we have to drop
it while we still have access to the original
Implementations
sourceimpl<'a, T> Bound<'a, T>where
T: BoundExt<'a>,
impl<'a, T> Bound<'a, T>where
T: BoundExt<'a>,
sourcepub unsafe fn new(inner: T) -> Self
pub unsafe fn new(inner: T) -> Self
Creates a new Bound
instance.
Safety
A instance of T
has to be bound to a lifetime valid
for it as Bound
gives this guarantee. So using new
with a instance of a type corresponding to a different
lifetime then 'a
is unsafe behavior.
Also note that using this method can have other safety
constraints defined by T
as such it should only be
used by T
to create a Bound
wrapper of itself.
sourcepub unsafe fn _get_mut(&mut self) -> &mut T
pub unsafe fn _get_mut(&mut self) -> &mut T
Get &mut
access to the inner type.
Safety
Implementors of traits used for T
might rely on
the instance of T
being coupled with the right
lifetime 'a
. But a &mut
borrow would allow
switching the content of two Bound
instances, which
might brake safety constraints.
sourcepub fn _into_inner(self) -> T
pub fn _into_inner(self) -> T
Consumes self the return the contained instance of T
.
Safety / Drop
As dropping some thinks can only be safely done with
BoundExt::pre_drop()
turning this instance into T
might cause the leakage of some resources and should
only be done by methods which are aware of this problems.