Function check_sanity

pub unsafe fn check_sanity()

Check whether the assumptions about the internals of Rc made in this library are correct.

Note that we can’t verify exactly whether we are out-of-sync with the current version of std, instead, we perform some sanity testing that should give us a “good enough” indicator that our assumptions are correct.

As such, this function is marked unsafe, because it can invoke undefined behavior if our assumptions are wrong.

Once this check has passed, a global variable is set that allows the creation of RcUninit. Note that even with sanity tests, this might still invoke undefined behavior if some detail is not caught. Rc could decide to reorder fields at will after some call, or do something else that invalidates the assumptions made in this library. As such, use of RcUninit could be unsound, however unlikely. The functions on RcUninit are thus not marked as unsafe as check_sanity intends to provide sufficient shielding against potential undefined behavior.

Safety

This function is only sound if the standard library used with this crate matches this crate’s assumptions about Rc, as such, it’s up to the caller to inspect the standard library to confirm that it matches what this crate expects.

Here are the conditions that need to be satisfied by Rc and Weak.

1. RcInner definitions inside std::rc and this crate must match exactly.
2. The pointer to RcInner that Rc constructs must be *mut.
3. The value pointer that Rc::into_raw returns must point to the value inside RcInner.
4. Offset calculations used by Rc::increment_strong_count and Rc::decrement_strong_count must match with how this crate calculates offsets from the value in RcInner to the counts.
5. All operations that Weak exposes must not invalidate the pointer to RcInner.