forum: https://internals.rust-lang.org/t/stacked-borrows-implemented/8847
---
-Three months ago, I proposed [Stacked Borrows]({% post_url
-2018-08-07-stacked-borrows %}) as a model for defining what kinds of aliasing
-are allowed in Rust, and the idea of a [validity invariant]({% post_url
-2018-08-22-two-kinds-of-invariants %}) that has to be maintained by all code at
-all times. Since then I have been busy implementing both of these, and
+Three months ago, I proposed Stacked Borrows as a model for defining what kinds
+of aliasing are allowed in Rust, and the idea of a [validity invariant]({%
+post_url 2018-08-22-two-kinds-of-invariants %}) that has to be maintained by all
+code at all times. Since then I have been busy implementing both of these, and
developed Stacked Borrows further in doing so. This post describes the latest
version of Stacked Borrows, and reports my findings from the implementation
phase: What worked, what did not, and what remains to be done. There will also
be an opportunity for you to help the effort!
+This post is a self-contained introduction to Stacked Borrows. Other than
+historical curiosity and some comparison with my earlier work on
+[Types as Contracts]({% post_url 2017-07-17-types-as-contracts %}) there is no
+reason to read the [original post]({% post_url 2018-08-07-stacked-borrows %}) at
+this point.
+
<!-- MORE -->
What Stacked Borrows does is that it defines a semantics for Rust programs such
code.
I will explain these rules again in this post. The explanation is not going to
-be the same as last time, not only because it changed a bit, but also because I
-think I understand the model better myself now so I can do a better job
-explaining it.
+be the same as [last time]({% post_url 2018-08-07-stacked-borrows %}), not only
+because it changed a bit, but also because I think I understand the model better
+myself now so I can do a better job explaining it.
Ready? Let's get started. I hope you brought some time, because this is a
rather lengthy post. If you are not interested in a detailed description of
3. Perform the actions that would also happen when an actual access happens
through this reference (for shared references a read access, for mutable
references a write access).
-4. Check if the new tag is `Shr(Some(t))` and the location is inside an `UnsafeCell`.
+4. Check if the new tag is `Shr(Some(t))` and the location is *not* inside an `UnsafeCell`.
- If both conditions apply, freeze the location with timestamp `t`. If it
is already frozen, do nothing.
- Otherwise, push a new item onto the stack: `Shr` if the tag is a `Shr(_)`,
Now the location cannot be frozen any more: If the fresh tag is `Uniq`, we
just unfroze; if the fresh tag is `Shr` and the location was already frozen,
then the redundancy check (step 3) would have kicked in.
-5. Check if the new tag is `Shr(Some(t))` and the location is inside an `UnsafeCell`.
- - If both conditions apply, freeze the location with timestamp `t`. If it
- is already frozen, do nothing.
+5. Check if the new tag is `Shr(Some(t))` and the location is *not* inside an `UnsafeCell`.
+ - If both conditions apply, freeze the location with timestamp `t`.
- Otherwise, push a new item onto the stack: `Shr` if the tag is a `Shr(_)`,
`Uniq(id)` if the tag is `Uniq(id)`.
projects / web.git / blobdiff