From: Ralf Jung Date: Tue, 18 Jul 2017 16:56:46 +0000 (-0700) Subject: only &UnsafeCell is special X-Git-Url: https://git.ralfj.de/web.git/commitdiff_plain/c5c8b45506712d106133bf3aa6eac302bb58e2fa?ds=inline;hp=6443ef4c3c06040c29466c96e372abd8fec8e458 only &UnsafeCell is special --- diff --git a/ralf/_posts/2017-07-17-types-as-contracts.md b/ralf/_posts/2017-07-17-types-as-contracts.md index 2d5e3c4..e01e750 100644 --- a/ralf/_posts/2017-07-17-types-as-contracts.md +++ b/ralf/_posts/2017-07-17-types-as-contracts.md @@ -306,7 +306,8 @@ If a function takes an `x: &Cell`, following the rules above, it will acqui Clearly, we do not want to do that -- calling `x.set` *will* actually mutate `*x`, and mutating through a shared reference is exactly the point of using `Cell`! Lucky enough, the compiler *already* says that interior mutability is only allowed via [`UnsafeCell`](https://doc.rust-lang.org/beta/core/cell/struct.UnsafeCell.html). -We can use this for our purposes: To adjust validation for interior mutability, we *stop* our recursive descent and do not do anything when reaching an `UnsafeCell`. +We can use this for our purposes: To adjust validation for interior mutability, we *stop* our recursive descent and do not do anything when reaching an `UnsafeCell` *while `mutbl` indicates we are in immutable mode*. +(`&mut UnsafeCell` is not affected.) In particular, no locks are acquired. This justifies calling `set` on a shared reference and having the value changed. Of course, it also means we cannot do some of the optimizations we discussed above -- but that's actually exactly what we want!