From c5c8b45506712d106133bf3aa6eac302bb58e2fa Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 18 Jul 2017 09:56:46 -0700 Subject: [PATCH 1/1] only &UnsafeCell is special --- ralf/_posts/2017-07-17-types-as-contracts.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ralf/_posts/2017-07-17-types-as-contracts.md b/ralf/_posts/2017-07-17-types-as-contracts.md index 2d5e3c4..e01e750 100644 --- a/ralf/_posts/2017-07-17-types-as-contracts.md +++ b/ralf/_posts/2017-07-17-types-as-contracts.md @@ -306,7 +306,8 @@ If a function takes an `x: &Cell`, following the rules above, it will acqui Clearly, we do not want to do that -- calling `x.set` *will* actually mutate `*x`, and mutating through a shared reference is exactly the point of using `Cell`! Lucky enough, the compiler *already* says that interior mutability is only allowed via [`UnsafeCell`](https://doc.rust-lang.org/beta/core/cell/struct.UnsafeCell.html). -We can use this for our purposes: To adjust validation for interior mutability, we *stop* our recursive descent and do not do anything when reaching an `UnsafeCell`. +We can use this for our purposes: To adjust validation for interior mutability, we *stop* our recursive descent and do not do anything when reaching an `UnsafeCell` *while `mutbl` indicates we are in immutable mode*. +(`&mut UnsafeCell` is not affected.) In particular, no locks are acquired. This justifies calling `set` on a shared reference and having the value changed. Of course, it also means we cannot do some of the optimizations we discussed above -- but that's actually exactly what we want! -- 2.30.2