Skip to content

Function Contracts: Interior Mutability Tests #3351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Jul 30, 2024
Merged

Function Contracts: Interior Mutability Tests #3351

merged 38 commits into from
Jul 30, 2024

Conversation

@pi314mm
Copy link
Contributor

@pi314mm pi314mm commented Jul 17, 2024
edited
Loading

Test cases for interior mutability using Cell, OnceCell, UnsafeCell, and RefCell.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

Matias Scharager added 2 commits July 17, 2024 17:35
@pi314mm pi314mm added this to the Function Contracts milestone Jul 17, 2024
@pi314mm pi314mm self-assigned this Jul 17, 2024
feliperodri
feliperodri requested changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@feliperodri feliperodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need to update our RFC to describe any limitations around interior mutability.

@feliperodri
Copy link
Contributor

feliperodri commented Jul 18, 2024

The transmute is safe here because Cell and UnsafeCell are guaranteed to have the same memory layout as their underlying type. https://doc.rust-lang.org/stable/std/cell/struct.UnsafeCell.html#memory-layout

This comment should be included in the test cases.

celinval
celinval reviewed Jul 18, 2024
View reviewed changes
@pi314mm pi314mm marked this pull request as ready for review July 19, 2024 16:39
@pi314mm pi314mm requested a review from a team as a code owner July 19, 2024 16:39
celinval
celinval reviewed Jul 19, 2024
View reviewed changes
Copy link
Contributor

@celinval celinval left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you need the transmute in any of these cases. You should be able to use the public methods to get the data address or a copy of the data.

We have two problems, and I think it might be helpful to think about them separately, although you might want to add a test that has both. The first problem is interior mutability, and the second one is encapsulation.

Using transmute is necessary if you want to break encapsulation. The interior mutability could be a problem for identifying expressions that are side-effect free.

celinval
celinval reviewed Jul 23, 2024
View reviewed changes
feliperodri
feliperodri approved these changes Jul 30, 2024
View reviewed changes
feliperodri and others added 14 commits July 29, 2024 23:27
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/unsaf…
13baa5b 
…ecell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/unsaf…
5feba8c 
…ecell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/cell_…
7f84e89 
…stub.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/cell_…
882477c 
…stub.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/cell.rs
82c3e6f
@feliperodri
Update tests/expected/function-contract/interior-mutability/api/cell.rs
1e12172
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
42fd597 
…uct/cell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
60b0d8a 
…uct/cell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
dbf938f 
…uct/oncecell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
065b554 
…uct/refcell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
19b4cbf 
…uct/refcell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
aaf64ed 
…uct/unsafecell.rs
@feliperodri
Update tests/expected/function-contract/interior-mutability/whole-str…
172839f 
…uct/unsafecell.rs
@feliperodri
Merge branch 'main' into int-mut-tests
ba95719
@feliperodri feliperodri enabled auto-merge (squash) July 30, 2024 03:29
@feliperodri feliperodri merged commit 1e0b71d into model-checking:main Jul 30, 2024
@pi314mm pi314mm deleted the int-mut-tests branch July 30, 2024 04:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@feliperodri feliperodri feliperodri approved these changes

+1 more reviewer

@celinval celinval celinval left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@pi314mm pi314mm

Labels

None yet

Projects

None yet

Milestone

Function Contracts

Development

Successfully merging this pull request may close these issues.

3 participants

@pi314mm @feliperodri @celinval