It is well discussed that, windows_mut like function could not be safe if some mutable references escape the FnMut function, but, is it possible to provide unsafe version windows_mut?
Currently I could not see any disadvantages about that, and sometimes windows_mut is needed.
What might be the disadvantage adding windows_mut like functions? And what the SAFETY rules it should be?
previous discussion is here
Often you can use the window-of-cells workaround as described in https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.windows.
I think, as discussed in the thread you linked, nothing like this will happen in the standard library until we have lending iterators.
Such workaround often needs extra code. if we want to call a method with &mut self signature, we must swap the content out of the Cell, and swap back before we leave the function.
Why not just enable a unsafe version of window_mut? Are we decided to make a safe windows_mut thus the API of windows_mut could not be marked as unsafe?
windows_mut returning an iterator of overlapping &muts is way too easy to misuse -- just calling next on it twice would be instant UB, for example. I don't see it ever happening in the standard library.
Things in the standard library are there forever. We'll add windows_mut when it can be done safety. Until then, you can write something yourself or use a crate.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.