API proposal: unsafe `array_windows_mut` and `windows_mut`

It is well discussed that, windows_mut like function could not be safe if some mutable references escape the FnMut function, but, is it possible to provide unsafe version windows_mut?

Currently I could not see any disadvantages about that, and sometimes windows_mut is needed.

What might be the disadvantage adding windows_mut like functions? And what the SAFETY rules it should be?

previous discussion is here

Often you can use the window-of-cells workaround as described in https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.windows.

I think, as discussed in the thread you linked, nothing like this will happen in the standard library until we have lending iterators.

1 Like

Such workaround often needs extra code. if we want to call a method with &mut self signature, we must swap the content out of the Cell, and swap back before we leave the function.

Why not just enable a unsafe version of window_mut? Are we decided to make a safe windows_mut thus the API of windows_mut could not be marked as unsafe?

windows_mut returning an iterator of overlapping &muts is way too easy to misuse -- just calling next on it twice would be instant UB, for example. I don't see it ever happening in the standard library.

Things in the standard library are there forever. We'll add windows_mut when it can be done safety. Until then, you can write something yourself or use a crate.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.