Pre-RFC: std::mem::Leaked


#1

While working on generic_array, I learned about leak amplification. However, looking into the nodrop crate shows a currently quite hacky solution that uses another u8 + padding for the enum disctiminant whose sole raison d’etre is to disable the drop glue.

So in the name of making the leak amplification pattern easier to apply (and the code more obvious), I propose adding a std::mem::Leaked<T> type to the standard library that wraps a T and will be completely ignored by dropck.

This type would have an .into_inner() method with the obvious semantics, namely converting the value into the wrapped type (and thus un-leaking it).

Usage example: creating and filling some IndexMut (e.g. array) safely despite uninitialized memory.

unsafe {
    let res = std::mem::uninitialized();
    for (i, s) in list.iter().enumerate() {
        // temporarily leak `res`
        let res = std::mem::Leaked(res);
        // this may panic, if it does, `res` is leaked
        let v = f(s);
        // un-leak my res
        let mut res = res.into_inner();
        // put the value into our collection
        std::ptr::write(*mut res[i], v);
    }
    res
}

Is there interest in such an API? Do I underestimate the complexity?


#2

See https://github.com/rust-lang/rfcs/pull/197 for a proposal of a very similar type, which is believed to be (mostly) implementable via the new union support.