Replace_with RFC


#1

I just want to bring this RFC to the attention of people interested in the unsafe code guidelines:

As the comments towards the end suggest, this RFC is of interest to unsafe code authors:


#2

Being able to get a T from a &mut T is more of a safety-proof/type-system issue than a memory model issue - I don’t think that “safe” uses of mem::replace_with would be UB in any model.


#3

Well, quite some of our discussions about UB end up asking the question when and where the compiler can “trust types”. To answer that question, we have to figure out what types like &mut T “mean”, which brings us squarely into issues of type-system interpretation.


#4

I don’t think that the unsafe code guidelines are only about UB. They are also about putting limits on what other safe/unsafe code may be doing, so you can know if your supposedly “safe” interface is truly safe.