Suggestion unwrap_safe for Result<T, !>, or `impl From<Result<T, !>> for T`

derekdreery · 2019-02-16T09:09:53.185Z

I’ve noticed that people have started to evaluate crate quality by looking for branches that may panic and seeing if they have been audited as impossible. So I propose adding something like

impl<T> Result<T, !> {
    fn unwrap_safe(self) -> T {
        self.unwrap()
    }
}

which saves you having to explain that the unwrap is audited safe in a comment.

Thoughts?

derekdreery · 2019-02-16T09:18:49.388Z

An example of current practice from embedded-hal (the comment would become unnecessary, reducing cognitive load for the reviewer)

            await!(timer.wait()).unwrap(); // NOTE(unwrap) E = Void

H2CO3 · 2019-02-16T10:19:10.713Z

I’m definitely supportive of something like this but the implementation should be evocative of the very safety it tries to provide: instead of merely delegating to unwrap, I think it would be nicer to implement it with a non-fallible pattern match.

The name could be better, too – if I recall correctly, adding _safe to a method name is not really idiomatic in Rust; the no-panic guarantee of this method would also be unrelated to the kind of unsafety the language tries to protect programmers from. I would rather call it something like into_inner() that is pretty common for wrapper types which guarantee the ability to retrieve the wrapped value.

And while we are at it, would it be possible to impl From<Result<T, !>> for T? Then we could simply call .into() on an always-Ok result. (Not sure about the coherence rules here but I think it should work.)

dhm · 2019-02-17T10:51:24.748Z

Since ! should be isomorphic to enum Never {} (correct me if I am wrong), we could imagine a trait for their common behavior (naming could change):

trait UnReach : Into<!> {
  fn unreachable (self) -> ! { self.into() }
}
impl < Never : Into<!> > Unreach for Never {}

Where for all enum Never {} types, all we would have to is define/derive the Into<!> impl:

enum Never {}

impl Into<!> for Never {
  fn into(self) -> ! {
    match self {
      // ! /* there was a blog post about this */
    }
  }
}

We could then have:

/// in `::core`
impl <T, Never : Unreach>  From< Result<T, Never> > for T
{
  fn from (
    result: Result<T, Never>,
  ) -> Self
  {
    match result {
      Ok(inner) => inner,
      Err(never) => never.unreachable(),
    }
  }
}

EDIT: link to the ! pattern blog post: http://smallcultfollowing.com/babysteps/blog/2018/08/13/never-patterns-exhaustive-matching-and-uninhabited-types-oh-my/

derekdreery · 2019-02-17T13:20:34.169Z

dhm:

Since ! should be isomorphic to enum Never {} (correct me if I am wrong), we could imagine a trait for their common behavior

In theory, yeah, but I’m guessing that once ! stabilizes, all uninhabited enums will disappear. Also, they exist in old code as a hack way of defining an external type, so I don’t know if these types could exist even thought its kinda breaking the language rules.

H2CO3:

And while we are at it, would it be possible to impl From<Result<T, !>> for T ? Then we could simply call .into() on an always- Ok result. (Not sure about the coherence rules here but I think it should work.)

It would be awesome, and a better solution, if you could just use Into::into .

EDIT combined responses.

dhm · 2019-02-17T14:55:13.429Z

derekdreery:

I’m guessing that once ! stabilizes, all uninhabited enums will disappear

They would indeed become an obsolete pattern, but keeping the options open can still be useful: in the same vein that () does not make any zero-sized struct useless (even if we ignored new-type usage for traits) since they can convey richer information.

Take, for instance, the return type of ::std::iter::Iterator::next(), and let’s call it IteratorState<Item>:

Currently, IteratorState<Item> is Option<Item>:

type IteratorState<Item> = enum Option<Item>
{
  Some(Item),
  None,
}

with generators, it could be seen as ::std::ops::GeneratorState<Iterator::Item, ()>,

i.e.,
```
type IteratorState<Item> = enum GeneratorState<Item, ()>
{
  Yielded(Item),
  Complete(()),
}
```
And although the one-type-fits-them-all is elegant logical-patterns-wise, that Complete(()) does not look nice (although quite better than the initial None!). With an (isomorphic) custom type, we could improve it:

enum IteratorState<T>
{
  Yielded(T),
  Exhausted,
}
use self::IteratorState::*;
impl<T> IteratorState<T> {
  fn some(self) -> Option<T> { match self {
    Yielded(value) => Some(value),
    Exhausted      => None,
  }}
}

I thus think that custom never types may very well exist, either in the form

struct Never /* = */ (!);

or in the empty enum form. Hence the need for such a trait.

As an aside, I find custom inhabited types useful for “type-level enums”, since it prevents using them as values.

Those are useful for truly immutable settings that can then lead to constant propagation and dead code removal:

trait Bool { const TRUTH: bool; fn is_true () -> bool { Self::TRUTH } }
  enum True  {} impl Bool for True  { const TRUTH: bool = true ; }
  enum False {} impl Bool for False { const TRUTH: bool = false; }

/// they can be "converted back to (zero-sized) values" with `PhantomData`
use ::std::marker::PhantomData;

struct Config<Verbose : Bool> {
  // ...
  _phantom: PhantomData<Verbose>,
}

impl<Verbose : Bool> Config<Verbose> {
  fn run (
    // ...
  )
  {
    if Verbose::is_true() { /* be verbose */ }
    // do some stuff
    if Verbose::is_true() { /* be verbose */ }
    // do more stuff
    if Verbose::is_true() { /* be verbose */ }
  }
}

derekdreery · 2019-02-24T09:53:32.146Z

Interesting, thanks for taking the time to write this.

drXor · 2019-02-25T15:27:59.210Z

It’s not immediately clear what the value is (rather than more into inference… ugh). Result<T, !> is (or should be) represented as a T, so I doubt unwrap is more than a nop.

Yato · 2019-02-25T15:39:38.474Z

unwrap is a nop, as tested on the latest stable on playground. Even with empty enums like Void below.

playground link: https://play.rust-lang.org/?version=stable&mode=release&edition=2018&gist=26f2231c576149736f2966dd41b6b045

#[derive(Debug)]
pub enum Void {}

type T = u32;

#[inline(never)]
fn abort<T>() -> T {
    panic!()
}

#[inline(never)]
pub fn unwrap_me_test(r: Result<T, Void>) -> T {
    match r {
        Ok(x) => x,
        Err(y) => abort()
    }
}

playground::unwrap_me_test:
	movl	%edi, %eax
	retq

<playground::Void as core::fmt::Debug>::fmt:
	ud2

As you can see playground::abort is nowhere to be seen because it was completely optimized away.