beda82ddf1
The old system tried to ensure that the location an alias pointed at would retain its type. That turned out to not be strong enough in the face of aliases to the inside of tags. The new system instead proves that values pointed to by aliases are not replaced (or invalidated in some other way) at all. It knows of two sufficient conditions for this, and tries to prove at least of them: A) The alias is 'immutably rooted' in a local, and this local is not reassigned for the lifetime of the alias. Immutably rooted means the alias refers to the local itself, or to something reachable from the local through immutable dereferencing. B) No value whose type might include the type of the 'inner mutable element' of the thing the alias refers to (for example, the box in rec(mutable x = @mutable int)) is from the outer scope is accessed for the lifetime of the alias. This means for functions, no other argument types may include the alias's inner mutable type. For alt, for each, and for, it means the body does not refer to any locals originating from outside their scope that include this type. The lifetime of an alias in an alt, for each, or for body is defined as the range from its definition to its last use, not to the point where it goes out of scope. This makes working around these restrictions somewhat less annoying. For example, you can assign to your alt-ed value you don't refer to any bindings afterwards.
16 lines
227 B
Rust
16 lines
227 B
Rust
// error-pattern:invalidate alias x
|
|
|
|
fn whoknows(@mutable int x) {
|
|
*x = 10;
|
|
}
|
|
|
|
fn main() {
|
|
auto box = @mutable 1;
|
|
alt (*box) {
|
|
case (?x) {
|
|
whoknows(box);
|
|
log_err x;
|
|
}
|
|
}
|
|
}
|