1.0.0 (older version) Thoroughness: High Understanding: High
by cad97 on 2020-02-10
This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of RcBorrow is 1.4.0.
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open rc-borrow. Alternatively, you can download the tarball of rc-borrow v1.4.0 or view the source online.
I am the author of this crate. As such, I obviously trust it and believe it is useful. So this review will instead point at the trickiest parts and try to rationalize them.
Do not believe cargo-geiger for this crate. The implementation is primarily macro-generated, and cargo-geiger does not see into unsafe generated in macros.
That said, this crate is fairly simple and self-evident. The main tricky bit is around pointer provenance when reconstructing the (A)Rc. See https://internals.rust-lang.org/t/_/11463/11 for some context. The standard library currently does this wrong, even! Getting the "raw" reference as
&**arcgives shared immutable provenance, and (A)Rc requires "raw mutable" provenance, because of get_mut.If you're reading this and you ever upgrade &T to (A)Rc, replace it with this crate! The crate uses autocfg to automatically probe for the "fix" methods of std providing a (A)Rc::as_raw, so will automatically upgrade to the purely sound version when it's available.
Smoke tests are run under miri, but the crate could potentially do with some more examples as well as some more tests to ensure that all of the functionality works as advertised.
I've only put this review as positive rather than strong because of a lack of real-world use. As of yet, the library is just of theoretical use, and has yet to be stress tested for real.