Lib.rs

Rust patterns
#builder-pattern #exception #unwind #safety #unsafe #finally

unwind_safe

Readable unwind-safe code thanks to a try-finally-looking builder pattern

by Daniel Henry-Mantilla

3 unstable releases

0.1.0 Dec 31, 2021
0.0.1 Mar 5, 2021

#1203 in Rust patterns

Download history 9608/week @ 2023-12-15 3772/week @ 2023-12-22 4295/week @ 2023-12-29 9307/week @ 2024-01-05 11168/week @ 2024-01-12 16066/week @ 2024-01-19 13149/week @ 2024-01-26 6458/week @ 2024-02-02 12917/week @ 2024-02-09 14105/week @ 2024-02-16 13166/week @ 2024-02-23 14198/week @ 2024-03-01 15904/week @ 2024-03-08 14486/week @ 2024-03-15 13787/week @ 2024-03-22 8463/week @ 2024-03-29

55,343 downloads per month
Used in 22 crates (3 directly)

Zlib OR MIT OR Apache-2.0

10KB
118 lines

::unwind_safe

Repository Latest version Documentation MSRV License CI

Readable unwind-safe code thanks to a try-finally-looking builder pattern

let mut body_called = false;
let mut finally_called = false;

// Let's imagine some code being run in a context where
// panics do not affect us (`panic::catch_unwind`), or some
// executor running stuff on another thread…
let _ = ::crossbeam::thread::scope(|s| drop(s.spawn(|_| {

    let ft = {
        ::unwind_safe::with_state(())
            .try_eval(|_| {
                body_called = true;
                if ::rand::random() {
                    panic!();
                } else {
                    42
                }
            })
            .finally(|_| { // <- The point of this crate!
                finally_called = true;
            })
    };
    // This is only reached when `try_eval` does not panic, obviously.
    assert_eq!(ft, 42);

})));

// Whatever code path was taken, the finally block is always executed
// (that's the point of this crate!).
// From a place that survives the panic (if any), we thus observe:
assert!(body_called);
assert!(finally_called);

With an actual owned state

If the destructor requires access to an owned State1 in the finally / deferred block, (type State =: of your choosing),

  1. you can feed that to the ::unwind_safe::with_state::<State> API entry-point;

  2. the .try_eval(|state: &mut State| {}) block will then have access to an exclusive borrow (&mut) to it through the closure's parameter,

  3. and the .finally block will get access to that state in an owned fashion through its own closure parameter: .finally(|state: State| {}).

1 This "owned" state may still be a borrow, e.g., type State = &mut;

Can unsafe code rely on the finally code always being run?

Yes! That's the point of the crate, and why it is so named: you can use this .finally pattern to ensure your unsafe code is unwind-safe ✅

Similar to ::scopeguard

This is similar to ::scopeguard::defer!, but for the added ability to get owned access in the finally / defer-red block while still letting the main block have &mut references to it.

It is thus actually the same as ::scopeguard::guard! The only (but crucial, imho) difference between these two is the readability of the code: with .try_eval().finally(), it is more obvious that the code in the .finally() part is running after the one on the main block, which is not obvious at first sight with ::scopeguard's API (it requires knowing how it works).

No runtime deps