Don’t mark flow_ref::deref_mut as unsafe.

See discussion in https://github.com/servo/servo/pull/7237
2025-07-22 23:03:42 +01:00 · 2015-08-18 19:37:15 +02:00 · 2015-08-18 19:37:15 +02:00 · 21d69314d4
commit 21d69314d4
parent 649250130b
10 changed files with 53 additions and 72 deletions
--- a/components/layout/flow_ref.rs
+++ b/components/layout/flow_ref.rs
@ -8,7 +8,6 @@
 //! be superfluous. This design is largely duplicating logic of Arc<T> and
 //! Weak<T>; please see comments there for details.

-#![allow(unsafe_code)]

 use flow::Flow;
 use std::sync::{Arc, Weak};
@ -16,9 +15,14 @@ use std::sync::{Arc, Weak};
 pub type FlowRef = Arc<Flow>;
 pub type WeakFlowRef = Weak<Flow>;

-// FIXME(https://github.com/servo/servo/issues/6503) This introduces unsound mutable aliasing.
-// Try to replace it with Arc::get_mut (which checks that the reference count is 1).
-pub unsafe fn deref_mut<'a>(r: &'a mut FlowRef) -> &'a mut Flow {
+/// WARNING: This should only be used when there is no aliasing:
+/// when the traversal ensures that no other threads accesses the same flow at the same time.
+/// See https://github.com/servo/servo/issues/6503
+/// Use Arc::get_mut instead when possible (e.g. on an Arc that was just created).
+#[allow(unsafe_code)]
+pub fn deref_mut<'a>(r: &'a mut FlowRef) -> &'a mut Flow {
    let ptr: *const Flow = &**r;
-    &mut *(ptr as *mut Flow)
+    unsafe {
+        &mut *(ptr as *mut Flow)
+    }
 }