Saltar a contenido

Week 8 - Drop, the Drop Checker, and Destructor Discipline

8.1 Conceptual Core

  • Drop::drop(&mut self) runs when a value goes out of scope, when mem::drop is called, when a panic unwinds, or when a Vec/etc. is dropped (each element is dropped in turn).
  • The Drop checker (dropck) is the part of the borrow checker that ensures a destructor cannot observe a borrowed value that is itself about to be dropped-the classic "owned Vec<&'a str> where the &'a str references something that will outlive 'a" hazard.
  • Drop order:
  • Local variables: reverse declaration order within a block.
  • Struct fields: declaration order.
  • Tuple elements: declaration order.
  • Closures: capture order.

8.2 Mechanical Detail

  • #[may_dangle] (nightly attribute, used in std internals): a hand-shake by which a Drop impl asserts it will not read its generic-parameter values during drop. This is what allows Vec<&'a T> to drop after &'a T's referent is gone, as long as Vec<T> does not access the Ts in its destructor.
  • PhantomData<T> and dropck: PhantomData<T> makes the dropck behave as if a T is owned. Necessary for FFI handles where the underlying C type needs lifetime-tracking even though Rust doesn't store one.
  • ManuallyDrop<T>-suppress the destructor entirely. Used for union fields and for transferring ownership across FFI without a double-free.
  • mem::forget-leak deliberately. Necessary when handing ownership to C code; constitutes a soundness escape hatch but not unsafe (because leaking is safe).
  • std::panic::catch_unwind: how unwinding interacts with destructors. A panic during a destructor's drop = abort (double-panic).

8.3 Lab-"Resource Acquisition Is Initialization"

Build a FileLock type wrapping flock(2): - On construction, acquire an advisory lock. - On Drop, release it. Even on panic. - Provide a try_lock constructor returning Result<FileLock, std::io::Error>. - Add a test that asserts the lock is released after a panic by spawning a child process that panics while holding the lock and observing in the parent that the lock can be re-acquired.

8.4 Idiomatic & Clippy Drill

  • clippy::mem_forget, clippy::drop_non_drop, clippy::let_underscore_must_use, clippy::unnecessary_struct_initialization. Drop discipline is one of the few areas where clippy is mostly about intent signaling.

8.5 Production Hardening Slice

  • Add a debug-build assertion that FileLock cannot be moved while held (sketch with Pin - full impl deferred to Week 11). Run the full month-2 workspace throughcargo +nightly miri test. Begin aMIRI_NOTES.md` log of every interaction the Miri output forces you to investigate; this becomes a study artifact.

Month 2 Capstone Deliverable

A type-system-lab/ workspace containing: 1. lending-iter (week 5)-a no_std - compatible lending iterator crate. 2.bloat-demo(week 6)-the static vs dynamic dispatch comparison, with a written tradeoff analysis. 3.tracing-rc(week 7)-Miri-clean. 4.flock-rs` (week 8)-a working file-lock RAII crate.

Workspace-level CI must add: cargo +nightly miri test, cargo semver-checks. Begin contributing minor doc fixes upstream (rust-lang/rust or a popular crate). Open at least one PR by end of month, however small.

Comments