When is it necessary to circumvent Rust’s borrow checker?

by

When is it necessary to circumvent Rust’s borrow checker?

It is needed when:

  • the borrow checker is not advanced enough to see that your usage is safe
  • you do not wish to (or cannot) write the code in a different pattern

As a concrete case, the compiler cannot tell that this is safe:

let mut array = [1, 2];
let a = &mut array[0];
let b = &mut array[1];

The compiler doesn’t know what the implementation of IndexMut for a slice does at this point of compilation (this is a deliberate design choice). For all it knows, arrays always return the exact same reference, regardless of the index argument. We can tell that this code is safe, but the compiler disallows it.

You can rewrite this in a way that is obviously safe to the compiler:

let mut array = [1, 2];
let (a, b) = array.split_at_mut(1);
let a = &mut a[0];
let b = &mut b[0];

How is this done? split_at_mut performs a runtime check to ensure that it actually is safe:

fn split_at_mut(&mut self, mid: usize) -> (&mut [T], &mut [T]) {
    let len = self.len();
    let ptr = self.as_mut_ptr();

    unsafe {
        assert!(mid <= len);

        (from_raw_parts_mut(ptr, mid),
         from_raw_parts_mut(ptr.offset(mid as isize), len - mid))
    }
}

For an example where the borrow checker is not yet as advanced as it can be, see What are non-lexical lifetimes?.

I borrow self.board mutably in the iter_mut() method and then try to borrow it again immutably to get all the neighbours of the read cell.

If you know that the references don’t overlap, then you can choose to use unsafe code to express it. However, this means you are also choosing to take on the responsibility of upholding all of Rust’s invariants and avoiding undefined behavior.

The good news is that this heavy burden is what every C and C++ programmer has to (or at least should) have on their shoulders for every single line of code they write. At least in Rust, you can let the compiler deal with 99% of the cases.

In many cases, there’s tools like Cell and RefCell to allow for interior mutation. In other cases, you can rewrite your algorithm to take advantage of a value being a Copy type. In other cases you can use an index into a slice for a shorter period. In other cases you can have a multi-phase algorithm.

If you do need to resort to unsafe code, then try your best to hide it in a small area and expose safe interfaces.

Above all, many common problems have been asked about (many times) before:

More Related Contents:

  1. Return local String as a slice (&str)
  2. How can I swap in a new value for a field in a mutable reference to a structure?
  3. How to get a reference to a concrete type from a trait object?
  4. How do I return a reference to something inside a RefCell without breaking encapsulation?
  5. How to convert a String into a &’static str
  6. What’s an idiomatic way to print an iterator separated by spaces in Rust?
  7. Proper way to return a new string in Rust
  8. Double mutable borrow error in a loop happens even with NLL on
  9. What are move semantics in Rust?
  10. println! error: expected a literal / format argument must be a string literal
  11. How to return a reference to a sub-value of a value that is under a mutex?
  12. How do I return an instance of a trait from a method?
  13. “borrowed value does not live long enough” seems to blame the wrong thing
  14. Weird behaviour when using read_line in a loop
  15. How can this instance seemingly outlive its own parameter lifetime?
  16. How to use struct self in member method closure
  17. Why are Rust executables so huge?
  18. What do I have to do to solve a “use of moved value” error?
  19. Why does removing return give me an error: expected type `()` but found type
  20. Linking the lifetimes of self and a reference in method
  21. Is there a way to create a function pointer to a method in Rust?
  22. Return an async function from a function in Rust
  23. How to implement `serde::Serialize` for a boxed trait object?
  24. Borrow two mutable values from the same HashMap
  25. Is there any difference between matching on a reference to a pattern or a dereferenced value?
  26. What is an auto trait in Rust?
  27. Why does a lazy-static value claim to not implement a trait that it clearly implements?
  28. Is there a list of all cfg features?
  29. Comparing every element in a vector with the next one
  30. How can I build multiple binaries with Cargo?

Leave a Comment