Add support for in-place map for Vecs of types with same size (take 3)

[tbu-]

This is implemented using a new struct PartialVec which implements the proper
drop semantics in case the conversion is interrupted by an unwind.

For the old pull requests, see #15302, #16369.

[huonw]

This justification isn't actually required, since this is how offset is designed to work. :)

[tbu-]

How is offset designed to work?

Actually I'm not even sure what I'm doing is correct, because the docs on ptr::offset say that the given offset must be inbound, which negative ones technically aren't.

[huonw]

Oh, really? So the following is technically undefined?

let p = some_vec.as_ptr();
let q = p.offset(10);
let r = q.offset(-10);

However, it doesn't particularly matter since offset is widely used with the output of len(); this is not an unusual case (e.g. some_slice.iter() is created with offset and len).

[thestinger]

@huonw: No, that q.offset(-10) is perfectly well defined if p.offset(10) was correct. It's within the bounds of the object it was based on.

[huonw]

cc @aturon

(Sorry that this sat unnoticed for so long @tbu-!)

[thestinger]

I think this is a lot more complicated than it needs to be, even with failure safety in mind.

[tbu-]

@thestinger What specifically? I had the impression that I did pretty much the minimum required to get this running.

[aturon]

Is this intentionally private?

[tbu-]

No, this should be public.

[aturon]

@tbu- Can you elaborate on the use case you have in mind here?

I'm guessing the intent is just to support the map_inplace function. I'm wondering whether that could be the sole public interface, rather than exposing PartialVec? (My understanding is that the machinery here is needed to properly handle unwinding.) Or are there use cases you have in mind that go beyond map_inplace?

[aturon]

To elaborate slightly, it seems like the interface here effectively forces you to do something like your map_inplace, although technically you can pop off multiple elements before pushing in their replacements.

If PartialVec were private, I wonder whether the various methods it supplies could instead be moved directly into map_inplace? Basically, use PartialVec as a temporary place to move the Vec into, with the right drop semantics, but otherwise perform all of the work directly in map_inplace. That seems like it could simplify the code.

[aturon]

Minor detail, but why not map_in_place?

[tbu-]

I don't know, it felt more natural to me, maybe because map_in_place sounds less like a hyphen between "in" and "place". But I have absolutely no problem in renaming this if you want it.

[tbu-]

About the public interface: I don't know anymore why the PartialVec was exposed, but you're probably right that it can be hidden as an implementation detail.

However I am not sure putting less code in PartialVec and more code into map_inplace would simplify the code. In particular I think it's easier to see the closed PartialVec struct which provides a safe interface instead of doing the unsafe stuff in one function interleaved with the safe stuff.

[aturon]

@tbu- There is some amount of extra assertion checking, API documentation, and extra generality in the PartialVec methods that could go away if all the logic was made part of the map_inplace loop. Personally, I think it'd make this code simpler and more clear.

As far as interleaving safe and unsafe code, I think most of map_inplace would be unsafe, and I think that seeing both the loop and the memory operations it performs in one place will make it easier to validate the safety (because everything would fit on a single page, basically).

That said, I wouldn't block the PR on the basis of these preferences; my main concern is to hide PartialVec, which will give us the freedom to simplify things later.

I would vote for map_in_place though, mostly because the convention is to use an _ between each distinct word.

[tbu-]

@aturon I renamed it to map_in_place and made everything else private.

When you finish reviewing it, please tell me so I can rebase it to master.

[aturon]

Either the map_in_place method should use this iterator, or it should be dropped (as dead code).

[aturon]

@tbu- Looks good to me.

One minor point: now that the PartialVec interface is private, the asserts within push and into_vec could be made into debug_asserts, and the functions themselves could be marked unsafe, with map_in_place guaranteeing overall safety.

This would expand the use of unsafe a bit, but it would avoid unnecessary bounds checking on every element.

In any case, I'm happy to r+ as-is, after a rebase; we can always tweak things later. Thanks for doing this work!

[tbu-]

@aturon I rebased it. Will continue to improve it based on your "optional" comments once this one lands.

[aturon]

@tbu- Okay, headed to bors. Thanks for your persistence on this one!

[tbu-]

@aturon Thanks for reviewing it. Can you issue a retry? It's just a } that got lost during the rebase.

[tbu-]

I'm sorry for the failed build, I didn't update the tests when I rebased it to the master. Now I fixed the tests, ran make check successfully and rebased it again against current master.