Temporarily move out of borrowed content

8
votes

I'm tring to replace a value in a mutable borrow; moving part of it into the new value:

enum Foo<T> {
    Bar(T),
    Baz(T),
}

impl<T> Foo<T> {
    fn switch(&mut self) {
        *self = match self {
            &mut Foo::Bar(val) => Foo::Baz(val),
            &mut Foo::Baz(val) => Foo::Bar(val),
        }
    }
}

The code above doesn't work, and understandibly so, moving the value out of self breaks the integrity of it. But since that value is dropped immediately afterwards, I (if not the compiler) could guarantee it's safety.

Is there some way to achieve this? I feel like this is a job for unsafe code, but I'm not sure how that would work.

3
rustownershipborrow-checker
If you add a Copy bound to T, your code actually works, although I obviously don't know if you're ok with that restriction.fjh

3 Answers

5
votes

Okay, I figured out how to do it with a bit of unsafeness and std::mem.

I replace self with an uninitialized temporary value. Since I now "own" what used to be self, I can safely move the value out of it and replace it:

use std::mem;

enum Foo<T> {
    Bar(T),
    Baz(T),
}

impl<T> Foo<T> {
    fn switch(&mut self) {
        // This is safe since we will overwrite it without ever reading it.
        let tmp = mem::replace(self, unsafe { mem::uninitialized() });
        // We absolutely must **never** panic while the uninitialized value is around!

        let new = match tmp {
            Foo::Bar(val) => Foo::Baz(val),
            Foo::Baz(val) => Foo::Bar(val),
        };

        let uninitialized = mem::replace(self, new);
        mem::forget(uninitialized);
    }
}

fn main() {}
4
votes

The code above doesn't work, and understandibly so, moving the value out of self breaks the integrity of it.

This is not exactly what happens here. For example, same thing with self would work nicely:

impl<T> Foo<T> {
    fn switch(self) {
        self = match self {
            Foo::Bar(val) => Foo::Baz(val),
            Foo::Baz(val) => Foo::Bar(val),
        }
    }
}

Rust is absolutely fine with partial and total moves. The problem here is that you do not own the value you're trying to move - you only have a mutable borrowed reference. You cannot move out of any reference, including mutable ones.

This is in fact one of the frequently requested features - a special kind of reference which would allow moving out of it. It would allow several kinds of useful patterns. You can find more here and here.

In the meantime for some cases you can use std::mem::replace and std::mem::swap. These functions allow you to "take" a value out of mutable reference, provided you give something in exchange.

3
votes

mem:uninitialized has been deprecated since Rust 1.39, replaced by MaybeUninit.

However, uninitialized data is not required here. Instead, you can use ptr::read to get the data referred to by self.

At this point, tmp has ownership of the data in the enum, but if we were to drop self, that data would attempt to be read by the destructor, causing memory unsafety.

We then perform our transformation and put the value back, restoring the safety of the type.

use std::ptr;

enum Foo<T> {
    Bar(T),
    Baz(T),
}

impl<T> Foo<T> {
    fn switch(&mut self) {
        // I copied this code from Stack Overflow without reading
        // the surrounding text that explains why this is safe.
        unsafe {
            let tmp = ptr::read(self);
    
            // Must not panic before we get to `ptr::write`

            let new = match tmp {
                Foo::Bar(val) => Foo::Baz(val),
                Foo::Baz(val) => Foo::Bar(val),
            };
    
            ptr::write(self, new);
        }
    }
}

More advanced versions of this code would prevent a panic from bubbling out of this code and instead cause the program to abort.

See also: