Interior mutability and safety of ownership transfer in Rust

ogg:

performing an “atomic” ownership switch between buffers seems intuitively sound to me,

Usually one requires exclusive access with &mut _ (e.g. any of Vec<_>'s potentially reallocating functions) which avoids the the question. I don't grok your approach well enough to comment much on it.

ogg:

It seems to me that the root cause of the problem is interior mutability. Rust does not appear to have a way to express true “read-only” types.

That is correct. There is no way to require a lack of interior mutability, or other related functionality,[1] with a bound.

ogg:

So I just stumbled over the unstable Freeze trait. This seems like a perfect trait bound for the K and V types in order to prevent data races for types with interior mutability (e.g. HashMap<Arc<str>, AtomicUsize>) during buffer migration.

No, Freeze does not guarantee there is no interior mutability in the type. It only guarantees there is no shallow immutability in the inline values. There can still be interior mutability behind indirection. For example, Box<RefCell<_>>: Freeze.

TBF, a lot of people have the same misconception. The documentation should put this clarification in flashing red lights.

internally, but not through an indirection

1. using globals, using thread locals, using the FS to store state, ... ↩︎