Proofs and Panic Safety

Chapter 3 — Proof Sketches, Guards, and Panic Safety

We introduce guards that roll back partially initialized states if panics occur mid-operation (e.g., during growth). We connect these to the uniqueness story: while the guard is alive, callers cannot obtain handles that would violate exclusivity.

Chapter 3 — Proof Sketches, Guards, and Panic Safety

We introduce guards that roll back partially initialized states if panics occur mid-operation (e.g., during growth). We connect these to the uniqueness story: while the guard is alive, callers cannot obtain handles that would violate exclusivity.

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}

title: “Unique Pointers in Rust: Encoding Non-Null + No-Alias” meta_description: “Deep-dive on uniqueness and aliasing in Rust: design patterns for containers, provenance, guards, FFI transfers, and tests.” keywords: [“rust unique”, “noalias rust”, “provenance rust”, “nonnull unique”, “vec internals rust”, “panic safety rust”, “miri aliasing”]

Extended Deep Dive

  • Formal invariants for exclusive access and how they relate to &mut guarantees.
  • Lifetimes as capability tokens: when a borrow exists, unique methods are disabled.
  • Using PhantomData to influence variance and auto traits, encoding that your type is invariant over T when necessary.
  • Building UniqueBuf<T>: API surfaces that never hand out aliases concurrently.
  • Recovery from panics with scope guards; proof sketches that len/cap invariants remain true.

Reference Snippets

use std::{ptr::NonNull, marker::PhantomData};

pub struct UniqueBuf<T> {
    ptr: NonNull<T>,
    len: usize,
    cap: usize,
    _uniq: PhantomData<&'static mut T>, // encodes "unique" at type level
}