Mark Python::with_pool as safe on stable.
This commit is contained in:
Adam Reichold
parent
d7e147509b
commit
4afa994449
|
|
@ -947,6 +947,9 @@ impl Python<'_> {
|
|||
/// it limits the closure to using the new GIL token at the cost of
|
||||
/// being unable to capture existing GIL-bound references.
|
||||
///
|
||||
/// Note that on stable Rust, this API suffers from the same the `SendWrapper` loophole
|
||||
/// as [`allow_threads`][Self::allow_threads], c.f. the documentation of the [`Ungil`] trait,
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
/// ```rust
|
||||
|
|
@ -989,7 +992,6 @@ impl Python<'_> {
|
|||
/// });
|
||||
/// });
|
||||
/// ```
|
||||
#[cfg(feature = "nightly")]
|
||||
#[inline]
|
||||
pub fn with_pool<F, R>(&self, f: F) -> R
|
||||
where
|
||||
|
|
@ -1002,73 +1004,6 @@ impl Python<'_> {
|
|||
|
||||
f(pool.python())
|
||||
}
|
||||
|
||||
/// Creates a scope using a new pool for managing PyO3's owned references.
|
||||
///
|
||||
/// This is a safer alterantive to [`new_pool`][Self::new_pool] as
|
||||
/// it limits the closure to using the new GIL token at the cost of
|
||||
/// being unable to capture existing GIL-bound references.
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
/// ```rust
|
||||
/// # use pyo3::prelude::*;
|
||||
/// Python::with_gil(|py| {
|
||||
/// // Some long-running process like a webserver, which never releases the GIL.
|
||||
/// loop {
|
||||
/// // Create a new scope, so that PyO3 can clear memory at the end of the loop.
|
||||
/// unsafe {
|
||||
/// py.with_pool(|py| {
|
||||
/// // do stuff...
|
||||
/// });
|
||||
/// }
|
||||
/// # break; // Exit the loop so that doctest terminates!
|
||||
/// }
|
||||
/// });
|
||||
/// ```
|
||||
///
|
||||
/// The `Ungil` bound on the closure does prevent hanging on to existing GIL-bound references
|
||||
///
|
||||
/// ```compile_fail
|
||||
/// # use pyo3::prelude::*;
|
||||
/// # use pyo3::types::PyString;
|
||||
///
|
||||
/// Python::with_gil(|py| {
|
||||
/// let old_str = PyString::new(py, "a message from the past");
|
||||
///
|
||||
/// py.with_pool(|_py| {
|
||||
/// print!("{:?}", old_str);
|
||||
/// });
|
||||
/// });
|
||||
/// ```
|
||||
///
|
||||
/// or continuing to use the old GIL token
|
||||
///
|
||||
/// ```compile_fail
|
||||
/// # use pyo3::prelude::*;
|
||||
///
|
||||
/// Python::with_gil(|old_py| {
|
||||
/// old_py.with_pool(|_new_py| {
|
||||
/// let _none = old_py.None();
|
||||
/// });
|
||||
/// });
|
||||
/// ```
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// However, due to the `SendWrapper` loophole describe in the documentation of the [`Ungil`] trait,
|
||||
/// this is still an unsafe API. Usage that does not involve runtime checking of thread affinity
|
||||
/// should be practically safe.
|
||||
#[cfg(not(feature = "nightly"))]
|
||||
#[inline]
|
||||
pub unsafe fn with_pool<F, R>(&self, f: F) -> R
|
||||
where
|
||||
F: for<'py> FnOnce(Python<'py>) -> R + Ungil,
|
||||
{
|
||||
let pool = GILPool::new();
|
||||
|
||||
f(pool.python())
|
||||
}
|
||||
}
|
||||
|
||||
impl<'unbound> Python<'unbound> {
|
||||
|
|
|
|||
Loading…
Reference in New Issue