-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Borrow checker unsoundness with unions #45157
Comments
This is still true in NLL, though I sort of thought we had tried to fix this. |
I'm tagging this as WG-compiler-nll; I think it's something we should fix there. |
For the sake of potential testsuite additions: this also should not compile with a simultaneous borrow of |
I'll take a look at this one. |
I'm not really sure what the bug is here, but I can explain what I think should be happening. This function: rust/src/librustc_mir/borrow_check/mod.rs Line 1630 in fdc18b3
is responsible for determining when two rust/src/librustc_mir/borrow_check/mod.rs Line 1615 in fdc18b3
This is the code that I think should be responsible for doing that: rust/src/librustc_mir/borrow_check/mod.rs Lines 1675 to 1679 in fdc18b3
It already looks a little fishy to me; in particular, it is returning |
So it seems like I forgot about how smart the compiler is now. This version of the test does error, as expected: https://play.rust-lang.org/?gist=86c25066ab9197ebfd7a91b573f97595&version=nightly |
Fix borrow checker unsoundness with unions Fixes rust-lang#45157. After discussion with @nikomatsakis on Gitter, this PR only adds a test since the original issue was resolved elsewhere. r? @nikomatsakis
I think the policy is that we will keep this bug open, but file it under #47366 |
(Since it is only fixed when NLL is enabled) |
@nikomatsakis should this be |
Note that to get an NLL test failure, you have to use #![allow(unused)]
#[derive(Clone, Copy, Default)]
struct S {
a: u8,
b: u8,
}
#[derive(Clone, Copy, Default)]
struct Z {
c: u8,
d: u8,
}
union U {
s: S,
z: Z,
}
fn main() { unsafe {
let mut u = U { s: Default::default() };
let mref = &mut u.s.a;
let err = &u.z.c; // This line compiles, but it certainly shouldn't
drop(mref);
}} |
NLL (migrate mode) is enabled in all editions as of PR #59114. The only policy question is that, under migrate mode, we only emit a warning on this (unsound) test case. Therefore, I am not 100% sure whether we should close this until that warning has been turned into a hard-error under our (still in development) future-compatibility lint policy. |
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
"Cousins" of borrowed union sub-fields (and their further children) are not marked as borrowed.
The same bug should happen with move checking as well, but I haven't made an example yet.The text was updated successfully, but these errors were encountered: