/borrowck

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dangly paths #17

Open
wants to merge 8 commits into
base: master
from

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@pnkfelix @RalfJung
@pnkfelix

pnkfelix commented Sep 12, 2017

The feature being implemented here is sketched out in https://gist.github.com/pnkfelix/6df6975c99d5c4da37136ada9fa44fb0

(I still need to transcribe part of the comments in this code into that gist, analogous to the Detailed Design of an RFC.)

pnkfelix added some commits Sep 6, 2017

@pnkfelix
Encoded versions of dangly-path examples.
51faae1
@pnkfelix
Refactoring: cloned old `fn check_move` method to `fn check_drop`, 
and call *that* from the `drop` NLL statement.

No observable behavior change otherwise (apart from error messages now
say "cannot drop" instead of "cannot move"), but the doc comment
indicates the plans I have (in terms of incorporating `may_dangle`
support).
b82acf7
@pnkfelix
Added `impl fmt::Display for Path` so path formats can resemble sourc… 
…e code.
0a7af36
@pnkfelix
Switch to `fmt::Display` formatting of paths in errors emitted by che… 
…ck_drop.
f107cbe
@pnkfelix
Factor out a `StructDecl::field_decl` method for `FieldDecl` lookup.
5cefe1a
@pnkfelix
`fmt::Display` impl for `StructName` that just writes name (like `Reg… 
…ionName` and `FieldName`).
560e9e5
@pnkfelix
A fixme to investigate in the future.
09acae9
@pnkfelix
The actual dangly-path analysis. 
With this in place, all tests pass.
2d60385

@pnkfelix pnkfelix referenced this pull request Sep 12, 2017

Open

[borrowck] handling of drops invalidating borrows #40

@RalfJung

This comment has been minimized.

Show comment
Hide comment
@RalfJung

RalfJung Feb 5, 2018

@nikomatsakis sent me here during the recent #[may_dangle] discussion. TIL we have another soundness hole. ;)

I have one question regarding the gist you referenced:

Now, even though the destructor of MessageOnDrop2 does not access its type parameter, dropping it still drops the instance of T, which for eventually_impure means that we run the destructor of PoisonOnDrop (and thus mutate data in the reference).

So we need to be careful.

This "just" means that we have to check all the types along the path in question, right? If things are done properly structurally, recursing over the type, this should just work? Or am I missing something?

RalfJung commented Feb 5, 2018

@nikomatsakis sent me here during the recent #[may_dangle] discussion. TIL we have another soundness hole. ;)

I have one question regarding the gist you referenced:

Now, even though the destructor of MessageOnDrop2 does not access its type parameter, dropping it still drops the instance of T, which for eventually_impure means that we run the destructor of PoisonOnDrop (and thus mutate data in the reference).

So we need to be careful.

This "just" means that we have to check all the types along the path in question, right? If things are done properly structurally, recursing over the type, this should just work? Or am I missing something?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment