Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upborrowed referent of a `&T` sometimes incorrectly allowed #38899
Comments
nikomatsakis
added
A-borrow-checker
I-nominated
I-unsound 💥
T-compiler
labels
Jan 7, 2017
nikomatsakis
changed the title
implicit coercions sometimes incorrectly allow reads from borrowed fields
borrowed referent of a `&T` sometimes incorrectly allowed
Jan 7, 2017
This comment has been minimized.
This comment has been minimized.
|
I have a fix locally. I'm going to try and evaluate the impact. |
This comment has been minimized.
This comment has been minimized.
|
This is gonna' be bad unless we address the problem that makes |
This comment has been minimized.
This comment has been minimized.
|
How bad? |
This comment has been minimized.
This comment has been minimized.
|
@arielb1 I don't know. I'm working through the bootstrap process now, then I'll try to do some sort of crater run to get an idea. As an aside, this bug dates back to Rust 1.0.0 from what I can tell. |
nikomatsakis
added a commit
to nikomatsakis/rust
that referenced
this issue
Jan 9, 2017
This comment has been minimized.
This comment has been minimized.
|
Branch in my repo is nikomatsakis/issue-38899 btw. I did a crater run which showed 160 root regressions: https://gist.github.com/nikomatsakis/9279f3023ecbec3d1f09730671c7884b |
This comment has been minimized.
This comment has been minimized.
|
I don't know what percentage of those would be fixed by the method call temporary thing. Certainly not all (I just opened one at random and found it would not have been). |
nikomatsakis
removed
the
I-nominated
label
Jan 12, 2017
This comment has been minimized.
This comment has been minimized.
|
Not sure why ayzim is listed as a root regression when the log shows the culprit is lazy_static (same is true of a few other crates I clicked at random). |
This comment has been minimized.
This comment has been minimized.
|
@aidanhs yeah, it seems like it gets a bit goofy sometimes in that respect. |
This comment has been minimized.
This comment has been minimized.
|
If only say 20% of these examples are fixed by method call temporaries, I don't see why we shouldn't do the normal lint -> hard error sequence here. Sure it's sad to break basically every non-trivial rust project ever, but method call temporaries won't help/ |
This comment has been minimized.
This comment has been minimized.
|
@arielb1 it seems worth trying to investigate a bit more deeply. However, the experience in rustc was quite different -- the majority of errors were fixed. I think I had only one problem (out of ... 10 or so?) that was fixed a different way. |
This comment has been minimized.
This comment has been minimized.
|
The In rustc, it seems that: |
This comment has been minimized.
This comment has been minimized.
|
@arielb1 isn't it tracking the mutable borrow of the pointer itself rather than its dereference? Which then conflicts with dereferencing the pointer later on. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
@arielb1 right; so 19/23 (80%) seems pretty significant. |
This comment has been minimized.
This comment has been minimized.
|
CC @jorendorff |
This comment has been minimized.
This comment has been minimized.
@nikomatsakis does this imply that NLL would allow us to fix this without breakage? |
This comment has been minimized.
This comment has been minimized.
No, some things would still break. |
This comment has been minimized.
This comment has been minimized.
|
@nikomatsakis I see that you removed your nomination from this bug without assigning it a priority, was that intentional? |
Mark-Simulacrum
added
the
C-bug
label
Jul 26, 2017
This comment has been minimized.
This comment has been minimized.
|
This is "waiting for 2φB", which is waiting for an RFC + MIR borrowck. |
bstrie
added
the
P-high
label
Sep 14, 2017
This comment has been minimized.
This comment has been minimized.
The "Enable nested method calls" RFC (a.k.a. "two-phase borrows", which is what I presume @arielb1 meant by "2φB") was recently accepted: rust-lang/rfcs#2025 . Even considering MIR borrowck as a blocker, given that that RFC seems to be a high priority for the forthcoming three-month impl period, is it safe to assume that we'll have something in nightly by December with which we can start doing cargobomb runs to determine exactly how painful this bug will be to fix? Possibly overstepping my bounds my assigning this a P-high, but it really does concern me the most of all the open and in-stable soundness bugs, and I have a longstanding pet peeve concerning unprioritized soundness bugs. :P |
arielb1
added
the
P-medium
label
Sep 14, 2017
This comment has been minimized.
This comment has been minimized.
|
MIR borrowck doesn't have this bug. When it will be enabled by default, this bug will be fixed. |
pnkfelix
added
A-NLL
WG-compiler-nll
labels
Dec 21, 2017
nikomatsakis
added
the
E-needstest
label
Jan 4, 2018
This comment has been minimized.
This comment has been minimized.
|
I propose that we add a test file (with |
nikomatsakis
added this to the
NLL Future Compat Warnings milestone
Jan 4, 2018
This comment has been minimized.
This comment has been minimized.
|
The following test correctly errors with |
nikomatsakis
referenced this issue
Jan 11, 2018
Open
tracking issue for bugs fixed by the MIR borrow checker or NLL #47366
chrisvittal
added a commit
to chrisvittal/rust
that referenced
this issue
Jan 11, 2018
kennytm
added a commit
to kennytm/rust
that referenced
this issue
Jan 15, 2018
kennytm
added a commit
to kennytm/rust
that referenced
this issue
Jan 15, 2018
bors
closed this
in
#47368
Jan 15, 2018
This comment has been minimized.
This comment has been minimized.
|
Per #46557 (comment): I think it's reasonable to say this is a P-medium issue until the fix is in master and enabled by default (I'm open to disagreement though!). |
aidanhs
reopened this
Jan 15, 2018
This comment has been minimized.
This comment has been minimized.
nikomatsakis
closed this
Jan 16, 2018
This comment has been minimized.
This comment has been minimized.
|
Er, perhaps that was premature. =) |
nikomatsakis
reopened this
Jan 16, 2018
This comment has been minimized.
This comment has been minimized.
|
@nikomatsakis so wait, what is the policy then for #47366? Are we closing issues that are fixed by (And either way, should this bug be linked from checklist in #47366 description?) |
This comment has been minimized.
This comment has been minimized.
|
Ah according to #46557 (comment) the policy is that we're removing WG-compiler-nll label from such issues? That seems ... reasonable. Since then the work queue (either in-progress or to-do) should be identifiable from that label? |
This comment has been minimized.
This comment has been minimized.
|
@pnkfelix yeah |
nikomatsakis commentedJan 7, 2017
@jorendorf asks on the users forum about a curious discrepancy around fields. It seems that implicit borrows sometimes seem to get overlooked in the borrow checker. This seems like a kind of bad bug, though it's exact scope is unclear until we investigate a bit more.
Here is a variant of @jorendorf's example which is pretty clearly wrong. Here, the
blockvariable is mutably borrowed intox, so it should not be accessible vialet p:I'm guessing that the problem has to do with the logic around borrowing the referent of an
&T(in this case, we are borrowing*block.current). In particular, we deem that to be "safe" for the scope of'abecause the data is independently guaranteed to be valid that long (this is reasonable). But we still need to validate thatblock.currentcan be (instantaneously) read. It seems we are not doing that. But this is all a hypothesis: I've not dug into the code to validate it.