Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`Pin` is unsound due to transitive effects of `CoerceUnsized` #68015

nikomatsakis opened this issue Jan 8, 2020 · 0 comments

`Pin` is unsound due to transitive effects of `CoerceUnsized` #68015

nikomatsakis opened this issue Jan 8, 2020 · 0 comments


Copy link

@nikomatsakis nikomatsakis commented Jan 8, 2020

Split out from #66544. It is possible to exploit Pin on nightly Rust (but not stable) by creating smart pointers that implement CoerceUnsized but have strange behavior. See the dedicated internals thread for more details -- also, please keep conversation on the thread, and not on the Github issue. ❤️

@nikomatsakis nikomatsakis added the P-high label Jan 8, 2020
bors added a commit that referenced this issue Jan 8, 2020
permit negative impls for non-auto traits

This is a prototype impl that extends `impl !Trait` beyond auto traits. It is not integrated with coherence or anything else, and hence only serves to prevent downstream impls (but not to allow downstream crates to rely on the absence of such impls for coherence purposes).

Fixes #66544


- [x] need a test that you can't rely on negative impls for coherence purposes
- [x] test that negative impls cannot specialize positive ones
- [x] test that positive impls cannot specialize negative ones
- [x] extend negative impl to `Clone` in order to fully fix #66544
- [x] and maybe make `CoerceUnsized` unsafe? -- that problem is now split out into #68015
- [ ] introduce feature flag and prepare a write-up
- [x] improve diagnostics?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.