-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
borrowed referent of a &T
sometimes incorrectly allowed
#38899
Comments
&T
sometimes incorrectly allowed
I have a fix locally. I'm going to try and evaluate the impact. |
This is gonna' be bad unless we address the problem that makes |
How bad? |
@arielb1 I don't know. I'm working through the bootstrap process now, then I'll try to do some sort of crater run to get an idea. As an aside, this bug dates back to Rust 1.0.0 from what I can tell. |
The old code incorrectly assumed that the borrow would always generate a loan. In that case, we will check if that loan conflicts with other loans and hence get an error if the path we borrowed is mutably borrowed. But this is not true if we are borrowing the referent of an `&T` reference. Fixes rust-lang#38899.
Branch in my repo is nikomatsakis/issue-38899 btw. I did a crater run which showed 160 root regressions: https://gist.github.com/nikomatsakis/9279f3023ecbec3d1f09730671c7884b |
I don't know what percentage of those would be fixed by the method call temporary thing. Certainly not all (I just opened one at random and found it would not have been). |
Not sure why ayzim is listed as a root regression when the log shows the culprit is lazy_static (same is true of a few other crates I clicked at random). |
@aidanhs yeah, it seems like it gets a bit goofy sometimes in that respect. |
If only say 20% of these examples are fixed by method call temporaries, I don't see why we shouldn't do the normal lint -> hard error sequence here. Sure it's sad to break basically every non-trivial rust project ever, but method call temporaries won't help/ |
@arielb1 it seems worth trying to investigate a bit more deeply. However, the experience in rustc was quite different -- the majority of errors were fixed. I think I had only one problem (out of ... 10 or so?) that was fixed a different way. |
The In rustc, it seems that: |
@arielb1 isn't it tracking the mutable borrow of the pointer itself rather than its dereference? Which then conflicts with dereferencing the pointer later on. |
@arielb1 right; so 19/23 (80%) seems pretty significant. |
CC @jorendorff |
@nikomatsakis does this imply that NLL would allow us to fix this without breakage? |
No, some things would still break. |
@nikomatsakis I see that you removed your nomination from this bug without assigning it a priority, was that intentional? |
This is "waiting for 2φB", which is waiting for an RFC + MIR borrowck. |
The "Enable nested method calls" RFC (a.k.a. "two-phase borrows", which is what I presume @arielb1 meant by "2φB") was recently accepted: rust-lang/rfcs#2025 . Even considering MIR borrowck as a blocker, given that that RFC seems to be a high priority for the forthcoming three-month impl period, is it safe to assume that we'll have something in nightly by December with which we can start doing cargobomb runs to determine exactly how painful this bug will be to fix? Possibly overstepping my bounds my assigning this a P-high, but it really does concern me the most of all the open and in-stable soundness bugs, and I have a longstanding pet peeve concerning unprioritized soundness bugs. :P |
Add NLL tests for rust-lang#46557 and rust-lang#38899 This adapts the sample code from the two issues into test code. Closes rust-lang#46557 Closes rust-lang#38899 r? @nikomatsakis
Per #46557 (comment): I think it's reasonable to say this is a P-medium issue until the fix is in master and enabled by default (I'm open to disagreement though!). |
Er, perhaps that was premature. =) |
@nikomatsakis so wait, what is the policy then for #47366? Are we closing issues that are fixed by (And either way, should this bug be linked from checklist in #47366 description?) |
Ah according to #46557 (comment) the policy is that we're removing WG-compiler-nll label from such issues? That seems ... reasonable. Since then the work queue (either in-progress or to-do) should be identifiable from that label? |
@pnkfelix yeah |
NLL (migrate mode) is enabled in all editions as of PR #59114. The only policy question is that, under migrate mode, we only emit a warning on this (unsound) test case. Therefore, I am not 100% sure whether we should close this until that warning has been turned into a hard-error under our (still in development) future-compatibility lint policy. |
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
…hewjasper Rust 2015: No longer downgrade NLL errors As per decision on a language team meeting as described in rust-lang#63565 (comment), in Rust 2015, we refuse to downgrade NLL errors, that AST borrowck accepts, into warnings and keep them as hard errors. The remaining work to throw out AST borrowck and adjust some tests still remains after this PR. Fixes rust-lang#38899 Fixes rust-lang#53432 Fixes rust-lang#45157 Fixes rust-lang#31567 Fixes rust-lang#27868 Fixes rust-lang#47366 r? @matthewjasper
@jorendorf asks on the users forum about a curious discrepancy around fields. It seems that implicit borrows sometimes seem to get overlooked in the borrow checker. This seems like a kind of bad bug, though it's exact scope is unclear until we investigate a bit more.
Here is a variant of @jorendorf's example which is pretty clearly wrong. Here, the
block
variable is mutably borrowed intox
, so it should not be accessible vialet p
:I'm guessing that the problem has to do with the logic around borrowing the referent of an
&T
(in this case, we are borrowing*block.current
). In particular, we deem that to be "safe" for the scope of'a
because the data is independently guaranteed to be valid that long (this is reasonable). But we still need to validate thatblock.current
can be (instantaneously) read. It seems we are not doing that. But this is all a hypothesis: I've not dug into the code to validate it.The text was updated successfully, but these errors were encountered: