From 787f9f4ab762c54ce7125451460b01000a26cfd7 Mon Sep 17 00:00:00 2001
From: Oliver Schneider <git-spam-no-reply9815368754983@oli-obk.de>
Date: Wed, 11 Oct 2017 10:57:30 +0200
Subject: [PATCH 1/2] Prevent fmt::Arguments from being shared across threads

Fixes #45197
---
 src/libcore/fmt/mod.rs           |  1 +
 src/test/ui/fmt/send-sync.rs     | 20 +++++++++++++++++++
 src/test/ui/fmt/send-sync.stderr | 34 ++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 src/test/ui/fmt/send-sync.rs
 create mode 100644 src/test/ui/fmt/send-sync.stderr

diff --git a/src/libcore/fmt/mod.rs b/src/libcore/fmt/mod.rs
index 1e45af5b105c9..4b263596ac1bd 100644
--- a/src/libcore/fmt/mod.rs
+++ b/src/libcore/fmt/mod.rs
@@ -261,6 +261,7 @@ pub struct Formatter<'a> {
 
 struct Void {
     _priv: (),
+    _oibit_remover: PhantomData<*mut Fn()>,
 }
 
 /// This struct represents the generic "argument" which is taken by the Xprintf
diff --git a/src/test/ui/fmt/send-sync.rs b/src/test/ui/fmt/send-sync.rs
new file mode 100644
index 0000000000000..bb4f9dfffc754
--- /dev/null
+++ b/src/test/ui/fmt/send-sync.rs
@@ -0,0 +1,20 @@
+// Copyright 2017 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+fn send<T: Send>(_: T) {}
+fn sync<T: Sync>(_: T) {}
+
+fn main() {
+    // `Cell` is not `Sync`, so `&Cell` is neither `Sync` nor `Send`,
+    // `std::fmt::Arguments` used to forget this...
+    let c = std::cell::Cell::new(42);
+    send(format_args!("{:?}", c));
+    sync(format_args!("{:?}", c));
+}
diff --git a/src/test/ui/fmt/send-sync.stderr b/src/test/ui/fmt/send-sync.stderr
new file mode 100644
index 0000000000000..1ec53d220e963
--- /dev/null
+++ b/src/test/ui/fmt/send-sync.stderr
@@ -0,0 +1,34 @@
+error[E0277]: the trait bound `*mut std::ops::Fn() + 'static: std::marker::Sync` is not satisfied in `[std::fmt::ArgumentV1<'_>]`
+  --> $DIR/send-sync.rs:18:5
+   |
+18 |     send(format_args!("{:?}", c));
+   |     ^^^^ `*mut std::ops::Fn() + 'static` cannot be shared between threads safely
+   |
+   = help: within `[std::fmt::ArgumentV1<'_>]`, the trait `std::marker::Sync` is not implemented for `*mut std::ops::Fn() + 'static`
+   = note: required because it appears within the type `std::marker::PhantomData<*mut std::ops::Fn() + 'static>`
+   = note: required because it appears within the type `core::fmt::Void`
+   = note: required because it appears within the type `&core::fmt::Void`
+   = note: required because it appears within the type `std::fmt::ArgumentV1<'_>`
+   = note: required because it appears within the type `[std::fmt::ArgumentV1<'_>]`
+   = note: required because of the requirements on the impl of `std::marker::Send` for `&[std::fmt::ArgumentV1<'_>]`
+   = note: required because it appears within the type `std::fmt::Arguments<'_>`
+   = note: required by `send`
+
+error[E0277]: the trait bound `*mut std::ops::Fn() + 'static: std::marker::Sync` is not satisfied in `std::fmt::Arguments<'_>`
+  --> $DIR/send-sync.rs:19:5
+   |
+19 |     sync(format_args!("{:?}", c));
+   |     ^^^^ `*mut std::ops::Fn() + 'static` cannot be shared between threads safely
+   |
+   = help: within `std::fmt::Arguments<'_>`, the trait `std::marker::Sync` is not implemented for `*mut std::ops::Fn() + 'static`
+   = note: required because it appears within the type `std::marker::PhantomData<*mut std::ops::Fn() + 'static>`
+   = note: required because it appears within the type `core::fmt::Void`
+   = note: required because it appears within the type `&core::fmt::Void`
+   = note: required because it appears within the type `std::fmt::ArgumentV1<'_>`
+   = note: required because it appears within the type `[std::fmt::ArgumentV1<'_>]`
+   = note: required because it appears within the type `&[std::fmt::ArgumentV1<'_>]`
+   = note: required because it appears within the type `std::fmt::Arguments<'_>`
+   = note: required by `sync`
+
+error: aborting due to 2 previous errors
+

From dc7de37d995e5922ce3b016c5cc01f5fcd326570 Mon Sep 17 00:00:00 2001
From: Oliver Schneider <git-spam-no-reply9815368754983@oli-obk.de>
Date: Wed, 11 Oct 2017 14:33:06 +0200
Subject: [PATCH 2/2] Explain the `_oibit_remover` field

---
 src/libcore/fmt/mod.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/libcore/fmt/mod.rs b/src/libcore/fmt/mod.rs
index 4b263596ac1bd..c2ebb419e9e3d 100644
--- a/src/libcore/fmt/mod.rs
+++ b/src/libcore/fmt/mod.rs
@@ -261,6 +261,13 @@ pub struct Formatter<'a> {
 
 struct Void {
     _priv: (),
+    /// Erases all oibits, because `Void` erases the type of the object that
+    /// will be used to produce formatted output. Since we do not know what
+    /// oibits the real types have (and they can have any or none), we need to
+    /// take the most conservative approach and forbid all oibits.
+    ///
+    /// It was added after #45197 showed that one could share a `!Sync`
+    /// object across threads by passing it into `format_args!`.
     _oibit_remover: PhantomData<*mut Fn()>,
 }