Disallow subtyping between T and U in T: Unsize<U>. #40319
Conversation
|
r? @nrc (rust_highfive has picked a reviewer for you, use r? to override) |
eddyb
added
the
S-waiting-on-crater
|
(starting crater run now) |
|
The code looks good to me, curious to hear the results of the crater run. I'll try to do a quick skim through the code to convince myself that these are all the relevant cases though. |
eddyb
force-pushed
the
it's-"unsize"-not-"unsound"
branch
from
152f1c7
to
608d080
Compare
| let coercion = Coercion(self.cause.span); | ||
| let r_borrow = self.next_region_var(coercion); | ||
| (mt_a.ty, Some(AutoBorrow::Ref(r_borrow, mt_b.mutbl))) | ||
| // For `&T`, we don't reborrow, (which is only needed |
There was a problem hiding this comment.
Don't you need this also on the raw ptr path? better to subtype source as one unit.
There was a problem hiding this comment.
Subtype first, then resolve the variable, then reborrow from &mut and/or to raw pointers?
There was a problem hiding this comment.
Aaaaah, that would also keep Rc working! I'll try to do it that way and add more testcases.
eddyb
force-pushed
the
it's-"unsize"-not-"unsound"
branch
from
608d080
to
721f5b8
Compare
|
Crater report shows
EDIT: some were false positives, see #40319 (comment) |
Different crates but the issue in both stems from the |
|
@Stebalien I hadn't even realized that was the original report! Alright, I'm more confident now. Assuming only |
|
So the crates that other crates depend on are:
Everything else we can break without having a cascade of regressions. |
|
I've already got this fixed in |
|
@abonander (and everyone else) Ping me when you have the fix on a branch somewhere, or a patch in a gist, etc. if you want a confirmation that it indeed compiles with the changes in this PR. |
|
@eddyb branch |
|
@abonander It compiles 👍 |
|
@eddyb Published. |
|
@eddyb Not sure I understand the bug very well, but I hope a simple sub-scope makes the borrow issue go away. Let me know if thats right or if I need some other fix. https://github.com/mikedilger/mime-multipart/tree/rust40288 |
|
@mikedilger Almost! I was getting confused by not knowing what is actually keeping the borrow alive. |
|
@eddyb Ok, I (evilly) force-pushed https://github.com/mikedilger/mime-multipart/tree/rust40288 and also created https://github.com/mikedilger/mime-multipart/tree/rust40288_03 for the 0.3 branch. Once they are confirmed to work I'll pull them in and publish new versions. |
|
@mikedilger Those do indeed work, thank you! |
|
@eddyb Published. |
| // or `Rc<[&'static T; N]>` to `Rc<[&'a T]>`, etc. | ||
| let coercion = TypeVariableOrigin::MiscVariable(self.cause.span); | ||
| let super_source = self.next_ty_var(coercion); | ||
| match self.sub_types(false, &self.cause, source, super_source)? { |
There was a problem hiding this comment.
Not needing use_lub felt wrong, and it is! Reordering these two match arms "fixes" the false positive, but both orders should work identically.
I'm preparing an improved version that should not have this problem.
Rollup of 38 pull requests - Successful merges: #39202, #39820, #39918, #39921, #40092, #40146, #40199, #40225, #40239, #40257, #40259, #40261, #40277, #40278, #40287, #40297, #40311, #40315, #40319, #40324, #40336, #40340, #40344, #40345, #40367, #40369, #40372, #40373, #40379, #40385, #40386, #40389, #40400, #40404, #40410, #40422, #40423, #40424 - Failed merges: #40220, #40329, #40426
Rollup of 38 pull requests - Successful merges: #39202, #39820, #39918, #39921, #40092, #40146, #40199, #40225, #40239, #40257, #40259, #40261, #40277, #40278, #40287, #40297, #40311, #40315, #40319, #40324, #40336, #40340, #40344, #40345, #40367, #40369, #40372, #40373, #40379, #40385, #40386, #40389, #40400, #40404, #40410, #40422, #40423, #40424 - Failed merges: #40220, #40329, #40426
…r=nikomatsakis Disallow subtyping between T and U in T: Unsize<U>. Because `&mut T` can be coerced to `&mut U`, `T` and `U` must be unified invariantly. Fixes rust-lang#40288. E.g. coercing `&mut [&'a X; N]` to `&mut [&'b X]` must require `'a` be equal to `'b`, otherwise you can convert between `&'a X` and `&'b X` (in either direction), potentially unsoundly lengthening lifetimes. Subtyping here was introduced with `Unsize` in rust-lang#24619 (landed in 1.1, original PR is rust-lang#23785).
…r=nikomatsakis Disallow subtyping between T and U in T: Unsize<U>. Because `&mut T` can be coerced to `&mut U`, `T` and `U` must be unified invariantly. Fixes rust-lang#40288. E.g. coercing `&mut [&'a X; N]` to `&mut [&'b X]` must require `'a` be equal to `'b`, otherwise you can convert between `&'a X` and `&'b X` (in either direction), potentially unsoundly lengthening lifetimes. Subtyping here was introduced with `Unsize` in rust-lang#24619 (landed in 1.1, original PR is rust-lang#23785).
brson
added
the
relnotes
Because
&mut Tcan be coerced to&mut U,TandUmust be unified invariantly. Fixes #40288.E.g. coercing
&mut [&'a X; N]to&mut [&'b X]must require'abe equal to'b, otherwise you can convert between&'a Xand&'b X(in either direction), potentially unsoundly lengthening lifetimes.Subtyping here was introduced with
Unsizein #24619 (landed in 1.1, original PR is #23785).