Work around negative_impls that allows unsound overlapping Unpin impls

taiki-e · Oct 24, 2024 · f6c7504 · f6c7504
1 parent 0009800
commit f6c7504
Show file tree

Hide file tree

Showing 51 changed files with 308 additions and 120 deletions.
diff --git a/examples/enum-default-expanded.rs b/examples/enum-default-expanded.rs
@@ -77,13 +77,15 @@ const _: () = {
         __field0: T,
     }
     impl<'pin, T, U> ::pin_project::__private::Unpin for Enum<T, U> where
-        __Enum<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Enum<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
     // A dummy impl of `UnsafeUnpin`, to ensure that the user cannot implement it.
     #[doc(hidden)]
     unsafe impl<'pin, T, U> ::pin_project::UnsafeUnpin for Enum<T, U> where
-        __Enum<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Enum<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
 

diff --git a/examples/not_unpin-expanded.rs b/examples/not_unpin-expanded.rs
@@ -95,9 +95,11 @@ const _: () = {
     //
     // See https://github.com/taiki-e/pin-project/issues/102#issuecomment-540472282
     // for details.
+    #[doc(hidden)]
     impl<'pin, T, U> ::pin_project::__private::Unpin for Struct<T, U> where
-        ::pin_project::__private::Wrapper<'pin, ::pin_project::__private::PhantomPinned>:
-            ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<
+            ::pin_project::__private::Wrapper<'pin, ::pin_project::__private::PhantomPinned>,
+        >: ::pin_project::__private::Unpin
     {
     }
     // A dummy impl of `UnsafeUnpin`, to ensure that the user cannot implement it.
@@ -108,8 +110,9 @@ const _: () = {
     // coherence checks are run.
     #[doc(hidden)]
     unsafe impl<'pin, T, U> ::pin_project::UnsafeUnpin for Struct<T, U> where
-        ::pin_project::__private::Wrapper<'pin, ::pin_project::__private::PhantomPinned>:
-            ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<
+            ::pin_project::__private::Wrapper<'pin, ::pin_project::__private::PhantomPinned>,
+        >: ::pin_project::__private::Unpin
     {
     }
 

diff --git a/examples/pinned_drop-expanded.rs b/examples/pinned_drop-expanded.rs
@@ -123,13 +123,15 @@ const _: () = {
         __lifetime0: &'a (),
     }
     impl<'pin, 'a, T> ::pin_project::__private::Unpin for Struct<'a, T> where
-        __Struct<'pin, 'a, T>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, 'a, T>>:
+            ::pin_project::__private::Unpin
     {
     }
     // A dummy impl of `UnsafeUnpin`, to ensure that the user cannot implement it.
     #[doc(hidden)]
     unsafe impl<'pin, 'a, T> ::pin_project::UnsafeUnpin for Struct<'a, T> where
-        __Struct<'pin, 'a, T>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, 'a, T>>:
+            ::pin_project::__private::Unpin
     {
     }
 };

diff --git a/examples/project_replace-expanded.rs b/examples/project_replace-expanded.rs
@@ -137,13 +137,15 @@ const _: () = {
         __field0: T,
     }
     impl<'pin, T, U> ::pin_project::__private::Unpin for Struct<T, U> where
-        __Struct<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
     // A dummy impl of `UnsafeUnpin`, to ensure that the user cannot implement it.
     #[doc(hidden)]
     unsafe impl<'pin, T, U> ::pin_project::UnsafeUnpin for Struct<T, U> where
-        __Struct<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
 

diff --git a/examples/struct-default-expanded.rs b/examples/struct-default-expanded.rs
@@ -129,7 +129,8 @@ const _: () = {
         __field0: T,
     }
     impl<'pin, T, U> ::pin_project::__private::Unpin for Struct<T, U> where
-        __Struct<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
     // A dummy impl of `UnsafeUnpin`, to ensure that the user cannot implement it.
@@ -140,7 +141,8 @@ const _: () = {
     // coherence checks are run.
     #[doc(hidden)]
     unsafe impl<'pin, T, U> ::pin_project::UnsafeUnpin for Struct<T, U> where
-        __Struct<'pin, T, U>: ::pin_project::__private::Unpin
+        ::pin_project::__private::PinnedFieldsOf<__Struct<'pin, T, U>>:
+            ::pin_project::__private::Unpin
     {
     }
 

diff --git a/examples/unsafe_unpin-expanded.rs b/examples/unsafe_unpin-expanded.rs
@@ -92,7 +92,8 @@ const _: () = {
 
     // Implement `Unpin` via `UnsafeUnpin`.
     impl<'pin, T, U> ::pin_project::__private::Unpin for Struct<T, U> where
-        ::pin_project::__private::Wrapper<'pin, Self>: ::pin_project::UnsafeUnpin
+        ::pin_project::__private::PinnedFieldsOf<::pin_project::__private::Wrapper<'pin, Self>>:
+            ::pin_project::UnsafeUnpin
     {
     }
 

diff --git a/pin-project-internal/src/pin_project/derive.rs b/pin-project-internal/src/pin_project/derive.rs
@@ -693,7 +693,9 @@ fn make_unpin_impl(cx: &Context<'_>) -> TokenStream {
 
             // Make the error message highlight `UnsafeUnpin` argument.
             proj_generics.make_where_clause().predicates.push(parse_quote_spanned! { span =>
-                _pin_project::__private::Wrapper<#lifetime, Self>: _pin_project::UnsafeUnpin
+                ::pin_project::__private::PinnedFieldsOf<
+                    _pin_project::__private::Wrapper<#lifetime, Self>
+                >: _pin_project::UnsafeUnpin
             });
 
             let (impl_generics, _, where_clause) = proj_generics.split_for_impl();
@@ -712,9 +714,9 @@ fn make_unpin_impl(cx: &Context<'_>) -> TokenStream {
             let lifetime = &cx.proj.lifetime;
 
             proj_generics.make_where_clause().predicates.push(parse_quote! {
-                _pin_project::__private::Wrapper<
+                ::pin_project::__private::PinnedFieldsOf<_pin_project::__private::Wrapper<
                     #lifetime, _pin_project::__private::PhantomPinned
-                >: _pin_project::__private::Unpin
+                >>: _pin_project::__private::Unpin
             });
 
             let (proj_impl_generics, _, proj_where_clause) = proj_generics.split_for_impl();
@@ -793,7 +795,8 @@ fn make_unpin_impl(cx: &Context<'_>) -> TokenStream {
             let (_, ty_generics, where_clause) = cx.orig.generics.split_for_impl();
 
             full_where_clause.predicates.push(parse_quote! {
-                #struct_ident #proj_ty_generics: _pin_project::__private::Unpin
+                ::pin_project::__private::PinnedFieldsOf<#struct_ident #proj_ty_generics>:
+                    _pin_project::__private::Unpin
             });
 
             quote! {

diff --git a/src/lib.rs b/src/lib.rs
@@ -276,29 +276,42 @@ pub mod __private {
     #[doc(hidden)]
     #[allow(dead_code)]
     pub struct Wrapper<'a, T: ?Sized>(PhantomData<&'a ()>, T);
-
     // SAFETY: `T` implements UnsafeUnpin.
     unsafe impl<T: ?Sized + UnsafeUnpin> UnsafeUnpin for Wrapper<'_, T> {}
 
+    // Workaround for issue on unstable negative_impls feature that allows unsound overlapping Unpin
+    // implementations and rustc bug that leaks unstable negative_impls into stable.
+    // See https://github.com/taiki-e/pin-project/issues/340#issuecomment-2432146009 for details.
+    #[doc(hidden)]
+    pub type PinnedFieldsOf<T> =
+        <PinnedFieldsOfHelperStruct<T> as PinnedFieldsOfHelperTrait>::Actual;
+    // We cannot use <Option<T> as IntoIterator>::Item or similar since we should allow ?Sized in T.
+    #[doc(hidden)]
+    pub trait PinnedFieldsOfHelperTrait {
+        type Actual: ?Sized;
+    }
+    #[doc(hidden)]
+    pub struct PinnedFieldsOfHelperStruct<T: ?Sized>(T);
+    impl<T: ?Sized> PinnedFieldsOfHelperTrait for PinnedFieldsOfHelperStruct<T> {
+        type Actual = T;
+    }
+
     // This is an internal helper struct used by `pin-project-internal`.
     //
     // See https://github.com/taiki-e/pin-project/pull/53 for more details.
     #[doc(hidden)]
     pub struct AlwaysUnpin<'a, T>(PhantomData<&'a ()>, PhantomData<T>);
-
     impl<T> Unpin for AlwaysUnpin<'_, T> {}
 
     // This is an internal helper used to ensure a value is dropped.
     #[doc(hidden)]
     pub struct UnsafeDropInPlaceGuard<T: ?Sized>(*mut T);
-
     impl<T: ?Sized> UnsafeDropInPlaceGuard<T> {
         #[doc(hidden)]
         pub unsafe fn new(ptr: *mut T) -> Self {
             Self(ptr)
         }
     }
-
     impl<T: ?Sized> Drop for UnsafeDropInPlaceGuard<T> {
         fn drop(&mut self) {
             // SAFETY: the caller of `UnsafeDropInPlaceGuard::new` must guarantee
@@ -316,14 +329,12 @@ pub mod __private {
         target: *mut T,
         value: ManuallyDrop<T>,
     }
-
     impl<T> UnsafeOverwriteGuard<T> {
         #[doc(hidden)]
         pub unsafe fn new(target: *mut T, value: T) -> Self {
             Self { target, value: ManuallyDrop::new(value) }
         }
     }
-
     impl<T> Drop for UnsafeOverwriteGuard<T> {
         fn drop(&mut self) {
             // SAFETY: the caller of `UnsafeOverwriteGuard::new` must guarantee

diff --git a/tests/expand/default/enum.expanded.rs b/tests/expand/default/enum.expanded.rs
@@ -131,12 +131,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/default/struct.expanded.rs b/tests/expand/default/struct.expanded.rs
@@ -90,12 +90,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Struct<T, U>
     where
-        __Struct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Struct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Struct<T, U>
     where
-        __Struct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Struct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait StructMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/default/tuple_struct.expanded.rs b/tests/expand/default/tuple_struct.expanded.rs
@@ -84,12 +84,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for TupleStruct<T, U>
     where
-        __TupleStruct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __TupleStruct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for TupleStruct<T, U>
     where
-        __TupleStruct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __TupleStruct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait TupleStructMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/multifields/enum.expanded.rs b/tests/expand/multifields/enum.expanded.rs
@@ -256,12 +256,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/multifields/struct.expanded.rs b/tests/expand/multifields/struct.expanded.rs
@@ -143,12 +143,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Struct<T, U>
     where
-        __Struct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Struct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Struct<T, U>
     where
-        __Struct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Struct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait StructMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/multifields/tuple_struct.expanded.rs b/tests/expand/multifields/tuple_struct.expanded.rs
@@ -133,12 +133,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for TupleStruct<T, U>
     where
-        __TupleStruct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __TupleStruct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for TupleStruct<T, U>
     where
-        __TupleStruct<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __TupleStruct<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait TupleStructMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/naming/enum-all.expanded.rs b/tests/expand/naming/enum-all.expanded.rs
@@ -192,12 +192,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/naming/enum-mut.expanded.rs b/tests/expand/naming/enum-mut.expanded.rs
@@ -83,12 +83,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/naming/enum-none.expanded.rs b/tests/expand/naming/enum-none.expanded.rs
@@ -38,12 +38,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]

diff --git a/tests/expand/naming/enum-own.expanded.rs b/tests/expand/naming/enum-own.expanded.rs
@@ -103,12 +103,16 @@ const _: () = {
     }
     impl<'pin, T, U> _pin_project::__private::Unpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     #[doc(hidden)]
     unsafe impl<'pin, T, U> _pin_project::UnsafeUnpin for Enum<T, U>
     where
-        __Enum<'pin, T, U>: _pin_project::__private::Unpin,
+        ::pin_project::__private::PinnedFieldsOf<
+            __Enum<'pin, T, U>,
+        >: _pin_project::__private::Unpin,
     {}
     trait EnumMustNotImplDrop {}
     #[allow(clippy::drop_bounds, drop_bounds)]