From 6556549fa6d74791d1e3e155ae8a4d1480ea4481 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 23 Mar 2020 13:40:40 +0100 Subject: [PATCH 01/15] fix Vec::extend invalidating unrelated pointers --- src/liballoc/vec.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index e171edef73609..361ce20376dae 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -2122,8 +2122,9 @@ where self.reserve(slice.len()); unsafe { let len = self.len(); + let dst_slice = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), slice.len()); + dst_slice.copy_from_slice(slice); self.set_len(len + slice.len()); - self.get_unchecked_mut(len..).copy_from_slice(slice); } } } From 86c1c434206d5fb9b58b0847e2f4deb20340d3c5 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 10:38:21 +0200 Subject: [PATCH 02/15] fix pointer invalidation when extnding a vector from an untrusted iterator --- src/liballoc/vec.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 361ce20376dae..6f264399fa884 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -2019,6 +2019,8 @@ where let (lower, _) = iterator.size_hint(); let mut vector = Vec::with_capacity(lower.saturating_add(1)); unsafe { + // `vector` is new, cannot have aliases, so us getting exclusive references + // here is okay. ptr::write(vector.get_unchecked_mut(0), element); vector.set_len(1); } @@ -2145,7 +2147,7 @@ impl Vec { self.reserve(lower.saturating_add(1)); } unsafe { - ptr::write(self.get_unchecked_mut(len), element); + ptr::write(self.as_mut_ptr().add(len), element); // NB can't overflow since we would have had to alloc the address space self.set_len(len + 1); } From fa6c8830740829d38f4ac7bfc8d8131ae44b9ade Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 10:40:59 +0200 Subject: [PATCH 03/15] fix ptr invalidation in Vec::truncate --- src/liballoc/vec.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 6f264399fa884..1c8c4428169fc 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -739,7 +739,8 @@ impl Vec { if len > self.len { return; } - let s = self.get_unchecked_mut(len..) as *mut _; + let remaining_len = self.len - len; + let s = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len); self.len = len; ptr::drop_in_place(s); } From 4393923168fee76aea78907250642ad5474b1315 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 11:53:36 +0200 Subject: [PATCH 04/15] add some tests --- src/liballoc/tests/vec.rs | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index 9c4ac52acac2a..831bc0346c217 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1351,17 +1351,18 @@ fn test_try_reserve_exact() { } #[test] -fn test_stable_push_pop() { +fn test_stable_pointers() { // Test that, if we reserved enough space, adding and removing elements does not // invalidate references into the vector (such as `v0`). This test also // runs in Miri, which would detect such problems. - let mut v = Vec::with_capacity(10); + let mut v = Vec::with_capacity(128); v.push(13); - // laundering the lifetime -- we take care that `v` does not reallocate, so that's okay. + // Laundering the lifetime -- we take care that `v` does not reallocate, so that's okay. let v0 = unsafe { &*(&v[0] as *const _) }; - // Now do a bunch of things and occasionally use `v0` again to assert it is still valid. + + // Pushing/inserting and popping/removing v.push(1); v.push(2); v.insert(1, 1); @@ -1369,6 +1370,19 @@ fn test_stable_push_pop() { v.remove(1); v.pop().unwrap(); assert_eq!(*v0, 13); + + // Extending + v.extend(&[1, 2]); // `slice::Iter` (with `T: Copy`) specialization + v.extend(vec![2, 3]); // `vec::IntoIter` specialization + v.extend(std::iter::once(3)); // `TrustedLen` specialization + v.extend(std::iter::empty::()); // `TrustedLen` specialization with empty iterator + v.extend(std::iter::once(3).filter(|_| true)); // base case + v.extend(std::iter::once(&3)); // `cloned` specialization + assert_eq!(*v0, 13); + + // Truncation + v.truncate(2); + assert_eq!(*v0, 13); } // https://github.com/rust-lang/rust/pull/49496 introduced specialization based on: From 3411ade32ea8bb2e3f62140e8d47ad43c5a759ac Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 11:57:31 +0200 Subject: [PATCH 05/15] test more mutating vector methods --- src/liballoc/tests/vec.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index 831bc0346c217..d43bd11ebd325 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1371,7 +1371,12 @@ fn test_stable_pointers() { v.pop().unwrap(); assert_eq!(*v0, 13); + // Appending + v.append(&mut vec![27, 19]); + assert_eq!(*v0, 13); + // Extending + v.extend_from_slice(&[1, 2]); v.extend(&[1, 2]); // `slice::Iter` (with `T: Copy`) specialization v.extend(vec![2, 3]); // `vec::IntoIter` specialization v.extend(std::iter::once(3)); // `TrustedLen` specialization @@ -1383,6 +1388,31 @@ fn test_stable_pointers() { // Truncation v.truncate(2); assert_eq!(*v0, 13); + + // Resizing + v.resize_with(v.len() + 10, || 42); + assert_eq!(*v0, 13); + v.resize_with(2, || panic!()); + assert_eq!(*v0, 13); + + // No-op reservation + v.reserve(32); + v.reserve_exact(32); + assert_eq!(*v0, 13); + + // Partial draining + v.resize_with(10, || 42); + drop(v.drain(5..)); + assert_eq!(*v0, 13); + + // Splicing + v.resize_with(10, || 42); + drop(v.splice(5.., vec![1, 2, 3, 4, 5])); // empty tail after range + assert_eq!(*v0, 13); + drop(v.splice(5..8, vec![1])); // replacement is smaller than original range + assert_eq!(*v0, 13); + drop(v.splice(5..6, vec![1; 10].into_iter().filter(|_| true))); // lower bound not exact + assert_eq!(*v0, 13); } // https://github.com/rust-lang/rust/pull/49496 introduced specialization based on: From 4eacf45c9cf6bd110dc019082c2a4a8fd9668d66 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 13:01:15 +0200 Subject: [PATCH 06/15] also cover next() path of draining iterators --- src/liballoc/tests/vec.rs | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index d43bd11ebd325..05fa7589639fc 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1352,6 +1352,13 @@ fn test_try_reserve_exact() { #[test] fn test_stable_pointers() { + /// Pull an element from the iterator, then drop it. + /// Useful to cover both the `next` and `drop` paths of an iterator. + fn next_then_drop(mut i: I) { + i.next().unwrap(); + drop(i); + } + // Test that, if we reserved enough space, adding and removing elements does not // invalidate references into the vector (such as `v0`). This test also // runs in Miri, which would detect such problems. @@ -1402,16 +1409,16 @@ fn test_stable_pointers() { // Partial draining v.resize_with(10, || 42); - drop(v.drain(5..)); + next_then_drop(v.drain(5..)); assert_eq!(*v0, 13); // Splicing v.resize_with(10, || 42); - drop(v.splice(5.., vec![1, 2, 3, 4, 5])); // empty tail after range + next_then_drop(v.splice(5.., vec![1, 2, 3, 4, 5])); // empty tail after range assert_eq!(*v0, 13); - drop(v.splice(5..8, vec![1])); // replacement is smaller than original range + next_then_drop(v.splice(5..8, vec![1])); // replacement is smaller than original range assert_eq!(*v0, 13); - drop(v.splice(5..6, vec![1; 10].into_iter().filter(|_| true))); // lower bound not exact + next_then_drop(v.splice(5..6, vec![1; 10].into_iter().filter(|_| true))); // lower bound not exact assert_eq!(*v0, 13); } From 8f479e362fbfcb31e83396ef850ab5219a32821e Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 13:11:37 +0200 Subject: [PATCH 07/15] fix aliasing in remove() also add smoke test to detect relocation even in rustc runs --- src/liballoc/tests/vec.rs | 7 ++++++- src/liballoc/vec.rs | 6 ++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index 05fa7589639fc..a90bc58cbfd5d 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1366,7 +1366,8 @@ fn test_stable_pointers() { v.push(13); // Laundering the lifetime -- we take care that `v` does not reallocate, so that's okay. - let v0 = unsafe { &*(&v[0] as *const _) }; + let v0 = &mut v[0]; + let v0 = unsafe { &mut *(v0 as *mut _) }; // Now do a bunch of things and occasionally use `v0` again to assert it is still valid. // Pushing/inserting and popping/removing @@ -1420,6 +1421,10 @@ fn test_stable_pointers() { assert_eq!(*v0, 13); next_then_drop(v.splice(5..6, vec![1; 10].into_iter().filter(|_| true))); // lower bound not exact assert_eq!(*v0, 13); + + // Smoke test that would fire even outside Miri if an actual relocation happened. + *v0 -= 13; + assert_eq!(v[0], 0); } // https://github.com/rust-lang/rust/pull/49496 introduced specialization based on: diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 1c8c4428169fc..dc2a246f81776 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -1200,7 +1200,7 @@ impl Vec { } else { unsafe { self.len -= 1; - Some(ptr::read(self.get_unchecked(self.len()))) + Some(ptr::read(self.as_ptr().add(self.len()))) } } } @@ -2020,9 +2020,7 @@ where let (lower, _) = iterator.size_hint(); let mut vector = Vec::with_capacity(lower.saturating_add(1)); unsafe { - // `vector` is new, cannot have aliases, so us getting exclusive references - // here is okay. - ptr::write(vector.get_unchecked_mut(0), element); + ptr::write(vector.as_mut_ptr(), element); vector.set_len(1); } vector From 5bbaac357dd85092ed0fb822947df7a4d60c1db9 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Mon, 30 Mar 2020 13:31:16 +0200 Subject: [PATCH 08/15] fix and test aliasing in swap_remove --- src/liballoc/tests/vec.rs | 5 +++++ src/liballoc/vec.rs | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/liballoc/tests/vec.rs b/src/liballoc/tests/vec.rs index a90bc58cbfd5d..6321e7154e7d0 100644 --- a/src/liballoc/tests/vec.rs +++ b/src/liballoc/tests/vec.rs @@ -1378,6 +1378,11 @@ fn test_stable_pointers() { v.remove(1); v.pop().unwrap(); assert_eq!(*v0, 13); + v.push(1); + v.swap_remove(1); + assert_eq!(v.len(), 2); + v.swap_remove(1); // swap_remove the last element + assert_eq!(*v0, 13); // Appending v.append(&mut vec![27, 19]); diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index dc2a246f81776..c600a6b649f36 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -963,12 +963,13 @@ impl Vec { #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn swap_remove(&mut self, index: usize) -> T { + assert!(index < self.len); unsafe { // We replace self[index] with the last element. Note that if the - // bounds check on hole succeeds there must be a last element (which + // bounds check above succeeds there must be a last element (which // can be self[index] itself). - let hole: *mut T = &mut self[index]; - let last = ptr::read(self.get_unchecked(self.len - 1)); + let last = ptr::read(self.as_ptr().add(self.len - 1)); + let hole: *mut T = self.as_mut_ptr().add(index); self.len -= 1; ptr::replace(hole, last) } From b4f416d837174f76cb66af731323f7414f198d8e Mon Sep 17 00:00:00 2001 From: Ponas Date: Sat, 4 Apr 2020 14:18:02 +0300 Subject: [PATCH 09/15] docs: make the description of Result::map_or more clear --- src/libcore/result.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libcore/result.rs b/src/libcore/result.rs index 0087b92f1f2d6..c7b5777a16e7f 100644 --- a/src/libcore/result.rs +++ b/src/libcore/result.rs @@ -521,14 +521,16 @@ impl Result { } } - /// Applies a function to the contained value (if any), - /// or returns the provided default (if not). + /// Applies a function to the contained value (if [`Ok`]), + /// or returns the provided default (if [`Err`]). /// /// Arguments passed to `map_or` are eagerly evaluated; if you are passing /// the result of a function call, it is recommended to use [`map_or_else`], /// which is lazily evaluated. /// /// [`map_or_else`]: #method.map_or_else + /// [`Ok`]: enum.Result.html#variant.Ok + /// [`Err`]: enum.Result.html#variant.Err /// /// # Examples /// From e901b2ff8e98c2edd3ca9ba0bf2fff18e9f3df14 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 4 Apr 2020 15:55:32 +0200 Subject: [PATCH 10/15] Miri: remove an outdated FIXME --- src/librustc_mir/interpret/terminator.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/librustc_mir/interpret/terminator.rs b/src/librustc_mir/interpret/terminator.rs index 8ad743d2b8b1d..6ebe5b80370ca 100644 --- a/src/librustc_mir/interpret/terminator.rs +++ b/src/librustc_mir/interpret/terminator.rs @@ -75,7 +75,6 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> { } Drop { location, target, unwind } => { - // FIXME(CTFE): forbid drop in const eval let place = self.eval_place(location)?; let ty = place.layout.ty; trace!("TerminatorKind::drop: {:?}, type {}", location, ty); From 7e81c11aa8ddcebf64c01579754b44930ecf4d04 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 5 Apr 2020 08:40:40 +0200 Subject: [PATCH 11/15] tweak swap_remove --- src/liballoc/vec.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index c600a6b649f36..aedb3724409fd 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -963,14 +963,15 @@ impl Vec { #[inline] #[stable(feature = "rust1", since = "1.0.0")] pub fn swap_remove(&mut self, index: usize) -> T { - assert!(index < self.len); + let len = self.len(); + assert!(index < len); unsafe { // We replace self[index] with the last element. Note that if the // bounds check above succeeds there must be a last element (which // can be self[index] itself). - let last = ptr::read(self.as_ptr().add(self.len - 1)); + let last = ptr::read(self.as_ptr().add(len - 1)); let hole: *mut T = self.as_mut_ptr().add(index); - self.len -= 1; + self.set_len(len - 1); ptr::replace(hole, last) } } From 05a5895f0db7c33c5c2a489ab21b6c3a7b66a7a1 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 5 Apr 2020 11:55:52 +0200 Subject: [PATCH 12/15] miri assignment check: compare types after normalizing all late-bound regions away --- src/librustc_mir/interpret/eval_context.rs | 52 +++++++++++++++------- src/librustc_mir/interpret/operand.rs | 2 +- src/librustc_mir/interpret/place.rs | 4 +- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/src/librustc_mir/interpret/eval_context.rs b/src/librustc_mir/interpret/eval_context.rs index 10d3101ebb87a..35f2aadff6a59 100644 --- a/src/librustc_mir/interpret/eval_context.rs +++ b/src/librustc_mir/interpret/eval_context.rs @@ -14,11 +14,11 @@ use rustc_middle::mir::interpret::{ sign_extend, truncate, AllocId, FrameInfo, GlobalId, InterpResult, Pointer, Scalar, }; use rustc_middle::ty::layout::{self, TyAndLayout}; -use rustc_middle::ty::query::TyCtxtAt; -use rustc_middle::ty::subst::SubstsRef; -use rustc_middle::ty::{self, Ty, TyCtxt, TypeFoldable}; +use rustc_middle::ty::{ + self, fold::BottomUpFolder, query::TyCtxtAt, subst::SubstsRef, Ty, TyCtxt, TypeFoldable, +}; use rustc_span::source_map::DUMMY_SP; -use rustc_target::abi::{Abi, Align, HasDataLayout, LayoutOf, Size, TargetDataLayout}; +use rustc_target::abi::{Align, HasDataLayout, LayoutOf, Size, TargetDataLayout}; use super::{ Immediate, MPlaceTy, Machine, MemPlace, MemPlaceMeta, Memory, OpTy, Operand, Place, PlaceTy, @@ -213,6 +213,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> LayoutOf for InterpCx<'mir, 'tcx, M> { /// Test if it is valid for a MIR assignment to assign `src`-typed place to `dest`-typed value. /// This test should be symmetric, as it is primarily about layout compatibility. pub(super) fn mir_assign_valid_types<'tcx>( + tcx: TyCtxt<'tcx>, src: TyAndLayout<'tcx>, dest: TyAndLayout<'tcx>, ) -> bool { @@ -220,23 +221,42 @@ pub(super) fn mir_assign_valid_types<'tcx>( // Equal types, all is good. return true; } - // Type-changing assignments can happen for (at least) two reasons: - // - `&mut T` -> `&T` gets optimized from a reborrow to a mere assignment. - // - Subtyping is used. While all normal lifetimes are erased, higher-ranked lifetime - // bounds are still around and can lead to type differences. - // There is no good way to check the latter, so we compare layouts instead -- but only - // for values with `Scalar`/`ScalarPair` abi. - // FIXME: Do something more accurate, type-based. - match &src.abi { - Abi::Scalar(..) | Abi::ScalarPair(..) => src.layout == dest.layout, - _ => false, + if src.layout != dest.layout { + // Layout differs, definitely not equal. + // We do this here because Miri would *do the wrong thing* if we allowed layout-changing + // assignments. + return false; } + + // Type-changing assignments can happen for (at least) two reasons: + // 1. `&mut T` -> `&T` gets optimized from a reborrow to a mere assignment. + // 2. Subtyping is used. While all normal lifetimes are erased, higher-ranked lifetime + // bounds with their late-bound regions are still around and can lead to type differences. + // Normalize both of them away. + let normalize = |ty: Ty<'tcx>| { + ty.fold_with(&mut BottomUpFolder { + tcx, + // Normalize all references to immutable. + ty_op: |ty| match ty.kind { + ty::Ref(_, pointee, _) => tcx.mk_imm_ref(tcx.lifetimes.re_erased, pointee), + _ => ty, + }, + // We just erase all late-bound regions, but this is not fully correct (FIXME): + // lifetimes in invariant positions could matter (e.g. through associated types). + // We rely on the fact that layout was confirmed to be equal above. + lt_op: |_| tcx.lifetimes.re_erased, + // Leave consts unchanged. + ct_op: |ct| ct, + }) + }; + normalize(src.ty) == normalize(dest.ty) } /// Use the already known layout if given (but sanity check in debug mode), /// or compute the layout. #[cfg_attr(not(debug_assertions), inline(always))] pub(super) fn from_known_layout<'tcx>( + tcx: TyCtxt<'tcx>, known_layout: Option>, compute: impl FnOnce() -> InterpResult<'tcx, TyAndLayout<'tcx>>, ) -> InterpResult<'tcx, TyAndLayout<'tcx>> { @@ -246,7 +266,7 @@ pub(super) fn from_known_layout<'tcx>( if cfg!(debug_assertions) { let check_layout = compute()?; assert!( - mir_assign_valid_types(check_layout, known_layout), + mir_assign_valid_types(tcx, check_layout, known_layout), "expected type differs from actual type.\nexpected: {:?}\nactual: {:?}", known_layout.ty, check_layout.ty, @@ -424,7 +444,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> { // have to support that case (mostly by skipping all caching). match frame.locals.get(local).and_then(|state| state.layout.get()) { None => { - let layout = from_known_layout(layout, || { + let layout = from_known_layout(self.tcx.tcx, layout, || { let local_ty = frame.body.local_decls[local].ty; let local_ty = self.subst_from_frame_and_normalize_erasing_regions(frame, local_ty); diff --git a/src/librustc_mir/interpret/operand.rs b/src/librustc_mir/interpret/operand.rs index 12595e4e4d926..03614b2803f65 100644 --- a/src/librustc_mir/interpret/operand.rs +++ b/src/librustc_mir/interpret/operand.rs @@ -529,7 +529,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> { ty::ConstKind::Value(val_val) => val_val, }; // Other cases need layout. - let layout = from_known_layout(layout, || self.layout_of(val.ty))?; + let layout = from_known_layout(self.tcx.tcx, layout, || self.layout_of(val.ty))?; let op = match val_val { ConstValue::ByRef { alloc, offset } => { let id = self.tcx.alloc_map.lock().create_memory_alloc(alloc); diff --git a/src/librustc_mir/interpret/place.rs b/src/librustc_mir/interpret/place.rs index ec299cdd2134b..716c7c7d93367 100644 --- a/src/librustc_mir/interpret/place.rs +++ b/src/librustc_mir/interpret/place.rs @@ -868,7 +868,7 @@ where // We do NOT compare the types for equality, because well-typed code can // actually "transmute" `&mut T` to `&T` in an assignment without a cast. assert!( - mir_assign_valid_types(src.layout, dest.layout), + mir_assign_valid_types(self.tcx.tcx, src.layout, dest.layout), "type mismatch when copying!\nsrc: {:?},\ndest: {:?}", src.layout.ty, dest.layout.ty, @@ -922,7 +922,7 @@ where src: OpTy<'tcx, M::PointerTag>, dest: PlaceTy<'tcx, M::PointerTag>, ) -> InterpResult<'tcx> { - if mir_assign_valid_types(src.layout, dest.layout) { + if mir_assign_valid_types(self.tcx.tcx, src.layout, dest.layout) { // Fast path: Just use normal `copy_op` return self.copy_op(src, dest); } From 315a3b96a4c8c793ee1161671b78fd5b0490fb9e Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 5 Apr 2020 11:56:02 +0200 Subject: [PATCH 13/15] add test --- .../ui/consts/const-eval/issue-70804-fn-subtyping.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 src/test/ui/consts/const-eval/issue-70804-fn-subtyping.rs diff --git a/src/test/ui/consts/const-eval/issue-70804-fn-subtyping.rs b/src/test/ui/consts/const-eval/issue-70804-fn-subtyping.rs new file mode 100644 index 0000000000000..59d46ea66c9ca --- /dev/null +++ b/src/test/ui/consts/const-eval/issue-70804-fn-subtyping.rs @@ -0,0 +1,10 @@ +// check-pass +#![feature(const_fn)] + +const fn nested(x: (for<'a> fn(&'a ()), String)) -> (fn(&'static ()), String) { + x +} + +pub const TEST: (fn(&'static ()), String) = nested((|_x| (), String::new())); + +fn main() {} From 6cbe1726a70bac498bd46dc08c868f094117675c Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sat, 4 Apr 2020 19:32:21 +0200 Subject: [PATCH 14/15] clarify safety in RawVec::into_box --- src/liballoc/raw_vec.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/liballoc/raw_vec.rs b/src/liballoc/raw_vec.rs index 12e32fd9d352c..7ac67870eb751 100644 --- a/src/liballoc/raw_vec.rs +++ b/src/liballoc/raw_vec.rs @@ -570,16 +570,19 @@ impl RawVec { /// /// # Safety /// - /// `shrink_to_fit(len)` must be called immediately prior to calling this function. This - /// implies, that `len` must be smaller than or equal to `self.capacity()`. + /// * `len` must be greater than or equal to the most recently requested capacity, and + /// * `len` must be less than or equal to `self.capacity()`. + /// + /// Note, that the requested capacity and `self.capacity()` could differ, as + /// an allocator could overallocate and return a greater memory block than requested. pub unsafe fn into_box(self, len: usize) -> Box<[MaybeUninit]> { + // Sanity-check one half of the safety requirement (we cannot check the other half). debug_assert!( len <= self.capacity(), "`len` must be smaller than or equal to `self.capacity()`" ); let me = ManuallyDrop::new(self); - // NOTE: not calling `capacity()` here; actually using the real `cap` field! let slice = slice::from_raw_parts_mut(me.ptr() as *mut MaybeUninit, len); Box::from_raw(slice) } From e52a4519131bccc732f53ec13582016bb2b1d04a Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 5 Apr 2020 12:11:33 +0200 Subject: [PATCH 15/15] fix comment --- src/librustc_mir/interpret/eval_context.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/librustc_mir/interpret/eval_context.rs b/src/librustc_mir/interpret/eval_context.rs index 35f2aadff6a59..0b182d4228715 100644 --- a/src/librustc_mir/interpret/eval_context.rs +++ b/src/librustc_mir/interpret/eval_context.rs @@ -230,8 +230,8 @@ pub(super) fn mir_assign_valid_types<'tcx>( // Type-changing assignments can happen for (at least) two reasons: // 1. `&mut T` -> `&T` gets optimized from a reborrow to a mere assignment. - // 2. Subtyping is used. While all normal lifetimes are erased, higher-ranked lifetime - // bounds with their late-bound regions are still around and can lead to type differences. + // 2. Subtyping is used. While all normal lifetimes are erased, higher-ranked types + // with their late-bound lifetimes are still around and can lead to type differences. // Normalize both of them away. let normalize = |ty: Ty<'tcx>| { ty.fold_with(&mut BottomUpFolder { @@ -241,7 +241,7 @@ pub(super) fn mir_assign_valid_types<'tcx>( ty::Ref(_, pointee, _) => tcx.mk_imm_ref(tcx.lifetimes.re_erased, pointee), _ => ty, }, - // We just erase all late-bound regions, but this is not fully correct (FIXME): + // We just erase all late-bound lifetimes, but this is not fully correct (FIXME): // lifetimes in invariant positions could matter (e.g. through associated types). // We rely on the fact that layout was confirmed to be equal above. lt_op: |_| tcx.lifetimes.re_erased,