RPITITs may imply unsound outlives for late-bound args in signature

[compiler-errors]

I tried this code:

use std::sync::Mutex;

static MUTEX: Mutex<Option<&'static str>> = Mutex::new(None);

trait Foo {
    fn foo<'a: 'static>(&self) -> impl Sized;
}

impl Foo for str {
    fn foo<'a: 'static>(&'a self) -> impl Sized + 'a {
        *MUTEX.lock().unwrap() = Some(self);
    }
}

fn call_foo<T: Foo + ?Sized>(s: &T) {
    s.foo();
}

fn main() {
    let s = String::from("hello, world");
    call_foo(s.as_str());
    drop(s);
    println!("> {}", MUTEX.lock().unwrap().unwrap());
}

I expected to see this happen: Compilation failure.

Instead, this happened: Segfault due to UAF

Why?

See comment below.

Meta

rustc --version --verbose:

2024-11-24

Not present on beta or stable.

[compiler-errors]

While it may seem from bisection that this is due to:

• Remap impl-trait lifetimes on HIR instead of AST lowering #129383

It's actually only uncovered by that PR because it flipped the order that we listed opaque lifetimes (which changes what regions we end up remapping in the collect_return_position_impl_trait_in_trait_tys query). Instead, this is due to my stupidity in:

• Error when RPITITs' hidden types capture more lifetimes than their trait definitions #113182, in 473c88d (Flip the order of binder instantiation for better diagnostics)

[compiler-errors]

Actually, here's an unsoundness that is on stable.

trait MkStatic {
    fn mk_static(self) -> &'static str;
}

impl MkStatic for &'static str {
    fn mk_static(self) -> &'static str { self }
}

trait Foo {
    fn foo<'a: 'static, 'late>(&'late self) -> impl MkStatic;
}

impl Foo for str {
    fn foo<'a: 'static>(&'a self) -> impl MkStatic + 'static {
        self
    }
}

fn call_foo<T: Foo + ?Sized>(t: &T) -> &'static str {
    t.foo().mk_static()
}

fn main() {
    let s = call_foo(String::from("hello, world").as_str());
    println!("> {s}");
}

[apiraino]

WG-prioritization assigning priority (Zulip discussion).

@rustbot label -I-prioritize +P-high