WF checks on closure arguments.#151510
WF checks on closure arguments.#151510LorrensP-2158466 wants to merge 4 commits intorust-lang:mainfrom
Conversation
rustbot
added
S-waiting-on-review
| error: lifetime may not live long enough | ||
| --> $DIR/check-wf-of-closure-args.rs:13:41 | ||
| | | ||
| LL | let _: for<'x> fn(MyTy<&'x str>) = |x| wf(x); | ||
| | ^ | ||
| | | | ||
| | has type `MyTy<&'1 str>` | ||
| | requires that `'1` must outlive `'static` | ||
|
|
||
| error: aborting due to 2 previous errors |
There was a problem hiding this comment.
I find that the error message is a bit worse now, compared to the old:
error[E0521]: borrowed data escapes outside of closure
--> src/lib.rs:10:44
|
10 | let _: for<'x> fn(MyTy<&'x str>) = |x| wf(x); // FAIL
| - ^^^^^
| | |
| | `x` escapes the closure body here
| | argument requires that `'1` must outlive `'static`
| `x` is a reference that is only valid in the closure body
| has type `MyTy<&'1 str>`
| | - - has type `&'1 i32` | ||
| | | | ||
| | has type `&Cell<&'2 i32>` | ||
| | has type `&'2 Cell<&i32>` |
There was a problem hiding this comment.
This also looks wrong, is it due to the removed normalization?
There was a problem hiding this comment.
we have for<'2, '1, '_> fn(&'2 Cell<&'_ i32>, &'1 i32)
we have the requirements '_: '2 and '1: '_ which does imply '1: '2 :3
not a good error though xd
There was a problem hiding this comment.
I don't like the name right now, so TODO.
Also, this test, when run with current nightly, indeeds performs a use-after-free. But now we error on it, it can thus be removed to this:
use std::sync::OnceLock;
type Payload = Box<i32>;
static STORAGE: OnceLock<& ()> = OnceLock::new();
trait Store {}
impl Store for &'static Payload {}
struct MyTy<T: Store>(T);
trait IsFn {}
impl IsFn for for<'x> fn(&'x Payload) -> MyTy<&'x Payload> {}
fn bar<F: IsFn>(_: F) {}
fn main() {
bar::<for<'a> fn(&'a Payload) -> MyTy<&'a Payload>>(|x| unsafe {
std::mem::transmute::<&Payload, MyTy<&Payload>>(x)
});
}There was a problem hiding this comment.
I don't know whether we need this test at all 🤷 imo you could remove it...
If you keep it, please keep the full repro, could call it sth like check-wf-of-closure-args-exploit.rs or sth 🤷
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
CI x86_64-gnu-tools failed with an error I don't understand: |
LorrensP-2158466
force-pushed
the
wf-closure-arg
branch
from
615d765 to
734d270
Compare
|
@bors try |
This comment has been minimized.
This comment has been minimized.
WF checks on closure arguments.
|
@craterbot check |
|
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
craterbot
added
S-waiting-on-crater
|
☔ The latest upstream changes (presumably #151701) made this pull request unmergeable. Please resolve the merge conflicts. |
|
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
|
🎉 Experiment
Footnotes
|
craterbot
added
S-waiting-on-review
|
Why was the |
|
@LorrensP-2158466 can you look into how to fix |
|
@lcnr Will do, both! |
| @@ -0,0 +1,48 @@ | |||
| // The same as check-wf-of-closure-args-complex, but this example causes | |||
There was a problem hiding this comment.
what does "the same as check-wf-of-closure-args-complex mean"?
There was a problem hiding this comment.
I don't know whether we need this test at all 🤷 imo you could remove it...
If you keep it, please keep the full repro, could call it sth like check-wf-of-closure-args-exploit.rs or sth 🤷
This comment was marked as outdated.
This comment was marked as outdated.
lcnr
added
the
T-types
|
@rfcbot fcp merge types see PR description |
|
Team member @lcnr has proposed to merge this. The next step is review by the rest of the tagged team members: Concerns:
Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rust-rfcbot
added
proposed-final-comment-period
|
Thank you @LorrensP-2158466 for writing the PR and most of the FCP and @theemathas for the crater triage @rfcbot concern jobsteal crater regression fix |
7 participants
Fixes #104478.
Enables WF checks on the arguments of a closure.
The now removed function
ascribe_user_type_skip_wfmentioned that skipping WF was done due to backwards compatibility reasons.FCP: WF checks on closure arguments
Summary
On stable, we only perform WF-checks on closure arguments when that argument is actually used. This causes non WF code to still compile.
This was necessary as properly checking them for WF caused breakage due to #104477, see #104478. As we've fixed #104477 in #148329 we can now always check closure arguments for well-formedness while borrowchecking the closure body.
This causes a compilation error when a used type is not WF. This is an intentional breakaging change.
Example
Consider the example from the linked issue of this PR.
Currently, on stable, this fails only because of the second closure:
We don't emit an error for the first closure because the argument is not used in the closure body, even though it is also not WF.
With this PR we now error for both closures:
Design
The specifics of WF checking is not documented in the reference.
Coverage
See the tests added in this PR for things which now don't compile.
Outstanding bugs
There is a related unsoundness in #151637, which is not fixed by this PR. This is due to closures using implied bounds only involving external regions and needs to be fixed separately. See the WIP work in #153027.
Breaking changes
This change is intentionally breaking, affecting
jobsteal. See the crater triage by @theemathas #151510 (comment)History
WF checks on closure arguments was left as future work in #101947 and tracked in #104478.
r? @lcnr