Skip to content

RPITIT allows the impl to assume more implied bounds than the trait #116060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aliemjay opened this issue Sep 22, 2023 · 0 comments · Fixed by #116072
Closed

RPITIT allows the impl to assume more implied bounds than the trait #116060

aliemjay opened this issue Sep 22, 2023 · 0 comments · Fixed by #116072
Assignees
@compiler-errors
Labels
C-bug Category: This is a bug. F-return_position_impl_trait_in_trait `#![feature(return_position_impl_trait_in_trait)]` I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness requires-nightly This issue requires a nightly compiler in some way. T-types Relevant to the types team, which will review and decide on the PR/issue.

Comments

@aliemjay
Copy link
Member

aliemjay commented Sep 22, 2023
edited
Loading

This is a use-after-free that compiles with 1.74.0-nightly (2023-09-13 8142a31):

#![feature(return_position_impl_trait_in_trait)]

trait Extend {
    fn extend(_: &str) -> (impl Sized + '_, &'static str);
}

impl Extend for () {
    fn extend(s: &str) -> (Option<&'static &'_ ()>, &'static str) {
        (None, s)
    }
}

// This indirection is not necessary for reproduction,
// but it makes this test future-proof against #114936.
fn extend<T: Extend>(s: &str) -> &'static str {
    <T as Extend>::extend(s).1
}

fn main() {
    let use_after_free = extend::<()>(&String::from("temporary"));
    println!("{}", use_after_free);
}

cc @compiler-errors
@aliemjay aliemjay added I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness C-bug Category: This is a bug. requires-nightly This issue requires a nightly compiler in some way. T-types Relevant to the types team, which will review and decide on the PR/issue. F-return_position_impl_trait_in_trait `#![feature(return_position_impl_trait_in_trait)]` labels Sep 22, 2023
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Sep 22, 2023
@aliemjay aliemjay removed the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Sep 22, 2023
@compiler-errors compiler-errors self-assigned this Sep 22, 2023
@compiler-errors compiler-errors mentioned this issue Sep 22, 2023
Merged
bors added a commit to rust-lang-ci/rust that referenced this issue Sep 25, 2023
@bors
Auto merge of rust-lang#116072 - compiler-errors:rpitit-implied-bound…
7bdbfb8 
…s, r=aliemjay

Use placeholders to prevent using inferred RPITIT types to imply their own well-formedness

The issue here is that we use the same signature to do RPITIT inference as we do to compute implied bounds. To fix this, when gathering the assumed wf types for the method, we replace all of the infer vars (that will be eventually used to infer RPITIT types) with type placeholders, which imply nothing about lifetime bounds.

This solution kind of sucks, but I'm not certain there's another feasible way to fix this. If anyone has a better solution, I'd be glad to hear it.

My naive first solution was, instead of using placeholders, to replace the signature with the RPITIT projections that it originally started out with. But turns out that we can't just use the unnormalized signature of the trait method in `implied_outlives_bounds` since we normalize during WF computation -- that would cause a query cycle in `collect_return_position_impl_trait_in_trait_tys`.

idk who to request review...
r? `@lcnr` or `@aliemjay` i guess.

Fixes rust-lang#116060
@bors bors closed this as completed in a61f6f3 Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@compiler-errors compiler-errors

Labels
C-bug Category: This is a bug. F-return_position_impl_trait_in_trait `#![feature(return_position_impl_trait_in_trait)]` I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness requires-nightly This issue requires a nightly compiler in some way. T-types Relevant to the types team, which will review and decide on the PR/issue.
Projects
return position impl trait in traits
Status: Done
Milestone
No milestone
3 participants
@compiler-errors @aliemjay @rustbot