Unsoundness in type checking of trait impls. Differences in implied lifetime bounds are not considered. #80176
Description
Applies to current stable and nightly. See comment further down for a simplified example and one that works all the way since Rust 1.19.
type Ty = Box<&'static u8>;
trait Bad<'a> {
fn f<'b>(x: &'static &'a Ty, y: &'b Ty) -> &'static Ty;
}
impl<'a> Bad<'a> for () {
// NOTE that this signature does _not_ match the trait definition
// (the first argument has different lifetimes)
fn f<'b>(mut _x: &'static &'b Ty, y: &'b Ty) -> &'static Ty {
let y = Box::new(y);
let y = Box::leak(y);
_x = y;
foo(_x)
}
}
fn foo<'b>(x: &'static &'b Ty) -> &'static Ty {
x
}
fn main() {
let v = Box::new(&42);
let r = &v;
let z: &_ = Box::leak(Box::new(Box::new(&0)));
let z: &_ = Box::leak(Box::new(z));
let r = <() as Bad<'static>>::f(z, r);
drop(v);
let _x = Box::new(0usize);
println!("{}", r);
}Errors:
Compiling playground v0.0.1 (/playground)
Finished release [optimized] target(s) in 0.94s
Running `target/release/playground`
timeout: the monitored command dumped core
/playground/tools/entrypoint.sh: line 11: 7 Segmentation fault timeout --signal=KILL ${timeout} "$@"
@rustbot modify labels: T-compiler, C-bug, A-lifetimes, A-traits
@rustbot prioritize
Metadata
Metadata
Assignees
Labels
Area: Lifetimes / regionsArea: Trait systemArea: Type systemCategory: This is a bug.Call for participation: Help is requested to fix this issue.Call for participation: An issue has been fixed and does not reproduce, but no test has been added.Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessMedium priorityRelevant to the compiler team, which will review and decide on the PR/issue.Relevant to the types team, which will review and decide on the PR/issue.
Type
Projects
Status