Unsoundness in type checking of trait impls. Differences in implied lifetime bounds are not considered.

[steffahn]

Applies to current stable and nightly. See comment further down for a simplified example and one that works all the way since Rust 1.19.

type Ty = Box<&'static u8>;
trait Bad<'a> {
    fn f<'b>(x: &'static &'a Ty, y: &'b Ty) -> &'static Ty;
}

impl<'a> Bad<'a> for () {
    // NOTE that this signature does _not_ match the trait definition
    // (the first argument has different lifetimes)
    fn f<'b>(mut _x: &'static &'b Ty, y: &'b Ty) -> &'static Ty {
        let y = Box::new(y);
        let y = Box::leak(y);
        _x = y;
        foo(_x)
    }
}

fn foo<'b>(x: &'static &'b Ty) -> &'static Ty {
    x
}

fn main() {
    let v = Box::new(&42);
    let r = &v;
    let z: &_ = Box::leak(Box::new(Box::new(&0)));
    let z: &_ = Box::leak(Box::new(z));
    let r = <() as Bad<'static>>::f(z, r);
    drop(v);
    let _x = Box::new(0usize);
    println!("{}", r);
}

(Playground)

Errors:

   Compiling playground v0.0.1 (/playground)
    Finished release [optimized] target(s) in 0.94s
     Running `target/release/playground`
timeout: the monitored command dumped core
/playground/tools/entrypoint.sh: line 11:     7 Segmentation fault      timeout --signal=KILL ${timeout} "$@"

@rustbot modify labels: T-compiler, C-bug, A-lifetimes, A-traits
@rustbot prioritize

[jyn514]

This might be a duplicate of #57893.

[steffahn]

@jyn514
Hm.. but isn’t that one about something with trait objects?

[steffahn]

A modified version that also works with some older Rust versions that the original reproduction above does not work with

type Ty = Box<&'static u8>;
trait Bad<'a> {
    fn f<'b>(x: &'static &'a Ty, y: &'b Ty) -> &'static Ty;
    fn g<'b>(y: &'b Ty) -> &'static Ty;
}

impl Bad<'static> for () {
    // NOTE that this signature does _not_ match the trait definition
    // (the first argument has different lifetimes)
    fn f<'b>(_: &'static &'b Ty, y: &'b Ty) -> &'static Ty {
        Box::leak::<'static>(Box::new(y))
    }
    fn g<'b>(y: &'b Ty) -> &'static Ty {
        let z: &_ = Box::leak(Box::new(Box::new(&0)));
        let z: &_ = Box::leak(Box::new(z));
        <Self as Bad<'static>>::f(z, y)
    }
}
fn h<'b>(y: &'b Ty) -> &'static Ty {
    <() as Bad<'static>>::g(y)
}

fn main() {
    let v = Box::new(&0);
    let s;
    {
        let r = &v;
        s = h(r);
    }
    drop(v);
    let _x = Box::new(0usize);
    println!("{}", s);
}