Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsoundness in borrowck around deref and mutable refs #29053

Closed
apasel422 opened this issue Oct 14, 2015 · 13 comments
Closed

Unsoundness in borrowck around deref and mutable refs #29053

apasel422 opened this issue Oct 14, 2015 · 13 comments
Assignees
@nikomatsakis
Labels
A-mir Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@apasel422
Copy link
Contributor

Stable and nightly happily compile the following:

fn main() {
    let x: &'static str = "x";

    {
        let y = "y".to_string();
        let ref mut x = &*x;
        *x = &*y;
    }

    println!("{:?}", x);
}

Running the program on my local Ubuntu machine yields:

thread '<main>' panicked at 'index 0 and/or 0 in `�` do not lie on character boundary', ../rust/src/libcore/str/mod.rs:1444

The playpen yields different results depending on whether debug or release mode is chosen.

Someone is welcome to retitle this issue more accurately.
@sfackler sfackler added I-nominated I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness labels Oct 14, 2015
@sfackler
Copy link
Member

Nominating for P-high.

@eefriedman
Copy link
Contributor

The code isn't semantically unsound. In let ref mut x = &*x;, x is supposed to be a pointer to an unnamed temporary containing an &str. For example:

fn main() {
    let ref mut y = "x";
    *y = "y";
}

The problem is just that trans is taking illegal shortcuts.

@apasel422
Copy link
Contributor Author

@eefriedman Along those lines, in this example:

fn main() {
    let x: &'static str = "x";

    {
        let z = &mut &*x;
        *z = "z";
    }

    println!("{:?}", x);
}

the code compiles, runs, and prints "z".

@eefriedman
Copy link
Contributor

@apasel422 Yes, same bug.

@sfackler sfackler added the T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. label Oct 14, 2015
@woowe
Copy link

woowe commented Oct 15, 2015

The same bug is coming up for me when I use html5ever.

@nikomatsakis nikomatsakis self-assigned this Oct 15, 2015
@nikomatsakis
Copy link
Contributor

triage: P-high

My preferred fix would be to go through MIR, but this may be worth fixing another way.

@rust-highfive rust-highfive added P-high High priority and removed I-nominated labels Oct 15, 2015
@arielb1 arielb1 added I-wrong and removed I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness labels Oct 15, 2015
@pnkfelix
Copy link
Member

cc me

@nrc
Copy link
Member

nrc commented Nov 19, 2015

triage: p-medium

Another one that will be fixed by MIR, but not soon. If we think this is higher priority than that we should go back to p-high, but we should make a plan to actually fix it.

@nrc nrc added P-medium Medium priority A-mir Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html and removed P-high High priority labels Nov 19, 2015
@briansmith
Copy link
Contributor

Another one that will be fixed by MIR, but not soon.

It would make Rust advocacy a lot easier if bugs like this one were fixed before MIR. The typechecker and borrow checker are the reasons many people would choose Rust over other languages. The rewrite of the compiler (MIR) is likely to cause induce bugs itself, so I think a lot of people would like to see a very good stable release before MIR, to allow for skipping the first few (at least) MIR-based releases.

@arielb1
Copy link
Contributor

arielb1 commented Nov 20, 2015

@briansmith

Variations of this bug were one of the primary motivations for MIR - the code that is supposed to be handling this part is horrible and we don't want to make changes to it out of fear of introducing new bugs. I think we will have MIR-based trans+borrowck at 1.8 if not before.

@brson brson added I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness A-borrow-checker Area: The borrow checker A-codegen Area: Code generation E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. and removed A-borrow-checker Area: The borrow checker A-codegen Area: Code generation labels Aug 4, 2016
@futile
Copy link
Contributor

futile commented Aug 7, 2016

This seems to be fixed on nightly (but still crashes on stable & beta): https://is.gd/KqgBhe

@brson
Copy link
Contributor

brson commented Aug 8, 2016

Only thing left to do here is land a test for it.

@futile
Copy link
Contributor

futile commented Aug 8, 2016

I can add that.

futile pushed a commit to futile/rust that referenced this issue Aug 8, 2016
add test for issue rust-lang#29053
3c04ba2
@futile futile mentioned this issue Aug 8, 2016
Merged
steveklabnik added a commit to steveklabnik/rust that referenced this issue Aug 10, 2016
@steveklabnik
Rollup merge of rust-lang#35505 - futile:test_29053, r=nikomatsakis
10cbe14 
Add test for issue rust-lang#29053

This PR adds a test for rust-lang#29053 (currently fails on stage 0, but works with stage 1, as it should).

Fixes rust-lang#29053
sophiajt pushed a commit to sophiajt/rust that referenced this issue Aug 10, 2016
Rollup merge of rust-lang#35505 - futile:test_29053, r=nikomatsakis
8aaff57 
Add test for issue rust-lang#29053

This PR adds a test for rust-lang#29053 (currently fails on stage 0, but works with stage 1, as it should).

Fixes rust-lang#29053
sophiajt pushed a commit to sophiajt/rust that referenced this issue Aug 11, 2016
Rollup merge of rust-lang#35505 - futile:test_29053, r=nikomatsakis
ea34254 
Add test for issue rust-lang#29053

This PR adds a test for rust-lang#29053 (currently fails on stage 0, but works with stage 1, as it should).

Fixes rust-lang#29053
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikomatsakis nikomatsakis

Labels
A-mir Area: Mid-level IR (MIR) - https://blog.rust-lang.org/2016/04/19/MIR.html E-easy Call for participation: Easy difficulty. Experience needed to fix: Not much. Good first issue. E-needs-test Call for participation: An issue has been fixed and does not reproduce, but no test has been added. I-unsound Issue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/Soundness P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests