stricter hidden type wf-check #115008
stricter hidden type wf-check #115008
Conversation
rustbot
added
S-waiting-on-review
|
Some changes occurred to the core trait solver cc @rust-lang/initiative-trait-system-refactor |
aliemjay
added
A-impl-trait
|
@bors try |
|
⌛ Trying commit ca0634b with merge e7920004d5fc5c25e6a81a373abcc9e5161ff603... |
This comment has been minimized.
This comment has been minimized.
|
☀️ Try build successful - checks-actions |
|
(p=1 because it's only a small list) |
|
👌 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
craterbot
added
S-waiting-on-crater
|
🚧 Experiment ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more |
|
🎉 Experiment
|
craterbot
added
S-waiting-on-review
The soundness fix in rust-lang/rust#115008 will cause axum-starter to break, even though it is not unsound. The missing bound is very hard to abuse, but still a soundness hole in our type system. It will likely take 12 weeks before a stable compiler with the soundness fix is shipped.
The soundness fix in rust-lang/rust#115008 will cause axum-starter to break, even though it is not unsound. The missing bound is very hard to abuse, but still a soundness hole in our type system. It will likely take 12 weeks before a stable compiler with the soundness fix is shipped.
The soundness fix in rust-lang/rust#115008 will cause `discord` to break, even though it is not unsound. The missing bound is very hard to abuse, but still a soundness hole in our type system. It will likely take 12 weeks before a stable compiler with the soundness fix is shipped.
The soundness fix in rust-lang/rust#115008 will cause schemat to break, even though it is not unsound. The missing bound is very hard to abuse, but still a soundness hole in our type system. It will likely take 12 weeks before a stable compiler with the soundness fix is shipped.
The soundness fix in rust-lang/rust#115008 will cause `discord` to break, even though it is not unsound. The missing bound is very hard to abuse, but still a soundness hole in our type system. It will likely take 12 weeks before a stable compiler with the soundness fix is shipped.
|
This PR fixes a soundness hole, where we were failing to check that hidden types are actually well formed wrt to lifetimes. From a not-well formed hidden type you can easily satisfy trait bounds that make no sense and thus allow treating any lifetime as another lifetime that lives longer. The implementation adds well-formedness predicates, which should always be sound and at worst a performance issue (#114933 does the same thing). In addition, during wf check of RPIT and async fn return types we do region checking of these opaques within their owning function, catching the remaining soundness bugs (which is what #114740 does). I do not believe there is any possible risk with this PR, beyond causing breakage for benign code that just forgot some bounds somewhere. Crater showed 3 such cases, which all have PRs opened, with only one not having been noticed by the crate owners yet. @rfcbot fcp merge |
|
Team member @oli-obk has proposed to merge this. The next step is review by the rest of the tagged team members: No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rfcbot
added
proposed-final-comment-period
| //[pass] check-fail | ||
| // WARN new-solver BUG. |
There was a problem hiding this comment.
please instead check this to known-bug or FIXME(-Ztrait-solver=next)
rfcbot
added
the
final-comment-period
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
rfcbot
removed
the
proposed-final-comment-period
rfcbot
added
finished-final-comment-period
|
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. This will be merged soon. |
lcnr
force-pushed
the
opaque-wf-check-2
branch
from
ca0634b
to
af0d508
Compare
stricter hidden type wf-check [based on rust-lang#115008] Original work by `@aliemjay` in rust-lang#115008. A huge thanks to them for originally figuring out this approach ❤️ Fixes rust-lang#114728 Fixes rust-lang#114572 Instead of adding the `WellFormed` obligations when relating opaque types, I add always emit such an obligation when defining the hidden type. This causes nested opaque types which aren't wf to error, see the comment below for the described impact. I believe this change to be desirable as it significantly reduces complexity by removing special-cases. It also caused an issue with RPITIT: in defaulted trait methods, we add a `Projection(synthetic_assoc, rpit_of_trait_method)` clause to the `param_env`. This clause is not added to the `ParamEnv` of the nested coroutines. This caused a normalization failure in `fn check_coroutine_obligations` with the new solver. I fixed that by using the env of the typeck root instead. r? `@oli-obk`
|
I force pushed to aliemjays repo as well by accident? 😅 alright, have to be more careful next time 😅 |
Combines #114740 and #114933 for a shared crater run, fixes #114728
#114740 should handle all the cases we unintentionally miss in #114933 and I expect #114933 to fix most of the crater regressions of #114740.
However this is still a regression:
We should probably ignore the wf-check nested RPIT, similar to nested TAIT.
r? @ghost
cc @compiler-errors